Validate RewrapManyDataKeyOptions (#1000)

rozza · web-flow · commit c963c714213d · 2022-09-23T09:18:35.000+01:00
Ensure that the provider exists if a master key has been provided. JAVA-4717
diff --git a/driver-core/src/main/com/mongodb/client/model/vault/RewrapManyDataKeyOptions.java b/driver-core/src/main/com/mongodb/client/model/vault/RewrapManyDataKeyOptions.java
@@ -16,6 +16,7 @@
 
 package com.mongodb.client.model.vault;
 
+import com.mongodb.lang.Nullable;
 import org.bson.BsonDocument;
 
 /**
@@ -48,6 +49,7 @@ public RewrapManyDataKeyOptions provider(final String provider) {
     /**
       * @return the provider name
      */
+    @Nullable
     public String getProvider() {
         return provider;
     }
@@ -110,6 +112,7 @@ public RewrapManyDataKeyOptions masterKey(final BsonDocument masterKey) {
      * </p>
      * @return the master key document
      */
+    @Nullable
     public BsonDocument getMasterKey() {
         return masterKey;
     }
diff --git a/driver-core/src/main/com/mongodb/internal/capi/MongoCryptHelper.java b/driver-core/src/main/com/mongodb/internal/capi/MongoCryptHelper.java
@@ -23,6 +23,7 @@
 import com.mongodb.MongoClientException;
 import com.mongodb.MongoClientSettings;
 import com.mongodb.MongoConfigurationException;
+import com.mongodb.client.model.vault.RewrapManyDataKeyOptions;
 import com.mongodb.crypt.capi.MongoCryptOptions;
 import com.mongodb.internal.authentication.AwsCredentialHelper;
 import com.mongodb.lang.Nullable;
@@ -60,6 +61,12 @@ public static MongoCryptOptions createMongoCryptOptions(final AutoEncryptionSett
                 settings.getEncryptedFieldsMap());
     }
 
+    public static void validateRewrapManyDataKeyOptions(final RewrapManyDataKeyOptions options) {
+        if (options.getMasterKey() != null && options.getProvider() == null) {
+            throw new MongoClientException("Missing the provider but supplied a master key in the RewrapManyDataKeyOptions");
+        }
+    }
+
     private static MongoCryptOptions createMongoCryptOptions(
             final Map<String, Map<String, Object>> kmsProviders,
             final boolean bypassQueryAnalysis,
diff --git a/driver-core/src/test/functional/com/mongodb/internal/capi/MongoCryptHelperTest.java b/driver-core/src/test/functional/com/mongodb/internal/capi/MongoCryptHelperTest.java
@@ -18,17 +18,22 @@
 
 import com.mongodb.AutoEncryptionSettings;
 import com.mongodb.ClientEncryptionSettings;
+import com.mongodb.MongoClientException;
+import com.mongodb.client.model.vault.RewrapManyDataKeyOptions;
 import com.mongodb.crypt.capi.MongoCryptOptions;
 import org.bson.BsonDocument;
 import org.junit.jupiter.api.Test;
 
 import java.util.HashMap;
 import java.util.Map;
 
+import static com.mongodb.internal.capi.MongoCryptHelper.validateRewrapManyDataKeyOptions;
 import static java.util.Collections.emptyList;
 import static java.util.Collections.emptyMap;
 import static java.util.Collections.singletonList;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 public class MongoCryptHelperTest {
 
@@ -89,6 +94,16 @@ public void createsExpectedMongoCryptOptionsUsingAutoEncryptionSettings() {
         assertMongoCryptOptions(mongoCryptOptionsBuilder.searchPaths(emptyList()).build(), mongoCryptOptions);
     }
 
+    @Test
+    public void validateRewrapManyDataKeyOptionsTest() {
+        // Happy path
+        assertDoesNotThrow(() -> validateRewrapManyDataKeyOptions(new RewrapManyDataKeyOptions()));
+        assertDoesNotThrow(() -> validateRewrapManyDataKeyOptions(new RewrapManyDataKeyOptions().provider("AWS")));
+
+        // Failure
+        assertThrows(MongoClientException.class, () -> validateRewrapManyDataKeyOptions(new RewrapManyDataKeyOptions().masterKey(new BsonDocument())));
+    }
+
     void assertMongoCryptOptions(final MongoCryptOptions expected, final MongoCryptOptions actual) {
         assertEquals(expected.getAwsKmsProviderOptions(), actual.getAwsKmsProviderOptions(), "AwsKmsProviderOptions not equal");
         assertEquals(expected.getEncryptedFieldsMap(), actual.getEncryptedFieldsMap(), "EncryptedFieldsMap not equal");
diff --git a/driver-reactive-streams/src/main/com/mongodb/reactivestreams/client/internal/vault/ClientEncryptionImpl.java b/driver-reactive-streams/src/main/com/mongodb/reactivestreams/client/internal/vault/ClientEncryptionImpl.java
@@ -47,6 +47,7 @@
 import java.util.List;
 import java.util.stream.Collectors;
 
