Examples with EncryptOptions com.mongodb.client.model.vault.EncryptOptions used on opensource projects

Example 6 with EncryptOptions

use of com.mongodb.client.model.vault.EncryptOptions in project mongo-java-driver by mongodb.

the class ClientSideEncryptionBypassAutoEncryptionTest method shouldAutoDecryptManuallyEncryptedData.

@Test
public void shouldAutoDecryptManuallyEncryptedData() {
    String fieldValue = "123456789";
    ObservableSubscriber<BsonBinary> binarySubscriber = new OperationSubscriber<>();
    clientEncryption.createDataKey("local", new DataKeyOptions()).subscribe(binarySubscriber);
    BsonBinary dataKeyId = binarySubscriber.get().get(0);
    binarySubscriber = new OperationSubscriber<>();
    clientEncryption.encrypt(new BsonString(fieldValue), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId)).subscribe(binarySubscriber);
    BsonBinary encryptedFieldValue = binarySubscriber.get().get(0);
    MongoCollection<Document> collection = clientEncrypted.getDatabase(Fixture.getDefaultDatabaseName()).getCollection("test");
    ObservableSubscriber<InsertOneResult> insertSubscriber = new OperationSubscriber<>();
    collection.insertOne(new Document("encryptedField", encryptedFieldValue)).subscribe(insertSubscriber);
    insertSubscriber.await();
    ObservableSubscriber<Document> resultSubscriber = new OperationSubscriber<>();
    collection.find().first().subscribe(resultSubscriber);
    assertEquals(fieldValue, resultSubscriber.get().get(0).getString("encryptedField"));
}

Example 7 with EncryptOptions

use of com.mongodb.client.model.vault.EncryptOptions in project mongo-java-driver by mongodb.

the class AbstractClientEncryptionCustomEndpointTest method testEndpoint.

private void testEndpoint(final ClientEncryption clientEncryption, @Nullable final Class<? extends RuntimeException> exceptionClass, @Nullable final Class<? extends RuntimeException> wrappedExceptionClass, @Nullable final String messageContainedInException) {
    try {
        BsonBinary dataKeyId = clientEncryption.createDataKey(provider, new DataKeyOptions().masterKey(masterKey));
        assertNull("Expected exception, but encryption succeeded", exceptionClass);
        clientEncryption.encrypt(new BsonString("test"), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
    } catch (Exception e) {
        if (exceptionClass == null) {
            throw e;
        }
        assertEquals(exceptionClass, e.getClass());
        assertEquals(wrappedExceptionClass, e.getCause().getClass());
        if (messageContainedInException != null) {
            assertTrue("Actual Error: " + e.getCause().getMessage(), e.getCause().getMessage().contains(messageContainedInException));
        }
    }
}

Example 8 with EncryptOptions

use of com.mongodb.client.model.vault.EncryptOptions in project mongo-java-driver by mongodb.

the class ClientSideEncryptionExplicitEncryptionOnlyTour method main.

/**
 * Run this main method to see the output of this quick example.
 *
 * @param args ignored args
 */
public static void main(final String[] args) {
    // This would have to be the same master key as was used to create the encryption key
    final byte[] localMasterKey = new byte[96];
    new SecureRandom().nextBytes(localMasterKey);
    Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {

        {
            put("local", new HashMap<String, Object>() {

                {
                    put("key", localMasterKey);
                }
            });
        }
    };
    MongoNamespace keyVaultNamespace = new MongoNamespace("encryption.testKeyVault");
    MongoClientSettings clientSettings = MongoClientSettings.builder().autoEncryptionSettings(AutoEncryptionSettings.builder().keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).bypassAutoEncryption(true).build()).build();
    MongoClient mongoClient = MongoClients.create(clientSettings);
    // Set up the key vault for this example
    MongoCollection<Document> keyVaultCollection = mongoClient.getDatabase(keyVaultNamespace.getDatabaseName()).getCollection(keyVaultNamespace.getCollectionName());
    keyVaultCollection.drop();
    // Ensure that two data keys cannot share the same keyAltName.
    keyVaultCollection.createIndex(Indexes.ascending("keyAltNames"), new IndexOptions().unique(true).partialFilterExpression(Filters.exists("keyAltNames")));
    MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
    // Clear old data
    collection.drop();
    // Create the ClientEncryption instance
    ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()).keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).build();
    ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
    BsonBinary dataKeyId = clientEncryption.createDataKey("local", new DataKeyOptions());
    // Explicitly encrypt a field
    BsonBinary encryptedFieldValue = clientEncryption.encrypt(new BsonString("123456789"), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
    collection.insertOne(new Document("encryptedField", encryptedFieldValue));
    // Automatically decrypts the encrypted field.
    System.out.println(collection.find().first().toJson());
    // release resources
    clientEncryption.close();
    mongoClient.close();
}

Example 9 with EncryptOptions

use of com.mongodb.client.model.vault.EncryptOptions in project mongo-java-driver by mongodb.

the class ClientSideEncryptionExplicitEncryptionAndDecryptionTour method main.

/**
 * Run this main method to see the output of this quick example.
 *
 * @param args ignored args
 */
public static void main(final String[] args) {
    // This would have to be the same master key as was used to create the encryption key
    final byte[] localMasterKey = new byte[96];
    new SecureRandom().nextBytes(localMasterKey);
    Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {

        {
            put("local", new HashMap<String, Object>() {

                {
                    put("key", localMasterKey);
                }
            });
        }
    };
    MongoClientSettings clientSettings = MongoClientSettings.builder().build();
    MongoClient mongoClient = MongoClients.create(clientSettings);
    // Set up the key vault for this example
    MongoNamespace keyVaultNamespace = new MongoNamespace("encryption.testKeyVault");
    MongoCollection<Document> keyVaultCollection = mongoClient.getDatabase(keyVaultNamespace.getDatabaseName()).getCollection(keyVaultNamespace.getCollectionName());
    keyVaultCollection.drop();
    // Ensure that two data keys cannot share the same keyAltName.
    keyVaultCollection.createIndex(Indexes.ascending("keyAltNames"), new IndexOptions().unique(true).partialFilterExpression(Filters.exists("keyAltNames")));
    MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
    // Clear old data
    collection.drop();
    // Create the ClientEncryption instance
    ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()).keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).build();
    ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
    BsonBinary dataKeyId = clientEncryption.createDataKey("local", new DataKeyOptions());
    // Explicitly encrypt a field
    BsonBinary encryptedFieldValue = clientEncryption.encrypt(new BsonString("123456789"), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
    collection.insertOne(new Document("encryptedField", encryptedFieldValue));
    Document doc = collection.find().first();
    System.out.println(doc.toJson());
    // Explicitly decrypt the field
    System.out.println(clientEncryption.decrypt(new BsonBinary(doc.get("encryptedField", Binary.class).getData())));
    // release resources
    clientEncryption.close();
    mongoClient.close();
}

Example 10 with EncryptOptions

use of com.mongodb.client.model.vault.EncryptOptions in project mongo-java-driver by mongodb.

the class ClientSideEncryptionBypassAutoEncryptionTest method shouldAutoDecryptManuallyEncryptedData.

@Test
public void shouldAutoDecryptManuallyEncryptedData() {
    String fieldValue = "123456789";
    BsonBinary dataKeyId = clientEncryption.createDataKey("local", new DataKeyOptions());
    BsonBinary encryptedFieldValue = clientEncryption.encrypt(new BsonString(fieldValue), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
    MongoCollection<Document> collection = clientEncrypted.getDatabase(Fixture.getDefaultDatabaseName()).getCollection("test");
    collection.insertOne(new Document("encryptedField", encryptedFieldValue));
    assertEquals(fieldValue, collection.find().first().getString("encryptedField"));
}