Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-3335

Explicit encryption keyAltName not supported

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.11.0
    • Affects Version/s: 3.11.0
    • Component/s: Client Side Encryption
    • None

      It appears that explicit encryption does not currently work when only specifying the keyAltName.

       private static void explicit_encrypt_bug () {
        Map kmsProviders = new HashMap();
        Map awsCreds = new HashMap();
        if (System.getenv().get("AWS_ACCESS_KEY_ID") == null || System.getenv().get("AWS_SECRET_ACCESS_KEY") == null) {
            throw new IllegalArgumentException("no aws creds set");
        }
        awsCreds.put("accessKeyId", System.getenv().get("AWS_ACCESS_KEY_ID"));
        awsCreds.put("secretAccessKey", System.getenv().get("AWS_SECRET_ACCESS_KEY"));
        kmsProviders.put ("aws", awsCreds);

        ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().
                keyVaultMongoClientSettings(MongoClientSettings.builder().build()).
                kmsProviders(kmsProviders).
                keyVaultNamespace("admin.datakeys").build();
        ClientEncryption clientEncryption = ClientEncryptions.create (clientEncryptionSettings);
        EncryptOptions opts = new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic");
        opts.keyAltName(new BsonString("mykey"));
        System.out.println(clientEncryption.encrypt(new BsonString("123456789"), opts));
    }

      This fails with the following stack trace:

      Exception in thread "main" java.lang.NullPointerException
	at com.mongodb.crypt.capi.MongoCryptImpl.createExplicitEncryptionContext(MongoCryptImpl.java:209)
	at com.mongodb.client.internal.Crypt.encryptExplicitly(Crypt.java:176)
	at com.mongodb.client.internal.ClientEncryptionImpl.encrypt(ClientEncryptionImpl.java:60)
	at Runner.explicit_encrypt_bug(Runner.java:257)
	at Runner.main(Runner.java:262)

      It looks like keyAltName needs to be checked and set around here.

      There was no prose test of explicit encryption with keyAltName, so I also created https://jira.mongodb.org/browse/SPEC-1337.

            Assignee:
            ross@mongodb.com Ross Lawley
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: