Search in sources :

Example 1 with ClientEncryption

use of com.mongodb.reactivestreams.client.vault.ClientEncryption in project mongo-java-driver by mongodb.

the class ClientSideEncryptionAutoEncryptionSettingsTour method main.

/**
 * Run this main method to see the output of this quick example.
 *
 * Requires the mongodb-crypt library in the class path and mongocryptd on the system path.
 *
 * @param args ignored args
 */
public static void main(final String[] args) {
    // This would have to be the same master key as was used to create the encryption key
    final byte[] localMasterKey = new byte[96];
    new SecureRandom().nextBytes(localMasterKey);
    Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {

        {
            put("local", new HashMap<String, Object>() {

                {
                    put("key", localMasterKey);
                }
            });
        }
    };
    String keyVaultNamespace = "admin.datakeys";
    ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().keyVaultMongoClientSettings(MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()).keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).build();
    ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
    ObservableSubscriber<BsonBinary> dataKeySubscriber = new OperationSubscriber<>();
    clientEncryption.createDataKey("local", new DataKeyOptions()).subscribe(dataKeySubscriber);
    dataKeySubscriber.await();
    String base64DataKeyId = Base64.getEncoder().encodeToString(dataKeySubscriber.getReceived().get(0).getData());
    final String dbName = "test";
    final String collName = "coll";
    AutoEncryptionSettings autoEncryptionSettings = AutoEncryptionSettings.builder().keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).schemaMap(new HashMap<String, BsonDocument>() {

        {
            put(dbName + "." + collName, // Need a schema that references the new data key
            BsonDocument.parse("{" + "  properties: {" + "    encryptedField: {" + "      encrypt: {" + "        keyId: [{" + "          \"$binary\": {" + "            \"base64\": \"" + base64DataKeyId + "\"," + "            \"subType\": \"04\"" + "          }" + "        }]," + "        bsonType: \"string\"," + "        algorithm: \"AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic\"" + "      }" + "    }" + "  }," + "  \"bsonType\": \"object\"" + "}"));
        }
    }).build();
    MongoClientSettings clientSettings = MongoClientSettings.builder().autoEncryptionSettings(autoEncryptionSettings).build();
    MongoClient mongoClient = MongoClients.create(clientSettings);
    MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
    ObservableSubscriber<Void> successSubscriber = new OperationSubscriber<>();
    collection.drop().subscribe(successSubscriber);
    successSubscriber.await();
    ObservableSubscriber<InsertOneResult> insertOneSubscriber = new OperationSubscriber<>();
    collection.insertOne(new Document("encryptedField", "123456789")).subscribe(insertOneSubscriber);
    insertOneSubscriber.await();
    ObservableSubscriber<Document> documentSubscriber = new PrintDocumentSubscriber();
    collection.find().first().subscribe(documentSubscriber);
    documentSubscriber.await();
    // release resources
    mongoClient.close();
}
Also used : PrintDocumentSubscriber(reactivestreams.helpers.SubscriberHelpers.PrintDocumentSubscriber) HashMap(java.util.HashMap) ClientEncryption(com.mongodb.reactivestreams.client.vault.ClientEncryption) ConnectionString(com.mongodb.ConnectionString) Document(org.bson.Document) BsonDocument(org.bson.BsonDocument) DataKeyOptions(com.mongodb.client.model.vault.DataKeyOptions) MongoClient(com.mongodb.reactivestreams.client.MongoClient) ClientEncryptionSettings(com.mongodb.ClientEncryptionSettings) InsertOneResult(com.mongodb.client.result.InsertOneResult) BsonBinary(org.bson.BsonBinary) OperationSubscriber(reactivestreams.helpers.SubscriberHelpers.OperationSubscriber) SecureRandom(java.security.SecureRandom) MongoClientSettings(com.mongodb.MongoClientSettings) AutoEncryptionSettings(com.mongodb.AutoEncryptionSettings) ConnectionString(com.mongodb.ConnectionString) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

AutoEncryptionSettings (com.mongodb.AutoEncryptionSettings)1 ClientEncryptionSettings (com.mongodb.ClientEncryptionSettings)1 ConnectionString (com.mongodb.ConnectionString)1 MongoClientSettings (com.mongodb.MongoClientSettings)1 DataKeyOptions (com.mongodb.client.model.vault.DataKeyOptions)1 InsertOneResult (com.mongodb.client.result.InsertOneResult)1 MongoClient (com.mongodb.reactivestreams.client.MongoClient)1 ClientEncryption (com.mongodb.reactivestreams.client.vault.ClientEncryption)1 SecureRandom (java.security.SecureRandom)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 BsonBinary (org.bson.BsonBinary)1 BsonDocument (org.bson.BsonDocument)1 Document (org.bson.Document)1 OperationSubscriber (reactivestreams.helpers.SubscriberHelpers.OperationSubscriber)1 PrintDocumentSubscriber (reactivestreams.helpers.SubscriberHelpers.PrintDocumentSubscriber)1