Examples with ClientEncryption com.mongodb.client.vault.ClientEncryption used on opensource projects
Example 6 with ClientEncryption
use of com.mongodb.client.vault.ClientEncryption in project mongo-java-driver by mongodb.
the class AbstractClientSideEncryptionDeadlockTest method setUp.
@BeforeEach
public void setUp() throws IOException, URISyntaxException {
assumeTrue(serverVersionAtLeast(4, 2));
assumeTrue(isClientSideEncryptionTest());
MongoDatabase keyVaultDatabase = getMongoClient().getDatabase("keyvault");
MongoCollection<BsonDocument> dataKeysCollection = keyVaultDatabase.getCollection("datakeys", BsonDocument.class).withWriteConcern(WriteConcern.MAJORITY);
dataKeysCollection.drop();
dataKeysCollection.insertOne(bsonDocumentFromPath("external-key.json"));
MongoDatabase encryptedDatabase = getMongoClient().getDatabase("db");
MongoCollection<BsonDocument> encryptedCollection = encryptedDatabase.getCollection("coll", BsonDocument.class).withWriteConcern(WriteConcern.MAJORITY);
encryptedCollection.drop();
encryptedDatabase.createCollection("coll", new CreateCollectionOptions().validationOptions(new ValidationOptions().validator(new BsonDocument("$jsonSchema", bsonDocumentFromPath("external-schema.json")))));
kmsProviders = new HashMap<>();
Map<String, Object> localProviderMap = new HashMap<>();
localProviderMap.put("key", Base64.getDecoder().decode("Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZ" + "GJkTXVyZG9uSjFk"));
kmsProviders.put("local", localProviderMap);
ClientEncryption clientEncryption = ClientEncryptions.create(ClientEncryptionSettings.builder().keyVaultMongoClientSettings(getKeyVaultClientSettings(new TestCommandListener())).keyVaultNamespace("keyvault.datakeys").kmsProviders(kmsProviders).build());
cipherText = clientEncryption.encrypt(new BsonString("string0"), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyAltName("local"));
clientEncryption.close();
}
Also used :
HashMap(java.util.HashMap)
TestCommandListener(com.mongodb.internal.connection.TestCommandListener)
ClientEncryption(com.mongodb.client.vault.ClientEncryption)
BsonString(org.bson.BsonString)
ValidationOptions(com.mongodb.client.model.ValidationOptions)
BsonDocument(org.bson.BsonDocument)
EncryptOptions(com.mongodb.client.model.vault.EncryptOptions)
BsonString(org.bson.BsonString)
CreateCollectionOptions(com.mongodb.client.model.CreateCollectionOptions)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 7 with ClientEncryption
use of com.mongodb.client.vault.ClientEncryption in project mongo-java-driver by mongodb.
the class ClientSideEncryptionExplicitEncryptionOnlyTour method main.
/**
* Run this main method to see the output of this quick example.
*
* Requires the mongodb-crypt library in the class path and mongocryptd on the system path.
* Assumes the schema has already been created in MongoDB.
*
* @param args ignored args
*/
public static void main(final String[] args) {
// This would have to be the same master key as was used to create the encryption key
final byte[] localMasterKey = new byte[96];
new SecureRandom().nextBytes(localMasterKey);
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("local", new HashMap<String, Object>() {
{
put("key", localMasterKey);
}
});
}
};
MongoNamespace keyVaultNamespace = new MongoNamespace("encryption.testKeyVault");
MongoClientSettings clientSettings = MongoClientSettings.builder().autoEncryptionSettings(AutoEncryptionSettings.builder().keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).bypassAutoEncryption(true).build()).build();
MongoClient mongoClient = MongoClients.create(clientSettings);
// Set up the key vault for this example
MongoCollection<Document> keyVaultCollection = mongoClient.getDatabase(keyVaultNamespace.getDatabaseName()).getCollection(keyVaultNamespace.getCollectionName());
ObservableSubscriber<Void> successSubscriber = new OperationSubscriber<>();
keyVaultCollection.drop().subscribe(successSubscriber);
successSubscriber.await();
// Ensure that two data keys cannot share the same keyAltName.
ObservableSubscriber<String> indexSubscriber = new OperationSubscriber<>();
keyVaultCollection.createIndex(Indexes.ascending("keyAltNames"), new IndexOptions().unique(true).partialFilterExpression(Filters.exists("keyAltNames"))).subscribe(indexSubscriber);
indexSubscriber.await();
MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
successSubscriber = new OperationSubscriber<>();
collection.drop().subscribe(successSubscriber);
successSubscriber.await();
// Create the ClientEncryption instance
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()).keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).build();
ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
BsonBinary dataKeyId = clientEncryption.createDataKey("local", new DataKeyOptions());
// Explicitly encrypt a field
BsonBinary encryptedFieldValue = clientEncryption.encrypt(new BsonString("123456789"), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
ObservableSubscriber<InsertOneResult> insertOneSubscriber = new OperationSubscriber<>();
collection.insertOne(new Document("encryptedField", encryptedFieldValue)).subscribe(insertOneSubscriber);
insertOneSubscriber.await();
ObservableSubscriber<Document> documentSubscriber = new OperationSubscriber<>();
collection.find().first().subscribe(documentSubscriber);
Document doc = documentSubscriber.get().get(0);
System.out.println(doc.toJson());
// release resources
clientEncryption.close();
mongoClient.close();
}
Also used :
HashMap(java.util.HashMap)
ClientEncryption(com.mongodb.client.vault.ClientEncryption)
BsonString(org.bson.BsonString)
ConnectionString(com.mongodb.ConnectionString)
Document(org.bson.Document)
DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions)
MongoClient(com.mongodb.reactivestreams.client.MongoClient)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
EncryptOptions(com.mongodb.client.model.vault.EncryptOptions)
InsertOneResult(com.mongodb.client.result.InsertOneResult)
IndexOptions(com.mongodb.client.model.IndexOptions)
OperationSubscriber(reactivestreams.helpers.SubscriberHelpers.OperationSubscriber)
BsonBinary(org.bson.BsonBinary)
SecureRandom(java.security.SecureRandom)
MongoClientSettings(com.mongodb.MongoClientSettings)
MongoNamespace(com.mongodb.MongoNamespace)
BsonString(org.bson.BsonString)
ConnectionString(com.mongodb.ConnectionString)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 8 with ClientEncryption
use of com.mongodb.client.vault.ClientEncryption in project mongo-java-driver by mongodb.
the class ClientSideEncryptionExplicitEncryptionAndDecryptionTour method main.
