Support auto-encryption in the legacy MongoClient

Author: jyemin

driver-legacy/src/main/com/mongodb/Mongo.java

@@ -24,6 +24,7 @@
 import com.mongodb.client.internal.MongoClientDelegate;
 import com.mongodb.client.internal.MongoIterableImpl;
 import com.mongodb.client.internal.OperationExecutor;
+import com.mongodb.client.internal.SimpleMongoClient;
 import com.mongodb.connection.BufferProvider;
 import com.mongodb.connection.Cluster;
 import com.mongodb.connection.ClusterConnectionMode;
@@ -57,6 +58,7 @@
 import java.util.concurrent.ScheduledExecutorService;
 
 import static com.mongodb.ReadPreference.primary;
+import static com.mongodb.client.internal.Crypts.createCrypt;
 import static com.mongodb.connection.ClusterConnectionMode.MULTIPLE;
 import static com.mongodb.connection.ClusterType.REPLICA_SET;
 import static com.mongodb.internal.event.EventListenerHelper.getCommandListener;
@@ -320,10 +322,19 @@ public Mongo(
         this.readConcern = options.getReadConcern();
         this.optionHolder = new Bytes.OptionHolder(null);
         this.credentialsList = unmodifiableList(credentialsList);
-        this.delegate = new MongoClientDelegate(cluster, credentialsList, this);
+
+        AutoEncryptionSettings autoEncryptionSettings = options.getAutoEncryptionSettings();
+        this.delegate = new MongoClientDelegate(cluster, credentialsList, this,
+                autoEncryptionSettings == null ? null : createCrypt(asSimpleMongoClient(), autoEncryptionSettings));
+
         cursorCleaningService = options.isCursorFinalizerEnabled() ? createCursorCleaningService() : null;
     }
 
+    // bit of a hack, but it works because only MongoClient subclass will ever make use of this
+    SimpleMongoClient asSimpleMongoClient() {
+        throw new UnsupportedOperationException();
+    }
+
     /**
      * Sets the default write concern to use for write operations executed on any {@link DBCollection} created indirectly from this
      * instance, via a {@link DB} instance created from {@link #getDB(String)}.

driver-legacy/src/main/com/mongodb/MongoClient.java

@@ -23,6 +23,7 @@
 import com.mongodb.client.MongoIterable;
 import com.mongodb.client.internal.MongoDatabaseImpl;
 import com.mongodb.client.internal.MongoIterables;
+import com.mongodb.client.internal.SimpleMongoClient;
 import com.mongodb.client.model.changestream.ChangeStreamLevel;
 import com.mongodb.lang.Nullable;
 import org.bson.BsonDocument;
@@ -705,6 +706,21 @@ public void close() {
         super.close();
     }
 
+    @Override
+    SimpleMongoClient asSimpleMongoClient() {
+        return new SimpleMongoClient() {
+            @Override
+            public MongoDatabase getDatabase(final String databaseName) {
+                return MongoClient.this.getDatabase(databaseName);
+            }
+
+            @Override
+            public void close() {
+                MongoClient.this.close();
+            }
+        };
+    }
+
     private <TResult> ChangeStreamIterable<TResult> createChangeStreamIterable(@Nullable final ClientSession clientSession,
                                                                                final List<? extends Bson> pipeline,
                                                                                final Class<TResult> resultClass) {

driver-legacy/src/main/com/mongodb/MongoClientOptions.java

@@ -105,6 +105,8 @@ public class MongoClientOptions {
     private final List<ClusterListener> clusterListeners;
     private final List<CommandListener> commandListeners;
 
+    private final AutoEncryptionSettings autoEncryptionSettings;
+
     @SuppressWarnings("deprecation")
     private MongoClientOptions(final Builder builder) {
         description = builder.description;
@@ -144,6 +146,7 @@ private MongoClientOptions(final Builder builder) {
 
         clusterListeners = unmodifiableList(builder.clusterListeners);
         commandListeners = unmodifiableList(builder.commandListeners);
+        autoEncryptionSettings = builder.autoEncryptionSettings;
 
         ConnectionPoolSettings.Builder connectionPoolSettingsBuilder = ConnectionPoolSettings.builder()
                 .minSize(getMinConnectionsPerHost())
@@ -735,6 +738,17 @@ public boolean isCursorFinalizerEnabled() {
         return cursorFinalizerEnabled;
     }
 
