Implement client side encryption custom endpoint test

JAVA-3464

KeyManagementService

Author: jyemin

driver-async/src/main/com/mongodb/async/client/internal/Crypt.java

@@ -342,7 +342,7 @@ private void decryptKeys(final MongoCryptContext cryptContext, final String data
                 @Override
                 public void onResult(final Void result, final Throwable t) {
                     if (t != null) {
-                        callback.onResult(null, t);
+                        callback.onResult(null, wrapInClientException(t));
                     } else {
                         decryptKeys(cryptContext, databaseName, callback);
                     }

driver-async/src/main/com/mongodb/async/client/internal/KeyManagementService.java

@@ -17,10 +17,6 @@
 package com.mongodb.async.client.internal;
 
 import com.mongodb.MongoSocketException;
-import com.mongodb.MongoSocketOpenException;
-import com.mongodb.MongoSocketReadException;
-import com.mongodb.MongoSocketReadTimeoutException;
-import com.mongodb.MongoSocketWriteException;
 import com.mongodb.ServerAddress;
 import com.mongodb.async.SingleResultCallback;
 import com.mongodb.connection.AsyncCompletionHandler;
@@ -36,19 +32,18 @@
 
 import javax.net.ssl.SSLContext;
 import java.nio.channels.CompletionHandler;
-import java.nio.channels.InterruptedByTimeoutException;
 import java.util.Collections;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
 
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 
 class KeyManagementService {
-    private final int port;
+    private final int defaultPort;
     private final StreamFactory streamFactory;
 
-    KeyManagementService(final SSLContext sslContext, final int port, final int timeoutMillis) {
-        this.port = port;
+    KeyManagementService(final SSLContext sslContext, final int defaultPort, final int timeoutMillis) {
+        this.defaultPort = defaultPort;
         this.streamFactory = new TlsChannelStreamFactoryFactory().create(SocketSettings.builder()
                         .connectTimeout(timeoutMillis, TimeUnit.MILLISECONDS)
                         .readTimeout(timeoutMillis, TimeUnit.MILLISECONDS)
@@ -61,7 +56,10 @@ void decryptKey(final MongoKeyDecryptor keyDecryptor, final SingleResultCallback
     }
 
     private void streamOpen(final MongoKeyDecryptor keyDecryptor, final SingleResultCallback<Void> callback) {
-        final Stream stream = streamFactory.create(new ServerAddress(keyDecryptor.getHostName(), port));
+        ServerAddress serverAddress = keyDecryptor.getHostName().contains(":")
+                ? new ServerAddress(keyDecryptor.getHostName())
+                : new ServerAddress(keyDecryptor.getHostName(), defaultPort);
+        final Stream stream = streamFactory.create(serverAddress);
         stream.openAsync(new AsyncCompletionHandler<Void>() {
             @Override
             public void completed(final Void aVoid) {
@@ -71,8 +69,7 @@ public void completed(final Void aVoid) {
             @Override
             public void failed(final Throwable t) {
                 stream.close();
-                callback.onResult(null, new MongoSocketOpenException("Exception opening connection to Key Management Service",
-                        getServerAddress(keyDecryptor), t));
+                callback.onResult(null, wrapException(t));
             }
         });
     }
@@ -88,8 +85,7 @@ public void completed(final Void aVoid) {
             @Override
             public void failed(final Throwable t) {
                 stream.close();
-                callback.onResult(null, new MongoSocketWriteException("Exception sending message to Key Management Service",
-                        getServerAddress(keyDecryptor), t));
+                callback.onResult(null, wrapException(t));
             }
         });
     }
@@ -105,24 +101,20 @@ private void streamRead(final Stream stream, final MongoKeyDecryptor keyDecrypto
                         @Override
                         public void completed(final Integer integer, final Void aVoid) {
                             buffer.flip();
-                            keyDecryptor.feed(buffer.asNIO());
-                            buffer.release();
-                            streamRead(stream, keyDecryptor, callback);
+                            try {
+                                keyDecryptor.feed(buffer.asNIO());
+                                buffer.release();
+                                streamRead(stream, keyDecryptor, callback);
+                            } catch (Throwable t) {
+                                callback.onResult(null, t);
+                            }
                         }
 
                         @Override
                         public void failed(final Throwable t, final Void aVoid) {
                             buffer.release();
                             stream.close();
-                            MongoSocketException exception;
-                            if (t instanceof InterruptedByTimeoutException) {
-                                exception = new MongoSocketReadTimeoutException("Timeout while receiving message from Key Management "
-                                        + "Service", getServerAddress(keyDecryptor), t);
-                            } else {
-                                exception = new MongoSocketReadException("Exception receiving message from Key Management Service",
-                                                getServerAddress(keyDecryptor), t);
-                            }
-                            callback.onResult(null, exception);
+                            callback.onResult(null, wrapException(t));
                         }
                     });
         } else {
@@ -131,7 +123,7 @@ public void failed(final Throwable t, final Void aVoid) {
         }
     }
 
