Example 1 with AutoEncryptionSettings
use of com.mongodb.AutoEncryptionSettings in project mongo-java-driver by mongodb.
the class ClientSideEncryptionCorpusTest method setUp.
@Before
public void setUp() throws IOException, URISyntaxException {
assumeTrue(serverVersionAtLeast(4, 2));
assumeTrue("Corpus tests disabled", hasEncryptionTestsEnabled());
MongoClientSettings clientSettings = getMongoClientSettingsBuilder().codecRegistry(fromRegistries(fromCodecs(new UuidCodec(UuidRepresentation.STANDARD)), MongoClientSettings.getDefaultCodecRegistry())).build();
// Step 1: create unencrypted client
client = MongoClients.create(clientSettings);
MongoDatabase db = client.getDatabase("db");
// Step 2: Drop and recreate db.coll with schema
BsonDocument schemaDocument = bsonDocumentFromPath("corpus-schema.json");
db.getCollection("coll").drop();
db.runCommand(new BsonDocument("create", new BsonString("coll")).append("validator", new BsonDocument("$jsonSchema", schemaDocument)));
// Step 3: Drop and create keyvault.datakeys
MongoDatabase keyvaultDatabase = client.getDatabase("keyvault");
MongoCollection<BsonDocument> dataKeysCollection = keyvaultDatabase.getCollection("datakeys", BsonDocument.class).withWriteConcern(WriteConcern.MAJORITY);
dataKeysCollection.drop();
dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-aws.json"));
dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-azure.json"));
dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-gcp.json"));
dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-kmip.json"));
dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-local.json"));
// Step 4: Configure our objects
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("aws", new HashMap<String, Object>() {
{
put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId"));
put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey"));
}
});
put("azure", new HashMap<String, Object>() {
{
put("tenantId", System.getProperty("org.mongodb.test.azureTenantId"));
put("clientId", System.getProperty("org.mongodb.test.azureClientId"));
put("clientSecret", System.getProperty("org.mongodb.test.azureClientSecret"));
}
});
put("gcp", new HashMap<String, Object>() {
{
put("email", System.getProperty("org.mongodb.test.gcpEmail"));
put("privateKey", System.getProperty("org.mongodb.test.gcpPrivateKey"));
}
});
put("kmip", new HashMap<String, Object>() {
{
put("endpoint", System.getProperty("org.mongodb.test.kmipEndpoint", "localhost:5698"));
}
});
put("local", new HashMap<String, Object>() {
{
put("key", "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" + "UN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk");
}
});
}
};
HashMap<String, BsonDocument> schemaMap = new HashMap<String, BsonDocument>();
schemaMap.put("db.coll", schemaDocument);
AutoEncryptionSettings.Builder autoEncryptionSettingsBuilder = AutoEncryptionSettings.builder().keyVaultNamespace("keyvault.datakeys").kmsProviders(kmsProviders);
if (useLocalSchema) {
autoEncryptionSettingsBuilder.schemaMap(schemaMap);
}
clientSettings = getMongoClientSettingsBuilder().codecRegistry(fromRegistries(fromCodecs(new UuidCodec(UuidRepresentation.STANDARD)), MongoClientSettings.getDefaultCodecRegistry())).autoEncryptionSettings(autoEncryptionSettingsBuilder.build()).build();
autoEncryptingClient = MongoClients.create(clientSettings);
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientSettings()).kmsProviders(kmsProviders).keyVaultNamespace("keyvault.datakeys").build();
clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
}
Also used :
UuidCodec(org.bson.codecs.UuidCodec)
HashMap(java.util.HashMap)
Fixture.getMongoClientSettings(com.mongodb.client.Fixture.getMongoClientSettings)
MongoClientSettings(com.mongodb.MongoClientSettings)
BsonString(org.bson.BsonString)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
BsonDocument(org.bson.BsonDocument)
BsonString(org.bson.BsonString)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
HashMap(java.util.HashMap)
Map(java.util.Map)
Before(org.junit.Before)
Example 2 with AutoEncryptionSettings
use of com.mongodb.AutoEncryptionSettings in project mongo-java-driver by mongodb.
the class ClientSideEncryptionExternalKeyVaultTest method setUp.
