Skip to content

Commit 3f8dc22

Browse files
(DOCSP-23165) Dotnet QE Apps (#1312)
* make data key script working * functioning csharp app * cleanup metadata collections * add build .NET FLE 2 apps * add cc edit * code review * use program.cs instead of main.cs * rebuild sample apps * rebuild fle-1 apps with build warning + program fix * remove dotnet-fle-2 gitignores * add program.cs files
1 parent 1a9153c commit 3f8dc22

35 files changed

+2333
-18
lines changed
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
<Project Sdk="Microsoft.NET.Sdk">
2+
3+
<PropertyGroup>
4+
<OutputType>Exe</OutputType>
5+
<TargetFramework>netcoreapp6.0</TargetFramework>
6+
</PropertyGroup>
7+
8+
<ItemGroup>
9+
<PackageReference Include="MongoDB.Driver" Version="2.16.1" />
10+
</ItemGroup>
11+
12+
</Project>
Lines changed: 142 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,142 @@
1+
using System;
2+
using System.Collections.Generic;
3+
using MongoDB.Driver;
4+
using MongoDB.Bson;
5+
using MongoDB.Driver.Encryption;
6+
7+
namespace Insert
8+
{
9+
10+
class InsertEncryptedDocument
11+
{
12+
13+
public static void Insert()
14+
{
15+
var connectionString = "<Your MongoDB URI>";
16+
// start-key-vault
17+
var keyVaultNamespace = CollectionNamespace.FromFullName("encryption.__keyVault");
18+
// end-key-vault
19+
20+
// start-kmsproviders
21+
var kmsProviders = new Dictionary<string, IReadOnlyDictionary<string, object>>();
22+
var provider = "aws";
23+
var awsKmsOptions = new Dictionary<string, object>
24+
{
25+
{ "accessKeyId", "<Your AWS Access Key ID>" },
26+
{ "secretAccessKey", "<Your AWS Secret Access Key>" }
27+
};
28+
kmsProviders.Add(provider, awsKmsOptions);
29+
// end-kmsproviders
30+
31+
32+
// start-schema
33+
var regularClientSettings = MongoClientSettings.FromConnectionString(connectionString);
34+
var regularClient = new MongoClient(regularClientSettings);
35+
var keyVaultCollection = regularClient.GetDatabase(keyVaultNamespace.DatabaseNamespace.ToString()).GetCollection<BsonDocument>(keyVaultNamespace.CollectionName.ToString());
36+
37+
Func<string, FilterDefinition<BsonDocument>> getFilter = altName => Builders<BsonDocument>.Filter.Eq<BsonString>("keyAltNames", altName);
38+
var dataKeyId1 = keyVaultCollection.Find<BsonDocument>(getFilter("dataKey1")).First<BsonDocument>().GetValue("_id");
39+
var dataKeyId2 = keyVaultCollection.Find<BsonDocument>(getFilter("dataKey2")).First<BsonDocument>().GetValue("_id");
40+
var dataKeyId3 = keyVaultCollection.Find<BsonDocument>(getFilter("dataKey3")).First<BsonDocument>().GetValue("_id");
41+
var dataKeyId4 = keyVaultCollection.Find<BsonDocument>(getFilter("dataKey4")).First<BsonDocument>().GetValue("_id");
42+
43+
44+
var encryptedDatabaseNamespace = CollectionNamespace.FromFullName("medicalRecords.patients");
45+
var encryptedFieldsMap = new Dictionary<string, BsonDocument> {
46+
{ encryptedDatabaseNamespace.FullName, new BsonDocument{
47+
{ "fields", new BsonArray{
48+
new BsonDocument {
49+
{ "keyId", dataKeyId1 },
50+
{ "path", new BsonString("patientId")},
51+
{"bsonType", new BsonString("int")},
52+
{"queries", new BsonDocument{
53+
{"queryType", new BsonString("equality")}
