Examples with ClientEncryption com.mongodb.client.vault.ClientEncryption used on opensource projects

Search in sources :

Example 1 with ClientEncryption

use of com.mongodb.client.vault.ClientEncryption in project mongo-java-driver by mongodb.

the class AbstractClientSideEncryptionKmsTlsTest method testInvalidKmsCertificate.

@Test
public void testInvalidKmsCertificate() {
    assumeTrue(System.getProperties().containsKey(SYSTEM_PROPERTY_KEY));
    TlsErrorType expectedKmsTlsError = TlsErrorType.fromSystemPropertyValue(System.getProperty(SYSTEM_PROPERTY_KEY));
    ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientSettings()).keyVaultNamespace("keyvault.datakeys").kmsProviders(new HashMap<String, Map<String, Object>>() {

        {
            put("aws", new HashMap<String, Object>() {

                {
                    put("accessKeyId", "fakeAccessKeyId");
                    put("secretAccessKey", "fakeSecretAccessKey");
                }
            });
        }
    }).build();
    try (ClientEncryption clientEncryption = getClientEncryption(clientEncryptionSettings)) {
        clientEncryption.createDataKey("aws", new DataKeyOptions().masterKey(BsonDocument.parse("{" + "region: \"us-east-1\", " + "key: \"arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0\"," + "endpoint: \"mongodb://127.0.0.1:8000\"}")));
        fail();
    } catch (MongoClientException e) {
        assertNotNull(expectedKmsTlsError.getCauseOfExpectedClass(e));
        assertTrue(expectedKmsTlsError.causeContainsExpectedMessage(e));
    }
}
Also used : ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings) MongoClientException(com.mongodb.MongoClientException) HashMap(java.util.HashMap) ClientEncryption(com.mongodb.client.vault.ClientEncryption) DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions) Test(org.junit.jupiter.api.Test)

Example 2 with ClientEncryption

use of com.mongodb.client.vault.ClientEncryption in project mongo-java-driver by mongodb.

the class AbstractClientSideEncryptionKmsTlsTest method testThatCustomSslContextIsUsed.

@Test()
public void testThatCustomSslContextIsUsed() {
    assumeTrue(serverVersionAtLeast(4, 2));
    assumeTrue(hasEncryptionTestsEnabled());
    Map<String, Map<String, Object>> kmsProviders = getKmsProviders();
    ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getMongoClientSettings()).keyVaultNamespace("keyvault.datakeys").kmsProviders(kmsProviders).kmsProviderSslContextMap(new HashMap<String, SSLContext>() {

        {
            put("aws", getUntrustingSslContext());
            put("azure", getUntrustingSslContext());
            put("gcp", getUntrustingSslContext());
            put("kmip", getUntrustingSslContext());
        }
    }).build();
    try (ClientEncryption clientEncryption = getClientEncryption(clientEncryptionSettings)) {
        outer: for (String curProvider : kmsProviders.keySet()) {
            Throwable e = assertThrows(MongoClientException.class, () -> clientEncryption.createDataKey(curProvider, new DataKeyOptions().masterKey(BsonDocument.parse(getMasterKey(curProvider)))));
            while (e != null) {
                if (e.getMessage().contains("Don't trust anything")) {
                    break outer;
                }
                e = e.getCause();
            }
            fail("No exception in the cause chain contains the expected string");
        }
    }
}
Also used : ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings) MongoClientException(com.mongodb.MongoClientException) HashMap(java.util.HashMap) ClientEncryption(com.mongodb.client.vault.ClientEncryption) HashMap(java.util.HashMap) Map(java.util.Map) DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions) Test(org.junit.jupiter.api.Test)

Example 3 with ClientEncryption

use of com.mongodb.client.vault.ClientEncryption in project mongo-java-driver by mongodb.

the class ClientSideEncryptionExplicitEncryptionOnlyTour method main.

