Example 11 with DataKeyOptions
use of com.mongodb.client.model.vault.DataKeyOptions in project mongo-java-driver by mongodb.
the class ClientSideEncryptionAutoEncryptionSettingsTour method main.
/**
* Run this main method to see the output of this quick example.
*
* Requires the mongodb-crypt library in the class path and mongocryptd on the system path.
*
* @param args ignored args
*/
public static void main(final String[] args) {
// This would have to be the same master key as was used to create the encryption key
final byte[] localMasterKey = new byte[96];
new SecureRandom().nextBytes(localMasterKey);
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("local", new HashMap<String, Object>() {
{
put("key", localMasterKey);
}
});
}
};
String keyVaultNamespace = "admin.datakeys";
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()).keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).build();
ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
ObservableSubscriber<BsonBinary> dataKeySubscriber = new OperationSubscriber<>();
clientEncryption.createDataKey("local", new DataKeyOptions()).subscribe(dataKeySubscriber);
dataKeySubscriber.await();
String base64DataKeyId = Base64.getEncoder().encodeToString(dataKeySubscriber.getReceived().get(0).getData());
final String dbName = "test";
final String collName = "coll";
AutoEncryptionSettings autoEncryptionSettings = AutoEncryptionSettings.builder().keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).schemaMap(new HashMap<String, BsonDocument>() {
{
put(dbName + "." + collName, // Need a schema that references the new data key
BsonDocument.parse("{" + " properties: {" + " encryptedField: {" + " encrypt: {" + " keyId: [{" + " \"$binary\": {" + " \"base64\": \"" + base64DataKeyId + "\"," + " \"subType\": \"04\"" + " }" + " }]," + " bsonType: \"string\"," + " algorithm: \"AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic\"" + " }" + " }" + " }," + " \"bsonType\": \"object\"" + "}"));
}
}).build();
MongoClientSettings clientSettings = MongoClientSettings.builder().autoEncryptionSettings(autoEncryptionSettings).build();
MongoClient mongoClient = MongoClients.create(clientSettings);
MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
ObservableSubscriber<Void> successSubscriber = new OperationSubscriber<>();
collection.drop().subscribe(successSubscriber);
successSubscriber.await();
ObservableSubscriber<InsertOneResult> insertOneSubscriber = new OperationSubscriber<>();
collection.insertOne(new Document("encryptedField", "123456789")).subscribe(insertOneSubscriber);
insertOneSubscriber.await();
ObservableSubscriber<Document> documentSubscriber = new PrintDocumentSubscriber();
collection.find().first().subscribe(documentSubscriber);
documentSubscriber.await();
// release resources
mongoClient.close();
}
Also used :
PrintDocumentSubscriber(reactivestreams.helpers.SubscriberHelpers.PrintDocumentSubscriber)
HashMap(java.util.HashMap)
ClientEncryption(com.mongodb.reactivestreams.client.vault.ClientEncryption)
ConnectionString(com.mongodb.ConnectionString)
Document(org.bson.Document)
BsonDocument(org.bson.BsonDocument)
DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions)
MongoClient(com.mongodb.reactivestreams.client.MongoClient)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
InsertOneResult(com.mongodb.client.result.InsertOneResult)
BsonBinary(org.bson.BsonBinary)
OperationSubscriber(reactivestreams.helpers.SubscriberHelpers.OperationSubscriber)
SecureRandom(java.security.SecureRandom)
MongoClientSettings(com.mongodb.MongoClientSettings)
AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings)
ConnectionString(com.mongodb.ConnectionString)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 12 with DataKeyOptions
use of com.mongodb.client.model.vault.DataKeyOptions in project mongo-java-driver by mongodb.
the class ClientSideEncryptionExplicitEncryptionOnlyTour method main.
/**
* Run this main method to see the output of this quick example.
*
* Requires the mongodb-crypt library in the class path and mongocryptd on the system path.
* Assumes the schema has already been created in MongoDB.
