@@ -3311,6 +3311,78 @@ globalThis.sqlite3InitModule = sqlite3InitModule;
33113311 "entryExists(" , testDir , ") should have failed" ) ;
33123312 }
33133313 } /*OPFS util sanity checks*/ )
3314+ //#if enable-see
3315+ . t ( {
3316+ name : 'OPFS with SEE encryption' ,
3317+ test : function ( sqlite3 ) {
3318+ const dbFile = 'file:///sqlite3-see.edb' ;
3319+ const dbCtor = sqlite3 . oo1 . OpfsDb ;
3320+ const hexFoo = new Uint8Array ( [ 0x66 , 0x6f , 0x6f ] /*=="foo"*/ ) ;
3321+ let initDb = true ;
3322+ const tryKey = function ( keyKey , key , expectCount ) {
3323+ let db ;
3324+ //console.debug('tryKey()',arguments);
3325+ const ctoropt = {
3326+ filename : dbFile ,
3327+ flags : 'c'
3328+ } ;
3329+ try {
3330+ if ( initDb ) {
3331+ initDb = false ;
3332+ const opt = {
3333+ ...ctoropt ,
3334+ [ keyKey ] : key
3335+ } ;
3336+ opt . filename += '?delete-before-open=1' ;
3337+ db = new dbCtor ( opt ) ;
3338+ db . exec ( [
3339+ "drop table if exists t;" ,
3340+ "create table t(a);"
3341+ ] ) ;
3342+ db . close ( ) ;
3343+ // Ensure that it's actually encrypted...
3344+ let err ;
3345+ try {
3346+ db = new dbCtor ( ctoropt ) ;
3347+ T . assert ( db , 'db opened' ) /* opening is fine, but... */ ;
3348+ const rv = db . exec ( {
3349+ sql :"select count(*) from sqlite_schema" ,
3350+ returnValue : 'resultRows'
3351+ } ) ;
3352+ console . warn ( "(should not be reached) rv =" , rv ) ;
3353+ } catch ( e ) {
3354+ err = e ;
3355+ } finally {
3356+ db . close ( )
3357+ }
3358+ T . assert ( err , "Expecting an exception" )
3359+ . assert ( sqlite3 . capi . SQLITE_NOTADB == err . resultCode ,
3360+ "Expecting NOTADB" ) ;
3361+ } /*initDb*/
3362+ db = new dbCtor ( {
3363+ ...ctoropt ,
3364+ [ keyKey ] : key
3365+ } ) ;
3366+ db . exec ( "insert into t(a) values (1),(2)" ) ;
3367+ T . assert ( expectCount === db . selectValue ( 'select sum(a) from t' ) ) ;
3368+ } finally {
3369+ if ( db ) db . close ( ) ;
3370+ }
3371+ } ;
3372+ tryKey ( 'textkey' , 'foo' , 3 ) ;
3373+ T . assert ( ! initDb ) ;
3374+ tryKey ( 'textkey' , 'foo' , 6 ) ;
3375+ initDb = true ;
3376+ tryKey ( 'key' , 'foo' , 3 ) ;
3377+ T . assert ( ! initDb ) ;
3378+ tryKey ( 'key' , hexFoo , 6 ) ;
3379+ initDb = true ;
3380+ tryKey ( 'hexkey' , hexFoo , 3 ) ;
3381+ T . assert ( ! initDb ) ;
3382+ tryKey ( 'hexkey' , hexFoo , 6 ) ;
3383+ }
3384+ } ) /*OPFS with SEE*/
3385+ //#endif enable-see
33143386 ; /* end OPFS tests */
33153387
33163388 ////////////////////////////////////////////////////////////////////////
@@ -3492,7 +3564,94 @@ globalThis.sqlite3InitModule = sqlite3InitModule;
34923564 . assert ( true === await u3 . removeVfs ( ) )
34933565 . assert ( false === await P3b . removeVfs ( ) ) ;
34943566 }
3495- } /*OPFS SAH Pool sanity checks*/ ) ;
3567+ } /*OPFS SAH Pool sanity checks*/ )
3568+ //#if enable-see
