public string CreateKeyWithLocalKmsProvider()
{
// Read Master Key from file & Convert
string localMasterKeyBase64 = File.ReadAllText(__localMasterKeyPath);
var localMasterKeyBytes = Convert.FromBase64String(localMasterKeyBase64);
// Set KMS Provider Settings
// Client uses these settings to discover the master key
var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >();
var localOptions = new Dictionary <string, object>
{
{ "key", localMasterKeyBytes }
};
kmsProviders.Add("local", localOptions);
// Create Data Encryption Key
var clientEncryption = GetClientEncryption(kmsProviders);
var dataKeyId = clientEncryption.CreateDataKey("local", new DataKeyOptions(), CancellationToken.None);
clientEncryption.Dispose();
Console.WriteLine($"Local DataKeyId [UUID]: {dataKeyId}");
var dataKeyIdBase64 = Convert.ToBase64String(GuidConverter.ToBytes(dataKeyId, GuidRepresentation.Standard));
Console.WriteLine($"Local DataKeyId [base64]: {dataKeyIdBase64}");
ValidateKey(dataKeyId);
return(dataKeyIdBase64);
}
/// <summary>
/// Serializes an object to a BsonWriter.
/// </summary>
/// <param name="bsonWriter">The BsonWriter.</param>
/// <param name="nominalType">The nominal type.</param>
/// <param name="value">The object.</param>
/// <param name="options">The serialization options.</param>
public override void Serialize(
BsonWriter bsonWriter,
Type nominalType,
object value,
IBsonSerializationOptions options)
{
var guid = (Guid)value;
var representationSerializationOptions = EnsureSerializationOptions <RepresentationSerializationOptions>(options);
switch (representationSerializationOptions.Representation)
{
case BsonType.Binary:
var writerGuidRepresentation = bsonWriter.Settings.GuidRepresentation;
if (writerGuidRepresentation == GuidRepresentation.Unspecified)
{
throw new BsonSerializationException("GuidSerializer cannot serialize a Guid when GuidRepresentation is Unspecified.");
}
var bytes = GuidConverter.ToBytes(guid, writerGuidRepresentation);
var subType = (writerGuidRepresentation == GuidRepresentation.Standard) ? BsonBinarySubType.UuidStandard : BsonBinarySubType.UuidLegacy;
bsonWriter.WriteBinaryData(new BsonBinaryData(bytes, subType, writerGuidRepresentation));
break;
case BsonType.String:
bsonWriter.WriteString(guid.ToString());
break;
default:
var message = string.Format("'{0}' is not a valid Guid representation.", representationSerializationOptions.Representation);
throw new BsonSerializationException(message);
}
}
/// <summary>
/// Serializes a value.
/// </summary>
/// <param name="context">The serialization context.</param>
/// <param name="args">The serialization args.</param>
/// <param name="value">The object.</param>
protected override void SerializeValue(BsonSerializationContext context, BsonSerializationArgs args, BsonBinaryData value)
{
var bsonWriter = context.Writer;
var subType = value.SubType;
if (subType == BsonBinarySubType.UuidStandard || subType == BsonBinarySubType.UuidLegacy)
{
var writerGuidRepresentation = bsonWriter.Settings.GuidRepresentation;
if (writerGuidRepresentation != GuidRepresentation.Unspecified)
{
var bytes = value.Bytes;
var guidRepresentation = value.GuidRepresentation;
if (guidRepresentation == GuidRepresentation.Unspecified)
{
var message = string.Format(
"Cannot serialize BsonBinaryData with GuidRepresentation Unspecified to destination with GuidRepresentation {0}.",
writerGuidRepresentation);
throw new BsonSerializationException(message);
}
if (guidRepresentation != writerGuidRepresentation)
{
var guid = GuidConverter.FromBytes(bytes, guidRepresentation);
bytes = GuidConverter.ToBytes(guid, writerGuidRepresentation);
subType = (writerGuidRepresentation == GuidRepresentation.Standard) ? BsonBinarySubType.UuidStandard : BsonBinarySubType.UuidLegacy;
guidRepresentation = writerGuidRepresentation;
value = new BsonBinaryData(bytes, subType, guidRepresentation);
}
}
}
bsonWriter.WriteBinaryData(value);
}
/// <summary>
/// Serializes a value.