*
* @param args ignored args
*/
public static void main(final String[] args) {
// This would have to be the same master key as was used to create the encryption key
final byte[] localMasterKey = new byte[96];
new SecureRandom().nextBytes(localMasterKey);
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("local", new HashMap<String, Object>() {
{
put("key", localMasterKey);
}
});
}
};
MongoNamespace keyVaultNamespace = new MongoNamespace("encryption.testKeyVault");
MongoClientSettings clientSettings = MongoClientSettings.builder().autoEncryptionSettings(AutoEncryptionSettings.builder().keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).bypassAutoEncryption(true).build()).build();
MongoClient mongoClient = MongoClients.create(clientSettings);
// Set up the key vault for this example
MongoCollection<Document> keyVaultCollection = mongoClient.getDatabase(keyVaultNamespace.getDatabaseName()).getCollection(keyVaultNamespace.getCollectionName());
ObservableSubscriber<Void> successSubscriber = new OperationSubscriber<>();
keyVaultCollection.drop().subscribe(successSubscriber);
successSubscriber.await();
// Ensure that two data keys cannot share the same keyAltName.
ObservableSubscriber<String> indexSubscriber = new OperationSubscriber<>();
keyVaultCollection.createIndex(Indexes.ascending("keyAltNames"), new IndexOptions().unique(true).partialFilterExpression(Filters.exists("keyAltNames"))).subscribe(indexSubscriber);
indexSubscriber.await();
MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
successSubscriber = new OperationSubscriber<>();
collection.drop().subscribe(successSubscriber);
successSubscriber.await();
// Create the ClientEncryption instance
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()).keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).build();
ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
BsonBinary dataKeyId = clientEncryption.createDataKey("local", new DataKeyOptions());
// Explicitly encrypt a field
BsonBinary encryptedFieldValue = clientEncryption.encrypt(new BsonString("123456789"), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
ObservableSubscriber<InsertOneResult> insertOneSubscriber = new OperationSubscriber<>();
collection.insertOne(new Document("encryptedField", encryptedFieldValue)).subscribe(insertOneSubscriber);
insertOneSubscriber.await();
ObservableSubscriber<Document> documentSubscriber = new OperationSubscriber<>();
collection.find().first().subscribe(documentSubscriber);
Document doc = documentSubscriber.get().get(0);
System.out.println(doc.toJson());
// release resources
clientEncryption.close();
mongoClient.close();
}
Also used :
HashMap(java.util.HashMap)
ClientEncryption(com.mongodb.client.vault.ClientEncryption)
BsonString(org.bson.BsonString)
ConnectionString(com.mongodb.ConnectionString)
Document(org.bson.Document)
DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions)
MongoClient(com.mongodb.reactivestreams.client.MongoClient)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
EncryptOptions(com.mongodb.client.model.vault.EncryptOptions)
InsertOneResult(com.mongodb.client.result.InsertOneResult)
IndexOptions(com.mongodb.client.model.IndexOptions)
OperationSubscriber(reactivestreams.helpers.SubscriberHelpers.OperationSubscriber)
BsonBinary(org.bson.BsonBinary)
SecureRandom(java.security.SecureRandom)
MongoClientSettings(com.mongodb.MongoClientSettings)
MongoNamespace(com.mongodb.MongoNamespace)
BsonString(org.bson.BsonString)
ConnectionString(com.mongodb.ConnectionString)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 13 with DataKeyOptions
use of com.mongodb.client.model.vault.DataKeyOptions in project mongo-java-driver by mongodb.
the class ClientSideEncryptionExplicitEncryptionAndDecryptionTour method main.
/**
* Run this main method to see the output of this quick example.
*
* Requires the mongodb-crypt library in the class path and mongocryptd on the system path.
* Assumes the schema has already been created in MongoDB.
*
* @param args ignored args
*/
public static void main(final String[] args) {
// This would have to be the same master key as was used to create the encryption key
final byte[] localMasterKey = new byte[96];
new SecureRandom().nextBytes(localMasterKey);
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("local", new HashMap<String, Object>() {
{
put("key", localMasterKey);
}
});
}
};
MongoNamespace keyVaultNamespace = new MongoNamespace("encryption.testKeyVault");
MongoClientSettings clientSettings = MongoClientSettings.builder().build();
MongoClient mongoClient = MongoClients.create(clientSettings);
// Set up the key vault for this example
MongoCollection<Document> keyVaultCollection = mongoClient.getDatabase(keyVaultNamespace.getDatabaseName()).getCollection(keyVaultNamespace.getCollectionName());
ObservableSubscriber<Void> successSubscriber = new OperationSubscriber<>();
keyVaultCollection.drop().subscribe(successSubscriber);
successSubscriber.await();
// Ensure that two data keys cannot share the same keyAltName.
