mongo-java-driver/driver-sync/src/test/functional/com/mongodb/fixture/EncryptionFixture.java at 6ff7e0647ef843ae7c3fe25f165a8c3386de4ee9 · vbabanin/mongo-java-driver · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
/*
 * Copyright 2008-present MongoDB, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 *
 */

package com.mongodb.fixture;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.HashMap;
import java.util.Map;

import static com.mongodb.ClusterFixture.getEnv;

/**
 * Helper class for the CSFLE/QE tests.
 */
public final class EncryptionFixture {

    private static final String KEYSTORE_PASSWORD = "test";

    private EncryptionFixture() {
        //NOP
    }

    public static Map<String, Map<String, Object>> getKmsProviders(final KmsProviderType... kmsProviderTypes) {
        return new HashMap<String, Map<String, Object>>() {{
            for (KmsProviderType kmsProviderType : kmsProviderTypes) {
                switch (kmsProviderType) {
                    case LOCAL:
                        put("local", new HashMap<String, Object>() {{
                            put("key", "Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBM"
                                    + "UN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk");
                        }});
                        break;
                    case GCP:
                        put("gcp", new HashMap<String, Object>() {{
                            put("email", getEnv("GCP_EMAIL"));
                            put("privateKey", getEnv("GCP_PRIVATE_KEY"));
                        }});
                        break;
                    case AWS:
                        put("aws", new HashMap<String, Object>() {{
                            put("accessKeyId", getEnv("AWS_ACCESS_KEY_ID"));
                            put("secretAccessKey", getEnv("AWS_SECRET_ACCESS_KEY"));
                        }});
                        break;
                    case AZURE:
                        put("azure", new HashMap<String, Object>() {{
                            put("tenantId", getEnv("AZURE_TENANT_ID"));
                            put("clientId", getEnv("AZURE_CLIENT_ID"));
                            put("clientSecret", getEnv("AZURE_CLIENT_SECRET"));
                        }});
                        break;
                    case KMIP:
                        put("kmip", new HashMap<String, Object>() {{
                            put("endpoint", getEnv("org.mongodb.test.kmipEndpoint", "localhost:5698"));
                        }});
                        break;
                    default:
                        throw new IllegalArgumentException("Unsupported KMS provider type: " + kmsProviderType);
                }
            }
        }};
    }

    /**
     * Creates a {@link KeyManagerFactory} from a PKCS12 keystore file for use in TLS connections.
     * The keystore is loaded using the password {@value #KEYSTORE_PASSWORD}.
     *
     * @return a {@link KeyManagerFactory initialized with the keystore's key material
     */
    public static KeyManagerFactory getKeyManagerFactory(final String keystoreLocation, final String keystoreFileName) throws Exception {
        KeyStore ks = KeyStore.getInstance("PKCS12");
        try (FileInputStream fis = new FileInputStream(keystoreLocation + File.separator + keystoreFileName)) {
            ks.load(fis, KEYSTORE_PASSWORD.toCharArray());
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(ks, KEYSTORE_PASSWORD.toCharArray());
        return keyManagerFactory;
    }

    /**
     * Creates an {@link SSLContext} from a PKCS12 keystore file for TLS connections.
     *
     * Allows configuring MongoClient with a custom {@link SSLContext} to test scenarios like TLS connections using specific certificates
     * (e.g., expired or invalid) and setting up KMS servers.
     *
     * @return an initialized {@link SSLContext} configured with the keystore's key material
     * @see #getKeyManagerFactory
     */
    public static SSLContext buildSslContextFromKeyStore(final String keystoreLocation, final String keystoreFileName) throws Exception {
        KeyManagerFactory keyManagerFactory = getKeyManagerFactory(keystoreLocation, keystoreFileName);
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
        return sslContext;
    }

    public enum KmsProviderType {
        LOCAL,
        AWS,
        AZURE,
        GCP,
        KMIP
    }
}