/// </summary>
/// <param name="context">The serialization context.</param>
/// <param name="args">The serialization args.</param>
/// <param name="value">The object.</param>
public override void Serialize(BsonSerializationContext context, BsonSerializationArgs args, Guid value)
{
var bsonWriter = context.Writer;
switch (_representation)
{
case BsonType.Binary:
var writerGuidRepresentation = bsonWriter.Settings.GuidRepresentation;
if (writerGuidRepresentation == GuidRepresentation.Unspecified)
{
throw new BsonSerializationException("GuidSerializer cannot serialize a Guid when GuidRepresentation is Unspecified.");
}
var bytes = GuidConverter.ToBytes(value, writerGuidRepresentation);
var subType = (writerGuidRepresentation == GuidRepresentation.Standard) ? BsonBinarySubType.UuidStandard : BsonBinarySubType.UuidLegacy;
bsonWriter.WriteBinaryData(new BsonBinaryData(bytes, subType, writerGuidRepresentation));
break;
case BsonType.String:
bsonWriter.WriteString(value.ToString());
break;
default:
var message = string.Format("'{0}' is not a valid Guid representation.", _representation);
throw new BsonSerializationException(message);
}
}
public void Explicit_decoding_with_standard_representation_should_work_as_expected()
{
GuidMode.Set(GuidRepresentationMode.V3);
var guid = new Guid("00112233445566778899aabbccddeeff");
var bytes = GuidConverter.ToBytes(guid, GuidRepresentation.Standard);
var binaryData = new BsonBinaryData(bytes, BsonBinarySubType.UuidStandard);
var exception = Record.Exception(() => binaryData.ToGuid(GuidRepresentation.Unspecified));
exception.Should().BeOfType <ArgumentException>();
foreach (var guidRepresentation in new[] { GuidRepresentation.CSharpLegacy, GuidRepresentation.JavaLegacy, GuidRepresentation.PythonLegacy })
{
exception = Record.Exception(() => binaryData.ToGuid(guidRepresentation));
exception.Should().BeOfType <InvalidOperationException>();
}
var result = binaryData.ToGuid();
result.Should().Be(guid);
result = binaryData.ToGuid(GuidRepresentation.Standard);
result.Should().Be(guid);
}
public virtual TEntity GetById(Guid id)
{
var bytes = GuidConverter.ToBytes(id, GuidRepresentation.CSharpLegacy);
var csuuid = new Guid(bytes);
return(Collection.Find(x => x.Id == csuuid).FirstOrDefault());
//return GetAllRows().FirstOrDefault(x => x.Id.Equals(id));
}
public static Guid ToCSUUid(this Guid guid)
{
BsonDefaults.GuidRepresentation = GuidRepresentation.PythonLegacy;
var luuid = new Guid(guid.ToString());
var bytes = GuidConverter.ToBytes(luuid, GuidRepresentation.PythonLegacy);
var csuuid = new Guid(bytes);
return(csuuid);
}
/// <inheritdoc/>
public override void WriteValue(Guid value)
{
base.WriteValue(value);
var guidRepresentation = _wrappedWriter.Settings.GuidRepresentation;
var bytes = GuidConverter.ToBytes(value, guidRepresentation);
var subType = guidRepresentation == GuidRepresentation.Standard ? BsonBinarySubType.UuidStandard : BsonBinarySubType.UuidLegacy;
var binaryData = new BsonBinaryData(bytes, subType, guidRepresentation);
_wrappedWriter.WriteBinaryData(binaryData);
}
public void ToString_should_return_expected_result()
{
var guid = new Guid("00112233445566778899aabbccddeeff");
var guidBytes = GuidConverter.ToBytes(guid, GuidRepresentation.Standard);
var binary = new BsonBinaryData(guidBytes, BsonBinarySubType.UuidStandard);
var extraOptions = new Dictionary <string, object>()
{
{ "mongocryptdURI", "testURI" },
};
var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >()
{
{ "provider1", new Dictionary <string, object>()
{
{ "string", "test" }
} },
{ "provider2", new Dictionary <string, object>()
{
{ "binary", binary.Bytes }
} }
};
var schemaMap = new Dictionary <string, BsonDocument>()
{
{ "coll1", new BsonDocument("string", "test") },
{ "coll2", new BsonDocument("binary", binary) },
};
var tlsOptions = new Dictionary <string, SslSettings>
{
{ "local", new SslSettings {
ClientCertificates = new [] { Mock.Of <X509Certificate2>() }
} }
};
var encryptedFieldsMap = new Dictionary <string, BsonDocument>
{
{
"db.test",
BsonDocument.Parse("{ dummy : 'doc' }")
}
};
var subject = new AutoEncryptionOptions(
keyVaultNamespace: __keyVaultNamespace,
kmsProviders: kmsProviders,
bypassAutoEncryption: true,
extraOptions: extraOptions,
schemaMap: schemaMap,
tlsOptions: tlsOptions,
encryptedFieldsMap: encryptedFieldsMap);
var result = subject.ToString();
result.Should().Be("{ BypassAutoEncryption : True, KmsProviders : { \"provider1\" : { \"string\" : \"test\" }, \"provider2\" : { \"binary\" : { \"_t\" : \"System.Byte[]\", \"_v\" : new BinData(0, \"ABEiM0RVZneImaq7zN3u/w==\") } } }, KeyVaultNamespace : \"db.coll\", ExtraOptions : { \"mongocryptdURI\" : \"testURI\" }, SchemaMap : { \"coll1\" : { \"string\" : \"test\" }, \"coll2\" : { \"binary\" : UUID(\"00112233-4455-6677-8899-aabbccddeeff\") } }, TlsOptions: [{ \"local\" : \"<hidden>\" }], EncryptedFieldsMap : { \"db.test\" : { \"dummy\" : \"doc\" } } }");
