Search in sources :

Example 1 with DataKeyOptions

use of com.mongodb.client.model.vault.DataKeyOptions in project mongo-java-driver by mongodb.

the class ClientEncryptionDataKeyAndDoubleEncryptionTest method testProvider.

@Test
public void testProvider() {
    String keyAltName = format("%s_altname", providerName);
    BsonBinary dataKeyId = clientEncryption.createDataKey(providerName, new DataKeyOptions().keyAltNames(singletonList(keyAltName)).masterKey(getMasterKey()));
    assertEquals(4, dataKeyId.getType());
    ArrayList<Document> dataKeys = client.getDatabase("keyvault").getCollection("datakeys").find(eq("_id", dataKeyId)).into(new ArrayList<>());
    assertEquals(1, dataKeys.size());
    Document dataKey = dataKeys.get(0);
    assertEquals(providerName, dataKey.get("masterKey", new Document()).get("provider", ""));
    String insertWriteConcern = commandListener.getCommandStartedEvent("insert").getCommand().getDocument("writeConcern", new BsonDocument()).getString("w", new BsonString("")).getValue();
    assertEquals("majority", insertWriteConcern);
    String stringToEncrypt = format("hello %s", providerName);
    BsonBinary encrypted = clientEncryption.encrypt(new BsonString(stringToEncrypt), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
    assertEquals(6, encrypted.getType());
    Document insertDocument = new Document("_id", providerName);
    insertDocument.put("value", encrypted);
    clientEncrypted.getDatabase("db").getCollection("coll").insertOne(insertDocument);
    Document decryptedDocument = clientEncrypted.getDatabase("db").getCollection("coll").find(eq("_id", providerName)).first();
    assertNotNull(decryptedDocument);
    assertEquals(stringToEncrypt, decryptedDocument.get("value", ""));
    BsonBinary encryptedKeyAltName = clientEncryption.encrypt(new BsonString(stringToEncrypt), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyAltName(keyAltName));
    assertEquals(encrypted, encryptedKeyAltName);
    assertThrows(MongoClientException.class, () -> clientEncrypted.getDatabase("db").getCollection("coll").insertOne(new Document("encrypted_placeholder", encrypted)));
}
Also used : BsonDocument(org.bson.BsonDocument) EncryptOptions(com.mongodb.client.model.vault.EncryptOptions) BsonBinary(org.bson.BsonBinary) BsonString(org.bson.BsonString) BsonString(org.bson.BsonString) Document(org.bson.Document) BsonDocument(org.bson.BsonDocument) DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions) Test(org.junit.Test)

Example 2 with DataKeyOptions

use of com.mongodb.client.model.vault.DataKeyOptions in project mongo-java-driver by mongodb.

the class ClientEncryptionDataKeyAndDoubleEncryptionTest method testProvider.

@Test
public void testProvider() {
    String keyAltName = format("%s_altname", providerName);
    BsonBinary dataKeyId = clientEncryption.createDataKey(providerName, new DataKeyOptions().keyAltNames(singletonList(keyAltName)).masterKey(getMasterKey()));
    assertEquals(4, dataKeyId.getType());
    ArrayList<Document> dataKeys = client.getDatabase("keyvault").getCollection("datakeys").find(eq("_id", dataKeyId)).into(new ArrayList<>());
    assertEquals(1, dataKeys.size());
    Document dataKey = dataKeys.get(0);
    assertEquals(providerName, dataKey.get("masterKey", new Document()).get("provider", ""));
    String insertWriteConcern = commandListener.getCommandStartedEvent("insert").getCommand().getDocument("writeConcern", new BsonDocument()).getString("w", new BsonString("")).getValue();
    assertEquals("majority", insertWriteConcern);
    String stringToEncrypt = format("hello %s", providerName);
    BsonBinary encrypted = clientEncryption.encrypt(new BsonString(stringToEncrypt), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
    assertEquals(6, encrypted.getType());
    Document insertDocument = new Document("_id", providerName);
    insertDocument.put("value", encrypted);
    clientEncrypted.getDatabase("db").getCollection("coll").insertOne(insertDocument);
    Document decryptedDocument = clientEncrypted.getDatabase("db").getCollection("coll").find(eq("_id", providerName)).first();
    assertNotNull(decryptedDocument);
    assertEquals(stringToEncrypt, decryptedDocument.get("value", ""));
    BsonBinary encryptedKeyAltName = clientEncryption.encrypt(new BsonString(stringToEncrypt), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyAltName(keyAltName));
    assertEquals(encrypted, encryptedKeyAltName);
    assertThrows(MongoClientException.class, () -> clientEncrypted.getDatabase("db").getCollection("coll").insertOne(new Document("encrypted_placeholder", encrypted)));
}
Also used : BsonDocument(org.bson.BsonDocument) EncryptOptions(com.mongodb.client.model.vault.EncryptOptions) BsonBinary(org.bson.BsonBinary) BsonString(org.bson.BsonString) BsonString(org.bson.BsonString) Document(org.bson.Document) BsonDocument(org.bson.BsonDocument) DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions) Test(org.junit.Test)

Example 3 with DataKeyOptions

use of com.mongodb.client.model.vault.DataKeyOptions in project mongo-java-driver by mongodb.

the class ClientSideEncryptionBypassAutoEncryptionTest method shouldAutoDecryptManuallyEncryptedData.