/**
 * Run this main method to see the output of this quick example.
 *
 * @param args ignored args
 */
public static void main(final String[] args) {
    // This would have to be the same master key as was used to create the encryption key
    final byte[] localMasterKey = new byte[96];
    new SecureRandom().nextBytes(localMasterKey);
    Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {

        {
            put("local", new HashMap<String, Object>() {

                {
                    put("key", localMasterKey);
                }
            });
        }
    };
    MongoNamespace keyVaultNamespace = new MongoNamespace("encryption.testKeyVault");
    MongoClientSettings clientSettings = MongoClientSettings.builder().autoEncryptionSettings(AutoEncryptionSettings.builder().keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).bypassAutoEncryption(true).build()).build();
    MongoClient mongoClient = MongoClients.create(clientSettings);
    // Set up the key vault for this example
    MongoCollection<Document> keyVaultCollection = mongoClient.getDatabase(keyVaultNamespace.getDatabaseName()).getCollection(keyVaultNamespace.getCollectionName());
    keyVaultCollection.drop();
    // Ensure that two data keys cannot share the same keyAltName.
    keyVaultCollection.createIndex(Indexes.ascending("keyAltNames"), new IndexOptions().unique(true).partialFilterExpression(Filters.exists("keyAltNames")));
    MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
    // Clear old data
    collection.drop();
    // Create the ClientEncryption instance
    ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()).keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).build();
    ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
    BsonBinary dataKeyId = clientEncryption.createDataKey("local", new DataKeyOptions());
    // Explicitly encrypt a field
    BsonBinary encryptedFieldValue = clientEncryption.encrypt(new BsonString("123456789"), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
    collection.insertOne(new Document("encryptedField", encryptedFieldValue));
    // Automatically decrypts the encrypted field.
    System.out.println(collection.find().first().toJson());
    // release resources
    clientEncryption.close();
    mongoClient.close();
}
Also used : HashMap(java.util.HashMap) IndexOptions(com.mongodb.client.model.IndexOptions) BsonBinary(org.bson.BsonBinary) ClientEncryption(com.mongodb.client.vault.ClientEncryption) SecureRandom(java.security.SecureRandom) BsonString(org.bson.BsonString) ConnectionString(com.mongodb.ConnectionString) MongoClientSettings(com.mongodb.MongoClientSettings) MongoNamespace(com.mongodb.MongoNamespace) Document(org.bson.Document) DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions) MongoClient(com.mongodb.client.MongoClient) ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings) EncryptOptions(com.mongodb.client.model.vault.EncryptOptions) BsonString(org.bson.BsonString) ConnectionString(com.mongodb.ConnectionString) HashMap(java.util.HashMap) Map(java.util.Map)

Example 4 with ClientEncryption

use of com.mongodb.client.vault.ClientEncryption in project mongo-java-driver by mongodb.

the class ClientSideEncryptionExplicitEncryptionAndDecryptionTour method main.

/**
 * Run this main method to see the output of this quick example.
 *
 * @param args ignored args
 */
public static void main(final String[] args) {
    // This would have to be the same master key as was used to create the encryption key
    final byte[] localMasterKey = new byte[96];
    new SecureRandom().nextBytes(localMasterKey);
    Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {

        {
            put("local", new HashMap<String, Object>() {

                {
                    put("key", localMasterKey);
                }
            });
        }
    };
    MongoClientSettings clientSettings = MongoClientSettings.builder().build();
    MongoClient mongoClient = MongoClients.create(clientSettings);
    // Set up the key vault for this example
    MongoNamespace keyVaultNamespace = new MongoNamespace("encryption.testKeyVault");
    MongoCollection<Document> keyVaultCollection = mongoClient.getDatabase(keyVaultNamespace.getDatabaseName()).getCollection(keyVaultNamespace.getCollectionName());
    keyVaultCollection.drop();
    // Ensure that two data keys cannot share the same keyAltName.
    keyVaultCollection.createIndex(Indexes.ascending("keyAltNames"), new IndexOptions().unique(true).partialFilterExpression(Filters.exists("keyAltNames")));
    MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
    // Clear old data
    collection.drop();
    // Create the ClientEncryption instance
    ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()).keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).build();
    ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
    BsonBinary dataKeyId = clientEncryption.createDataKey("local", new DataKeyOptions());
    // Explicitly encrypt a field
    BsonBinary encryptedFieldValue = clientEncryption.encrypt(new BsonString("123456789"), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
    collection.insertOne(new Document("encryptedField", encryptedFieldValue));
    Document doc = collection.find().first();
    System.out.println(doc.toJson());
    // Explicitly decrypt the field
    System.out.println(clientEncryption.decrypt(new BsonBinary(doc.get("encryptedField", Binary.class).getData())));
    // release resources
    clientEncryption.close();
    mongoClient.close();
}
Also used : HashMap(java.util.HashMap) IndexOptions(com.mongodb.client.model.IndexOptions) BsonBinary(org.bson.BsonBinary) ClientEncryption(com.mongodb.client.vault.ClientEncryption) SecureRandom(java.security.SecureRandom) BsonString(org.bson.BsonString) ConnectionString(com.mongodb.ConnectionString) MongoClientSettings(com.mongodb.MongoClientSettings) MongoNamespace(com.mongodb.MongoNamespace) Document(org.bson.Document) DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions) MongoClient(com.mongodb.client.MongoClient) ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings) EncryptOptions(com.mongodb.client.model.vault.EncryptOptions) BsonString(org.bson.BsonString) ConnectionString(com.mongodb.ConnectionString) HashMap(java.util.HashMap) Map(java.util.Map)