+    /**
+     * Gets the auto-encryption settings
+     *
+     * @return the auto-encryption settings, which may be null
+     * @since 3.11
+     */
+    @Nullable
+    public AutoEncryptionSettings getAutoEncryptionSettings() {
+        return autoEncryptionSettings;
+    }
+
     ConnectionPoolSettings getConnectionPoolSettings() {
         return connectionPoolSettings;
     }
@@ -875,6 +889,10 @@ public boolean equals(final Object o) {
         if (!compressorList.equals(that.compressorList)) {
             return false;
         }
+        if (autoEncryptionSettings != null ? !autoEncryptionSettings.equals(that.autoEncryptionSettings)
+                : that.autoEncryptionSettings != null) {
+            return false;
+        }
 
         return true;
     }
@@ -917,6 +935,7 @@ public int hashCode() {
         result = 31 * result + (cursorFinalizerEnabled ? 1 : 0);
         result = 31 * result + (socketFactory != null ? socketFactory.hashCode() : 0);
         result = 31 * result + compressorList.hashCode();
+        result = 31 * result + (autoEncryptionSettings != null ? autoEncryptionSettings.hashCode() : 0);
         return result;
     }
 
@@ -963,6 +982,7 @@ public String toString() {
                + ", socketSettings=" + socketSettings
                + ", serverSettings=" + serverSettings
                + ", heartbeatSocketSettings=" + heartbeatSocketSettings
+               + ", autoEncryptionSettings="  + autoEncryptionSettings
                + '}';
     }
 
@@ -1015,6 +1035,7 @@ public static class Builder {
         private DBEncoderFactory dbEncoderFactory = DefaultDBEncoder.FACTORY;
         private SocketFactory socketFactory;
         private boolean cursorFinalizerEnabled = true;
+        private AutoEncryptionSettings autoEncryptionSettings;
 
         /**
          * Creates a Builder for MongoClientOptions, getting the appropriate system properties for initialization.
@@ -1073,6 +1094,7 @@ public Builder(final MongoClientOptions options) {
             connectionPoolListeners.addAll(options.getConnectionPoolListeners());
             serverListeners.addAll(options.getServerListeners());
             serverMonitorListeners.addAll(options.getServerMonitorListeners());
+            autoEncryptionSettings = options.getAutoEncryptionSettings();
         }
 
         /**
@@ -1628,6 +1650,18 @@ public Builder requiredReplicaSetName(final String requiredReplicaSetName) {
             return this;
         }
 
+        /**
+         * Set options for auto-encryption.
+         *
+         * @param autoEncryptionSettings auto encryption settings
+         * @return this
+         * @since 3.11
+         */
+        public Builder autoEncryptionSettings(final AutoEncryptionSettings autoEncryptionSettings) {
+            this.autoEncryptionSettings = autoEncryptionSettings;
+            return this;
+        }
+
         /**
          * Sets defaults to be what they are in {@code MongoOptions}.
          *

driver-legacy/src/test/functional/com/mongodb/ClientSideEncryptionLegacyTest.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright 2008-present MongoDB, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.mongodb;
+
+import com.mongodb.client.AbstractClientSideEncryptionTest;
+import com.mongodb.client.MongoDatabase;
+import com.mongodb.internal.connection.TestCommandListener;
+import org.bson.BsonArray;
+import org.bson.BsonDocument;
+import org.junit.After;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import static com.mongodb.ClusterFixture.getConnectionString;
+
+// See https://github.com/mongodb/specifications/tree/master/source/client-side-encryption/tests
+@RunWith(Parameterized.class)
+public class ClientSideEncryptionLegacyTest extends AbstractClientSideEncryptionTest {
+
+    private MongoClient mongoClient;
+
+    public ClientSideEncryptionLegacyTest(final String filename, final String description, final BsonDocument specDocument,
+                                          final BsonArray data, final BsonDocument definition, final boolean skipTest) {
+        super(filename, description, specDocument, data, definition, skipTest);
+    }
+
+    @Override
+    protected void createMongoClient(final AutoEncryptionSettings autoEncryptionSettings, final TestCommandListener commandListener) {
+        mongoClient = new MongoClient(new MongoClientURI(getConnectionString().getConnectionString(),
+                MongoClientOptions.builder()
+                        .autoEncryptionSettings(autoEncryptionSettings)
+                        .addCommandListener(commandListener)));
+    }
+
+    @Override
+    protected MongoDatabase getDatabase(final String databaseName) {
+        return mongoClient.getDatabase(databaseName);
+    }
+
+    @After
+    public void cleanUp() {
+        if (mongoClient != null) {
+            mongoClient.close();
+        }
+    }
+}

driver-legacy/src/test/unit/com/mongodb/MongoClientOptionsSpecification.groovy

@@ -88,6 +88,7 @@ class MongoClientOptionsSpecification extends Specification {
                                                 .build()
         options.sslSettings == SslSettings.builder().build();
         options.compressorList == []
+        options.getAutoEncryptionSettings() == null
     }
 
     @SuppressWarnings('UnnecessaryObjectReferences')
@@ -161,6 +162,10 @@ class MongoClientOptionsSpecification extends Specification {
         def encoderFactory = new MyDBEncoderFactory()
         def socketFactory = SSLSocketFactory.getDefault()
         def serverSelector = Mock(ServerSelector)
+        def autoEncryptionSettings = AutoEncryptionSettings.builder()
+                .keyVaultNamespace('admin.keys')
+                .kmsProviders(['local': ['key': new byte[64]]])
+                .build()
         def options = MongoClientOptions.builder()
                                         .description('test')
                                         .applicationName('appName')
@@ -193,6 +198,7 @@ class MongoClientOptionsSpecification extends Specification {
                                         .cursorFinalizerEnabled(false)
                                         .dbEncoderFactory(encoderFactory)
                                         .compressorList([MongoCompressor.createZlibCompressor()])
+                                        .autoEncryptionSettings(autoEncryptionSettings)
                                         .build()
 
         expect:
@@ -241,6 +247,7 @@ class MongoClientOptionsSpecification extends Specification {
         options.sslSettings == SslSettings.builder().enabled(true).invalidHostNameAllowed(true)
                 .context(SSLContext.getDefault()).build()
         options.compressorList == [MongoCompressor.createZlibCompressor()]
+        options.getAutoEncryptionSettings() == autoEncryptionSettings
     }
 
     @IgnoreIf({ isNotAtLeastJava7() })
@@ -336,6 +343,10 @@ class MongoClientOptionsSpecification extends Specification {
                 .addServerListener(Mock(ServerListener))
                 .addServerMonitorListener(Mock(ServerMonitorListener))
                 .compressorList([MongoCompressor.createZlibCompressor()])
+                .autoEncryptionSettings(AutoEncryptionSettings.builder()
+                        .keyVaultNamespace('admin.keys')
+                        .kmsProviders(['local': ['key': new byte[64]]])
+                        .build())
                 .build()
 
         then:
@@ -648,6 +659,7 @@ class MongoClientOptionsSpecification extends Specification {
                 .addServerListener(Mock(ServerListener))
                 .addServerMonitorListener(Mock(ServerMonitorListener))
                 .compressorList([MongoCompressor.createZlibCompressor()])
+                .autoEncryptionSettings()
                 .build()
 
         when:
@@ -661,12 +673,13 @@ class MongoClientOptionsSpecification extends Specification {
         when:
         // A regression test so that if any more methods are added then the builder(final MongoClientOptions options) should be updated
         def actual = MongoClientOptions.Builder.declaredFields.grep { !it.synthetic } *.name.sort()
-        def expected = ['alwaysUseMBeans', 'applicationName', 'clusterListeners', 'codecRegistry', 'commandListeners', 'compressorList',
-                        'connectTimeout', 'connectionPoolListeners', 'cursorFinalizerEnabled', 'dbDecoderFactory', 'dbEncoderFactory',
-                        'description', 'heartbeatConnectTimeout', 'heartbeatFrequency', 'heartbeatSocketTimeout', 'localThreshold',
-                        'maxConnectionIdleTime', 'maxConnectionLifeTime', 'maxConnectionsPerHost', 'maxWaitTime', 'minConnectionsPerHost',
-                        'minHeartbeatFrequency', 'readConcern', 'readPreference', 'requiredReplicaSetName', 'retryReads', 'retryWrites',
-                        'serverListeners', 'serverMonitorListeners', 'serverSelectionTimeout', 'serverSelector', 'socketFactory',
+        def expected = ['alwaysUseMBeans', 'applicationName', 'autoEncryptionSettings', 'clusterListeners', 'codecRegistry',
+                        'commandListeners', 'compressorList', 'connectTimeout', 'connectionPoolListeners', 'cursorFinalizerEnabled',
+                        'dbDecoderFactory', 'dbEncoderFactory', 'description', 'heartbeatConnectTimeout', 'heartbeatFrequency',
+                        'heartbeatSocketTimeout', 'localThreshold', 'maxConnectionIdleTime', 'maxConnectionLifeTime',
+                        'maxConnectionsPerHost', 'maxWaitTime', 'minConnectionsPerHost', 'minHeartbeatFrequency', 'readConcern',
+                        'readPreference', 'requiredReplicaSetName', 'retryReads', 'retryWrites', 'serverListeners',
+                        'serverMonitorListeners', 'serverSelectionTimeout', 'serverSelector', 'socketFactory',
                         'socketKeepAlive', 'socketTimeout', 'sslContext', 'sslEnabled', 'sslInvalidHostNameAllowed',
                         'threadsAllowedToBlockForConnectionMultiplier', 'writeConcern']
 