+import static com.mongodb.internal.capi.MongoCryptHelper.validateRewrapManyDataKeyOptions;
 import static java.util.Arrays.asList;
 import static java.util.Collections.singletonList;
 
@@ -155,22 +156,23 @@ public Publisher<RewrapManyDataKeyResult> rewrapManyDataKey(final Bson filter) {
 
     @Override
     public Publisher<RewrapManyDataKeyResult> rewrapManyDataKey(final Bson filter, final RewrapManyDataKeyOptions options) {
-        return crypt.rewrapManyDataKey(filter.toBsonDocument(BsonDocument.class, collection.getCodecRegistry()), options)
-                .flatMap(results -> {
-                    if (results.isEmpty()) {
-                        return Mono.fromCallable(RewrapManyDataKeyResult::new);
-                    }
-                    List<UpdateOneModel<BsonDocument>> updateModels = results.getArray("v", new BsonArray()).stream().map(v -> {
-                        BsonDocument updateDocument = v.asDocument();
-                        return new UpdateOneModel<BsonDocument>(Filters.eq(updateDocument.get("_id")),
-                                Updates.combine(
-                                        Updates.set("masterKey", updateDocument.get("masterKey")),
-                                        Updates.set("keyMaterial", updateDocument.get("keyMaterial")),
-                                        Updates.currentDate("updateDate"))
-                        );
-                    }).collect(Collectors.toList());
-                    return Mono.from(collection.bulkWrite(updateModels)).map(RewrapManyDataKeyResult::new);
-                });
+        return Mono.fromRunnable(() -> validateRewrapManyDataKeyOptions(options)).then(
+                crypt.rewrapManyDataKey(filter.toBsonDocument(BsonDocument.class, collection.getCodecRegistry()), options)
+                        .flatMap(results -> {
+                            if (results.isEmpty()) {
+                                return Mono.fromCallable(RewrapManyDataKeyResult::new);
+                            }
+                            List<UpdateOneModel<BsonDocument>> updateModels = results.getArray("v", new BsonArray()).stream().map(v -> {
+                                BsonDocument updateDocument = v.asDocument();
+                                return new UpdateOneModel<BsonDocument>(Filters.eq(updateDocument.get("_id")),
+                                        Updates.combine(
+                                                Updates.set("masterKey", updateDocument.get("masterKey")),
+                                                Updates.set("keyMaterial", updateDocument.get("keyMaterial")),
+                                                Updates.currentDate("updateDate"))
+                                );
+                            }).collect(Collectors.toList());
+                            return Mono.from(collection.bulkWrite(updateModels)).map(RewrapManyDataKeyResult::new);
+                        }));
     }
 
     @Override
diff --git a/driver-sync/src/main/com/mongodb/client/internal/ClientEncryptionImpl.java b/driver-sync/src/main/com/mongodb/client/internal/ClientEncryptionImpl.java
@@ -44,6 +44,7 @@
 import java.util.List;
 import java.util.stream.Collectors;
 
+import static com.mongodb.internal.capi.MongoCryptHelper.validateRewrapManyDataKeyOptions;
 import static java.util.Arrays.asList;
 import static java.util.Collections.singletonList;
 
@@ -146,6 +147,7 @@ public RewrapManyDataKeyResult rewrapManyDataKey(final Bson filter) {
 
     @Override
     public RewrapManyDataKeyResult rewrapManyDataKey(final Bson filter, final RewrapManyDataKeyOptions options) {
+        validateRewrapManyDataKeyOptions(options);
         BsonDocument results = crypt.rewrapManyDataKey(filter.toBsonDocument(BsonDocument.class, collection.getCodecRegistry()), options);
         if (results.isEmpty()) {
             return new RewrapManyDataKeyResult();
