public BsonDocument EncryptCommand(KmsCredentials credentials, IMongoCollection <BsonDocument> coll, BsonDocument cmd) { var options = new CryptOptions(new[] { credentials }); using (var cryptClient = CryptClientFactory.Create(options)) using (var context = cryptClient.StartEncryptionContext(coll.Database.DatabaseNamespace.DatabaseName, command: BsonUtil.ToBytes(cmd))) { return(ProcessState(context, coll.Database, cmd)); } }
public BsonDocument DecryptCommand(KmsCredentials credentials, IMongoDatabase db, BsonDocument doc) { var options = new CryptOptions(new[] { credentials }); using (var cryptClient = CryptClientFactory.Create(options)) using (var context = cryptClient.StartDecryptionContext(BsonUtil.ToBytes(doc))) { return(ProcessState(context, db, null)); } }
public Guid GenerateKey(KmsCredentials credentials, KmsKeyId kmsKeyId) { var options = new CryptOptions(new[] { credentials }); BsonDocument key = null; using (var cryptClient = CryptClientFactory.Create(options)) using (var context = cryptClient.StartCreateDataKeyContext(kmsKeyId)) { key = ProcessState(context, _keyVault.Database, null); } _keyVault.InsertOne(key); Guid g = key["_id"].AsGuid; return(g); }
private CryptOptions CreateCryptOptions() { List <KmsCredentials> kmsProviders = null; if (_kmsProviders != null && _kmsProviders.Count > 0) { kmsProviders = new List <KmsCredentials>(); foreach (var kmsProvider in _kmsProviders) { var kmsTypeDocumentKey = kmsProvider.Key.ToLower(); var kmsProviderDocument = CreateProviderDocument(kmsTypeDocumentKey, kmsProvider.Value); var kmsCredentials = new KmsCredentials(credentialsBytes: kmsProviderDocument.ToBson()); kmsProviders.Add(kmsCredentials); } } else { throw new ArgumentException("At least one kms provider must be specified"); } byte[] schemaBytes = null; if (_schemaMap != null) { var schemaMapElements = _schemaMap.Select(c => new BsonElement(c.Key, c.Value)); var schemaDocument = new BsonDocument(schemaMapElements); #pragma warning disable 618 var writerSettings = new BsonBinaryWriterSettings(); if (BsonDefaults.GuidRepresentationMode == GuidRepresentationMode.V2) { writerSettings.GuidRepresentation = GuidRepresentation.Unspecified; } #pragma warning restore 618 schemaBytes = schemaDocument.ToBson(writerSettings: writerSettings); } return(new CryptOptions(kmsProviders, schemaBytes)); }
static void Main(string[] args) { // The C# driver transmutes data unless you specify this stupid line! BsonDefaults.GuidRepresentation = GuidRepresentation.Standard; Console.WriteLine("Using url: " + args); // or change me to use the mock Uri kmsURL = Environment.GetEnvironmentVariable("FLE_AWS_SECRET_ACCESS_KEY") != null ? null : new Uri("https://*****:*****@"{ 'find': 'test', 'filter' : { '$or': [{ '_id': 1},{ 'ssn': '123-45-6789'}]}, }"); var findCmd = new BsonDocumentCommand <BsonDocument>(controller.EncryptCommand(kmsCredentials, collection, findDoc)); Console.WriteLine("Find CMD: " + findCmd.Document); findCmd.Document.Remove("$db"); var commandResult = database.RunCommand(findCmd); Console.WriteLine("Find Result: " + commandResult); var decryptedDocument = controller.DecryptCommand(kmsCredentials, database, commandResult); Console.WriteLine("Find Result (DECRYPTED): " + decryptedDocument); }