@Test
public void shouldAutoDecryptManuallyEncryptedData() {
    String fieldValue = "123456789";
    ObservableSubscriber<BsonBinary> binarySubscriber = new OperationSubscriber<>();
    clientEncryption.createDataKey("local", new DataKeyOptions()).subscribe(binarySubscriber);
    BsonBinary dataKeyId = binarySubscriber.get().get(0);
    binarySubscriber = new OperationSubscriber<>();
    clientEncryption.encrypt(new BsonString(fieldValue), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId)).subscribe(binarySubscriber);
    BsonBinary encryptedFieldValue = binarySubscriber.get().get(0);
    MongoCollection<Document> collection = clientEncrypted.getDatabase(Fixture.getDefaultDatabaseName()).getCollection("test");
    ObservableSubscriber<InsertOneResult> insertSubscriber = new OperationSubscriber<>();
    collection.insertOne(new Document("encryptedField", encryptedFieldValue)).subscribe(insertSubscriber);
    insertSubscriber.await();
    ObservableSubscriber<Document> resultSubscriber = new OperationSubscriber<>();
    collection.find().first().subscribe(resultSubscriber);
    assertEquals(fieldValue, resultSubscriber.get().get(0).getString("encryptedField"));
}
Also used : BsonBinary(org.bson.BsonBinary) OperationSubscriber(reactivestreams.helpers.SubscriberHelpers.OperationSubscriber) BsonString(org.bson.BsonString) Document(org.bson.Document) DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions) EncryptOptions(com.mongodb.client.model.vault.EncryptOptions) BsonString(org.bson.BsonString) InsertOneResult(com.mongodb.client.result.InsertOneResult) Test(org.junit.Test)

Example 4 with DataKeyOptions

use of com.mongodb.client.model.vault.DataKeyOptions in project mongo-java-driver by mongodb.

the class AbstractClientEncryptionCustomEndpointTest method testEndpoint.

private void testEndpoint(final ClientEncryption clientEncryption, @Nullable final Class<? extends RuntimeException> exceptionClass, @Nullable final Class<? extends RuntimeException> wrappedExceptionClass, @Nullable final String messageContainedInException) {
    try {
        BsonBinary dataKeyId = clientEncryption.createDataKey(provider, new DataKeyOptions().masterKey(masterKey));
        assertNull("Expected exception, but encryption succeeded", exceptionClass);
        clientEncryption.encrypt(new BsonString("test"), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
    } catch (Exception e) {
        if (exceptionClass == null) {
            throw e;
        }
        assertEquals(exceptionClass, e.getClass());
        assertEquals(wrappedExceptionClass, e.getCause().getClass());
        if (messageContainedInException != null) {
            assertTrue("Actual Error: " + e.getCause().getMessage(), e.getCause().getMessage().contains(messageContainedInException));
        }
    }
}
Also used : EncryptOptions(com.mongodb.client.model.vault.EncryptOptions) BsonBinary(org.bson.BsonBinary) BsonString(org.bson.BsonString) MongoClientException(com.mongodb.MongoClientException) MongoCryptException(com.mongodb.crypt.capi.MongoCryptException) ConnectException(java.net.ConnectException) UnknownHostException(java.net.UnknownHostException) DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions)

Example 5 with DataKeyOptions

use of com.mongodb.client.model.vault.DataKeyOptions in project mongo-java-driver by mongodb.

the class AbstractClientSideEncryptionKmsTlsTest method testInvalidKmsCertificate.

@Test
public void testInvalidKmsCertificate() {
    assumeTrue(System.getProperties().containsKey(SYSTEM_PROPERTY_KEY));
    TlsErrorType expectedKmsTlsError = TlsErrorType.fromSystemPropertyValue(System.getProperty(SYSTEM_PROPERTY_KEY));
    ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientSettings()).keyVaultNamespace("keyvault.datakeys").kmsProviders(new HashMap<String, Map<String, Object>>() {

        {
            put("aws", new HashMap<String, Object>() {

                {
                    put("accessKeyId", "fakeAccessKeyId");
                    put("secretAccessKey", "fakeSecretAccessKey");
                }
            });
        }
    }).build();
    try (ClientEncryption clientEncryption = getClientEncryption(clientEncryptionSettings)) {
        clientEncryption.createDataKey("aws", new DataKeyOptions().masterKey(BsonDocument.parse("{" + "region: \"us-east-1\", " + "key: \"arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0\"," + "endpoint: \"mongodb://127.0.0.1:8000\"}")));
        fail();
    } catch (MongoClientException e) {
        assertNotNull(expectedKmsTlsError.getCauseOfExpectedClass(e));
        assertTrue(expectedKmsTlsError.causeContainsExpectedMessage(e));
    }
}
Also used : ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings) MongoClientException(com.mongodb.MongoClientException) HashMap(java.util.HashMap) ClientEncryption(com.mongodb.client.vault.ClientEncryption) DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions) Test(org.junit.jupiter.api.Test)

Aggregations

DataKeyOptions (com.mongodb.client.model.vault.DataKeyOptions)13 BsonBinary (org.bson.BsonBinary)11 Document (org.bson.Document)10 EncryptOptions (com.mongodb.client.model.vault.EncryptOptions)9 BsonString (org.bson.BsonString)9 ClientEncryptionSettings (com.mongodb.ClientEncryptionSettings)8 HashMap (java.util.HashMap)8 ClientEncryption (com.mongodb.client.vault.ClientEncryption)7 Map (java.util.Map)7 ConnectionString (com.mongodb.ConnectionString)6 MongoClientSettings (com.mongodb.MongoClientSettings)6 SecureRandom (java.security.SecureRandom)6 MongoNamespace (com.mongodb.MongoNamespace)4 IndexOptions (com.mongodb.client.model.IndexOptions)4 InsertOneResult (com.mongodb.client.result.InsertOneResult)4 BsonDocument (org.bson.BsonDocument)4 Test (org.junit.Test)4 OperationSubscriber (reactivestreams.helpers.SubscriberHelpers.OperationSubscriber)4 MongoClientException (com.mongodb.MongoClientException)3 MongoClient (com.mongodb.client.MongoClient)3