/**
* Run this main method to see the output of this quick example.
*
* Requires the mongodb-crypt library in the class path and mongocryptd on the system path.
* Assumes the schema has already been created in MongoDB.
*
* @param args ignored args
*/
public static void main(final String[] args) {
// This would have to be the same master key as was used to create the encryption key
final byte[] localMasterKey = new byte[96];
new SecureRandom().nextBytes(localMasterKey);
Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
{
put("local", new HashMap<String, Object>() {
{
put("key", localMasterKey);
}
});
}
};
MongoNamespace keyVaultNamespace = new MongoNamespace("encryption.testKeyVault");
MongoClientSettings clientSettings = MongoClientSettings.builder().build();
MongoClient mongoClient = MongoClients.create(clientSettings);
// Set up the key vault for this example
MongoCollection<Document> keyVaultCollection = mongoClient.getDatabase(keyVaultNamespace.getDatabaseName()).getCollection(keyVaultNamespace.getCollectionName());
ObservableSubscriber<Void> successSubscriber = new OperationSubscriber<>();
keyVaultCollection.drop().subscribe(successSubscriber);
successSubscriber.await();
// Ensure that two data keys cannot share the same keyAltName.
ObservableSubscriber<String> indexSubscriber = new OperationSubscriber<>();
keyVaultCollection.createIndex(Indexes.ascending("keyAltNames"), new IndexOptions().unique(true).partialFilterExpression(Filters.exists("keyAltNames"))).subscribe(indexSubscriber);
indexSubscriber.await();
MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
successSubscriber = new OperationSubscriber<>();
collection.drop().subscribe(successSubscriber);
successSubscriber.await();
// Create the ClientEncryption instance
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()).keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).build();
ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
BsonBinary dataKeyId = clientEncryption.createDataKey("local", new DataKeyOptions());
// Explicitly encrypt a field
BsonBinary encryptedFieldValue = clientEncryption.encrypt(new BsonString("123456789"), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId));
ObservableSubscriber<InsertOneResult> insertOneSubscriber = new OperationSubscriber<>();
collection.insertOne(new Document("encryptedField", encryptedFieldValue)).subscribe(insertOneSubscriber);
insertOneSubscriber.await();
ObservableSubscriber<Document> documentSubscriber = new OperationSubscriber<>();
collection.find().first().subscribe(documentSubscriber);
Document doc = documentSubscriber.get().get(0);
System.out.println(doc.toJson());
// Explicitly decrypt the field
System.out.println(clientEncryption.decrypt(new BsonBinary(doc.get("encryptedField", Binary.class).getData())));
// release resources
clientEncryption.close();
mongoClient.close();
}
Also used :
HashMap(java.util.HashMap)
ClientEncryption(com.mongodb.client.vault.ClientEncryption)
BsonString(org.bson.BsonString)
ConnectionString(com.mongodb.ConnectionString)
Document(org.bson.Document)
DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions)
MongoClient(com.mongodb.reactivestreams.client.MongoClient)
ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings)
EncryptOptions(com.mongodb.client.model.vault.EncryptOptions)
InsertOneResult(com.mongodb.client.result.InsertOneResult)
IndexOptions(com.mongodb.client.model.IndexOptions)
OperationSubscriber(reactivestreams.helpers.SubscriberHelpers.OperationSubscriber)
BsonBinary(org.bson.BsonBinary)
SecureRandom(java.security.SecureRandom)
MongoClientSettings(com.mongodb.MongoClientSettings)
MongoNamespace(com.mongodb.MongoNamespace)
BsonString(org.bson.BsonString)
ConnectionString(com.mongodb.ConnectionString)
HashMap(java.util.HashMap)
Map(java.util.Map)
Aggregations
ClientEncryption (com.mongodb.client.vault.ClientEncryption)8
HashMap (java.util.HashMap)8
ClientEncryptionSettings (com.mongodb.ClientEncryptionSettings)7
DataKeyOptions (com.mongodb.client.model.vault.DataKeyOptions)7
Map (java.util.Map)6
ConnectionString (com.mongodb.ConnectionString)5
MongoClientSettings (com.mongodb.MongoClientSettings)5
EncryptOptions (com.mongodb.client.model.vault.EncryptOptions)5
SecureRandom (java.security.SecureRandom)5
BsonBinary (org.bson.BsonBinary)5
BsonString (org.bson.BsonString)5
Document (org.bson.Document)5
MongoNamespace (com.mongodb.MongoNamespace)4
IndexOptions (com.mongodb.client.model.IndexOptions)4
MongoClient (com.mongodb.client.MongoClient)3
MongoClientException (com.mongodb.MongoClientException)2
InsertOneResult (com.mongodb.client.result.InsertOneResult)2
MongoClient (com.mongodb.reactivestreams.client.MongoClient)2
BsonDocument (org.bson.BsonDocument)2
Test (org.junit.jupiter.api.Test)2