54+
}}
55+
},
56+
new BsonDocument {
57+
{ "keyId", dataKeyId2 },
58+
{ "path", new BsonString("medications")},
59+
{"bsonType", new BsonString("array")},
60+
},
61+
new BsonDocument {
62+
{ "keyId", dataKeyId3 },
63+
{ "path", new BsonString("patientRecord.ssn")},
64+
{"bsonType", new BsonString("string")},
65+
{"queries", new BsonDocument{
66+
{"queryType", new BsonString("equality")}
67+
}}
68+
},
69+
new BsonDocument {
70+
{ "keyId", dataKeyId4 },
71+
{ "path", new BsonString("patienRecord.billing")},
72+
{"bsonType", new BsonString("object")},
73+
},
74+
}
75+
}
76+
}
77+
}
78+
};
79+
// end-schema
80+
81+
// start-extra-options
82+
var extraOptions = new Dictionary<string, object>()
83+
{
84+
{ "cryptSharedLibPath", "<path to crypt_shared library>" },
85+
};
86+
// end-extra-options
87+
88+
// start-client
89+
var clientSettings = MongoClientSettings.FromConnectionString(connectionString);
90+
var autoEncryptionOptions = new AutoEncryptionOptions(
91+
keyVaultNamespace: keyVaultNamespace,
92+
kmsProviders: kmsProviders,
93+
encryptedFieldsMap: encryptedFieldsMap,
94+
extraOptions: extraOptions);
95+
clientSettings.AutoEncryptionOptions = autoEncryptionOptions;
96+
var secureClient = new MongoClient(clientSettings);
97+
// end-client
98+
99+
// start-insert
100+
var sampleDocument = new BsonDocument
101+
{
102+
{ "firstName", "Jon" },
103+
{ "lastName", "Doe" },
104+
{ "patientId", 12345678 },
105+
{ "address", "157 Electric Ave." },
106+
{
107+
"medications", new BsonArray
108+
{
109+
new BsonString("Atorvastatin"),
110+
new BsonString("Levothyroxine")
111+
}
112+
},
113+
{
114+
"patientRecord", new BsonDocument
115+
{
116+
{ "ssn", new BsonString("987-65-4320") },
117+
{ "billing", new BsonDocument {
118+
{"type", new BsonString("Visa")},
119+
{"number", "4111111111111111"}
120+
}
121+
}
122+
}
123+
}
124+
};
125+
126+
var secureCollection = secureClient.GetDatabase(encryptedDatabaseNamespace.DatabaseNamespace.ToString()).GetCollection<BsonDocument>(encryptedDatabaseNamespace.CollectionName.ToString());
127+
secureCollection.InsertOne(sampleDocument);
128+
// end-insert
129+
130+
// start-find
131+
Console.WriteLine("Finding a document with regular (non-encrypted) client.");
132+
var filter = Builders<BsonDocument>.Filter.Eq("firstName", "Jon");
133+
var regularResult = regularClient.GetDatabase(encryptedDatabaseNamespace.DatabaseNamespace.ToString()).GetCollection<BsonDocument>(encryptedDatabaseNamespace.CollectionName.ToString()).Find(filter).Limit(1).ToList()[0];
134+
Console.WriteLine($"\n{regularResult}\n");
135+
Console.WriteLine("Finding a document with encrypted client, searching on an encrypted field");
136+
var encryptedFieldFilter = Builders<BsonDocument>.Filter.Eq("patientRecord.ssn", "987-65-4320");
137+
var secureResult = secureClient.GetDatabase(encryptedDatabaseNamespace.DatabaseNamespace.ToString()).GetCollection<BsonDocument>(encryptedDatabaseNamespace.CollectionName.ToString()).Find(encryptedFieldFilter).Limit(1).ToList()[0];
138+
Console.WriteLine($"\n{secureResult}\n");
139+
// end-find
140+
}
141+
}
142+
}
Lines changed: 150 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,150 @@
