Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-3335

Explicit encryption keyAltName not supported

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.11.0
    • Fix Version/s: 3.11.0
    • Component/s: Client Side Encryption
    • Labels:
      None

      Description

      It appears that explicit encryption does not currently work when only specifying the keyAltName.

       private static void explicit_encrypt_bug () {
              Map kmsProviders = new HashMap();
              Map awsCreds = new HashMap();
              if (System.getenv().get("AWS_ACCESS_KEY_ID") == null || System.getenv().get("AWS_SECRET_ACCESS_KEY") == null) {
                  throw new IllegalArgumentException("no aws creds set");
              }
              awsCreds.put("accessKeyId", System.getenv().get("AWS_ACCESS_KEY_ID"));
              awsCreds.put("secretAccessKey", System.getenv().get("AWS_SECRET_ACCESS_KEY"));
              kmsProviders.put ("aws", awsCreds);
       
              ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().
                      keyVaultMongoClientSettings(MongoClientSettings.builder().build()).
                      kmsProviders(kmsProviders).
                      keyVaultNamespace("admin.datakeys").build();
              ClientEncryption clientEncryption = ClientEncryptions.create (clientEncryptionSettings);
              EncryptOptions opts = new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic");
              opts.keyAltName(new BsonString("mykey"));
              System.out.println(clientEncryption.encrypt(new BsonString("123456789"), opts));
          }
      

      This fails with the following stack trace:

      Exception in thread "main" java.lang.NullPointerException
      	at com.mongodb.crypt.capi.MongoCryptImpl.createExplicitEncryptionContext(MongoCryptImpl.java:209)
      	at com.mongodb.client.internal.Crypt.encryptExplicitly(Crypt.java:176)
      	at com.mongodb.client.internal.ClientEncryptionImpl.encrypt(ClientEncryptionImpl.java:60)
      	at Runner.explicit_encrypt_bug(Runner.java:257)
      	at Runner.main(Runner.java:262)
      

      It looks like keyAltName needs to be checked and set around here.

      There was no prose test of explicit encryption with keyAltName, so I also created https://jira.mongodb.org/browse/SPEC-1337.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: