Example usage for com.mongodb ClientEncryptionSettings builder

List of usage examples for com.mongodb ClientEncryptionSettings builder

  1. HOME
  2. Java
  3. com.mongodb
  4. com.mongodb.*
  5. ClientEncryptionSettings
  6. builder

Introduction

In this page you can find the example usage for com.mongodb ClientEncryptionSettings builder.

Prototype

public static Builder builder()

Source Link

Document

Convenience method to create a Builder.

Usage

From source file:tour.ClientSideEncryptionAutoEncryptionSettingsTour.java

License:Apache License

/**
 * Run this main method to see the output of this quick example.
 *
 * Requires the mongodb-crypt library in the class path and mongocryptd on the system path.
 *
 * @param args ignored args//from w  w w.j a  v a2 s .  c om
 */
public static void main(final String[] args) {

    // This would have to be the same master key as was used to create the encryption key
    final byte[] localMasterKey = new byte[96];
    new SecureRandom().nextBytes(localMasterKey);

    Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
        {
            put("local", new HashMap<String, Object>() {
                {
                    put("key", localMasterKey);
                }
            });
        }
    };

    String keyVaultNamespace = "admin.datakeys";
    ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder()
            .keyVaultMongoClientSettings(MongoClientSettings.builder()
                    .applyConnectionString(new ConnectionString("mongodb://localhost")).build())
            .keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).build();

    ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
    BsonBinary dataKeyId = clientEncryption.createDataKey("local", new DataKeyOptions());
    final String base64DataKeyId = Base64.getEncoder().encodeToString(dataKeyId.getData());

    final String dbName = "test";
    final String collName = "coll";
    AutoEncryptionSettings autoEncryptionSettings = AutoEncryptionSettings.builder()
            .keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders)
            .schemaMap(new HashMap<String, BsonDocument>() {
                {
                    put(dbName + "." + collName,
                            // Need a schema that references the new data key
                            BsonDocument.parse("{" + "  properties: {" + "    encryptedField: {"
                                    + "      encrypt: {" + "        keyId: [{" + "          \"$binary\": {"
                                    + "            \"base64\": \"" + base64DataKeyId + "\","
                                    + "            \"subType\": \"04\"" + "          }" + "        }],"
                                    + "        bsonType: \"string\","
                                    + "        algorithm: \"AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic\""
                                    + "      }" + "    }" + "  }," + "  \"bsonType\": \"object\"" + "}"));
                }
            }).build();

    MongoClientSettings clientSettings = MongoClientSettings.builder()
            .autoEncryptionSettings(autoEncryptionSettings).build();

    MongoClient mongoClient = MongoClients.create(clientSettings);
    MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
    collection.drop(); // Clear old data

    collection.insertOne(new Document("encryptedField", "123456789"));

    System.out.println(collection.find().first().toJson());

    // release resources
    mongoClient.close();
}