Example usage for com.mongodb ClientEncryptionSettings builder

List of usage examples for com.mongodb ClientEncryptionSettings builder

Introduction

In this page you can find the example usage for com.mongodb ClientEncryptionSettings builder.

Prototype

public static Builder builder() 

Source Link

Document

Convenience method to create a Builder.

Usage

From source file:tour.ClientSideEncryptionAutoEncryptionSettingsTour.java

License:Apache License

/**
 * Run this main method to see the output of this quick example.
 *
 * Requires the mongodb-crypt library in the class path and mongocryptd on the system path.
 *
 * @param args ignored args//from w  w w.j a  v a2 s .  c om
 */
public static void main(final String[] args) {

    // This would have to be the same master key as was used to create the encryption key
    final byte[] localMasterKey = new byte[96];
    new SecureRandom().nextBytes(localMasterKey);

    Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>() {
        {
            put("local", new HashMap<String, Object>() {
                {
                    put("key", localMasterKey);
                }
            });
        }
    };

    String keyVaultNamespace = "admin.datakeys";
    ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder()
            .keyVaultMongoClientSettings(MongoClientSettings.builder()
                    .applyConnectionString(new ConnectionString("mongodb://localhost")).build())
            .keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).build();

    ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
    BsonBinary dataKeyId = clientEncryption.createDataKey("local", new DataKeyOptions());
    final String base64DataKeyId = Base64.getEncoder().encodeToString(dataKeyId.getData());

    final String dbName = "test";
    final String collName = "coll";
    AutoEncryptionSettings autoEncryptionSettings = AutoEncryptionSettings.builder()
            .keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders)
            .schemaMap(new HashMap<String, BsonDocument>() {
                {
                    put(dbName + "." + collName,
                            // Need a schema that references the new data key
                            BsonDocument.parse("{" + "  properties: {" + "    encryptedField: {"
                                    + "      encrypt: {" + "        keyId: [{" + "          \"$binary\": {"
                                    + "            \"base64\": \"" + base64DataKeyId + "\","
                                    + "            \"subType\": \"04\"" + "          }" + "        }],"
                                    + "        bsonType: \"string\","
                                    + "        algorithm: \"AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic\""
                                    + "      }" + "    }" + "  }," + "  \"bsonType\": \"object\"" + "}"));
                }
            }).build();

    MongoClientSettings clientSettings = MongoClientSettings.builder()
            .autoEncryptionSettings(autoEncryptionSettings).build();

    MongoClient mongoClient = MongoClients.create(clientSettings);
    MongoCollection<Document> collection = mongoClient.getDatabase("test").getCollection("coll");
    collection.drop(); // Clear old data

    collection.insertOne(new Document("encryptedField", "123456789"));

    System.out.println(collection.find().first().toJson());

    // release resources
    mongoClient.close();
}