// private methods
private AutoEncryptionOptions ConfigureAutoEncryptionOptions(BsonDocument autoEncryptOpts)
{
var extraOptions = new Dictionary <string, object>();
EncryptionTestHelper.ConfigureDefaultExtraOptions(extraOptions);
var kmsProviders = new ReadOnlyDictionary <string, IReadOnlyDictionary <string, object> >(new Dictionary <string, IReadOnlyDictionary <string, object> >());
var autoEncryptionOptions = new AutoEncryptionOptions(
keyVaultNamespace: __keyVaultCollectionNamespace,
kmsProviders: kmsProviders,
extraOptions: extraOptions);
foreach (var option in autoEncryptOpts.Elements)
{
switch (option.Name)
{
case "kmsProviders":
kmsProviders = ParseKmsProviders(option.Value.AsBsonDocument);
autoEncryptionOptions = autoEncryptionOptions.With(kmsProviders: kmsProviders);
var tlsSettings = EncryptionTestHelper.CreateTlsOptionsIfAllowed(kmsProviders, allowClientCertificateFunc: (kms) => kms == "kmip");
if (tlsSettings != null)
{
autoEncryptionOptions = autoEncryptionOptions.With(tlsOptions: tlsSettings);
}
break;
case "schemaMap":
var schemaMaps = new Dictionary <string, BsonDocument>();
var schemaMapsDocument = option.Value.AsBsonDocument;
foreach (var schemaMapElement in schemaMapsDocument.Elements)
{
schemaMaps.Add(schemaMapElement.Name, schemaMapElement.Value.AsBsonDocument);
}
autoEncryptionOptions = autoEncryptionOptions.With(schemaMap: schemaMaps);
break;
case "bypassAutoEncryption":
autoEncryptionOptions = autoEncryptionOptions.With(bypassAutoEncryption: option.Value.ToBoolean());
break;
case "keyVaultNamespace":
autoEncryptionOptions = autoEncryptionOptions.With(keyVaultNamespace: CollectionNamespace.FromFullName(option.Value.AsString));
break;
default:
throw new Exception($"Unexpected auto encryption option {option.Name}.");
}
}
return(autoEncryptionOptions);
}
// private methods
private AutoEncryptionOptions ConfigureAutoEncryptionOptions(BsonDocument autoEncryptOpts)
{
var keyVaultCollectionNamespace = new CollectionNamespace("admin", "datakeys");
var extraOptions = new Dictionary <string, object>()
{
{ "mongocryptdSpawnPath", Environment.GetEnvironmentVariable("MONGODB_BINARIES") ?? string.Empty }
};
var kmsProviders = new ReadOnlyDictionary <string, IReadOnlyDictionary <string, object> >(new Dictionary <string, IReadOnlyDictionary <string, object> >());
var autoEncryptionOptions = new AutoEncryptionOptions(
keyVaultNamespace: keyVaultCollectionNamespace,
kmsProviders: kmsProviders,
extraOptions: extraOptions);
foreach (var option in autoEncryptOpts.Elements)
{
switch (option.Name)
{
case "kmsProviders":
kmsProviders = ParseKmsProviders(option.Value.AsBsonDocument);
autoEncryptionOptions = autoEncryptionOptions
.With(kmsProviders: kmsProviders);
break;
case "schemaMap":
var schemaMaps = new Dictionary <string, BsonDocument>();
var schemaMapsDocument = option.Value.AsBsonDocument;
foreach (var schemaMapElement in schemaMapsDocument.Elements)
{
schemaMaps.Add(schemaMapElement.Name, schemaMapElement.Value.AsBsonDocument);
}
autoEncryptionOptions = autoEncryptionOptions.With(schemaMap: schemaMaps);
break;
case "bypassAutoEncryption":
autoEncryptionOptions = autoEncryptionOptions.With(bypassAutoEncryption: option.Value.ToBoolean());
break;
case "keyVaultNamespace":
autoEncryptionOptions = autoEncryptionOptions.With(keyVaultNamespace: CollectionNamespace.FromFullName(option.Value.AsString));
break;
default:
throw new Exception($"Unexpected auto encryption option {option.Name}.");
}
}
return(autoEncryptionOptions);
}
private DisposableMongoClient CreateMongoClient(
CollectionNamespace keyVaultNamespace = null,
BsonDocument schemaMapDocument = null,
IReadOnlyDictionary <string, IReadOnlyDictionary <string, object> > kmsProviders = null,
bool withExternalKeyVault = false,
Action <ClusterBuilder> clusterConfigurator = null,
Dictionary <string, object> extraOptions = null,
bool bypassAutoEncryption = false)
{
var mongoClientSettings = DriverTestConfiguration.GetClientSettings().Clone();
#pragma warning disable 618
if (BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2)
{
mongoClientSettings.GuidRepresentation = GuidRepresentation.Unspecified;
}
#pragma warning restore 618
mongoClientSettings.ClusterConfigurator = clusterConfigurator;
if (keyVaultNamespace != null || schemaMapDocument != null || kmsProviders != null || withExternalKeyVault)
{
if (extraOptions == null)
{
extraOptions = new Dictionary <string, object>()
{
{ "mongocryptdSpawnPath", Environment.GetEnvironmentVariable("MONGODB_BINARIES") ?? string.Empty }
};
}
var schemaMap = GetSchemaMapIfNotNull(schemaMapDocument);
if (kmsProviders == null)
{
kmsProviders = new ReadOnlyDictionary <string, IReadOnlyDictionary <string, object> >(new Dictionary <string, IReadOnlyDictionary <string, object> >());
}
var autoEncryptionOptions = new AutoEncryptionOptions(
keyVaultNamespace: keyVaultNamespace,
kmsProviders: kmsProviders,
schemaMap: schemaMap,
extraOptions: extraOptions,
bypassAutoEncryption: bypassAutoEncryption);
if (withExternalKeyVault)
{
var externalKeyVaultClientSettings = DriverTestConfiguration.GetClientSettings().Clone();
externalKeyVaultClientSettings.Credential = MongoCredential.FromComponents(null, null, "fake-user", "fake-pwd");
var externalKeyVaultClient = new MongoClient(externalKeyVaultClientSettings);
autoEncryptionOptions = autoEncryptionOptions.With(keyVaultClient: externalKeyVaultClient);
}
mongoClientSettings.AutoEncryptionOptions = autoEncryptionOptions;
}
return(new DisposableMongoClient(new MongoClient(mongoClientSettings)));
}
public void Equals_should_work_correctly()
{
var options1 = CreateAutoEncryptionOptions();
var options2 = CreateAutoEncryptionOptions();
options1.Equals(options2).Should().BeTrue();
options1 = CreateAutoEncryptionOptions(tlsOptions: new SslSettings());
options2 = CreateAutoEncryptionOptions(tlsOptions: new SslSettings());
options1.Equals(options2).Should().BeTrue();
options1 = CreateAutoEncryptionOptions(tlsOptions: new SslSettings());
options2 = CreateAutoEncryptionOptions(tlsOptions: new SslSettings(), collectionNamespace: CollectionNamespace.FromFullName("d.c"));
options1.Equals(options2).Should().BeFalse();
options1 = CreateAutoEncryptionOptions(tlsOptions: new SslSettings(), tlsKey: "test1");
options2 = CreateAutoEncryptionOptions(tlsOptions: new SslSettings());
options1.Equals(options2).Should().BeFalse();
options1 = CreateAutoEncryptionOptions(tlsOptions: new SslSettings()
{
EnabledSslProtocols = System.Security.Authentication.SslProtocols.None
});
options2 = CreateAutoEncryptionOptions(tlsOptions: new SslSettings());
options1.Equals(options2).Should().BeFalse();
AutoEncryptionOptions CreateAutoEncryptionOptions(SslSettings tlsOptions = null, string tlsKey = "test", CollectionNamespace collectionNamespace = null)
{
var autoEncryptionOptions = new AutoEncryptionOptions(
keyVaultNamespace: collectionNamespace ?? __keyVaultNamespace,
kmsProviders: GetKmsProviders());
if (tlsOptions != null)
{
autoEncryptionOptions = autoEncryptionOptions.With(tlsOptions: new Dictionary <string, SslSettings> {
{ tlsKey, tlsOptions }
});
}
return(autoEncryptionOptions);
}
}
private AutoEncryptionOptions CreateSubject(
SslSettings tlsOptions = null,
string tlsKey = "test",
CollectionNamespace collectionNamespace = null,
Dictionary <string, BsonDocument> schemaMap = null,
Dictionary <string, BsonDocument> encryptedFieldsMap = null,
Dictionary <string, object> extraOptions = null)
{
var autoEncryptionOptions = new AutoEncryptionOptions(
keyVaultNamespace: collectionNamespace ?? __keyVaultNamespace,
kmsProviders: GetKmsProviders(),
schemaMap: schemaMap,
encryptedFieldsMap: encryptedFieldsMap,
extraOptions: extraOptions);
if (tlsOptions != null)
{
autoEncryptionOptions = autoEncryptionOptions.With(tlsOptions: new Dictionary <string, SslSettings> {
{ tlsKey, tlsOptions }
});
}
return(autoEncryptionOptions);
}