}
public void TestBinaryStrict(
[ClassValues(typeof(GuidModeValues))] GuidMode mode)
{
mode.Set();
#pragma warning disable 618
var guid = Guid.Parse("00112233-4455-6677-8899-aabbccddeeff");
var tests = new List <TestData <BsonBinaryData> >
{
new TestData <BsonBinaryData>(new byte[] { }, "{ \"$binary\" : \"\", \"$type\" : \"00\" }"),
new TestData <BsonBinaryData>(new byte[] { 1 }, "{ \"$binary\" : \"AQ==\", \"$type\" : \"00\" }"),
new TestData <BsonBinaryData>(new byte[] { 1, 2 }, "{ \"$binary\" : \"AQI=\", \"$type\" : \"00\" }"),
new TestData <BsonBinaryData>(new byte[] { 1, 2, 3 }, "{ \"$binary\" : \"AQID\", \"$type\" : \"00\" }")
};
if (BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2 && BsonDefaults.GuidRepresentation != GuidRepresentation.Unspecified)
{
byte[] expectedBytes;
string expectedSubType;
switch (BsonDefaults.GuidRepresentation)
{
case GuidRepresentation.CSharpLegacy:
case GuidRepresentation.JavaLegacy:
case GuidRepresentation.PythonLegacy:
expectedBytes = GuidConverter.ToBytes(guid, BsonDefaults.GuidRepresentation);
expectedSubType = "03";
break;
case GuidRepresentation.Standard:
expectedBytes = GuidConverter.ToBytes(guid, GuidRepresentation.Standard);
expectedSubType = "04";
break;
default: throw new Exception("Invalid GuidRepresentation.");
}
var expectedBase64 = Convert.ToBase64String(expectedBytes);
var expectedGuidJson = $"{{ \"$binary\" : \"{expectedBase64}\", \"$type\" : \"{expectedSubType}\" }}";
tests.Add(new TestData <BsonBinaryData>(guid, expectedGuidJson));
}
var jsonSettings = new JsonWriterSettings {
OutputMode = JsonOutputMode.Strict
};
foreach (var test in tests)
{
var json = test.Value.ToJson(jsonSettings);
Assert.Equal(test.Expected, json);
Assert.Equal(test.Value, BsonSerializer.Deserialize <BsonBinaryData>(new JsonReader(json, new JsonReaderSettings())));
}
#pragma warning restore 618
}
/// <summary>
/// Serializes a value.
/// </summary>
/// <param name="context">The serialization context.</param>
/// <param name="args">The serialization args.</param>
/// <param name="value">The object.</param>
public override void Serialize(BsonSerializationContext context, BsonSerializationArgs args, Guid value)
{
var bsonWriter = context.Writer;
switch (_representation)
{
#pragma warning disable 618
case BsonType.Binary:
var guidRepresentation = _guidRepresentation;
if (BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2 && guidRepresentation == GuidRepresentation.Unspecified)
{
guidRepresentation = bsonWriter.Settings.GuidRepresentation;
}
if (guidRepresentation == GuidRepresentation.Unspecified)
{
throw new BsonSerializationException("GuidSerializer cannot serialize a Guid when GuidRepresentation is Unspecified.");
}
var bytes = GuidConverter.ToBytes(value, guidRepresentation);
var subType = GuidConverter.GetSubType(guidRepresentation);
if (BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2)
{
var binaryData = new BsonBinaryData(bytes, subType, guidRepresentation);
bsonWriter.PushSettings(s => s.GuidRepresentation = GuidRepresentation.Unspecified);
try
{
bsonWriter.WriteBinaryData(binaryData);
}
finally
{
bsonWriter.PopSettings();
}
}
else
{
var binaryData = new BsonBinaryData(bytes, subType);
bsonWriter.WriteBinaryData(binaryData);
}
break;
#pragma warning restore 618
case BsonType.String:
bsonWriter.WriteString(value.ToString());
break;
default:
var message = string.Format("'{0}' is not a valid Guid representation.", _representation);
throw new BsonSerializationException(message);
}
}
public void TestUuidStandardWhenGuidRepresentationIsUnspecified()
{
var guid = new Guid("00112233445566778899aabbccddeeff");
var guidBytes = GuidConverter.ToBytes(guid, GuidRepresentation.Standard);
var binary = new BsonBinaryData(guidBytes, BsonBinarySubType.UuidStandard); // GuidRepresentation is Unspecified
var result = binary.ToJson(writerSettings: new JsonWriterSettings()
{
#pragma warning disable CS0618 // Type or member is obsolete
GuidRepresentation = GuidRepresentation.Unspecified
#pragma warning restore CS0618 // Type or member is obsolete
});
result.Should().Be("UUID(\"00112233-4455-6677-8899-aabbccddeeff\")");
}
public string CreateKeyWithGcpKmsProvider()
{
var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >();
var gcpPrivateKey = Environment.GetEnvironmentVariable("FLE_GCP_PRIVATE_KEY");
var gcpEmail = Environment.GetEnvironmentVariable("FLE_GCP_EMAIL");
var gcpEndpoint = Environment.GetEnvironmentVariable("FLE_GCP_IDENTITY_ENDPOINT"); // Optional, defaults to "oauth2.googleapis.com".
