Details
-
Bug
-
Resolution: Fixed
-
Major - P3
-
3.11.0
-
None
Description
It appears that explicit encryption does not currently work when only specifying the keyAltName.
private static void explicit_encrypt_bug () {
|
Map kmsProviders = new HashMap();
|
Map awsCreds = new HashMap();
|
if (System.getenv().get("AWS_ACCESS_KEY_ID") == null || System.getenv().get("AWS_SECRET_ACCESS_KEY") == null) {
|
throw new IllegalArgumentException("no aws creds set");
|
}
|
awsCreds.put("accessKeyId", System.getenv().get("AWS_ACCESS_KEY_ID"));
|
awsCreds.put("secretAccessKey", System.getenv().get("AWS_SECRET_ACCESS_KEY"));
|
kmsProviders.put ("aws", awsCreds);
|
|
|
ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().
|
keyVaultMongoClientSettings(MongoClientSettings.builder().build()).
|
kmsProviders(kmsProviders).
|
keyVaultNamespace("admin.datakeys").build();
|
ClientEncryption clientEncryption = ClientEncryptions.create (clientEncryptionSettings);
|
EncryptOptions opts = new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic");
|
opts.keyAltName(new BsonString("mykey"));
|
System.out.println(clientEncryption.encrypt(new BsonString("123456789"), opts));
|
}
|
This fails with the following stack trace:
Exception in thread "main" java.lang.NullPointerException
|
at com.mongodb.crypt.capi.MongoCryptImpl.createExplicitEncryptionContext(MongoCryptImpl.java:209)
|
at com.mongodb.client.internal.Crypt.encryptExplicitly(Crypt.java:176)
|
at com.mongodb.client.internal.ClientEncryptionImpl.encrypt(ClientEncryptionImpl.java:60)
|
at Runner.explicit_encrypt_bug(Runner.java:257)
|
at Runner.main(Runner.java:262)
|
It looks like keyAltName needs to be checked and set around here.
There was no prose test of explicit encryption with keyAltName, so I also created https://jira.mongodb.org/browse/SPEC-1337.
Attachments
Issue Links
- related to
-
MONGOCRYPT-4 Explicit encryption with keyAltName broken
-
- Closed
-