1+
using System;
2+
using System.IO;
3+
using System.Collections.Generic;
4+
using System.Threading;
5+
using MongoDB.Driver;
6+
using MongoDB.Bson;
7+
using MongoDB.Driver.Encryption;
8+
9+
namespace Key
10+
{
11+
12+
class MakeDataKey
13+
{
14+
public static void MakeKey()
15+
{
16+
17+
18+
// start-kmsproviders
19+
var kmsProviders = new Dictionary<string, IReadOnlyDictionary<string, object>>();
20+
var provider = "aws";
21+
var awsKmsOptions = new Dictionary<string, object>
22+
{
23+
{ "accessKeyId", "<Your AWS Access Key ID>" },
24+
{ "secretAccessKey", "<Your AWS Secret Access Key>" }
25+
};
26+
kmsProviders.Add(provider, awsKmsOptions);
27+
// end-kmsproviders
28+
29+
DataKeyOptions[] dataKeyOptsArr = new DataKeyOptions[4];
30+
31+
32+
for (int i = 0; i < dataKeyOptsArr.Length; i += 1)
33+
{
34+
// start-datakeyopts
35+
var dataKeyOptions = new DataKeyOptions(
36+
masterKey: new BsonDocument
37+
{
38+
{ "region", "<Your AWS Key Region>" },
39+
{ "key", "<Your AWS Key ARN>" },
40+
});
41+
// end-datakeyopts
42+
dataKeyOptsArr[i] = dataKeyOptions;
43+
}
44+
45+
// start-create-index
46+
var connectionString = "<Your MongoDB URI>";
47+
// start-create-dek
48+
var keyVaultNamespace = CollectionNamespace.FromFullName("encryption.__keyVault");
49+
var keyVaultClient = new MongoClient(connectionString);
50+
var indexOptions = new CreateIndexOptions<BsonDocument>();
51+
indexOptions.Unique = true;
52+
indexOptions.PartialFilterExpression = new BsonDocument { { "keyAltNames", new BsonDocument { { "$exists", new BsonBoolean(true) } } } };
53+
var builder = Builders<BsonDocument>.IndexKeys;
54+
var indexKeysDocument = builder.Ascending("keyAltNames");
55+
var indexModel = new CreateIndexModel<BsonDocument>(indexKeysDocument, indexOptions);
56+
var keyVaultDatabase = keyVaultClient.GetDatabase(keyVaultNamespace.DatabaseNamespace.ToString());
57+
// Drop the Key Vault Collection in case you created this collection
58+
// in a previous run of this application.
59+
keyVaultDatabase.DropCollection(keyVaultNamespace.CollectionName.ToString());
60+
var keyVaultCollection = keyVaultDatabase.GetCollection<BsonDocument>(keyVaultNamespace.CollectionName.ToString());
61+
keyVaultCollection.Indexes.CreateOne(indexModel);
62+
// end-create-index
63+
64+
// start-create-dek
65+
var clientEncryptionOptions = new ClientEncryptionOptions(
66+
keyVaultClient: keyVaultClient,
67+
keyVaultNamespace: keyVaultNamespace,
68+
kmsProviders: kmsProviders);
69+
Func<Guid, BsonBinaryData> getBsonBinaryId = guid => new BsonBinaryData(guid, GuidRepresentation.Standard);
70+
var clientEncryption = new ClientEncryption(clientEncryptionOptions);
71+
var dataKeyOptions1 = dataKeyOptsArr[0];
72+
var dataKeyOptions2 = dataKeyOptsArr[1];
73+
var dataKeyOptions3 = dataKeyOptsArr[2];
74+
var dataKeyOptions4 = dataKeyOptsArr[3];
75+
List<string> keyNames1 = new List<string>();
76+
keyNames1.Add("dataKey1");
77+
var dataKeyId1 = getBsonBinaryId(clientEncryption.CreateDataKey(provider, dataKeyOptions1.With(keyNames1), CancellationToken.None));
78+
List<string> keyNames2 = new List<string>();
79+
keyNames2.Add("dataKey2");
80+
var dataKeyId2 = getBsonBinaryId(clientEncryption.CreateDataKey(provider, dataKeyOptions2.With(keyNames2), CancellationToken.None));
81+
List<string> keyNames3 = new List<string>();
82+
keyNames3.Add("dataKey3");
83+
var dataKeyId3 = getBsonBinaryId(clientEncryption.CreateDataKey(provider, dataKeyOptions3.With(keyNames3), CancellationToken.None));
84+
List<string> keyNames4 = new List<string>();
85+
keyNames4.Add("dataKey4");
86+
var dataKeyId4 = getBsonBinaryId(clientEncryption.CreateDataKey(provider, dataKeyOptions4.With(keyNames4), CancellationToken.None));
87+
// end-create-dek
88+
89+
90+
// start-create-enc-collection
91+
var encryptedDatabaseNamespace = CollectionNamespace.FromFullName("medicalRecords.patients");
92+
var encryptedFieldsMap = new Dictionary<string, BsonDocument> {
93+
{ encryptedDatabaseNamespace.FullName, new BsonDocument{
94+
{ "fields", new BsonArray{
95+
new BsonDocument {
96+
{ "keyId", dataKeyId1 },
97+
{ "path", new BsonString("patientId")},
98+
{"bsonType", new BsonString("int")},
99+
{"queries", new BsonDocument{
100+
{"queryType", new BsonString("equality")}
101+
}}
102+
},
103+
new BsonDocument {
104+
{ "keyId", dataKeyId2 },
105+
{ "path", new BsonString("medications")},
106+
{"bsonType", new BsonString("array")},
107+
},
108+
new BsonDocument {
109+
{ "keyId", dataKeyId3 },
110+
{ "path", new BsonString("patientRecord.ssn")},
111+
{"bsonType", new BsonString("string")},
112+
{"queries", new BsonDocument{
113+
{"queryType", new BsonString("equality")}
114+
}}
115+
},
116+
new BsonDocument {
117+
{ "keyId", dataKeyId4 },
118+
{ "path", new BsonString("patienRecord.billing")},
119+
{"bsonType", new BsonString("object")},
120+
},
121+
}
122+
}
123+
}
124+
}
125+
};
126+
127+
var extraOptions = new Dictionary<string, object>()
128+
{
129+
{ "cryptSharedLibPath", "<path to crypt_shared library>" },
130+
};
131+
132+
var autoEncryptionOptions = new AutoEncryptionOptions(
133+
keyVaultNamespace: keyVaultNamespace,
134+
kmsProviders: kmsProviders,
135+
encryptedFieldsMap: encryptedFieldsMap,
136+
extraOptions: extraOptions);
137+
138+
var clientSettings = MongoClientSettings.FromConnectionString(connectionString);
139+
clientSettings.AutoEncryptionOptions = autoEncryptionOptions;
140+
var secureClient = new MongoClient(clientSettings);
141+
var encryptedDatabase = secureClient.GetDatabase(encryptedDatabaseNamespace.DatabaseNamespace.ToString());
142+
// Drop the encrypted collection in case you created this collection
143+
// in a previous run of this application.
144+
encryptedDatabase.DropCollection(encryptedDatabaseNamespace.CollectionName.ToString());
145+
encryptedDatabase.CreateCollection(encryptedDatabaseNamespace.CollectionName.ToString());
146+
Console.WriteLine("Created encrypted collection!");
147+
// end-create-enc-collection
148+
}
149+
}
150+
}
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
<Project Sdk="Microsoft.NET.Sdk">
2+
3+
<PropertyGroup>
4+
<OutputType>Exe</OutputType>
5+
<TargetFramework>netcoreapp6.0</TargetFramework>
6+
</PropertyGroup>
7+
8+
<ItemGroup>
9+
<PackageReference Include="MongoDB.Driver" Version="2.16.1" />
10+
</ItemGroup>
11+
12+
</Project>

0 commit comments

Comments
 (0)