var gcpKmsOptions = new Dictionary <string, object>
{
{ "privateKey", gcpPrivateKey },
{ "email", gcpEmail },
};
if (gcpEndpoint != null)
{
gcpKmsOptions.Add("endpoint", gcpEndpoint);
}
kmsProviders.Add("gcp", gcpKmsOptions);
var clientEncryption = GetClientEncryption(kmsProviders);
var gcpDataKeyProjectId = Environment.GetEnvironmentVariable("FLE_GCP_PROJ_ID");
var gcpDataKeyLocation = Environment.GetEnvironmentVariable("FLE_GCP_KEY_LOC"); // Optional. e.g. "global"
var gcpDataKeyKeyRing = Environment.GetEnvironmentVariable("FLE_GCP_KEY_RING");
var gcpDataKeyKeyName = Environment.GetEnvironmentVariable("FLE_GCP_KEY_NAME");
var gcpDataKeyKeyVersion = Environment.GetEnvironmentVariable("FLE_GCP_KEY_VERSION"); // Optional
var gcpDataKeyEndpoint = Environment.GetEnvironmentVariable("FLE_GCP_KMS_ENDPOINT"); // Optional, KMS URL, defaults to https://www.googleapis.com/auth/cloudkms
var dataKeyOptions = new DataKeyOptions(
masterKey: new BsonDocument
{
{ "projectId", gcpDataKeyProjectId },
{ "location", gcpDataKeyLocation },
{ "keyRing", gcpDataKeyKeyRing },
{ "keyName", gcpDataKeyKeyName },
{ "keyVersion", () => gcpDataKeyKeyVersion, gcpDataKeyKeyVersion != null },
{ "endpoint", () => gcpDataKeyEndpoint, gcpDataKeyEndpoint != null }
});
var dataKeyId = clientEncryption.CreateDataKey("gcp", dataKeyOptions, CancellationToken.None);
Console.WriteLine($"DataKeyId [UUID]: {dataKeyId}");
var dataKeyIdBase64 = Convert.ToBase64String(GuidConverter.ToBytes(dataKeyId, GuidRepresentation.Standard));
Console.WriteLine($"DataKeyId [base64]: {dataKeyIdBase64}");
ValidateKey(dataKeyId);
return(dataKeyIdBase64);
}
public async Task <BsonBinaryData> EncryptFieldAsync(
BsonValue value,
Guid?keyId,
string alternateKeyName,
EncryptionAlgorithm encryptionAlgorithm,
CancellationToken cancellationToken)
{
try
{
ThrowIfUnsupportedPlatform();
var wrappedValueBytes = GetWrappedValueBytes(value);
CryptContext context;
if (keyId.HasValue && alternateKeyName != null)
{
throw new ArgumentException("keyId and alternateKeyName cannot both be provided.");
}
else if (keyId.HasValue)
{
var bytes = GuidConverter.ToBytes(keyId.Value, GuidRepresentation.Standard);
context = _cryptClient.StartExplicitEncryptionContextWithKeyId(bytes, encryptionAlgorithm, wrappedValueBytes);
}
else if (alternateKeyName != null)
{
var wrappedAlternateKeyNameBytes = GetWrappedAlternateKeyNameBytes(alternateKeyName);
context = _cryptClient.StartExplicitEncryptionContextWithKeyAltName(wrappedAlternateKeyNameBytes, encryptionAlgorithm, wrappedValueBytes);
}
else
{
throw new ArgumentException("Either keyId or alternateKeyName must be provided.");
}
using (context)
{
var wrappedBytes = await ProcessStatesAsync(context, databaseName : null, cancellationToken).ConfigureAwait(false);
return(UnwrapEncryptedValue(wrappedBytes));
}
}
catch (Exception ex)
{
throw new MongoEncryptionException(ex);
}
}
public string CreateKeyWithAzureKmsProvider()
{
var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >();
var azureTenantId = Environment.GetEnvironmentVariable("FLE_AZURE_TENANT_ID");
var azureClientId = Environment.GetEnvironmentVariable("FLE_AZURE_CLIENT_ID");
var azureClientSecret = Environment.GetEnvironmentVariable("FLE_AZURE_CLIENT_SECRET");
var azureIdentityPlatformEndpoint = Environment.GetEnvironmentVariable("FLE_AZURE_IDENTIFY_PLATFORM_ENPDOINT"); // Optional, only needed if user is using a non-commercial Azure instance
var azureKmsOptions = new Dictionary <string, object>
{
{ "tenantId", azureTenantId },
{ "clientId", azureClientId },
{ "clientSecret", azureClientSecret },
};
if (azureIdentityPlatformEndpoint != null)
{
azureKmsOptions.Add("identityPlatformEndpoint", azureIdentityPlatformEndpoint);
}
kmsProviders.Add("azure", azureKmsOptions);
var clientEncryption = GetClientEncryption(kmsProviders);
var azureKeyName = Environment.GetEnvironmentVariable("FLE_AZURE_KEY_NAME");
var azureKeyVaultEndpoint = Environment.GetEnvironmentVariable("FLE_AZURE_KEYVAULT_ENDPOINT"); // typically <azureKeyName>.vault.azure.net
var azureKeyVersion = Environment.GetEnvironmentVariable("FLE_AZURE_KEY_VERSION"); // Optional
var dataKeyOptions = new DataKeyOptions(
masterKey: new BsonDocument
{
{ "keyName", azureKeyName },
{ "keyVaultEndpoint", azureKeyVaultEndpoint },
{ "keyVersion", () => azureKeyVersion, azureKeyVersion != null }
});
var dataKeyId = clientEncryption.CreateDataKey("azure", dataKeyOptions, CancellationToken.None);
Console.WriteLine($"Azure DataKeyId [UUID]: {dataKeyId}");
var dataKeyIdBase64 = Convert.ToBase64String(GuidConverter.ToBytes(dataKeyId, GuidRepresentation.Standard));
Console.WriteLine($"Azure DataKeyId [base64]: {dataKeyIdBase64}");
ValidateKey(dataKeyId);
return(dataKeyIdBase64);
}
/// <summary>
/// Serializes an object to a BsonWriter.