@Before
public void setUp() throws IOException, URISyntaxException {
assumeTrue(serverVersionAtLeast(4, 2));
assumeTrue("Encryption test with external keyVault is disabled", isClientSideEncryptionTest());
/* Step 1: get unencrypted client and recreate keys collection */
client = getMongoClient();
MongoDatabase keyvaultDatabase = client.getDatabase("keyvault");
MongoCollection<BsonDocument> datakeys = keyvaultDatabase.getCollection("datakeys", BsonDocument.class).withWriteConcern(WriteConcern.MAJORITY);
datakeys.drop();
datakeys.insertOne(bsonDocumentFromPath("external-key.json"));
/* Step 2: create encryption objects. */
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>();
Map<String, Object> localMasterkey = new HashMap<String, Object>();
Map<String, BsonDocument> schemaMap = new HashMap<String, BsonDocument>();
byte[] localMasterkeyBytes = Base64.getDecoder().decode("Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" + "UN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk");
localMasterkey.put("key", localMasterkeyBytes);
kmsProviders.put("local", localMasterkey);
schemaMap.put("db.coll", bsonDocumentFromPath("external-schema.json"));
AutoEncryptionSettings.Builder autoEncryptionSettingsBuilder = AutoEncryptionSettings.builder().keyVaultNamespace("keyvault.datakeys").kmsProviders(kmsProviders).schemaMap(schemaMap);
MongoClientSettings externalClientSettings = null;
if (withExternalKeyVault) {
externalClientSettings = getMongoClientSettingsBuilder().credential(MongoCredential.createCredential("fake-user", "admin", "fake-pwd".toCharArray())).build();
autoEncryptionSettingsBuilder.keyVaultMongoClientSettings(externalClientSettings);
}
AutoEncryptionSettings autoEncryptionSettings = autoEncryptionSettingsBuilder.build();
MongoClientSettings clientSettings = getMongoClientSettingsBuilder().autoEncryptionSettings(autoEncryptionSettings).build();
clientEncrypted = MongoClients.create(clientSettings);
ClientEncryptionSettings.Builder clientEncryptionSettingsBuilder = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientSettingsBuilder().build()).kmsProviders(kmsProviders).keyVaultNamespace("keyvault.datakeys");
if (withExternalKeyVault) {
clientEncryptionSettingsBuilder.keyVaultMongoClientSettings(externalClientSettings);
}
ClientEncryptionSettings clientEncryptionSettings = clientEncryptionSettingsBuilder.build();
clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
}
Also used :
HashMap(java.util.HashMap)
BsonString(org.bson.BsonString)
MongoClientSettings(com.mongodb.MongoClientSettings)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
BsonDocument(org.bson.BsonDocument)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
HashMap(java.util.HashMap)
Map(java.util.Map)
Before(org.junit.Before)
Example 3 with AutoEncryptionSettings
use of com.mongodb.AutoEncryptionSettings in project mongo-java-driver by mongodb.
the class ClientSideEncryptionCorpusTest method setUp.
@Before
public void setUp() throws IOException, URISyntaxException {
assumeTrue(serverVersionAtLeast(4, 2));
assumeTrue("Corpus tests disabled", hasEncryptionTestsEnabled());
MongoClientSettings clientSettings = getMongoClientBuilderFromConnectionString().codecRegistry(fromRegistries(fromCodecs(new UuidCodec(UuidRepresentation.STANDARD)), MongoClientSettings.getDefaultCodecRegistry())).build();
// Step 1: create unencrypted client
client = MongoClients.create(clientSettings);
MongoDatabase db = client.getDatabase("db");
// Step 2: Drop and recreate db.coll with schema
BsonDocument schemaDocument = bsonDocumentFromPath("corpus-schema.json");
Mono.from(db.getCollection("coll").drop()).block(TIMEOUT_DURATION);
