Skip to content

Add kmip tests, use mongoCrypt snapshot #1406

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 13, 2024
Merged

Add kmip tests, use mongoCrypt snapshot #1406

merged 3 commits into from
Jun 13, 2024

Conversation

katcharov
Copy link
Collaborator

JAVA-5300

Copies tests, updates docs, and uses the (erroneously named) 1.8.0-SNAPSHOT which has the delegated feature available.

See also, update/fix in: mongodb/specifications#1591

@katcharov katcharov requested a review from vbabanin June 3, 2024 21:00
jyemin
jyemin reviewed Jun 5, 2024
View reviewed changes
@katcharov katcharov requested a review from jyemin June 5, 2024 17:32
vbabanin
vbabanin reviewed Jun 11, 2024
View reviewed changes
driver-core/src/main/com/mongodb/client/model/vault/DataKeyOptions.java Outdated
@@ -128,6 +128,8 @@ public List<String> getKeyAltNames() {
* omitted, the driver creates a random 96 byte KMIP Secret Data managed object.</li>
* <li>endpoint: a String, the endpoint as a host with required port. e.g. "example.com:443". If endpoint is not provided, it
* defaults to the required endpoint from the KMS providers map.</li>
* <li>delegated: If true (recommended), the KMIP server must decrypt this key. If delegated is not provided,
* defaults to false. </li>
Copy link
Member

@vbabanin vbabanin Jun 11, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Javadoc for the 'delegated' parameter currently highlights only decryption, probably referencing the spec comment, delegated: Optional<Boolean> // If true, this key should be decrypted by the KMIP server. However, the KMIP server is also involved in encrypting keys. For example, when we use the createDataKey() method to encrypt DEKs for storage in the database. The specification further also states that

If the delegated option is set to true (recommended), the KMIP server will instead perform encryption and
decryption locally

We should note in the Javadoc that when 'delegated' is set to true, the KMIP server manages both encryption and decryption.

driver-core/src/test/resources/client-side-encryption/legacy/kmipKMS.json Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed updates to legacy CSFLE tests in the following files: azureKMS.json, gcpKMS.json. (PR 1507) Could you share the rationale behind not including these changes in our current test suites?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added

@katcharov katcharov requested a review from vbabanin June 12, 2024 21:43
vbabanin
vbabanin approved these changes Jun 13, 2024
View reviewed changes
Copy link
Member

@vbabanin vbabanin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@katcharov katcharov merged commit 24b3aff into master Jun 13, 2024
59 checks passed
@katcharov katcharov deleted the JAVA-5300 branch June 13, 2024 14:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jyemin jyemin jyemin approved these changes

@vbabanin vbabanin vbabanin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@katcharov @jyemin @vbabanin