/// </summary>
/// <param name="bsonWriter">The BsonWriter.</param>
/// <param name="nominalType">The nominal type.</param>
/// <param name="value">The object.</param>
/// <param name="options">The serialization options.</param>
public override void Serialize(
BsonWriter bsonWriter,
Type nominalType,
object value,
IBsonSerializationOptions options)
{
if (value == null)
{
throw new ArgumentNullException("value");
}
var binaryData = (BsonBinaryData)value;
var subType = binaryData.SubType;
if (subType == BsonBinarySubType.UuidStandard || subType == BsonBinarySubType.UuidLegacy)
{
var writerGuidRepresentation = bsonWriter.Settings.GuidRepresentation;
if (writerGuidRepresentation != GuidRepresentation.Unspecified)
{
var bytes = binaryData.Bytes;
var guidRepresentation = binaryData.GuidRepresentation;
if (guidRepresentation == GuidRepresentation.Unspecified)
{
var message = string.Format(
"Cannot serialize BsonBinaryData with GuidRepresentation Unspecified to destination with GuidRepresentation {0}.",
writerGuidRepresentation);
throw new BsonSerializationException(message);
}
if (guidRepresentation != writerGuidRepresentation)
{
var guid = GuidConverter.FromBytes(bytes, guidRepresentation);
bytes = GuidConverter.ToBytes(guid, writerGuidRepresentation);
subType = (writerGuidRepresentation == GuidRepresentation.Standard) ? BsonBinarySubType.UuidStandard : BsonBinarySubType.UuidLegacy;
guidRepresentation = writerGuidRepresentation;
binaryData = new BsonBinaryData(bytes, subType, guidRepresentation);
}
}
}
bsonWriter.WriteBinaryData(binaryData);
}
public void Serialize_guid_should_have_expected_result_when_guid_representation_is_unspecified_and_mode_is_v2(
[Values(GuidRepresentation.CSharpLegacy, GuidRepresentation.JavaLegacy, GuidRepresentation.PythonLegacy, GuidRepresentation.Standard, GuidRepresentation.Unspecified)]
GuidRepresentation defaultGuidRepresentation,
[Values(GuidRepresentation.CSharpLegacy, GuidRepresentation.JavaLegacy, GuidRepresentation.PythonLegacy, GuidRepresentation.Standard, GuidRepresentation.Unspecified)]
GuidRepresentation writerGuidRepresentation)
{
#pragma warning disable 618
var expectedGuidRepresentation = writerGuidRepresentation != GuidRepresentation.Unspecified ? writerGuidRepresentation : defaultGuidRepresentation;
if (expectedGuidRepresentation == GuidRepresentation.Unspecified)
{
throw new SkipException("Test skipped because expectedGuidRepresentation is Unspecified.");
}
BsonDefaults.GuidRepresentationMode = GuidRepresentationMode.V2;
BsonDefaults.GuidRepresentation = defaultGuidRepresentation;
var discriminatorConvention = BsonSerializer.LookupDiscriminatorConvention(typeof(object));
var subject = new ObjectSerializer(discriminatorConvention, GuidRepresentation.Unspecified);
var writerSettings = new BsonBinaryWriterSettings();
if (writerGuidRepresentation != GuidRepresentation.Unspecified)
{
writerSettings.GuidRepresentation = writerGuidRepresentation;
}
using (var memoryStream = new MemoryStream())
using (var writer = new BsonBinaryWriter(memoryStream, writerSettings))
{
var context = BsonSerializationContext.CreateRoot(writer);
var guid = Guid.Parse("01020304-0506-0708-090a-0b0c0d0e0f10");
writer.WriteStartDocument();
writer.WriteName("x");
subject.Serialize(context, guid);
writer.WriteEndDocument();
var bytes = memoryStream.ToArray();
var expectedBytes = new byte[] { 29, 0, 0, 0, 5, 120, 0, 16, 0, 0, 0, 3, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 0 };
var expectedSubType = GuidConverter.GetSubType(expectedGuidRepresentation);
var expectedGuidBytes = GuidConverter.ToBytes(guid, expectedGuidRepresentation);
expectedBytes[11] = (byte)expectedSubType;
Array.Copy(expectedGuidBytes, 0, expectedBytes, 12, 16);
bytes.Should().Equal(expectedBytes);
}
#pragma warning restore 618
}