3569+ . t ( {
3570+ name : 'OPFS SAHPool with SEE encryption' ,
3571+ test : async function ( sqlite3 ) {
3572+ const inst = sqlite3 . installOpfsSAHPoolVfs ,
3573+ catcher = ( e ) => {
3574+ error ( "Cannot load SAH pool VFS." ,
3575+ "This might not be a problem," ,
3576+ "depending on the environment." ) ;
3577+ return false ;
3578+ } ;
3579+ const poolConfig = {
3580+ name : 'opfs-sahpool-see' ,
3581+ clearOnInit : true ,
3582+ initialCapacity : 6
3583+ }
3584+ let poolUtil ;
3585+ const P1 = await inst ( poolConfig ) . then ( u => poolUtil = u ) . catch ( catcher ) ;
3586+ const dbFile = '/sqlite3-see.edb' ;
3587+ const dbCtor = poolUtil . OpfsSAHPoolDb ;
3588+ const hexFoo = new Uint8Array ( [ 0x66 , 0x6f , 0x6f ] /*=="foo"*/ ) ;
3589+ let initDb = true ;
3590+ const tryKey = function ( keyKey , key , expectCount ) {
3591+ let db ;
3592+ //console.debug('tryKey()',arguments);
3593+ const ctoropt = {
3594+ filename : dbFile ,
3595+ flags : 'c'
3596+ } ;
3597+ try {
3598+ if ( initDb ) {
3599+ initDb = false ;
3600+ poolUtil . unlink ( dbFile ) ;
3601+ db = new dbCtor ( {
3602+ ...ctoropt ,
3603+ [ keyKey ] : key
3604+ } ) ;
3605+ db . exec ( [
3606+ "drop table if exists t;" ,
3607+ "create table t(a);"
3608+ ] ) ;
3609+ db . close ( ) ;
3610+ // Ensure that it's actually encrypted...
3611+ let err ;
3612+ try {
3613+ db = new dbCtor ( ctoropt ) ;
3614+ T . assert ( db , 'db opened' ) /* opening is fine, but... */ ;
3615+ const rv = db . exec ( {
3616+ sql :"select count(*) from sqlite_schema" ,
3617+ returnValue : 'resultRows'
3618+ } ) ;
3619+ console . warn ( "(should not be reached) rv =" , rv ) ;
3620+ } catch ( e ) {
3621+ err = e ;
3622+ } finally {
3623+ db . close ( )
3624+ }
3625+ T . assert ( err , "Expecting an exception" )
3626+ . assert ( sqlite3 . capi . SQLITE_NOTADB == err . resultCode ,
3627+ "Expecting NOTADB" ) ;
3628+ } /*initDb*/
3629+ db = new dbCtor ( {
3630+ ...ctoropt ,
3631+ [ keyKey ] : key
3632+ } ) ;
3633+ db . exec ( "insert into t(a) values (1),(2)" ) ;
3634+ T . assert ( expectCount === db . selectValue ( 'select sum(a) from t' ) ) ;
3635+ } finally {
3636+ if ( db ) db . close ( ) ;
3637+ }
3638+ } ;
3639+ tryKey ( 'textkey' , 'foo' , 3 ) ;
3640+ T . assert ( ! initDb ) ;
3641+ tryKey ( 'textkey' , 'foo' , 6 ) ;
3642+ initDb = true ;
3643+ tryKey ( 'key' , 'foo' , 3 ) ;
3644+ T . assert ( ! initDb ) ;
3645+ tryKey ( 'key' , hexFoo , 6 ) ;
3646+ initDb = true ;
3647+ tryKey ( 'hexkey' , hexFoo , 3 ) ;
3648+ T . assert ( ! initDb ) ;
3649+ tryKey ( 'hexkey' , hexFoo , 6 ) ;
3650+ poolUtil . removeVfs ( ) ;
3651+ }
3652+ } ) /*opfs-sahpool with SEE*/
3653+ //#endif enable-see
3654+ ;
34963655
34973656 ////////////////////////////////////////////////////////////////////////
34983657 T . g ( 'Misc. APIs' )
0 commit comments