ObservableSubscriber<String> indexSubscriber = new OperationSubscriber<>();
keyVaultCollection.createIndex(Indexes.ascending("keyAltNames"), new IndexOptions().unique(true).partialFilterExpression(Filters.exists("keyAltNames"))).subscribe(indexSubscriber);
indexSubscriber.await();
MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
successSubscriber = new OperationSubscriber<>();
collection.drop().subscribe(successSubscriber);
successSubscriber.await();
// Create the ClientEncryption instance
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()).keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).build();
ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
BsonBinary dataKeyId = clientEncryption.createDataKey("local", new DataKeyOptions());
// Explicitly encrypt a field
BsonBinary encryptedFieldValue = clientEncryption.encrypt(new BsonString("123456789"), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
ObservableSubscriber<InsertOneResult> insertOneSubscriber = new OperationSubscriber<>();
collection.insertOne(new Document("encryptedField", encryptedFieldValue)).subscribe(insertOneSubscriber);
insertOneSubscriber.await();
ObservableSubscriber<Document> documentSubscriber = new OperationSubscriber<>();
collection.find().first().subscribe(documentSubscriber);
Document doc = documentSubscriber.get().get(0);
System.out.println(doc.toJson());
// Explicitly decrypt the field
System.out.println(clientEncryption.decrypt(new BsonBinary(doc.get("encryptedField", Binary.class).getData())));
// release resources
clientEncryption.close();
mongoClient.close();
}
Also used :
HashMap(java.util.HashMap)
ClientEncryption(com.mongodb.client.vault.ClientEncryption)
BsonString(org.bson.BsonString)
ConnectionString(com.mongodb.ConnectionString)
Document(org.bson.Document)
DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions)
MongoClient(com.mongodb.reactivestreams.client.MongoClient)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
EncryptOptions(com.mongodb.client.model.vault.EncryptOptions)
InsertOneResult(com.mongodb.client.result.InsertOneResult)
IndexOptions(com.mongodb.client.model.IndexOptions)
OperationSubscriber(reactivestreams.helpers.SubscriberHelpers.OperationSubscriber)
BsonBinary(org.bson.BsonBinary)
SecureRandom(java.security.SecureRandom)
MongoClientSettings(com.mongodb.MongoClientSettings)
MongoNamespace(com.mongodb.MongoNamespace)
BsonString(org.bson.BsonString)
ConnectionString(com.mongodb.ConnectionString)
HashMap(java.util.HashMap)
Map(java.util.Map)
Aggregations
DataKeyOptions (com.mongodb.client.model.vault.DataKeyOptions)13
BsonBinary (org.bson.BsonBinary)11
Document (org.bson.Document)10
EncryptOptions (com.mongodb.client.model.vault.EncryptOptions)9
BsonString (org.bson.BsonString)9
ClientEncryptionSettings (com.mongodb.ClientEncryptionSettings)8
HashMap (java.util.HashMap)8
ClientEncryption (com.mongodb.client.vault.ClientEncryption)7
Map (java.util.Map)7
ConnectionString (com.mongodb.ConnectionString)6
MongoClientSettings (com.mongodb.MongoClientSettings)6
SecureRandom (java.security.SecureRandom)6
MongoNamespace (com.mongodb.MongoNamespace)4
IndexOptions (com.mongodb.client.model.IndexOptions)4
InsertOneResult (com.mongodb.client.result.InsertOneResult)4
BsonDocument (org.bson.BsonDocument)4
Test (org.junit.Test)4
OperationSubscriber (reactivestreams.helpers.SubscriberHelpers.OperationSubscriber)4
MongoClientException (com.mongodb.MongoClientException)3
MongoClient (com.mongodb.client.MongoClient)3