public void ToString_should_return_expected_result()
{
var guid = new Guid("00112233445566778899aabbccddeeff");
var guidBytes = GuidConverter.ToBytes(guid, GuidRepresentation.Standard);
var binary = new BsonBinaryData(guidBytes, BsonBinarySubType.UuidStandard);
var extraOptions = new Dictionary <string, object>()
{
{ "mongocryptdURI", "testURI" },
};
var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >()
{
{ "provider1", new Dictionary <string, object>()
{
{ "string", "test" }
} },
{ "provider2", new Dictionary <string, object>()
{
{ "binary", binary.Bytes }
} }
};
var schemaMap = new Dictionary <string, BsonDocument>()
{
{ "coll1", new BsonDocument("string", "test") },
{ "coll2", new BsonDocument("binary", binary) },
};
var subject = new AutoEncryptionOptions(
keyVaultNamespace: CollectionNamespace.FromFullName("db.coll"),
kmsProviders: kmsProviders,
bypassAutoEncryption: true,
extraOptions: extraOptions,
schemaMap: schemaMap);
var result = subject.ToString();
result.Should().Be("{ BypassAutoEncryption : True, KmsProviders : { \"provider1\" : { \"string\" : \"test\" }, \"provider2\" : { \"binary\" : { \"_t\" : \"System.Byte[]\", \"_v\" : new BinData(0, \"ABEiM0RVZneImaq7zN3u/w==\") } } }, KeyVaultNamespace : \"db.coll\", ExtraOptions : { \"mongocryptdURI\" : \"testURI\" }, SchemaMap : { \"coll1\" : { \"string\" : \"test\" }, \"coll2\" : { \"binary\" : UUID(\"00112233-4455-6677-8899-aabbccddeeff\") } } }");
}
public void TestMapGuid(
[ClassValues(typeof(GuidModeValues))] GuidMode mode)
{
mode.Set();
#pragma warning disable 618
var value = Guid.NewGuid();
if (BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2 && BsonDefaults.GuidRepresentation != GuidRepresentation.Unspecified)
{
var bsonValue = (BsonBinaryData)BsonTypeMapper.MapToBsonValue(value);
byte[] expectedBytes;
BsonBinarySubType expectedSubType;
var guidRepresentation = BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2 ? BsonDefaults.GuidRepresentation : GuidRepresentation.Unspecified;
if (guidRepresentation == GuidRepresentation.Unspecified)
{
expectedBytes = GuidConverter.ToBytes(value, GuidRepresentation.Standard);
expectedSubType = BsonBinarySubType.UuidStandard;
}
else
{
expectedBytes = GuidConverter.ToBytes(value, guidRepresentation);
expectedSubType = GuidConverter.GetSubType(guidRepresentation);
}
Assert.True(expectedBytes.SequenceEqual(bsonValue.Bytes));
Assert.Equal(expectedSubType, bsonValue.SubType);
var bsonBinary = (BsonBinaryData)BsonTypeMapper.MapToBsonValue(value, BsonType.Binary);
Assert.True(expectedBytes.SequenceEqual(bsonBinary.Bytes));
Assert.Equal(expectedSubType, bsonBinary.SubType);
}
else
{
var exception = Record.Exception(() => (BsonBinaryData)BsonTypeMapper.MapToBsonValue(value));
exception.Should().BeOfType <InvalidOperationException>();
exception = Record.Exception(() => (BsonBinaryData)BsonTypeMapper.MapToBsonValue(value, BsonType.Binary));
exception.Should().BeOfType <InvalidOperationException>();
}
#pragma warning restore 618
}
public string CreateKeyWithAwsKmsProvider()
{
var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >();
var awsAccessKey = Environment.GetEnvironmentVariable("FLE_AWS_ACCESS_KEY");
var awsSecretAccessKey = Environment.GetEnvironmentVariable("FLE_AWS_SECRET_ACCESS_KEY");
var awsKmsOptions = new Dictionary <string, object>
{
{ "accessKeyId", awsAccessKey },
{ "secretAccessKey", awsSecretAccessKey }
};
kmsProviders.Add("aws", awsKmsOptions);
var clientEncryption = GetClientEncryption(kmsProviders);
var awsKeyARN = Environment.GetEnvironmentVariable("FLE_AWS_KEY_ARN"); // e.g. "arn:aws:kms:us-east-2:111122223333:alias/test-key"
var awsKeyRegion = Environment.GetEnvironmentVariable("FLE_AWS_KEY_REGION");
var awsEndpoint = Environment.GetEnvironmentVariable("FLE_AWS_ENDPOINT"); // Optional, AWS KMS URL.
