BAEL-6046 - MongoDB - Field Level Encryption (#13494)

2023-02-18 10:27:12 -03:00 · 2023-02-18 10:27:12 -03:00 · 749a077478
commit 749a077478
parent ba8a44b0ca
7 changed files with 31 additions and 36 deletions
--- a/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/config/MongoClientConfig.java
+++ b/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/config/MongoClientConfig.java
@ -14,9 +14,7 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.mongodb.config.AbstractMongoClientConfiguration;
-import org.springframework.data.mongodb.core.convert.MongoCustomConversions;

-import com.baeldung.boot.csfle.config.converter.BinaryConverter;
 import com.mongodb.AutoEncryptionSettings;
 import com.mongodb.ClientEncryptionSettings;
 import com.mongodb.ConnectionString;
@ -50,11 +48,6 @@ public class MongoClientConfig extends AbstractMongoClientConfiguration {
        return db;
    }

-    @Override
-    public MongoCustomConversions customConversions() {
-        return new MongoCustomConversions(Arrays.asList(new BinaryConverter()));
-    }
-
    @Bean
    @Override
    public MongoClient mongoClient() {
--- a/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/config/converter/BinaryConverter.java
+++ b/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/config/converter/BinaryConverter.java
@ -1,13 +0,0 @@
-package com.baeldung.boot.csfle.config.converter;
-
-import org.bson.BsonBinary;
-import org.bson.types.Binary;
-import org.springframework.core.convert.converter.Converter;
-
-public class BinaryConverter implements Converter<Binary, BsonBinary> {
-
-    @Override
-    public BsonBinary convert(Binary source) {
-        return new BsonBinary(source.getType(), source.getData());
-    }
-}
--- a/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/data/Citizen.java
+++ b/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/data/Citizen.java
@ -13,7 +13,9 @@ public class Citizen {
    }

    public Citizen(EncryptedCitizen encryptedCitizen) {
-        this.name = encryptedCitizen.getName();
+        if (encryptedCitizen != null) {
+            this.name = encryptedCitizen.getName();
+        }
    }

    public String getName() {
--- a/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/data/EncryptedCitizen.java
+++ b/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/data/EncryptedCitizen.java
@ -1,14 +1,14 @@
 package com.baeldung.boot.csfle.data;

-import org.bson.BsonBinary;
+import org.bson.types.Binary;
 import org.springframework.data.mongodb.core.mapping.Document;

@Document("citizens")
 public class EncryptedCitizen {

    private String name;
-    private BsonBinary email;
-    private BsonBinary birthYear;
+    private Binary email;
+    private Binary birthYear;

    public EncryptedCitizen() {
    }
@ -25,19 +25,19 @@ public class EncryptedCitizen {
        this.name = name;
    }

-    public BsonBinary getEmail() {
+    public Binary getEmail() {
        return email;
    }

-    public void setEmail(BsonBinary email) {
+    public void setEmail(Binary email) {
        this.email = email;
    }

-    public BsonBinary getBirthYear() {
+    public Binary getBirthYear() {
        return birthYear;
    }

-    public void setBirthYear(BsonBinary birthYear) {
+    public void setBirthYear(Binary birthYear) {
        this.birthYear = birthYear;
    }

--- a/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/service/CitizenService.java
+++ b/persistence-modules/spring-boot-persistence-mongodb-3/src/main/java/com/baeldung/boot/csfle/service/CitizenService.java
@ -7,6 +7,7 @@ import org.bson.BsonBinary;
 import org.bson.BsonInt32;
 import org.bson.BsonString;
 import org.bson.BsonValue;
+import org.bson.types.Binary;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.mongodb.core.MongoTemplate;
 import org.springframework.data.mongodb.core.query.Criteria;
@ -65,7 +66,7 @@ public class CitizenService {
        }
    }

-    public BsonBinary encrypt(Object value, String algorithm) {
+    public Binary encrypt(Object value, String algorithm) {
        if (value == null)
            return null;

@ -80,17 +81,22 @@ public class CitizenService {

        EncryptOptions options = new EncryptOptions(algorithm);
        options.keyId(encryptionConfig.getDataKeyId());
-        return clientEncryption.encrypt(bsonValue, options);
+
+        BsonBinary encryptedValue = clientEncryption.encrypt(bsonValue, options);
+        return new Binary(encryptedValue.getType(), encryptedValue.getData());
    }

-    public BsonValue decryptProperty(BsonBinary value) {
+    public BsonValue decryptProperty(Binary value) {
        if (value == null)
            return null;

-        return clientEncryption.decrypt(value);
+        return clientEncryption.decrypt(new BsonBinary(value.getType(), value.getData()));
    }

    private Citizen decrypt(EncryptedCitizen encrypted) {
+        if (encrypted == null)
+            return null;
+
        Citizen citizen = new Citizen(encrypted);

        BsonValue decryptedBirthYear = decryptProperty(encrypted.getBirthYear());
--- a/persistence-modules/spring-boot-persistence-mongodb-3/src/test/java/com/baeldung/boot/csfle/CitizenServiceLiveTest.java
+++ b/persistence-modules/spring-boot-persistence-mongodb-3/src/test/java/com/baeldung/boot/csfle/CitizenServiceLiveTest.java
@ -1,8 +1,10 @@
 package com.baeldung.boot.csfle;

-import static org.junit.jupiter.api.Assertions.*;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;

-import org.bson.BsonBinary;
+import org.bson.types.Binary;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
@ -36,7 +38,7 @@ public class CitizenServiceLiveTest {
        citizen.setName("Foo");
        citizen.setEmail("foo@citizen.com");

-        BsonBinary encryptedEmail = service.encrypt(citizen.getEmail(), CitizenService.DETERMINISTIC_ALGORITHM);
+        Binary encryptedEmail = service.encrypt(citizen.getEmail(), CitizenService.DETERMINISTIC_ALGORITHM);

        EncryptedCitizen saved = service.save(citizen);
        assertEquals(encryptedEmail, saved.getEmail());
--- a/persistence-modules/spring-data-jpa-repo-2/src/main/resources/application.properties
+++ b/persistence-modules/spring-data-jpa-repo-2/src/main/resources/application.properties
@ -3,4 +3,9 @@ spring.datasource.username=sa
 spring.datasource.password=sa

 spring.jpa.properties.hibernate.globally_quoted_identifiers=true
-logging.level.com.baeldung.spring.data.persistence.search=debug
+logging.level.com.baeldung.spring.data.persistence.search=debug
+
+spring.jpa.show-sql=true
+logging.level.org.hibernate.SQL=DEBUG
+logging.level.org.hibernate.type.descriptor.sql.BasicBinder=TRACE
+spring.jpa.properties.hibernate.format_sql=true