-    private ServerAddress getServerAddress(final MongoKeyDecryptor keyDecryptor) {
-        return new ServerAddress(keyDecryptor.getHostName(), port);
+    private Throwable wrapException(final Throwable t) {
+        return t instanceof MongoSocketException ? t.getCause() : t;
     }
 }

driver-async/src/test/functional/com/mongodb/async/client/ClientEncryptionCustomEndpointTest.java

@@ -0,0 +1,170 @@
+/*
+ * Copyright 2008-present MongoDB, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.mongodb.async.client;
+
+import com.mongodb.ClientEncryptionSettings;
+import com.mongodb.MongoClientException;
+import com.mongodb.async.FutureResultCallback;
+import com.mongodb.async.client.vault.ClientEncryption;
+import com.mongodb.async.client.vault.ClientEncryptions;
+import com.mongodb.client.model.vault.DataKeyOptions;
+import com.mongodb.client.model.vault.EncryptOptions;
+import com.mongodb.crypt.capi.MongoCryptException;
+import com.mongodb.lang.Nullable;
+import org.bson.BsonBinary;
+import org.bson.BsonDocument;
+import org.bson.BsonString;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import java.net.ConnectException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+import static com.mongodb.ClusterFixture.TIMEOUT;
+import static com.mongodb.ClusterFixture.isNotAtLeastJava8;
+import static com.mongodb.ClusterFixture.serverVersionAtLeast;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeFalse;
+import static org.junit.Assume.assumeTrue;
+
+@RunWith(Parameterized.class)
+public class ClientEncryptionCustomEndpointTest {
+
+    private ClientEncryption clientEncryption;
+    private BsonDocument masterKey;
+    private final Class<? extends RuntimeException> exceptionClass;
+    private final Class<? extends RuntimeException> wrappedExceptionClass;
+    private final String messageContainedInException;
+
+    public ClientEncryptionCustomEndpointTest(@SuppressWarnings("unused") final String name,
+                                              final BsonDocument masterKey,
+                                              @Nullable final Class<? extends RuntimeException> exceptionClass,
+                                              @Nullable final Class<? extends RuntimeException> wrappedExceptionClass,
+                                              @Nullable final String messageContainedInException) {
+        this.masterKey = masterKey;
+        this.exceptionClass = exceptionClass;
+        this.wrappedExceptionClass = wrappedExceptionClass;
+        this.messageContainedInException = messageContainedInException;
+    }
+
+    @Before
+    public void setUp() {
+        assumeFalse(isNotAtLeastJava8());
+        assumeTrue(serverVersionAtLeast(4, 1));
+        assumeTrue("Encryption test with external keyVault is disabled",
+                System.getProperty("org.mongodb.test.awsAccessKeyId") != null
+                        && !System.getProperty("org.mongodb.test.awsAccessKeyId").isEmpty());
+
+        Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>();
+        Map<String, Object> awsCreds = new HashMap<String, Object>();
+        awsCreds.put("accessKeyId", System.getProperty("org.mongodb.test.awsAccessKeyId"));
+        awsCreds.put("secretAccessKey", System.getProperty("org.mongodb.test.awsSecretAccessKey"));
+        kmsProviders.put("aws", awsCreds);
+
+        ClientEncryptionSettings.Builder clientEncryptionSettingsBuilder = ClientEncryptionSettings.builder().
+                keyVaultMongoClientSettings(Fixture.getMongoClientSettings())
+                .kmsProviders(kmsProviders)
+                .keyVaultNamespace("admin.datakeys");
+
+        ClientEncryptionSettings clientEncryptionSettings = clientEncryptionSettingsBuilder.build();
+        clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
+    }
+
+    @After
+    public void after() {
+        if (clientEncryption != null) {
+            try {
+                clientEncryption.close();
+            } catch (Exception e) {
+                // ignore
+            }
+        }
+    }
+
+    @Test
+    public void testEndpoint() throws Exception {
+        try {
+            FutureResultCallback<BsonBinary> dataKeyCreationCallback = new FutureResultCallback<BsonBinary>();
+            clientEncryption.createDataKey("aws", new DataKeyOptions()
+                    .masterKey(masterKey), dataKeyCreationCallback);
+
+            BsonBinary dataKeyId = dataKeyCreationCallback.get(TIMEOUT, TimeUnit.SECONDS);
+
+            assertNull("Expected exception, but encryption succeeded", exceptionClass);
+
+            FutureResultCallback<BsonBinary> encryptCallback = new FutureResultCallback<BsonBinary>();
+            clientEncryption.encrypt(new BsonString("test"), new EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic")
+                    .keyId(dataKeyId), encryptCallback);
+            encryptCallback.get();
+        } catch (Exception e) {
+            if (exceptionClass == null) {
+                throw e;
+            }
+            try {
+                assertEquals(exceptionClass, e.getClass());
+                assertEquals(wrappedExceptionClass, e.getCause().getClass());
+            } catch (AssertionError ae) {
+                throw e;
+            }
+            if (messageContainedInException != null) {
+                assertTrue(e.getCause().getMessage().contains(messageContainedInException));
+            }
+        }
+    }
+
+    @Parameterized.Parameters(name = "{0}")
+    public static Collection<Object[]> data() {
+        List<Object[]> data = new ArrayList<Object[]>();
+
+        data.add(new Object[]{"default endpoint",
+                getDefaultMasterKey(),
+                null, null, null});
+        data.add(new Object[]{"valid endpoint",
+                getDefaultMasterKey().append("endpoint", new BsonString("kms.us-east-1.amazonaws.com")),
+                null, null, null});
+        data.add(new Object[]{"valid endpoint port",
+                getDefaultMasterKey().append("endpoint", new BsonString("kms.us-east-1.amazonaws.com:443")),
+                null, null, null});
+        data.add(new Object[]{"invalid endpoint port",
+                getDefaultMasterKey().append("endpoint", new BsonString("kms.us-east-1.amazonaws.com:12345")),
+                MongoClientException.class, ConnectException.class, "Connection refused"});
+        data.add(new Object[]{"invalid amazon region in endpoint",
+                getDefaultMasterKey().append("endpoint", new BsonString("kms.us-east-2.amazonaws.com")),
+                MongoClientException.class, MongoCryptException.class, "us-east-1"});
+        data.add(new Object[]{"invalid endpoint host",
+                getDefaultMasterKey().append("endpoint", new BsonString("example.com")),
+                MongoClientException.class, MongoCryptException.class, "parse error"});
+
+        return data;
+    }
+
+    private static BsonDocument getDefaultMasterKey() {
+        return new BsonDocument()
+                .append("region", new BsonString("us-east-1"))
+                .append("key", new BsonString("arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0"));
+    }
+}

driver-sync/src/main/com/mongodb/client/internal/Crypt.java

@@ -19,8 +19,6 @@
 import com.mongodb.MongoClientException;
 import com.mongodb.MongoException;
 import com.mongodb.MongoInternalException;
-import com.mongodb.MongoSocketReadException;
-import com.mongodb.ServerAddress;
 import com.mongodb.client.model.vault.DataKeyOptions;
 import com.mongodb.client.model.vault.EncryptOptions;
 import com.mongodb.crypt.capi.MongoCrypt;
@@ -269,7 +267,7 @@ private void mark(final MongoCryptContext cryptContext, final String databaseNam
             cryptContext.addMongoOperationResult(markedCommand);
             cryptContext.completeMongoOperation();
         } catch (Throwable t) {
-            throw MongoException.fromThrowableNonNull(t);
+            throw wrapInClientException(t);
         }
     }
 
@@ -293,11 +291,11 @@ private void decryptKeys(final MongoCryptContext cryptContext) {
             }
             cryptContext.completeKeyDecryptors();
         } catch (Throwable t) {
-            throw MongoException.fromThrowableNonNull(t);
+            throw wrapInClientException(t);
         }
     }
 
-    private void decryptKey(final MongoKeyDecryptor keyDecryptor) {
+    private void decryptKey(final MongoKeyDecryptor keyDecryptor) throws IOException {
         InputStream inputStream = keyManagementService.stream(keyDecryptor.getHostName(), keyDecryptor.getMessage());
         try {
             int bytesNeeded = keyDecryptor.bytesNeeded();
@@ -308,10 +306,6 @@ private void decryptKey(final MongoKeyDecryptor keyDecryptor) {
                 keyDecryptor.feed(ByteBuffer.wrap(bytes, 0, bytesRead));
                 bytesNeeded = keyDecryptor.bytesNeeded();
             }
-        } catch (IOException e) {
-            throw new MongoSocketReadException("Exception receiving message from key management service",
-                    new ServerAddress(keyDecryptor.getHostName(), keyManagementService.getPort()), e);
-            // type
         } finally {
             try {
                 inputStream.close();
@@ -321,7 +315,7 @@ private void decryptKey(final MongoKeyDecryptor keyDecryptor) {
         }
     }
 
-    private MongoClientException wrapInClientException(final MongoCryptException e) {
-        return new MongoClientException("Exception in encryption library: " + e.getMessage(), e);
+    private MongoClientException wrapInClientException(final Throwable t) {
+        return new MongoClientException("Exception in encryption library: " + t.getMessage(), t);
     }
 }