var dataKeyOptions = new DataKeyOptions(
masterKey: new BsonDocument
{
{ "region", awsKeyRegion },
{ "key", awsKeyARN },
{ "endpoint", () => awsEndpoint, awsEndpoint != null }
});
var dataKeyId = clientEncryption.CreateDataKey("aws", dataKeyOptions, CancellationToken.None);
Console.WriteLine($"AWS DataKeyId [UUID]: {dataKeyId}");
var dataKeyIdBase64 = Convert.ToBase64String(GuidConverter.ToBytes(dataKeyId, GuidRepresentation.Standard));
Console.WriteLine($"AWS DataKeyId [base64]: {dataKeyIdBase64}");
ValidateKey(dataKeyId);
return(dataKeyIdBase64);
}
public void TestImplicitConversionFromNullableGuid(
[ClassValues(typeof(GuidModeValues))] GuidMode mode)
{
mode.Set();
#pragma warning disable 618
var guid = Guid.NewGuid();
if (BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2 && BsonDefaults.GuidRepresentation != GuidRepresentation.Unspecified)
{
BsonValue v = (Guid?)guid;
BsonValue n = (Guid?)null;
byte[] expectedBytes;
BsonBinarySubType expectedSubType;
var guidRepresentation = BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2 ? BsonDefaults.GuidRepresentation : GuidRepresentation.Unspecified;
if (guidRepresentation == GuidRepresentation.Unspecified)
{
expectedBytes = GuidConverter.ToBytes(guid, GuidRepresentation.Standard);
expectedSubType = BsonBinarySubType.UuidStandard;
}
else
{
expectedBytes = GuidConverter.ToBytes(guid, guidRepresentation);
expectedSubType = GuidConverter.GetSubType(guidRepresentation);
}
Assert.IsType <BsonBinaryData>(v);
Assert.IsType <BsonNull>(n);
var b = (BsonBinaryData)v;
Assert.True(expectedBytes.SequenceEqual(b.AsByteArray));
Assert.Equal(expectedSubType, b.SubType);
}
else
{
var exception = Record.Exception(() => { BsonValue v = (Guid?)guid; });
exception.Should().BeOfType <InvalidOperationException>();
}
#pragma warning restore 618
}
public void Serialize_should_write_expected_bytes(
GuidRepresentationMode defaultGuiRepresentationMode,
GuidRepresentation defaultGuidRepresentation,
GuidRepresentation serializerGuidRepresentation,
GuidRepresentation?writerGuidRepresentation,
BsonBinarySubType expectedSubType,
GuidRepresentation effectiveGuidRepresentation)
{
GuidMode.Set(defaultGuiRepresentationMode, defaultGuidRepresentation);
var subject = new GuidSerializer(serializerGuidRepresentation);
var memoryStream = new MemoryStream();
var writerSettings = new BsonBinaryWriterSettings();
if (defaultGuiRepresentationMode == GuidRepresentationMode.V2 && writerGuidRepresentation.HasValue)
{
#pragma warning disable 618
writerSettings.GuidRepresentation = writerGuidRepresentation.Value;
#pragma warning restore 618
}
var writer = new BsonBinaryWriter(memoryStream, writerSettings);
var context = BsonSerializationContext.CreateRoot(writer);
var args = new BsonSerializationArgs();
var value = new Guid("01020304-0506-0708-090a-0b0c0d0e0f10");
writer.WriteStartDocument();
writer.WriteName("x");
subject.Serialize(context, args, value);
writer.WriteEndDocument();
var result = memoryStream.ToArray();
var expectedBytes = new byte[] { 29, 0, 0, 0, 5, 120, 0, 16, 0, 0, 0, 4, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 0 };
expectedBytes[11] = (byte)expectedSubType;
Array.Copy(GuidConverter.ToBytes(value, effectiveGuidRepresentation), 0, expectedBytes, 12, 16);
result.Should().Equal(expectedBytes);
}
public void ClientSideEncryptionAutoEncryptionSettingsTour()
{
RequireServer.Check().Supports(Feature.ClientSideEncryption);
var localMasterKey = Convert.FromBase64String(LocalMasterKey);
var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >();
var localKey = new Dictionary <string, object>
{
{ "key", localMasterKey }
};
kmsProviders.Add("local", localKey);
var keyVaultNamespace = CollectionNamespace.FromFullName("admin.datakeys");
var keyVaultMongoClient = new MongoClient();
var clientEncryptionSettings = new ClientEncryptionOptions(
keyVaultMongoClient,
keyVaultNamespace,
kmsProviders);
var clientEncryption = new ClientEncryption(clientEncryptionSettings);
var dataKeyId = clientEncryption.CreateDataKey("local", new DataKeyOptions(), CancellationToken.None);
var base64DataKeyId = Convert.ToBase64String(GuidConverter.ToBytes(dataKeyId, GuidRepresentation.Standard));
clientEncryption.Dispose();
var collectionNamespace = CollectionNamespace.FromFullName("test.coll");
var schemaMap = $@"{{
properties: {{
encryptedField: {{
encrypt: {{
keyId: [{{
'$binary' : {{
'base64' : '{base64DataKeyId}',
'subType' : '04'
}}
}}],
bsonType: 'string',
algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'
}}
}}
}},
'bsonType': 'object'
}}";
var autoEncryptionSettings = new AutoEncryptionOptions(
keyVaultNamespace,
kmsProviders,
schemaMap: new Dictionary <string, BsonDocument>()
{
{ collectionNamespace.ToString(), BsonDocument.Parse(schemaMap) }
});
var clientSettings = new MongoClientSettings
{
AutoEncryptionOptions = autoEncryptionSettings
};
var client = new MongoClient(clientSettings);
var database = client.GetDatabase("test");
database.DropCollection("coll");
