Details
-
Bug
-
Resolution: Works as Designed
-
Major - P3
-
None
-
None
-
None
Description
The createKey() method called to create a data encryption key in client-side field level encryption inserts a document containing details about the key into the keyVault collection. The _id field is assigned a UUID and is referenced by the JSON Schema that provides field encryption instructions.
According to the CSFLE driver spec, this UUID should be binary type 4:
However, upon retrieval (when querying using binary type 4 UUID), it is displayed as type 3 (legacy UUID, deprecated type).
E.g.
Bson query = Filters.eq("_id", new Binary((byte) 4, Base64.getDecoder().decode(base64KeyId)));
returns a document:
, "...}
While this does not appear to impact the functionality when using the Java (3.11.0 sync) driver, it may be due to and cause issues for other drivers.
To reproduce, this code can be used to create the data key:
And the query will look something like this (where base64KeyId is the UUID encoded in base64 which is returned from the createKey() method call):
Bson query = Filters.eq("id", new Binary((byte) 4, Base64._getDecoder().decode(base64KeyId)));
Document doc = collection.find(query).first();
System.out.println(doc.toJson());
Note/Question: the output also appears to be extended json v1, but the documentation mentions the Java driver should be using v2. Perhaps the default behavior of Document.toJson() is to print v1 even if the underlying representation is v2? https://docs.mongodb.com/manual/reference/mongodb-extended-json/