Example 1 with ClientEncryptionSettings
use of com.mongodb.ClientEncryptionSettings in project mongo-java-driver by mongodb.
the class ClientSideEncryptionCorpusTest method setUp.
@Before
public void setUp() throws IOException, URISyntaxException {
assumeTrue(serverVersionAtLeast(4, 2));
assumeTrue("Corpus tests disabled", hasEncryptionTestsEnabled());
MongoClientSettings clientSettings = getMongoClientSettingsBuilder().codecRegistry(fromRegistries(fromCodecs(new UuidCodec(UuidRepresentation.STANDARD)), MongoClientSettings.getDefaultCodecRegistry())).build();
// Step 1: create unencrypted client
client = MongoClients.create(clientSettings);
MongoDatabase db = client.getDatabase("db");
// Step 2: Drop and recreate db.coll with schema
BsonDocument schemaDocument = bsonDocumentFromPath("corpus-schema.json");
db.getCollection("coll").drop();
db.runCommand(new BsonDocument("create", new BsonString("coll")).append("validator", new BsonDocument("$jsonSchema", schemaDocument)));
// Step 3: Drop and create keyvault.datakeys
MongoDatabase keyvaultDatabase = client.getDatabase("keyvault");
MongoCollection<BsonDocument> dataKeysCollection = keyvaultDatabase.getCollection("datakeys", BsonDocument.class).withWriteConcern(WriteConcern.MAJORITY);
dataKeysCollection.drop();
dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-aws.json"));
dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-azure.json"));
dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-gcp.json"));
dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-kmip.json"));
dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-local.json"));
// Step 4: Configure our objects
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("aws", new HashMap<String, Object>() {
{
put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId"));
put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey"));
}
});
put("azure", new HashMap<String, Object>() {
{
put("tenantId", System.getProperty("org.mongodb.test.azureTenantId"));
put("clientId", System.getProperty("org.mongodb.test.azureClientId"));
put("clientSecret", System.getProperty("org.mongodb.test.azureClientSecret"));
}
});
put("gcp", new HashMap<String, Object>() {
{
put("email", System.getProperty("org.mongodb.test.gcpEmail"));
put("privateKey", System.getProperty("org.mongodb.test.gcpPrivateKey"));
}
});
put("kmip", new HashMap<String, Object>() {
{
put("endpoint", System.getProperty("org.mongodb.test.kmipEndpoint", "localhost:5698"));
}
});
put("local", new HashMap<String, Object>() {
{
put("key", "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" + "UN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk");
}
});
}
};
HashMap<String, BsonDocument> schemaMap = new HashMap<String, BsonDocument>();
schemaMap.put("db.coll", schemaDocument);
AutoEncryptionSettings.Builder autoEncryptionSettingsBuilder = AutoEncryptionSettings.builder().keyVaultNamespace("keyvault.datakeys").kmsProviders(kmsProviders);
if (useLocalSchema) {
autoEncryptionSettingsBuilder.schemaMap(schemaMap);
}
clientSettings = getMongoClientSettingsBuilder().codecRegistry(fromRegistries(fromCodecs(new UuidCodec(UuidRepresentation.STANDARD)), MongoClientSettings.getDefaultCodecRegistry())).autoEncryptionSettings(autoEncryptionSettingsBuilder.build()).build();
autoEncryptingClient = MongoClients.create(clientSettings);
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientSettings()).kmsProviders(kmsProviders).keyVaultNamespace("keyvault.datakeys").build();
clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
}
Also used :
UuidCodec(org.bson.codecs.UuidCodec)
HashMap(java.util.HashMap)
Fixture.getMongoClientSettings(com.mongodb.client.Fixture.getMongoClientSettings)
MongoClientSettings(com.mongodb.MongoClientSettings)
BsonString(org.bson.BsonString)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
BsonDocument(org.bson.BsonDocument)
BsonString(org.bson.BsonString)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
HashMap(java.util.HashMap)
Map(java.util.Map)
Before(org.junit.Before)
Example 2 with ClientEncryptionSettings
use of com.mongodb.ClientEncryptionSettings in project mongo-java-driver by mongodb.
the class ClientSideEncryptionExternalKeyVaultTest method setUp.
@Before
public void setUp() throws IOException, URISyntaxException {
assumeTrue(serverVersionAtLeast(4, 2));
assumeTrue("Encryption test with external keyVault is disabled", isClientSideEncryptionTest());
/* Step 1: get unencrypted client and recreate keys collection */
client = getMongoClient();
MongoDatabase keyvaultDatabase = client.getDatabase("keyvault");
MongoCollection<BsonDocument> datakeys = keyvaultDatabase.getCollection("datakeys", BsonDocument.class).withWriteConcern(WriteConcern.MAJORITY);
datakeys.drop();
datakeys.insertOne(bsonDocumentFromPath("external-key.json"));
/* Step 2: create encryption objects. */
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>();
Map<String, Object> localMasterkey = new HashMap<String, Object>();
Map<String, BsonDocument> schemaMap = new HashMap<String, BsonDocument>();
byte[] localMasterkeyBytes = Base64.getDecoder().decode("Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" + "UN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk");
localMasterkey.put("key", localMasterkeyBytes);
kmsProviders.put("local", localMasterkey);
schemaMap.put("db.coll", bsonDocumentFromPath("external-schema.json"));
AutoEncryptionSettings.Builder autoEncryptionSettingsBuilder = AutoEncryptionSettings.builder().keyVaultNamespace("keyvault.datakeys").kmsProviders(kmsProviders).schemaMap(schemaMap);
MongoClientSettings externalClientSettings = null;
if (withExternalKeyVault) {
externalClientSettings = getMongoClientSettingsBuilder().credential(MongoCredential.createCredential("fake-user", "admin", "fake-pwd".toCharArray())).build();
autoEncryptionSettingsBuilder.keyVaultMongoClientSettings(externalClientSettings);
}
AutoEncryptionSettings autoEncryptionSettings = autoEncryptionSettingsBuilder.build();
MongoClientSettings clientSettings = getMongoClientSettingsBuilder().autoEncryptionSettings(autoEncryptionSettings).build();
clientEncrypted = MongoClients.create(clientSettings);
ClientEncryptionSettings.Builder clientEncryptionSettingsBuilder = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientSettingsBuilder().build()).kmsProviders(kmsProviders).keyVaultNamespace("keyvault.datakeys");
if (withExternalKeyVault) {
clientEncryptionSettingsBuilder.keyVaultMongoClientSettings(externalClientSettings);
}
ClientEncryptionSettings clientEncryptionSettings = clientEncryptionSettingsBuilder.build();
clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
}
Also used :
HashMap(java.util.HashMap)
BsonString(org.bson.BsonString)
MongoClientSettings(com.mongodb.MongoClientSettings)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
BsonDocument(org.bson.BsonDocument)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
HashMap(java.util.HashMap)
Map(java.util.Map)
Before(org.junit.Before)
Example 3 with ClientEncryptionSettings
use of com.mongodb.ClientEncryptionSettings in project mongo-java-driver by mongodb.
the class ClientSideEncryptionCorpusTest method setUp.
@Before
public void setUp() throws IOException, URISyntaxException {
assumeTrue(serverVersionAtLeast(4, 2));
assumeTrue("Corpus tests disabled", hasEncryptionTestsEnabled());
MongoClientSettings clientSettings = getMongoClientBuilderFromConnectionString().codecRegistry(fromRegistries(fromCodecs(new UuidCodec(UuidRepresentation.STANDARD)), MongoClientSettings.getDefaultCodecRegistry())).build();
// Step 1: create unencrypted client
client = MongoClients.create(clientSettings);
MongoDatabase db = client.getDatabase("db");
// Step 2: Drop and recreate db.coll with schema
BsonDocument schemaDocument = bsonDocumentFromPath("corpus-schema.json");
Mono.from(db.getCollection("coll").drop()).block(TIMEOUT_DURATION);
Mono.from(db.runCommand(new BsonDocument("create", new BsonString("coll")).append("validator", new BsonDocument("$jsonSchema", schemaDocument)))).block(TIMEOUT_DURATION);
// Step 3: Drop and create keyvault.datakeys
MongoDatabase keyVaultDatabase = client.getDatabase("keyvault");
MongoCollection<BsonDocument> dataKeysCollection = keyVaultDatabase.getCollection("datakeys", BsonDocument.class).withWriteConcern(WriteConcern.MAJORITY);
Mono.from(dataKeysCollection.drop()).block(TIMEOUT_DURATION);
Mono.from(dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-aws.json"))).block(TIMEOUT_DURATION);
Mono.from(dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-azure.json"))).block(TIMEOUT_DURATION);