driver-sync/src/main/com/mongodb/client/MongoClients.java

@@ -111,9 +111,7 @@ public static MongoClient create(final ConnectionString connectionString,
     public static MongoClient create(final MongoClientSettings settings, @Nullable final MongoDriverInformation mongoDriverInformation) {
         MongoDriverInformation.Builder builder = mongoDriverInformation == null ? MongoDriverInformation.builder()
                 : MongoDriverInformation.builder(mongoDriverInformation);
-        MongoClientImpl client = new MongoClientImpl(settings, builder.driverName("sync").build());
-        client.init();
-        return client;
+        return new MongoClientImpl(settings, builder.driverName("sync").build());
     }
 
     private MongoClients() {

driver-sync/src/main/com/mongodb/client/internal/CollectionInfoRetriever.java

@@ -16,17 +16,16 @@
 
 package com.mongodb.client.internal;
 
-import com.mongodb.client.MongoClient;
 import com.mongodb.lang.Nullable;
 import org.bson.BsonDocument;
 
 import static com.mongodb.assertions.Assertions.notNull;
 
 class CollectionInfoRetriever {
 
-    private final MongoClient client;
+    private final SimpleMongoClient client;
 
-    CollectionInfoRetriever(final MongoClient client) {
+    CollectionInfoRetriever(final SimpleMongoClient client) {
         this.client = notNull("client", client);
     }
 

driver-sync/src/main/com/mongodb/client/internal/Crypts.java

@@ -21,7 +21,6 @@
 import com.mongodb.MongoClientException;
 import com.mongodb.MongoClientSettings;
 import com.mongodb.MongoNamespace;
-import com.mongodb.client.MongoClient;
 import com.mongodb.client.MongoClients;
 import com.mongodb.crypt.capi.MongoAwsKmsProviderOptions;
 import com.mongodb.crypt.capi.MongoCryptOptions;
@@ -34,9 +33,9 @@
 import java.security.NoSuchAlgorithmException;
 import java.util.Map;
 
-final class Crypts {
+public final class Crypts {
 
-    static Crypt createCrypt(final MongoClient client, final AutoEncryptionSettings options) {
+    public static Crypt createCrypt(final SimpleMongoClient client, final AutoEncryptionSettings options) {
         return new Crypt(MongoCrypts.create(createMongoCryptOptions(options.getKmsProviders(),
                 options.getNamespaceToLocalSchemaDocumentMap())),
                 new CollectionInfoRetriever(client),
@@ -46,7 +45,7 @@ static Crypt createCrypt(final MongoClient client, final AutoEncryptionSettings
                 options.isBypassAutoEncryption());
     }
 
-    static Crypt create(final MongoClient keyVaultClient, final KeyVaultEncryptionSettings options) {
+    static Crypt create(final SimpleMongoClient keyVaultClient, final KeyVaultEncryptionSettings options) {
         return new Crypt(MongoCrypts.create(
                 createMongoCryptOptions(options.getKmsProviders(), null)),
                 createKeyRetriever(keyVaultClient, false, options.getKeyVaultNamespace()),
@@ -79,13 +78,13 @@ private static MongoCryptOptions createMongoCryptOptions(final Map<String, Map<S
         return mongoCryptOptionsBuilder.build();
     }
 
-    private static KeyRetriever createKeyRetriever(final MongoClient defaultKeyVaultClient,
+    private static KeyRetriever createKeyRetriever(final SimpleMongoClient defaultKeyVaultClient,
                                                    final MongoClientSettings keyVaultMongoClientSettings,
                                                    final String keyVaultNamespaceString) {
-        MongoClient keyVaultClient;
+        SimpleMongoClient keyVaultClient;
         boolean keyRetrieverOwnsClient;
         if (keyVaultMongoClientSettings != null) {
-            keyVaultClient = MongoClients.create(keyVaultMongoClientSettings);
+            keyVaultClient = SimpleMongoClients.create(MongoClients.create(keyVaultMongoClientSettings));
             keyRetrieverOwnsClient = true;
         } else {
             keyVaultClient = defaultKeyVaultClient;
@@ -95,7 +94,7 @@ private static KeyRetriever createKeyRetriever(final MongoClient defaultKeyVault
         return createKeyRetriever(keyVaultClient, keyRetrieverOwnsClient, keyVaultNamespaceString);
     }
 
-    private static KeyRetriever createKeyRetriever(final MongoClient keyVaultClient, final boolean keyRetrieverOwnsClient,
+    private static KeyRetriever createKeyRetriever(final SimpleMongoClient keyVaultClient, final boolean keyRetrieverOwnsClient,
                                                    final String keyVaultNamespaceString) {
         return new KeyRetriever(keyVaultClient, keyRetrieverOwnsClient, new MongoNamespace(keyVaultNamespaceString));
     }