Example 5 with ClientEncryption

use of com.mongodb.client.vault.ClientEncryption in project mongo-java-driver by mongodb.

the class ClientSideEncryptionAutoEncryptionSettingsTour method main.

/**
 * Run this main method to see the output of this quick example.
 *
 * Requires the mongodb-crypt library in the class path and mongocryptd on the system path.
 *
 * @param args ignored args
 */
public static void main(final String[] args) {
    // This would have to be the same master key as was used to create the encryption key
    final byte[] localMasterKey = new byte[96];
    new SecureRandom().nextBytes(localMasterKey);
    Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {

        {
            put("local", new HashMap<String, Object>() {

                {
                    put("key", localMasterKey);
                }
            });
        }
    };
    String keyVaultNamespace = "admin.datakeys";
    ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()).keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).build();
    ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
    BsonBinary dataKeyId = clientEncryption.createDataKey("local", new DataKeyOptions());
    final String base64DataKeyId = Base64.getEncoder().encodeToString(dataKeyId.getData());
    final String dbName = "test";
    final String collName = "coll";
    AutoEncryptionSettings autoEncryptionSettings = AutoEncryptionSettings.builder().keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).schemaMap(new HashMap<String, BsonDocument>() {

        {
            put(dbName + "." + collName, // Need a schema that references the new data key
            BsonDocument.parse("{" + "  properties: {" + "    encryptedField: {" + "      encrypt: {" + "        keyId: [{" + "          \"$binary\": {" + "            \"base64\": \"" + base64DataKeyId + "\"," + "            \"subType\": \"04\"" + "          }" + "        }]," + "        bsonType: \"string\"," + "        algorithm: \"AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic\"" + "      }" + "    }" + "  }," + "  \"bsonType\": \"object\"" + "}"));
        }
    }).build();
    MongoClientSettings clientSettings = MongoClientSettings.builder().autoEncryptionSettings(autoEncryptionSettings).build();
    MongoClient mongoClient = MongoClients.create(clientSettings);
    MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
    // Clear old data
    collection.drop();
    collection.insertOne(new Document("encryptedField", "123456789"));
    System.out.println(collection.find().first().toJson());
    // release resources
    mongoClient.close();
}
Also used : HashMap(java.util.HashMap) BsonBinary(org.bson.BsonBinary) ClientEncryption(com.mongodb.client.vault.ClientEncryption) SecureRandom(java.security.SecureRandom) ConnectionString(com.mongodb.ConnectionString) MongoClientSettings(com.mongodb.MongoClientSettings) Document(org.bson.Document) BsonDocument(org.bson.BsonDocument) DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions) MongoClient(com.mongodb.client.MongoClient) ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings) AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings) ConnectionString(com.mongodb.ConnectionString) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

ClientEncryption (com.mongodb.client.vault.ClientEncryption)8 HashMap (java.util.HashMap)8 ClientEncryptionSettings (com.mongodb.ClientEncryptionSettings)7 DataKeyOptions (com.mongodb.client.model.vault.DataKeyOptions)7 Map (java.util.Map)6 ConnectionString (com.mongodb.ConnectionString)5 MongoClientSettings (com.mongodb.MongoClientSettings)5 EncryptOptions (com.mongodb.client.model.vault.EncryptOptions)5 SecureRandom (java.security.SecureRandom)5 BsonBinary (org.bson.BsonBinary)5 BsonString (org.bson.BsonString)5 Document (org.bson.Document)5 MongoNamespace (com.mongodb.MongoNamespace)4 IndexOptions (com.mongodb.client.model.IndexOptions)4 MongoClient (com.mongodb.client.MongoClient)3 MongoClientException (com.mongodb.MongoClientException)2 InsertOneResult (com.mongodb.client.result.InsertOneResult)2 MongoClient (com.mongodb.reactivestreams.client.MongoClient)2 BsonDocument (org.bson.BsonDocument)2 Test (org.junit.jupiter.api.Test)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial