Example 6 with AutoEncryptionSettings
use of com.mongodb.AutoEncryptionSettings in project mongo-java-driver by mongodb.
the class ClientSideEncryptionAutoEncryptionSettingsTour method main.
/**
* Run this main method to see the output of this quick example.
*
* Requires the mongodb-crypt library in the class path and mongocryptd on the system path.
*
* @param args ignored args
*/
public static void main(final String[] args) {
// This would have to be the same master key as was used to create the encryption key
final byte[] localMasterKey = new byte[96];
new SecureRandom().nextBytes(localMasterKey);
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("local", new HashMap<String, Object>() {
{
put("key", localMasterKey);
}
});
}
};
String keyVaultNamespace = "admin.datakeys";
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()).keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).build();
ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
BsonBinary dataKeyId = clientEncryption.createDataKey("local", new DataKeyOptions());
final String base64DataKeyId = Base64.getEncoder().encodeToString(dataKeyId.getData());
final String dbName = "test";
final String collName = "coll";
AutoEncryptionSettings autoEncryptionSettings = AutoEncryptionSettings.builder().keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).schemaMap(new HashMap<String, BsonDocument>() {
{
put(dbName + "." + collName, // Need a schema that references the new data key
BsonDocument.parse("{" + " properties: {" + " encryptedField: {" + " encrypt: {" + " keyId: [{" + " \"$binary\": {" + " \"base64\": \"" + base64DataKeyId + "\"," + " \"subType\": \"04\"" + " }" + " }]," + " bsonType: \"string\"," + " algorithm: \"AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic\"" + " }" + " }" + " }," + " \"bsonType\": \"object\"" + "}"));
}
}).build();
MongoClientSettings clientSettings = MongoClientSettings.builder().autoEncryptionSettings(autoEncryptionSettings).build();
MongoClient mongoClient = MongoClients.create(clientSettings);
MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
// Clear old data
collection.drop();
collection.insertOne(new Document("encryptedField", "123456789"));
System.out.println(collection.find().first().toJson());
// release resources
mongoClient.close();
}
Also used :
HashMap(java.util.HashMap)
BsonBinary(org.bson.BsonBinary)
ClientEncryption(com.mongodb.client.vault.ClientEncryption)
SecureRandom(java.security.SecureRandom)
ConnectionString(com.mongodb.ConnectionString)
MongoClientSettings(com.mongodb.MongoClientSettings)
Document(org.bson.Document)
BsonDocument(org.bson.BsonDocument)
DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions)
MongoClient(com.mongodb.client.MongoClient)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
ConnectionString(com.mongodb.ConnectionString)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 7 with AutoEncryptionSettings
use of com.mongodb.AutoEncryptionSettings in project mongo-java-driver by mongodb.
the class ClientSideEncryptionSimpleTour method main.
/**
* Run this main method to see the output of this quick example.
*
* Requires the mongodb-crypt library in the class path and mongocryptd on the system path.
* Assumes the schema has already been created in MongoDB.
*
* @param args ignored args
*/
public static void main(final String[] args) {
// This would have to be the same master key as was used to create the encryption key
final byte[] localMasterKey = new byte[96];
new SecureRandom().nextBytes(localMasterKey);
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("local", new HashMap<String, Object>() {
{
put("key", localMasterKey);
}
});
}
};
String keyVaultNamespace = "admin.datakeys";
AutoEncryptionSettings autoEncryptionSettings = AutoEncryptionSettings.builder().keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).build();
MongoClientSettings clientSettings = MongoClientSettings.builder().autoEncryptionSettings(autoEncryptionSettings).build();
MongoClient mongoClient = MongoClients.create(clientSettings);
MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
// Clear old data
collection.drop();
collection.insertOne(new Document("encryptedField", "123456789"));
System.out.println(collection.find().first().toJson());
// release resources
mongoClient.close();
}
Also used :
HashMap(java.util.HashMap)
SecureRandom(java.security.SecureRandom)
MongoClientSettings(com.mongodb.MongoClientSettings)
Document(org.bson.Document)
MongoClient(com.mongodb.client.MongoClient)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 8 with AutoEncryptionSettings
use of com.mongodb.AutoEncryptionSettings in project mongo-java-driver by mongodb.
the class ClientSideEncryptionBypassAutoEncryptionTest method setUp.
@Before
public void setUp() {
assumeTrue(serverVersionAtLeast(4, 2));
MongoClient mongoClient = getMongoClient();
final byte[] localMasterKey = new byte[96];
new SecureRandom().nextBytes(localMasterKey);
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("local", new HashMap<String, Object>() {
{
put("key", localMasterKey);
}
});
}
};
// Set up the key vault for this example
MongoNamespace keyVaultNamespace = new MongoNamespace("encryption.testKeyVault");
MongoCollection<Document> keyVaultCollection = mongoClient.getDatabase(keyVaultNamespace.getDatabaseName()).getCollection(keyVaultNamespace.getCollectionName());
keyVaultCollection.drop();
// Ensure that two data keys cannot share the same keyAltName.
keyVaultCollection.createIndex(Indexes.ascending("keyAltNames"), new IndexOptions().unique(true).partialFilterExpression(Filters.exists("keyAltNames")));
MongoDatabase db = mongoClient.getDatabase(Fixture.getDefaultDatabaseName());
db.getCollection("test").drop();
// Create the ClientEncryption instance
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientSettings()).keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).build();
clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
AutoEncryptionSettings autoEncryptionSettings = AutoEncryptionSettings.builder().keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).bypassAutoEncryption(true).build();
MongoClientSettings clientSettings = getMongoClientSettingsBuilder().autoEncryptionSettings(autoEncryptionSettings).build();
clientEncrypted = MongoClients.create(clientSettings);
}
Also used :
HashMap(java.util.HashMap)
IndexOptions(com.mongodb.client.model.IndexOptions)
SecureRandom(java.security.SecureRandom)
BsonString(org.bson.BsonString)
Fixture.getMongoClientSettings(com.mongodb.client.Fixture.getMongoClientSettings)
MongoClientSettings(com.mongodb.MongoClientSettings)
MongoNamespace(com.mongodb.MongoNamespace)
Document(org.bson.Document)
Fixture.getMongoClient(com.mongodb.client.Fixture.getMongoClient)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
HashMap(java.util.HashMap)
Map(java.util.Map)
Before(org.junit.Before)
Example 9 with AutoEncryptionSettings
use of com.mongodb.AutoEncryptionSettings in project mongo-java-driver by mongodb.
the class ClientSideEncryptionAutoEncryptionSettingsTour method main.
/**
* Run this main method to see the output of this quick example.
*
* Requires the mongodb-crypt library in the class path and mongocryptd on the system path.
*
* @param args ignored args
*/
public static void main(final String[] args) {
// This would have to be the same master key as was used to create the encryption key
final byte[] localMasterKey = new byte[96];
new SecureRandom().nextBytes(localMasterKey);
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("local", new HashMap<String, Object>() {
{
put("key", localMasterKey);
}
});
}
};
String keyVaultNamespace = "admin.datakeys";
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()).keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).build();
ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
ObservableSubscriber<BsonBinary> dataKeySubscriber = new OperationSubscriber<>();
clientEncryption.createDataKey("local", new DataKeyOptions()).subscribe(dataKeySubscriber);
dataKeySubscriber.await();
String base64DataKeyId = Base64.getEncoder().encodeToString(dataKeySubscriber.getReceived().get(0).getData());
final String dbName = "test";
final String collName = "coll";
AutoEncryptionSettings autoEncryptionSettings = AutoEncryptionSettings.builder().keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).schemaMap(new HashMap<String, BsonDocument>() {
{
put(dbName + "." + collName, // Need a schema that references the new data key
BsonDocument.parse("{" + " properties: {" + " encryptedField: {" + " encrypt: {" + " keyId: [{" + " \"$binary\": {" + " \"base64\": \"" + base64DataKeyId + "\"," + " \"subType\": \"04\"" + " }" + " }]," + " bsonType: \"string\"," + " algorithm: \"AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic\"" + " }" + " }" + " }," + " \"bsonType\": \"object\"" + "}"));
}
}).build();
MongoClientSettings clientSettings = MongoClientSettings.builder().autoEncryptionSettings(autoEncryptionSettings).build();
MongoClient mongoClient = MongoClients.create(clientSettings);
MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
ObservableSubscriber<Void> successSubscriber = new OperationSubscriber<>();
collection.drop().subscribe(successSubscriber);
successSubscriber.await();
ObservableSubscriber<InsertOneResult> insertOneSubscriber = new OperationSubscriber<>();
collection.insertOne(new Document("encryptedField", "123456789")).subscribe(insertOneSubscriber);
insertOneSubscriber.await();
ObservableSubscriber<Document> documentSubscriber = new PrintDocumentSubscriber();
collection.find().first().subscribe(documentSubscriber);
documentSubscriber.await();
// release resources
mongoClient.close();
}
Also used :
PrintDocumentSubscriber(reactivestreams.helpers.SubscriberHelpers.PrintDocumentSubscriber)
HashMap(java.util.HashMap)
ClientEncryption(com.mongodb.reactivestreams.client.vault.ClientEncryption)
ConnectionString(com.mongodb.ConnectionString)
Document(org.bson.Document)
BsonDocument(org.bson.BsonDocument)
DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions)
MongoClient(com.mongodb.reactivestreams.client.MongoClient)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
InsertOneResult(com.mongodb.client.result.InsertOneResult)
BsonBinary(org.bson.BsonBinary)
OperationSubscriber(reactivestreams.helpers.SubscriberHelpers.OperationSubscriber)
SecureRandom(java.security.SecureRandom)
MongoClientSettings(com.mongodb.MongoClientSettings)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
ConnectionString(com.mongodb.ConnectionString)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 10 with AutoEncryptionSettings
use of com.mongodb.AutoEncryptionSettings in project mongo-java-driver by mongodb.
