Added alt key name support

JAVA-3335

Author: rozza

build.gradle

@@ -42,7 +42,7 @@ ext {
     nettyVersion = '4.1.17.Final'
     snappyVersion = '1.1.4'
     zstdVersion = '1.3.8-3'
-    mongoCryptVersion = '1.0.0-beta2'
+    mongoCryptVersion = '1.0.0-beta3'
     gitVersion = getGitVersion()
 }
 

driver-core/src/main/com/mongodb/client/model/vault/EncryptOptions.java

@@ -17,7 +17,6 @@
 package com.mongodb.client.model.vault;
 
 import org.bson.BsonBinary;
-import org.bson.BsonValue;
 
 /**
  * The options for explicit encryption.
@@ -26,7 +25,7 @@
  */
 public class EncryptOptions {
     private BsonBinary keyId;
-    private BsonValue keyAltName;
+    private String keyAltName;
     private final String algorithm;
 
     /**
@@ -71,7 +70,7 @@ public BsonBinary getKeyId() {
      *
      * @return the alternate name
      */
-    public BsonValue getKeyAltName() {
+    public String getKeyAltName() {
         return keyAltName;
     }
 
@@ -94,7 +93,7 @@ public EncryptOptions keyId(final BsonBinary keyId) {
      * @return this
      * @see #getKeyAltName()
      */
-    public EncryptOptions keyAltName(final BsonValue keyAltName) {
+    public EncryptOptions keyAltName(final String keyAltName) {
         this.keyAltName = keyAltName;
         return this;
     }

driver-sync/src/main/com/mongodb/client/internal/Crypt.java

@@ -173,12 +173,19 @@ BsonBinary encryptExplicitly(final BsonValue value, final EncryptOptions options
         notNull("options", options);
 
         try {
-            MongoCryptContext encryptionContext = mongoCrypt.createExplicitEncryptionContext(
-                    new BsonDocument("v", value), MongoExplicitEncryptOptions.builder()
-                            .keyId(options.getKeyId())
-                            .algorithm(options.getAlgorithm())
-                            .build());
+            MongoExplicitEncryptOptions.Builder encryptOptionsBuilder = MongoExplicitEncryptOptions.builder()
+                    .algorithm(options.getAlgorithm());
+
+            if (options.getKeyId() != null) {
+                encryptOptionsBuilder.keyId(options.getKeyId());
+            }
 
+            if (options.getKeyAltName() != null) {
+                encryptOptionsBuilder.keyAltName(options.getKeyAltName());
+            }
+
+            MongoCryptContext encryptionContext = mongoCrypt.createExplicitEncryptionContext(
+                    new BsonDocument("v", value), encryptOptionsBuilder.build());
             try {
                 return executeStateMachine(encryptionContext, null).getBinary("v");
             } finally {

driver-sync/src/test/functional/com/mongodb/client/ClientSideEncryptionProseTestSpecification.groovy

@@ -85,7 +85,8 @@ class ClientSideEncryptionProseTestSpecification extends FunctionalSpecification
   "creationDate": { "$date": { "$numberLong": "1232739599082000" } },
   "updateDate": { "$date": { "$numberLong": "1232739599082000" } },
   "status": { "$numberInt": "0" },
-  "masterKey": { "provider": "local" }
+  "masterKey": { "provider": "local" },
+  "keyAltNames": [ "altname1", "altname2" ]
 }
 ''')
 
@@ -213,18 +214,26 @@ class ClientSideEncryptionProseTestSpecification extends FunctionalSpecification
         def value = new BsonString('hello')
 
         when:
-        def encryptedValue = keyVault.encrypt(value, new EncryptOptions('AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic')
-                .keyId(localDataKeyDocument.getBinary('_id')))
+        def options = new EncryptOptions('AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic')
+        if (useKeyId) {
+            options.keyId(localDataKeyDocument.getBinary('_id'))
+        } else {
+            options.keyAltName('altname1')
+        }
+
+        def encryptedValue = keyVault.encrypt(value, options)
 
         then:
-        encryptedValue == new BsonBinary((byte) 6,
-                Base64.decoder.decode('AWFhYWFhYWFhYWFhYWFhYWEC7ubnsHvOUXvbE4406+XawIhcl+fsvNWO7moBSY7ABkPuCTzsitrqWWp1FbaaT05muIESiB8daggJPgwarTQ3cQ=='))
+        encryptedValue.type == 6 as byte
 
         when:
         def decryptedValue = keyVault.decrypt(encryptedValue)
 
         then:
         decryptedValue == value
+
+        where:
+        useKeyId << [true, false]
     }
 
     def 'should explicitly encrypt and decrypt with aws provider'() {
@@ -238,18 +247,29 @@ class ClientSideEncryptionProseTestSpecification extends FunctionalSpecification
         def value = new BsonString('hello')
 
         when:
-        def encryptedValue = keyVault.encrypt(value, new EncryptOptions('AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic')
-                .keyId(awsDataKeyDocument.getBinary('_id')))
+        def options = new EncryptOptions('AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic')
+        if (useKeyId) {
+            options.keyId(awsDataKeyDocument.getBinary('_id'))
+        } else {
+            options.keyAltName('altname1')
+        }
+
+        def encryptedValue = keyVault.encrypt(value, options)
+
+        then:
+        encryptedValue.type == 6 as byte
 
         then:
-        encryptedValue == new BsonBinary((byte) 6,
-                Base64.decoder.decode('AQAAAAAAAAAAAAAAAAAAAAACN0NwWlfe6YPGDEw+ObxEzbEtk45ewF3sIH2Oj7F0xd3GYoxCGCIp9gg0Q1uHTwdVWwG58SFhJyo4305IVoikEQ=='))
+        encryptedValue.type == 6 as byte
 
         when:
         def decryptedValue = keyVault.decrypt(encryptedValue)
 
         then:
         decryptedValue == value
+
+        where:
+        useKeyId << [true, false]
     }
 
     /*