Mono.from(db.runCommand(new BsonDocument("create", new BsonString("coll")).append("validator", new BsonDocument("$jsonSchema", schemaDocument)))).block(TIMEOUT_DURATION);
// Step 3: Drop and create keyvault.datakeys
MongoDatabase keyVaultDatabase = client.getDatabase("keyvault");
MongoCollection<BsonDocument> dataKeysCollection = keyVaultDatabase.getCollection("datakeys", BsonDocument.class).withWriteConcern(WriteConcern.MAJORITY);
Mono.from(dataKeysCollection.drop()).block(TIMEOUT_DURATION);
Mono.from(dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-aws.json"))).block(TIMEOUT_DURATION);
Mono.from(dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-azure.json"))).block(TIMEOUT_DURATION);
Mono.from(dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-gcp.json"))).block(TIMEOUT_DURATION);
Mono.from(dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-kmip.json"))).block(TIMEOUT_DURATION);
Mono.from(dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-local.json"))).block(TIMEOUT_DURATION);
// Step 4: Configure our objects
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("aws", new HashMap<String, Object>() {
{
put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId"));
put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey"));
}
});
put("azure", new HashMap<String, Object>() {
{
put("tenantId", System.getProperty("org.mongodb.test.azureTenantId"));
put("clientId", System.getProperty("org.mongodb.test.azureClientId"));
put("clientSecret", System.getProperty("org.mongodb.test.azureClientSecret"));
}
});
put("gcp", new HashMap<String, Object>() {
{
put("email", System.getProperty("org.mongodb.test.gcpEmail"));
put("privateKey", System.getProperty("org.mongodb.test.gcpPrivateKey"));
}
});
put("kmip", new HashMap<String, Object>() {
{
put("endpoint", System.getProperty("org.mongodb.test.kmipEndpoint", "localhost:5698"));
}
});
put("local", new HashMap<String, Object>() {
{
put("key", "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" + "UN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk");
}
});
}
};
HashMap<String, BsonDocument> schemaMap = new HashMap<>();
schemaMap.put("db.coll", schemaDocument);
AutoEncryptionSettings.Builder autoEncryptionSettingsBuilder = AutoEncryptionSettings.builder().keyVaultNamespace("keyvault.datakeys").kmsProviders(kmsProviders);
if (useLocalSchema) {
autoEncryptionSettingsBuilder.schemaMap(schemaMap);
}
clientSettings = getMongoClientBuilderFromConnectionString().codecRegistry(fromRegistries(fromCodecs(new UuidCodec(UuidRepresentation.STANDARD)), MongoClientSettings.getDefaultCodecRegistry())).autoEncryptionSettings(autoEncryptionSettingsBuilder.build()).build();
autoEncryptingClient = MongoClients.create(clientSettings);
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientSettings()).kmsProviders(kmsProviders).keyVaultNamespace("keyvault.datakeys").build();
clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
}
Also used :
UuidCodec(org.bson.codecs.UuidCodec)
HashMap(java.util.HashMap)
Fixture.getMongoClientSettings(com.mongodb.reactivestreams.client.Fixture.getMongoClientSettings)
MongoClientSettings(com.mongodb.MongoClientSettings)
BsonString(org.bson.BsonString)
Fixture.getMongoClientBuilderFromConnectionString(com.mongodb.reactivestreams.client.Fixture.getMongoClientBuilderFromConnectionString)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
BsonDocument(org.bson.BsonDocument)
BsonString(org.bson.BsonString)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
HashMap(java.util.HashMap)
Map(java.util.Map)
Before(org.junit.Before)
Example 4 with AutoEncryptionSettings
use of com.mongodb.AutoEncryptionSettings in project mongo-java-driver by mongodb.
the class ClientSideEncryptionExternalKeyVaultTest method setUp.
@Before
public void setUp() throws Throwable {
assumeTrue(serverVersionAtLeast(4, 2));
assumeTrue("Encryption test with external keyVault is disabled", isClientSideEncryptionTest());
/* Step 1: get unencrypted client and recreate keys collection */
MongoClient client = getMongoClient();
MongoDatabase keyvaultDatabase = client.getDatabase("keyvault");
MongoCollection<BsonDocument> datakeys = keyvaultDatabase.getCollection("datakeys", BsonDocument.class).withWriteConcern(WriteConcern.MAJORITY);
Mono.from(datakeys.drop()).block(TIMEOUT_DURATION);
Mono.from(datakeys.insertOne(bsonDocumentFromPath("external-key.json"))).block(TIMEOUT_DURATION);
/* Step 2: create encryption objects. */
Map<String, Map<String, Object>> kmsProviders = new HashMap<>();
Map<String, Object> localMasterkey = new HashMap<>();
Map<String, BsonDocument> schemaMap = new HashMap<>();
byte[] localMasterkeyBytes = Base64.getDecoder().decode("Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" + "UN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk");
localMasterkey.put("key", localMasterkeyBytes);
kmsProviders.put("local", localMasterkey);
schemaMap.put("db.coll", bsonDocumentFromPath("external-schema.json"));
AutoEncryptionSettings.Builder autoEncryptionSettingsBuilder = AutoEncryptionSettings.builder().keyVaultNamespace("keyvault.datakeys").kmsProviders(kmsProviders).schemaMap(schemaMap);
MongoClientSettings externalClientSettings = null;
if (withExternalKeyVault) {
externalClientSettings = getMongoClientBuilderFromConnectionString().credential(MongoCredential.createCredential("fake-user", "admin", "fake-pwd".toCharArray())).build();
autoEncryptionSettingsBuilder.keyVaultMongoClientSettings(externalClientSettings);
}
AutoEncryptionSettings autoEncryptionSettings = autoEncryptionSettingsBuilder.build();
MongoClientSettings clientSettings = getMongoClientBuilderFromConnectionString().autoEncryptionSettings(autoEncryptionSettings).build();
clientEncrypted = MongoClients.create(clientSettings);
ClientEncryptionSettings.Builder clientEncryptionSettingsBuilder = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientBuilderFromConnectionString().build()).kmsProviders(kmsProviders).keyVaultNamespace("keyvault.datakeys");
if (withExternalKeyVault) {
clientEncryptionSettingsBuilder.keyVaultMongoClientSettings(externalClientSettings);
}
ClientEncryptionSettings clientEncryptionSettings = clientEncryptionSettingsBuilder.build();
clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
}
Also used :
HashMap(java.util.HashMap)
BsonString(org.bson.BsonString)
Fixture.getMongoClientBuilderFromConnectionString(com.mongodb.reactivestreams.client.Fixture.getMongoClientBuilderFromConnectionString)
MongoClientSettings(com.mongodb.MongoClientSettings)
Fixture.getMongoClient(com.mongodb.reactivestreams.client.Fixture.getMongoClient)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
BsonDocument(org.bson.BsonDocument)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
HashMap(java.util.HashMap)
Map(java.util.Map)
Before(org.junit.Before)
Example 5 with AutoEncryptionSettings
use of com.mongodb.AutoEncryptionSettings in project spring-data-mongodb by spring-projects.
the class MongoClientSettingsFactoryBean method createInstance.
@Override
protected MongoClientSettings createInstance() {
Builder builder = //
MongoClientSettings.builder().readPreference(//
readPreference).writeConcern(//
writeConcern).readConcern(//
readConcern).codecRegistry(//
codecRegistry).applicationName(//
applicationName).autoEncryptionSettings(//
autoEncryptionSettings).applyToClusterSettings((settings) -> {
settings.serverSelectionTimeout(clusterServerSelectionTimeoutMS, TimeUnit.MILLISECONDS);
if (clusterConnectionMode != null) {
settings.mode(clusterConnectionMode);
}
settings.requiredReplicaSetName(clusterRequiredReplicaSetName);
if (!CollectionUtils.isEmpty(clusterHosts)) {
settings.hosts(clusterHosts);
}
settings.localThreshold(clusterLocalThresholdMS, TimeUnit.MILLISECONDS);
// settings.maxWaitQueueSize(clusterMaxWaitQueueSize);
settings.requiredClusterType(custerRequiredClusterType);
if (StringUtils.hasText(clusterSrvHost)) {
settings.srvHost(clusterSrvHost);
}
}).applyToConnectionPoolSettings((settings) -> {
settings.minSize(poolMinSize);
settings.maxSize(poolMaxSize);
settings.maxConnectionIdleTime(poolMaxConnectionIdleTimeMS, TimeUnit.MILLISECONDS);
settings.maxWaitTime(poolMaxWaitTimeMS, TimeUnit.MILLISECONDS);
settings.maxConnectionLifeTime(poolMaxConnectionLifeTimeMS, TimeUnit.MILLISECONDS);
// settings.maxWaitQueueSize(poolMaxWaitQueueSize);
settings.maintenanceFrequency(poolMaintenanceFrequencyMS, TimeUnit.MILLISECONDS);
settings.maintenanceInitialDelay(poolMaintenanceInitialDelayMS, TimeUnit.MILLISECONDS);
}).applyToServerSettings((settings) -> {
settings.minHeartbeatFrequency(serverMinHeartbeatFrequencyMS, TimeUnit.MILLISECONDS);
settings.heartbeatFrequency(serverHeartbeatFrequencyMS, TimeUnit.MILLISECONDS);
}).applyToSocketSettings((settings) -> {
settings.connectTimeout(socketConnectTimeoutMS, TimeUnit.MILLISECONDS);
settings.readTimeout(socketReadTimeoutMS, TimeUnit.MILLISECONDS);
settings.receiveBufferSize(socketReceiveBufferSize);
settings.sendBufferSize(socketSendBufferSize);
}).applyToSslSettings((settings) -> {
settings.enabled(sslEnabled);
if (sslEnabled) {
settings.invalidHostNameAllowed(sslInvalidHostNameAllowed);
try {
settings.context(StringUtils.hasText(sslProvider) ? SSLContext.getInstance(sslProvider) : SSLContext.getDefault());
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException(e.getMessage(), e);
}
}
});
if (streamFactoryFactory != null) {
builder = builder.streamFactoryFactory(streamFactoryFactory);
}
if (retryReads != null) {
builder = builder.retryReads(retryReads);
}
if (retryWrites != null) {
builder = builder.retryWrites(retryWrites);
}
if (uUidRepresentation != null) {
builder = builder.uuidRepresentation(uUidRepresentation);
}
if (serverApi != null) {
builder = builder.serverApi(serverApi);
}
return builder.build();
}
Also used :
ReadPreference(com.mongodb.ReadPreference)
ServerAddress(com.mongodb.ServerAddress)
Arrays(java.util.Arrays)
SSLContext(javax.net.ssl.SSLContext)
ServerApi(com.mongodb.ServerApi)
ClusterType(com.mongodb.connection.ClusterType)
CodecRegistry(org.bson.codecs.configuration.CodecRegistry)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
UuidRepresentation(org.bson.UuidRepresentation)
AbstractFactoryBean(org.springframework.beans.factory.config.AbstractFactoryBean)
TimeUnit(java.util.concurrent.TimeUnit)
Builder(com.mongodb.MongoClientSettings.Builder)
StreamFactoryFactory(com.mongodb.connection.StreamFactoryFactory)
List(java.util.List)
CollectionUtils(org.springframework.util.CollectionUtils)
ClusterConnectionMode(com.mongodb.connection.ClusterConnectionMode)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Nullable(org.springframework.lang.Nullable)
MongoClientSettings(com.mongodb.MongoClientSettings)
ReadConcern(com.mongodb.ReadConcern)
WriteConcern(com.mongodb.WriteConcern)
Collections(java.util.Collections)
StringUtils(org.springframework.util.StringUtils)
Builder(com.mongodb.MongoClientSettings.Builder)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Aggregations
AutoEncryptionSettings (com.mongodb.AutoEncryptionSettings)15
MongoClientSettings (com.mongodb.MongoClientSettings)14
HashMap (java.util.HashMap)13
Map (java.util.Map)13
BsonString (org.bson.BsonString)9
Before (org.junit.Before)9
ClientEncryptionSettings (com.mongodb.ClientEncryptionSettings)8
BsonDocument (org.bson.BsonDocument)7
SecureRandom (java.security.SecureRandom)6
Document (org.bson.Document)5
MongoNamespace (com.mongodb.MongoNamespace)3
Fixture.getMongoClientBuilderFromConnectionString (com.mongodb.reactivestreams.client.Fixture.getMongoClientBuilderFromConnectionString)3
ConnectionString (com.mongodb.ConnectionString)2
Fixture.getMongoClient (com.mongodb.client.Fixture.getMongoClient)2
Fixture.getMongoClientSettings (com.mongodb.client.Fixture.getMongoClientSettings)2
MongoClient (com.mongodb.client.MongoClient)2
DataKeyOptions (com.mongodb.client.model.vault.DataKeyOptions)2
InsertOneResult (com.mongodb.client.result.InsertOneResult)2
Fixture.getMongoClient (com.mongodb.reactivestreams.client.Fixture.getMongoClient)2
MongoClient (com.mongodb.reactivestreams.client.MongoClient)2
