[JAVA-3448] CSFLE - garbled creationDate and updateDate fields for data encryption key documents Created: 25/Sep/19 Updated: 07/Oct/19 Resolved: 07/Oct/19 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | Client Side Encryption |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Christopher Cho | Assignee: | Jeffrey Yemin |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Description |
|
When creating a data encryption key via the createKey() method for client-side field level encryption, a new document is created that contains fields such as a UUID, encrypted key, creationDate, updateDate, status, and masterKey document.
Here are a few examples of documents that were created using the 3.11.0 sync driver: { "_id" : UUID("bdc04a10-a231-4a2e-b8d2-af32cf3f9b77"), "keyMaterial" : BinData(0,"F/J5R4YVcvxYh1QcdrZ1zXbqkEGEzH4UctOpzqHw3JfGeAf2wfv7nh6jsSMDSIpx0ueRX5aWPy/hWYe69A9wGryR5ecSRYgeNp2FdFzLjTQ73fZcEZ/Szf+pw6wzHI+mc0qDAM5cRwtthcXiNx4mvQcEQyaP7PLwglU5Dt182CvrbukcMDfkcHfVMA3wJRZlJ+sH/d0vaSwPc2P8F8wctg=="), "creationDate" : ISODate("20404-12-07T04:50:09Z"), "updateDate" : ISODate("20404-12-07T04:50:09Z"), "status" : 0, "masterKey" : \{ "provider" : "local" }} { "_id" : UUID("222b2c28-49a8-417d-a711-0be15978625a"), "keyMaterial" : BinData(0,"7BlqwT30CgVT/8mGR0iU16JJvWrbXYRwCkgW5xHAmTWJV3fqZewJBEVfiGyuUg85qwAN2RsomX1MKiJnbtDOIacbtJIuLN1d7tucpt9D1tsXY5hBPCSs7ZGgOVipvdQdG/rFzthMnUnWR9SUoRSoXWdgsdWCw/vMv4RqegIgqsea09pOl9UyCZfJ4FSAgK2KsUTOZlpqWZRMebUvqH6jHA=="), "creationDate" : ISODate("20405-07-25T14:11:53Z"), "updateDate" : ISODate("20405-07-25T14:11:53Z"), "status" : 0, "masterKey" : \{ "provider" : "local" }} { "_id" : UUID("450b1a1f-0462-4448-b81b-4bd1b4187823"), "keyMaterial" : BinData(0,"/e4RMEFJV0j5MAl/O3ohYgUeUyAVVqPMXGblRtjKbFUJk2uTcaeHISVifV1pq/djB6PIAEuPwpu/QDr3KDM+8ma4umPNfPc2cShk+++jpNDYWQOTbHkpjwdkpV09mnyIJ7h1N+78zwp35NUxL6sYH3Xj5vRjfecL7a1GaXARpzwP3QCcWEnhlmvppk8IwBhS8JCkdb3U6oQX47kwNDNCwA=="), "creationDate" : ISODate("20458-07-07T19:33:47Z"), "updateDate" : ISODate("20458-07-07T19:33:47Z"), "status" : 0, "masterKey" : \{ "provider" : "local" }} { "_id" : UUID("31c062d2-2d74-4a9e-ac6f-914637163387"), "keyMaterial" : BinData(0,"ecsjyG4R8uZjI5Bu21j54F8PzSyyuW3yG5qIoaMUa1DTyiFmN2k9+RpzAA6CmTV4E7/5FBj2Po0vOmu6VjKROto0r6tEenMyxlN4soB2hQbZdVgT2ejl6WEVQIVCuVmc32IqTH+DhhuEEEu1SPNys7w6I3YBegHVFhNtpXjeHWNpDYnqg1iOdoeD5d8V1PaTbBWPi6tqKuNS2LeySgXfsQ=="), "creationDate" : ISODate("20830-06-26T18:44:26Z"), "updateDate" : ISODate("20830-06-26T18:44:26Z"), "status" : 0, "masterKey" : \{ "provider" : "local" }} { "_id" : UUID("dad3a063-4f9b-48f8-bf4e-7ca9d323fd1c"), "keyMaterial" : BinData(0,"2ONi+GlkEKdVUjxoEFFkGI8aocBJlXo0enuKEuRQUZGbjbh11dschs50ongK5j7Si819v6lsx/kCkf6hybhPKoZkYbDtToKuhjIpS7KrfG//50gwEe/wtO7OK6CkIXxn1Mi9Z5HLOMzMfGb9chkhV3qohYaMxhKr3ZFiROU0gs+WMky2hKQdVQNg8I2wRHBWMydLDqPawWbJo7rs6GNCzQ=="), "creationDate" : ISODate("23600-04-13T02:22:54Z"), "updateDate" : ISODate("23600-04-13T02:22:54Z"), "status" : 0, "masterKey" : \{ "provider" : "local" }} { "_id" : UUID("37541a82-b051-4338-97df-86a0780a6a22"), "keyMaterial" : BinData(0,"6sdjYoBmLaqsVs8vyMn+M1CLlNPKHwoEJvxf9vgcbuUl4RUywGzebR4GpnIb5K76v2tQnIkZDwkEFtYqRWpUEDq3AhvCBSA4RZNJV1d8ICLkeZRpGFCUTldrL5BBKFFMZmA5RMGgTh22VxSsy/9NTzAiRihdn4cIvYSttTXzgtRjIuSTOj5y+fDWhYvZt6Ey7PkotwFE75WG40GA/Ics/g=="), "creationDate" : ISODate("25770-08-11T07:31:17Z"), "updateDate" : ISODate("25770-08-11T07:31:17Z"), "status" : 0, "masterKey" : \{ "provider" : "local" }}
These data encryption keys can be generated either with the sample code from the driver repo: Or by following instructions in this use-case guide: https://docs.mongodb.com/ecosystem/use-cases/sensitive-data-encryption |
| Comments |
| Comment by Jeffrey Yemin [ 07/Oct/19 ] | ||||||||||||||||||||||
|
Fixed with mongodb-crypt 1.0.0-beta5 | ||||||||||||||||||||||
| Comment by Jeffrey Yemin [ 30/Sep/19 ] | ||||||||||||||||||||||
|
Please try with mongodb-crypt 1.0.0-beta5 jar. That should fix it. | ||||||||||||||||||||||
| Comment by Jeffrey Yemin [ 26/Sep/19 ] | ||||||||||||||||||||||
|
It's probably | ||||||||||||||||||||||
| Comment by Kevin Albertson [ 26/Sep/19 ] | ||||||||||||||||||||||
|
I suspect this is a libmongocrypt bug, but I have not yet been able to reproduce locally. With a unit test in libmongocrypt that creates a data key, I inserted it with pymongo to produce:
And using the 3.11.0 Java driver locally produced:
We've had an issue with creationDate/updateDate previously, but that was fixed in Perhaps this is an underlying libbson bug in bson_gettimeofday. However, I am using macOS and I assume jeff.yemin is too. | ||||||||||||||||||||||
| Comment by Jeffrey Yemin [ 25/Sep/19 ] | ||||||||||||||||||||||
|
kevin.albertson the key vault document is generated by libmongocrypt. Any idea how we could be getting these weird dates? When I try locally I'm seeing dates in the far past:
|