var collection = database.GetCollection <BsonDocument>("coll");
collection.InsertOne(new BsonDocument("encryptedField", "123456789"));
var result = collection.Find(FilterDefinition <BsonDocument> .Empty).First();
_output.WriteLine(result.ToJson());
}
// public void ClientSideEncryptionAutoEncryptionSettingsTour()
public static void Main(string[] args)
{
var localMasterKey = Convert.FromBase64String(LocalMasterKey);
var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >();
var localKey = new Dictionary <string, object>
{
{ "key", localMasterKey }
};
kmsProviders.Add("local", localKey);
var keyVaultDB = "keyVault";
var keystore = "__keystore";
var keyVaultNamespace = CollectionNamespace.FromFullName($"{keyVaultDB}.{keystore}");
var keyVaultMongoClient = new MongoClient();
var clientEncryptionSettings = new ClientEncryptionOptions(
keyVaultMongoClient,
keyVaultNamespace,
kmsProviders);
var clientEncryption = new ClientEncryption(clientEncryptionSettings);
keyVaultMongoClient.GetDatabase(keyVaultDB).DropCollection(keystore);
var altKeyName = new[] { "csharpDataKey01" };
var dataKeyOptions = new DataKeyOptions(alternateKeyNames: altKeyName);
var dataKeyId = clientEncryption.CreateDataKey("local", dataKeyOptions, CancellationToken.None);
var base64DataKeyId = Convert.ToBase64String(GuidConverter.ToBytes(dataKeyId, GuidRepresentation.Standard));
clientEncryption.Dispose();
var collectionNamespace = CollectionNamespace.FromFullName("test.coll");
var schemaMap = $@"{{
properties: {{
SSN: {{
encrypt: {{
keyId: [{{
'$binary' : {{
'base64' : '{base64DataKeyId}',
'subType' : '04'
}}
}}],
bsonType: 'string',
algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'
}}
}}
}},
'bsonType': 'object'
}}";
var autoEncryptionSettings = new AutoEncryptionOptions(
keyVaultNamespace,
kmsProviders,
schemaMap: new Dictionary <string, BsonDocument>()
{
{ collectionNamespace.ToString(), BsonDocument.Parse(schemaMap) }
});
var clientSettings = new MongoClientSettings
{
AutoEncryptionOptions = autoEncryptionSettings
};
var client = new MongoClient(clientSettings);
var database = client.GetDatabase("test");
database.DropCollection("coll");
var collection = database.GetCollection <BsonDocument>("coll");
collection.InsertOne(new BsonDocument("SSN", "123456789"));
var result = collection.Find(FilterDefinition <BsonDocument> .Empty).First();
Console.WriteLine(result.ToJson());
}
public void SerializeValue_should_convert_representation_when_required(
[ClassValues(typeof(GuidModeValues))] GuidMode mode,
[Values(
GuidRepresentation.CSharpLegacy,
GuidRepresentation.JavaLegacy,
GuidRepresentation.PythonLegacy,
GuidRepresentation.Standard,
GuidRepresentation.Unspecified)] GuidRepresentation writerGuidRepresentation,
[Values(
GuidRepresentation.CSharpLegacy,
GuidRepresentation.JavaLegacy,
GuidRepresentation.PythonLegacy,
GuidRepresentation.Standard,
GuidRepresentation.Unspecified)] GuidRepresentation valueGuidRepresentation)
{
mode.Set();
#pragma warning disable 618
var subject = new BsonBinaryDataSerializer();
var mockWriter = new Mock <IBsonWriter>();
var writerSettings = new BsonBinaryWriterSettings();
if (BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2)
{
writerSettings.GuidRepresentation = writerGuidRepresentation;
}
mockWriter.SetupGet(m => m.Settings).Returns(writerSettings);
var context = BsonSerializationContext.CreateRoot(mockWriter.Object);
var args = new BsonSerializationArgs();
var bytes = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 };
var subType = valueGuidRepresentation == GuidRepresentation.Unspecified ? BsonBinarySubType.UuidLegacy : GuidConverter.GetSubType(valueGuidRepresentation);
var value = BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2
? new BsonBinaryData(bytes, subType, valueGuidRepresentation)
: new BsonBinaryData(bytes, subType);
var isExceptionExpected =
BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2 &&
writerGuidRepresentation != GuidRepresentation.Unspecified &&
valueGuidRepresentation == GuidRepresentation.Unspecified;
if (!isExceptionExpected)
{
subject.Serialize(context, args, value);
var shouldConvertRepresentation =
BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2 &&
writerGuidRepresentation != GuidRepresentation.Unspecified &&
valueGuidRepresentation != GuidRepresentation.Unspecified &&
valueGuidRepresentation != writerGuidRepresentation;
var writtenValue = value;
if (shouldConvertRepresentation)
{
var guid = GuidConverter.FromBytes(bytes, valueGuidRepresentation);
var convertedBytes = GuidConverter.ToBytes(guid, writerGuidRepresentation);
var convertedSubType = GuidConverter.GetSubType(writerGuidRepresentation);
writtenValue = new BsonBinaryData(convertedBytes, convertedSubType, writerGuidRepresentation);
}
mockWriter.Verify(m => m.WriteBinaryData(writtenValue), Times.Once);
}
#pragma warning restore 618
}
private Guid ConvertFromGUIDtoCSUUID(Guid id)
{
var bytes = GuidConverter.ToBytes(id, GuidRepresentation.PythonLegacy);
return(new Guid(bytes));
}