Mono.from(dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-gcp.json"))).block(TIMEOUT_DURATION);
Mono.from(dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-kmip.json"))).block(TIMEOUT_DURATION);
Mono.from(dataKeysCollection.insertOne(bsonDocumentFromPath("corpus-key-local.json"))).block(TIMEOUT_DURATION);
// Step 4: Configure our objects
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("aws", new HashMap<String, Object>() {
{
put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId"));
put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey"));
}
});
put("azure", new HashMap<String, Object>() {
{
put("tenantId", System.getProperty("org.mongodb.test.azureTenantId"));
put("clientId", System.getProperty("org.mongodb.test.azureClientId"));
put("clientSecret", System.getProperty("org.mongodb.test.azureClientSecret"));
}
});
put("gcp", new HashMap<String, Object>() {
{
put("email", System.getProperty("org.mongodb.test.gcpEmail"));
put("privateKey", System.getProperty("org.mongodb.test.gcpPrivateKey"));
}
});
put("kmip", new HashMap<String, Object>() {
{
put("endpoint", System.getProperty("org.mongodb.test.kmipEndpoint", "localhost:5698"));
}
});
put("local", new HashMap<String, Object>() {
{
put("key", "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" + "UN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk");
}
});
}
};
HashMap<String, BsonDocument> schemaMap = new HashMap<>();
schemaMap.put("db.coll", schemaDocument);
AutoEncryptionSettings.Builder autoEncryptionSettingsBuilder = AutoEncryptionSettings.builder().keyVaultNamespace("keyvault.datakeys").kmsProviders(kmsProviders);
if (useLocalSchema) {
autoEncryptionSettingsBuilder.schemaMap(schemaMap);
}
clientSettings = getMongoClientBuilderFromConnectionString().codecRegistry(fromRegistries(fromCodecs(new UuidCodec(UuidRepresentation.STANDARD)), MongoClientSettings.getDefaultCodecRegistry())).autoEncryptionSettings(autoEncryptionSettingsBuilder.build()).build();
autoEncryptingClient = MongoClients.create(clientSettings);
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientSettings()).kmsProviders(kmsProviders).keyVaultNamespace("keyvault.datakeys").build();
clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
}
Also used :
UuidCodec(org.bson.codecs.UuidCodec)
HashMap(java.util.HashMap)
Fixture.getMongoClientSettings(com.mongodb.reactivestreams.client.Fixture.getMongoClientSettings)
MongoClientSettings(com.mongodb.MongoClientSettings)
BsonString(org.bson.BsonString)
Fixture.getMongoClientBuilderFromConnectionString(com.mongodb.reactivestreams.client.Fixture.getMongoClientBuilderFromConnectionString)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
BsonDocument(org.bson.BsonDocument)
BsonString(org.bson.BsonString)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
HashMap(java.util.HashMap)
Map(java.util.Map)
Before(org.junit.Before)
Example 4 with ClientEncryptionSettings
use of com.mongodb.ClientEncryptionSettings in project mongo-java-driver by mongodb.
the class ClientSideEncryptionExternalKeyVaultTest method setUp.
@Before
public void setUp() throws Throwable {
assumeTrue(serverVersionAtLeast(4, 2));
assumeTrue("Encryption test with external keyVault is disabled", isClientSideEncryptionTest());
/* Step 1: get unencrypted client and recreate keys collection */
MongoClient client = getMongoClient();
MongoDatabase keyvaultDatabase = client.getDatabase("keyvault");
MongoCollection<BsonDocument> datakeys = keyvaultDatabase.getCollection("datakeys", BsonDocument.class).withWriteConcern(WriteConcern.MAJORITY);
Mono.from(datakeys.drop()).block(TIMEOUT_DURATION);
Mono.from(datakeys.insertOne(bsonDocumentFromPath("external-key.json"))).block(TIMEOUT_DURATION);
/* Step 2: create encryption objects. */
Map<String, Map<String, Object>> kmsProviders = new HashMap<>();
Map<String, Object> localMasterkey = new HashMap<>();
Map<String, BsonDocument> schemaMap = new HashMap<>();
byte[] localMasterkeyBytes = Base64.getDecoder().decode("Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM" + "UN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk");
localMasterkey.put("key", localMasterkeyBytes);
kmsProviders.put("local", localMasterkey);
schemaMap.put("db.coll", bsonDocumentFromPath("external-schema.json"));
AutoEncryptionSettings.Builder autoEncryptionSettingsBuilder = AutoEncryptionSettings.builder().keyVaultNamespace("keyvault.datakeys").kmsProviders(kmsProviders).schemaMap(schemaMap);
MongoClientSettings externalClientSettings = null;
if (withExternalKeyVault) {
externalClientSettings = getMongoClientBuilderFromConnectionString().credential(MongoCredential.createCredential("fake-user", "admin", "fake-pwd".toCharArray())).build();
autoEncryptionSettingsBuilder.keyVaultMongoClientSettings(externalClientSettings);
}
AutoEncryptionSettings autoEncryptionSettings = autoEncryptionSettingsBuilder.build();
MongoClientSettings clientSettings = getMongoClientBuilderFromConnectionString().autoEncryptionSettings(autoEncryptionSettings).build();
clientEncrypted = MongoClients.create(clientSettings);
ClientEncryptionSettings.Builder clientEncryptionSettingsBuilder = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientBuilderFromConnectionString().build()).kmsProviders(kmsProviders).keyVaultNamespace("keyvault.datakeys");
if (withExternalKeyVault) {
clientEncryptionSettingsBuilder.keyVaultMongoClientSettings(externalClientSettings);
}
ClientEncryptionSettings clientEncryptionSettings = clientEncryptionSettingsBuilder.build();
clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
}
Also used :
HashMap(java.util.HashMap)
BsonString(org.bson.BsonString)
Fixture.getMongoClientBuilderFromConnectionString(com.mongodb.reactivestreams.client.Fixture.getMongoClientBuilderFromConnectionString)
MongoClientSettings(com.mongodb.MongoClientSettings)
Fixture.getMongoClient(com.mongodb.reactivestreams.client.Fixture.getMongoClient)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
BsonDocument(org.bson.BsonDocument)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
HashMap(java.util.HashMap)
Map(java.util.Map)
Before(org.junit.Before)
Example 5 with ClientEncryptionSettings
use of com.mongodb.ClientEncryptionSettings in project mongo-java-driver by mongodb.
the class AbstractClientSideEncryptionKmsTlsTest method testInvalidKmsCertificate.
@Test
public void testInvalidKmsCertificate() {
assumeTrue(System.getProperties().containsKey(SYSTEM_PROPERTY_KEY));
TlsErrorType expectedKmsTlsError = TlsErrorType.fromSystemPropertyValue(System.getProperty(SYSTEM_PROPERTY_KEY));
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientSettings()).keyVaultNamespace("keyvault.datakeys").kmsProviders(new HashMap<String, Map<String, Object>>() {
{
put("aws", new HashMap<String, Object>() {
{
put("accessKeyId", "fakeAccessKeyId");
put("secretAccessKey", "fakeSecretAccessKey");
}
});
}
}).build();
try (ClientEncryption clientEncryption = getClientEncryption(clientEncryptionSettings)) {
clientEncryption.createDataKey("aws", new DataKeyOptions().masterKey(BsonDocument.parse("{" + "region: \"us-east-1\", " + "key: \"arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0\"," + "endpoint: \"mongodb://127.0.0.1:8000\"}")));
fail();
} catch (MongoClientException e) {
assertNotNull(expectedKmsTlsError.getCauseOfExpectedClass(e));
assertTrue(expectedKmsTlsError.causeContainsExpectedMessage(e));
}
}
Also used :
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
MongoClientException(com.mongodb.MongoClientException)
HashMap(java.util.HashMap)
ClientEncryption(com.mongodb.client.vault.ClientEncryption)
DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions)
Test(org.junit.jupiter.api.Test)
Aggregations
ClientEncryptionSettings (com.mongodb.ClientEncryptionSettings)14
HashMap (java.util.HashMap)14
Map (java.util.Map)13
MongoClientSettings (com.mongodb.MongoClientSettings)12
BsonString (org.bson.BsonString)10
AutoEncryptionSettings (com.mongodb.AutoEncryptionSettings)8
DataKeyOptions (com.mongodb.client.model.vault.DataKeyOptions)8
SecureRandom (java.security.SecureRandom)8
ClientEncryption (com.mongodb.client.vault.ClientEncryption)7
Document (org.bson.Document)7
ConnectionString (com.mongodb.ConnectionString)6
MongoNamespace (com.mongodb.MongoNamespace)6
BsonBinary (org.bson.BsonBinary)6
BsonDocument (org.bson.BsonDocument)6
Before (org.junit.Before)6
IndexOptions (com.mongodb.client.model.IndexOptions)5
EncryptOptions (com.mongodb.client.model.vault.EncryptOptions)4
MongoClient (com.mongodb.client.MongoClient)3
InsertOneResult (com.mongodb.client.result.InsertOneResult)3
MongoClient (com.mongodb.reactivestreams.client.MongoClient)3
