[JAVA-3335] Explicit encryption keyAltName not supported Created: 26/Jun/19  Updated: 28/Oct/23  Resolved: 04/Jul/19

Status: Closed
Project: Java Driver
Component/s: Client Side Encryption
Affects Version/s: 3.11.0
Fix Version/s: 3.11.0

Type: Bug Priority: Major - P3
Reporter: Kevin Albertson Assignee: Ross Lawley
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to MONGOCRYPT-4 Explicit encryption with keyAltName b... Closed
Epic Link: Client-side FLE

 Description   

It appears that explicit encryption does not currently work when only specifying the keyAltName.

 private static void explicit_encrypt_bug () {
        Map kmsProviders = new HashMap();
        Map awsCreds = new HashMap();
        if (System.getenv().get("AWS_ACCESS_KEY_ID") == null || System.getenv().get("AWS_SECRET_ACCESS_KEY") == null) {
            throw new IllegalArgumentException("no aws creds set");
        }
        awsCreds.put("accessKeyId", System.getenv().get("AWS_ACCESS_KEY_ID"));
        awsCreds.put("secretAccessKey", System.getenv().get("AWS_SECRET_ACCESS_KEY"));
        kmsProviders.put ("aws", awsCreds);
 
        ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder().
                keyVaultMongoClientSettings(MongoClientSettings.builder().build()).
                kmsProviders(kmsProviders).
                keyVaultNamespace("admin.datakeys").build();
        ClientEncryption clientEncryption = ClientEncryptions.create (clientEncryptionSettings);
        EncryptOptions opts = new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic");
        opts.keyAltName(new BsonString("mykey"));
        System.out.println(clientEncryption.encrypt(new BsonString("123456789"), opts));
    }

This fails with the following stack trace:

Exception in thread "main" java.lang.NullPointerException
	at com.mongodb.crypt.capi.MongoCryptImpl.createExplicitEncryptionContext(MongoCryptImpl.java:209)
	at com.mongodb.client.internal.Crypt.encryptExplicitly(Crypt.java:176)
	at com.mongodb.client.internal.ClientEncryptionImpl.encrypt(ClientEncryptionImpl.java:60)
	at Runner.explicit_encrypt_bug(Runner.java:257)
	at Runner.main(Runner.java:262)

It looks like keyAltName needs to be checked and set around here.

There was no prose test of explicit encryption with keyAltName, so I also created https://jira.mongodb.org/browse/SPEC-1337.



 Comments   
Comment by Githook User [ 04/Jul/19 ]

Author:

{'name': 'Ross Lawley', 'email': 'ross.lawley@gmail.com', 'username': 'rozza'}

Message: Added alt key name support

JAVA-3335
Branch: master
https://github.com/mongodb/mongo-java-driver/commit/fd166edddad2e7631f81a2507196489aef9e5025

Comment by Ross Lawley [ 03/Jul/19 ]

PR: https://github.com/rozza/mongo-java-driver/pull/327

Comment by Ross Lawley [ 02/Jul/19 ]

Upstream work done, now for the driver implementation and tests.

Comment by Githook User [ 02/Jul/19 ]

Author:

{'name': 'Ross Lawley', 'username': 'rozza', 'email': 'ross.lawley@gmail.com'}

Message: Add support for keyAltName

JAVA-3335
Branch: master
https://github.com/mongodb/libmongocrypt/commit/18a04b1f8a952604e5478b2b9b77987be56dd425

Comment by Ross Lawley [ 02/Jul/19 ]

PR: https://github.com/mongodb/libmongocrypt/pull/22

Generated at Thu Feb 08 08:59:21 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.