use of com.mongodb.client.model.vault.DataKeyOptions in project mongo-java-driver by mongodb.
the class ClientEncryptionDataKeyAndDoubleEncryptionTest method testProvider.
@Test
public void testProvider() {
String keyAltName = format("%s_altname", providerName);
BsonBinary dataKeyId = clientEncryption.createDataKey(providerName, new DataKeyOptions().keyAltNames(singletonList(keyAltName)).masterKey(getMasterKey()));
assertEquals(4, dataKeyId.getType());
ArrayList<Document> dataKeys = client.getDatabase("keyvault").getCollection("datakeys").find(eq("_id", dataKeyId)).into(new ArrayList<>());
assertEquals(1, dataKeys.size());
Document dataKey = dataKeys.get(0);
assertEquals(providerName, dataKey.get("masterKey", new Document()).get("provider", ""));
String insertWriteConcern = commandListener.getCommandStartedEvent("insert").getCommand().getDocument("writeConcern", new BsonDocument()).getString("w", new BsonString("")).getValue();
assertEquals("majority", insertWriteConcern);
String stringToEncrypt = format("hello %s", providerName);
BsonBinary encrypted = clientEncryption.encrypt(new BsonString(stringToEncrypt), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
assertEquals(6, encrypted.getType());
Document insertDocument = new Document("_id", providerName);
insertDocument.put("value", encrypted);
clientEncrypted.getDatabase("db").getCollection("coll").insertOne(insertDocument);
Document decryptedDocument = clientEncrypted.getDatabase("db").getCollection("coll").find(eq("_id", providerName)).first();
assertNotNull(decryptedDocument);
assertEquals(stringToEncrypt, decryptedDocument.get("value", ""));
BsonBinary encryptedKeyAltName = clientEncryption.encrypt(new BsonString(stringToEncrypt), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyAltName(keyAltName));
assertEquals(encrypted, encryptedKeyAltName);
assertThrows(MongoClientException.class, () -> clientEncrypted.getDatabase("db").getCollection("coll").insertOne(new Document("encrypted_placeholder", encrypted)));
}
use of com.mongodb.client.model.vault.DataKeyOptions in project mongo-java-driver by mongodb.
the class ClientEncryptionDataKeyAndDoubleEncryptionTest method testProvider.
@Test
public void testProvider() {
String keyAltName = format("%s_altname", providerName);
BsonBinary dataKeyId = clientEncryption.createDataKey(providerName, new DataKeyOptions().keyAltNames(singletonList(keyAltName)).masterKey(getMasterKey()));
assertEquals(4, dataKeyId.getType());
ArrayList<Document> dataKeys = client.getDatabase("keyvault").getCollection("datakeys").find(eq("_id", dataKeyId)).into(new ArrayList<>());
assertEquals(1, dataKeys.size());
Document dataKey = dataKeys.get(0);
assertEquals(providerName, dataKey.get("masterKey", new Document()).get("provider", ""));
String insertWriteConcern = commandListener.getCommandStartedEvent("insert").getCommand().getDocument("writeConcern", new BsonDocument()).getString("w", new BsonString("")).getValue();
assertEquals("majority", insertWriteConcern);
String stringToEncrypt = format("hello %s", providerName);
BsonBinary encrypted = clientEncryption.encrypt(new BsonString(stringToEncrypt), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
assertEquals(6, encrypted.getType());
Document insertDocument = new Document("_id", providerName);
insertDocument.put("value", encrypted);
clientEncrypted.getDatabase("db").getCollection("coll").insertOne(insertDocument);
Document decryptedDocument = clientEncrypted.getDatabase("db").getCollection("coll").find(eq("_id", providerName)).first();
assertNotNull(decryptedDocument);
assertEquals(stringToEncrypt, decryptedDocument.get("value", ""));
BsonBinary encryptedKeyAltName = clientEncryption.encrypt(new BsonString(stringToEncrypt), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyAltName(keyAltName));
assertEquals(encrypted, encryptedKeyAltName);
assertThrows(MongoClientException.class, () -> clientEncrypted.getDatabase("db").getCollection("coll").insertOne(new Document("encrypted_placeholder", encrypted)));
}
use of com.mongodb.client.model.vault.DataKeyOptions in project mongo-java-driver by mongodb.
the class ClientSideEncryptionBypassAutoEncryptionTest method shouldAutoDecryptManuallyEncryptedData.