the class ClientSideEncryptionSimpleTour method main.
/**
* Run this main method to see the output of this quick example.
*
* Requires the mongodb-crypt library in the class path and mongocryptd on the system path.
* Assumes the schema has already been created in MongoDB.
*
* @param args ignored args
*/
public static void main(final String[] args) {
// This would have to be the same master key as was used to create the encryption key
final byte[] localMasterKey = new byte[96];
new SecureRandom().nextBytes(localMasterKey);
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("local", new HashMap<String, Object>() {
{
put("key", localMasterKey);
}
});
}
};
String keyVaultNamespace = "admin.datakeys";
AutoEncryptionSettings autoEncryptionSettings = AutoEncryptionSettings.builder().keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).build();
MongoClientSettings clientSettings = MongoClientSettings.builder().autoEncryptionSettings(autoEncryptionSettings).build();
MongoClient mongoClient = MongoClients.create(clientSettings);
MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
ObservableSubscriber<Void> successSubscriber = new OperationSubscriber<>();
collection.drop().subscribe(successSubscriber);
successSubscriber.await();
ObservableSubscriber<InsertOneResult> insertOneSubscriber = new OperationSubscriber<>();
collection.insertOne(new Document("encryptedField", "123456789")).subscribe(insertOneSubscriber);
insertOneSubscriber.await();
ObservableSubscriber<Document> documentSubscriber = new PrintDocumentSubscriber();
collection.find().first().subscribe(documentSubscriber);
documentSubscriber.await();
// release resources
mongoClient.close();
}
Also used :
PrintDocumentSubscriber(reactivestreams.helpers.SubscriberHelpers.PrintDocumentSubscriber)
HashMap(java.util.HashMap)
OperationSubscriber(reactivestreams.helpers.SubscriberHelpers.OperationSubscriber)
SecureRandom(java.security.SecureRandom)
MongoClientSettings(com.mongodb.MongoClientSettings)
Document(org.bson.Document)
MongoClient(com.mongodb.reactivestreams.client.MongoClient)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
InsertOneResult(com.mongodb.client.result.InsertOneResult)
HashMap(java.util.HashMap)
Map(java.util.Map)
Aggregations
AutoEncryptionSettings (com.mongodb.AutoEncryptionSettings)15
MongoClientSettings (com.mongodb.MongoClientSettings)14
HashMap (java.util.HashMap)13
Map (java.util.Map)13
BsonString (org.bson.BsonString)9
Before (org.junit.Before)9
ClientEncryptionSettings (com.mongodb.ClientEncryptionSettings)8
BsonDocument (org.bson.BsonDocument)7
SecureRandom (java.security.SecureRandom)6
Document (org.bson.Document)5
MongoNamespace (com.mongodb.MongoNamespace)3
Fixture.getMongoClientBuilderFromConnectionString (com.mongodb.reactivestreams.client.Fixture.getMongoClientBuilderFromConnectionString)3
ConnectionString (com.mongodb.ConnectionString)2
Fixture.getMongoClient (com.mongodb.client.Fixture.getMongoClient)2
Fixture.getMongoClientSettings (com.mongodb.client.Fixture.getMongoClientSettings)2
MongoClient (com.mongodb.client.MongoClient)2
DataKeyOptions (com.mongodb.client.model.vault.DataKeyOptions)2
InsertOneResult (com.mongodb.client.result.InsertOneResult)2
Fixture.getMongoClient (com.mongodb.reactivestreams.client.Fixture.getMongoClient)2
MongoClient (com.mongodb.reactivestreams.client.MongoClient)2
