BAEL-6046 MongoDB - Field Level Encryption (#14229)

* bael-6046 - first draft * review 1 * review 2 * null checks and lambda * review 3 * removing converter * debug * auto encryption config * createKeyUniqueIndex() and updated dependencies. * Review 5.
2023-06-13 08:41:20 -03:00 · 2023-06-13 08:41:20 -03:00 · 17f65411bd
parent e91d7301bd
commit 17f65411bd
3 changed files with 22 additions and 19 deletions
--- a/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/data/Citizen.java
+++ b/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/data/Citizen.java
@ -12,10 +12,8 @@ public class Citizen {
    public Citizen() {
    }

-    public Citizen(EncryptedCitizen encryptedCitizen) {
-        if (encryptedCitizen != null) {
-            this.name = encryptedCitizen.getName();
-        }
+    public Citizen(String name) {
+        this.name = name;
    }

    public String getName() {
--- a/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/data/EncryptedCitizen.java
+++ b/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/data/EncryptedCitizen.java
@ -13,8 +13,8 @@ public class EncryptedCitizen {
    public EncryptedCitizen() {
    }

-    public EncryptedCitizen(Citizen citizen) {
-        this.name = citizen.getName();
+    public EncryptedCitizen(String name) {
+        this.name = name;
    }

    public String getName() {
--- a/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/service/CitizenService.java
+++ b/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/service/CitizenService.java
@ -39,7 +39,7 @@ public class CitizenService {
        if (encryptionConfig.isAutoEncryption()) {
            return mongo.save(citizen);
        } else {
-            EncryptedCitizen encryptedCitizen = new EncryptedCitizen(citizen);
+            EncryptedCitizen encryptedCitizen = new EncryptedCitizen(citizen.getName());
            encryptedCitizen.setEmail(encrypt(citizen.getEmail(), DETERMINISTIC_ALGORITHM));
            encryptedCitizen.setBirthYear(encrypt(citizen.getBirthYear(), RANDOM_ALGORITHM));

@ -77,19 +77,10 @@ public class CitizenService {
        }
    }

-    public Binary encrypt(Object value, String algorithm) {
-        if (value == null)
+    public Binary encrypt(BsonValue bsonValue, String algorithm) {
+        if (bsonValue == null)
            return null;

-        BsonValue bsonValue;
-        if (value instanceof Integer) {
-            bsonValue = new BsonInt32((Integer) value);
-        } else if (value instanceof String) {
-            bsonValue = new BsonString((String) value);
-        } else {
-            throw new IllegalArgumentException("unsupported type: " + value.getClass());
-        }
-
        EncryptOptions options = new EncryptOptions(algorithm);
        options.keyId(encryptionConfig.getDataKeyId());

@ -97,6 +88,20 @@ public class CitizenService {
        return new Binary(encryptedValue.getType(), encryptedValue.getData());
    }

+    public Binary encrypt(String value, String algorithm) {
+        if (value == null)
+            return null;
+
+        return encrypt(new BsonString(value), algorithm);
+    }
+
+    public Binary encrypt(Integer value, String algorithm) {
+        if (value == null)
+            return null;
+
+        return encrypt(new BsonInt32(value), algorithm);
+    }
+
    public BsonValue decryptProperty(Binary value) {
        if (value == null)
            return null;
@ -108,7 +113,7 @@ public class CitizenService {
        if (encrypted == null)
            return null;

-        Citizen citizen = new Citizen(encrypted);
+        Citizen citizen = new Citizen(encrypted.getName());

        BsonValue decryptedBirthYear = decryptProperty(encrypted.getBirthYear());
        if (decryptedBirthYear != null) {