@Test
public void shouldAutoDecryptManuallyEncryptedData() {
String fieldValue = "123456789";
ObservableSubscriber<BsonBinary> binarySubscriber = new OperationSubscriber<>();
clientEncryption.createDataKey("local", new DataKeyOptions()).subscribe(binarySubscriber);
BsonBinary dataKeyId = binarySubscriber.get().get(0);
binarySubscriber = new OperationSubscriber<>();
clientEncryption.encrypt(new BsonString(fieldValue), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId)).subscribe(binarySubscriber);
BsonBinary encryptedFieldValue = binarySubscriber.get().get(0);
MongoCollection<Document> collection = clientEncrypted.getDatabase(Fixture.getDefaultDatabaseName()).getCollection("test");
ObservableSubscriber<InsertOneResult> insertSubscriber = new OperationSubscriber<>();
collection.insertOne(new Document("encryptedField", encryptedFieldValue)).subscribe(insertSubscriber);
insertSubscriber.await();
ObservableSubscriber<Document> resultSubscriber = new OperationSubscriber<>();
collection.find().first().subscribe(resultSubscriber);
assertEquals(fieldValue, resultSubscriber.get().get(0).getString("encryptedField"));
}
use of com.mongodb.client.model.vault.DataKeyOptions in project mongo-java-driver by mongodb.
the class AbstractClientEncryptionCustomEndpointTest method testEndpoint.
private void testEndpoint(final ClientEncryption clientEncryption, @Nullable final Class<? extends RuntimeException> exceptionClass, @Nullable final Class<? extends RuntimeException> wrappedExceptionClass, @Nullable final String messageContainedInException) {
try {
BsonBinary dataKeyId = clientEncryption.createDataKey(provider, new DataKeyOptions().masterKey(masterKey));
assertNull("Expected exception, but encryption succeeded", exceptionClass);
clientEncryption.encrypt(new BsonString("test"), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
} catch (Exception e) {
if (exceptionClass == null) {
throw e;
}
assertEquals(exceptionClass, e.getClass());
assertEquals(wrappedExceptionClass, e.getCause().getClass());
if (messageContainedInException != null) {
assertTrue("Actual Error: " + e.getCause().getMessage(), e.getCause().getMessage().contains(messageContainedInException));
}
}
}
use of com.mongodb.client.model.vault.DataKeyOptions in project mongo-java-driver by mongodb.
the class AbstractClientSideEncryptionKmsTlsTest method testInvalidKmsCertificate.
@Test
public void testInvalidKmsCertificate() {
assumeTrue(System.getProperties().containsKey(SYSTEM_PROPERTY_KEY));
TlsErrorType expectedKmsTlsError = TlsErrorType.fromSystemPropertyValue(System.getProperty(SYSTEM_PROPERTY_KEY));
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientSettings()).keyVaultNamespace("keyvault.datakeys").kmsProviders(new HashMap<String, Map<String, Object>>() {
{
put("aws", new HashMap<String, Object>() {
{
put("accessKeyId", "fakeAccessKeyId");
put("secretAccessKey", "fakeSecretAccessKey");
}
});
}
}).build();
try (ClientEncryption clientEncryption = getClientEncryption(clientEncryptionSettings)) {
clientEncryption.createDataKey("aws", new DataKeyOptions().masterKey(BsonDocument.parse("{" + "region: \"us-east-1\", " + "key: \"arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0\"," + "endpoint: \"mongodb://127.0.0.1:8000\"}")));
fail();
} catch (MongoClientException e) {
assertNotNull(expectedKmsTlsError.getCauseOfExpectedClass(e));
assertTrue(expectedKmsTlsError.causeContainsExpectedMessage(e));
}
}
Aggregations