Add kmip tests, use mongoCrypt snapshot (mongodb#1406)

JAVA-5300

Author: katcharov

build.gradle

@@ -55,7 +55,7 @@ ext {
  zstdVersion = '1.5.5-3'
  awsSdkV2Version = '2.18.9'
  awsSdkV1Version = '1.12.337'
- mongoCryptVersion = '1.8.0'
+ mongoCryptVersion = '1.10.0-SNAPSHOT'
  projectReactorVersion = '2022.0.0'
  junitBomVersion = '5.8.2'
  logbackVersion = '1.3.14'

driver-core/src/main/com/mongodb/client/model/vault/DataKeyOptions.java

@@ -128,6 +128,9 @@ public List<String> getKeyAltNames() {
  * omitted, the driver creates a random 96 byte KMIP Secret Data managed object.</li>
  * <li>endpoint: a String, the endpoint as a host with required port. e.g. "example.com:443". If endpoint is not provided, it
  * defaults to the required endpoint from the KMS providers map.</li>
+ * <li>delegated: If true (recommended), the KMIP server will perform
+ * encryption and decryption. If delegated is not provided, defaults
+ * to false.</li>
  * </ul>
  * <p>
  * If the kmsProvider is "local" the masterKey is not applicable.

driver-core/src/test/resources/client-side-encryption/legacy/azureKMS.json

@@ -78,6 +78,17 @@
  "bsonType": "string",
  "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
  }
+ },
+ "encrypted_string_kmip_delegated": {
+ "encrypt": {
+ "keyId": [
+ {
+ "$uuid": "7411e9af-c688-4df7-8143-5e60ae96cba6"
+ }
+ ],
+ "bsonType": "string",
+ "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
+ }
  }
  },
  "bsonType": "object"

driver-core/src/test/resources/client-side-encryption/legacy/gcpKMS.json

@@ -78,6 +78,17 @@
  "bsonType": "string",
  "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
  }
+ },
+ "encrypted_string_kmip_delegated": {
+ "encrypt": {
+ "keyId": [
+ {
+ "$uuid": "7411e9af-c688-4df7-8143-5e60ae96cba6"
+ }
+ ],
+ "bsonType": "string",
+ "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
+ }
  }
  },
  "bsonType": "object"

driver-core/src/test/resources/client-side-encryption/legacy/kmipKMS.json

@@ -78,6 +78,17 @@
  "bsonType": "string",
  "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
  }
+ },
+ "encrypted_string_kmip_delegated": {
+ "encrypt": {
+ "keyId": [
+ {
+ "$uuid": "7411e9af-c688-4df7-8143-5e60ae96cba6"
+ }
+ ],
+ "bsonType": "string",
+ "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
+ }
  }
  },
  "bsonType": "object"
@@ -117,6 +128,38 @@
  "altname",
  "kmip_altname"
  ]
+ },
+ {
+ "_id": {
+ "$uuid": "7411e9af-c688-4df7-8143-5e60ae96cba6"
+ },
+ "keyMaterial": {
+ "$binary": {
+ "base64": "5TLMFWlguBWe5GUESTvOVtkdBsCrynhnV72XRyZ66/nk+EP9/1oEp1t1sg0+vwCTqULHjBiUE6DRx2mYD/Eup1+u2Jgz9/+1sV1drXeOPALNPkSgiZiDbIb67zRi+wTABEcKcegJH+FhmSGxwUoQAiHCsCbcvia5P8tN1lt98YQ=",
+ "subType": "00"
+ }
+ },
+ "creationDate": {
+ "$date": {
+ "$numberLong": "1634220190041"
+ }
+ },
+ "updateDate": {
+ "$date": {
+ "$numberLong": "1634220190041"
+ }
+ },
+ "status": {
+ "$numberInt": "0"
+ },
+ "masterKey": {
+ "provider": "kmip",
+ "delegated": true,
+ "keyId": "11"
+ },
+ "keyAltNames": [
+ "delegated"
+ ]
  }
  ],
  "tests": [
@@ -218,6 +261,102 @@
  ]
  }
  }
+ },
+ {
+ "description": "Insert a document with auto encryption using KMIP delegated KMS provider",
+ "clientOptions": {
+ "autoEncryptOpts": {
+ "kmsProviders": {
+ "kmip": {}
+ }
+ }
+ },
+ "operations": [
+ {
+ "name": "insertOne",
+ "arguments": {
+ "document": {
+ "_id": 1,
+ "encrypted_string_kmip_delegated": "string0"
+ }
+ }
+ }
+ ],
+ "expectations": [
+ {
+ "command_started_event": {
+ "command": {
+ "listCollections": 1,
+ "filter": {
+ "name": "default"
+ }
+ },
+ "command_name": "listCollections"
+ }
+ },
+ {
+ "command_started_event": {
+ "command": {
+ "find": "datakeys",
+ "filter": {
+ "$or": [
+ {
+ "_id": {
+ "$in": [
+ {
+ "$uuid": "7411e9af-c688-4df7-8143-5e60ae96cba6"
+ }
+ ]
+ }
+ },
+ {
+ "keyAltNames": {
+ "$in": []
+ }
+ }
+ ]
+ },
+ "$db": "keyvault"
+ },
+ "command_name": "find"
+ }
+ },
+ {
+ "command_started_event": {
+ "command": {
+ "insert": "default",
+ "documents": [
+ {
+ "_id": 1,
+ "encrypted_string_kmip_delegated": {
+ "$binary": {
+ "base64": "AXQR6a/GiE33gUNeYK6Wy6YCkB+8NVfAAjIbvLqyXIg6g1a8tXrym92DPoqmxpcdQyH0vQM3aFNMz7tZwQBimKs29ztZV/LWjM633HhO5ACl9A==",
+ "subType": "06"
+ }
+ }
+ }
+ ],
+ "ordered": true
+ },
+ "command_name": "insert"
+ }
+ }
+ ],
+ "outcome": {
+ "collection": {
+ "data": [
+ {
+ "_id": 1,
+ "encrypted_string_kmip_delegated": {
+ "$binary": {
+ "base64": "AXQR6a/GiE33gUNeYK6Wy6YCkB+8NVfAAjIbvLqyXIg6g1a8tXrym92DPoqmxpcdQyH0vQM3aFNMz7tZwQBimKs29ztZV/LWjM633HhO5ACl9A==",
+ "subType": "06"
+ }
+ }
+ }
+ ]
+ }
+ }
  }
  ]
 }

driver-core/src/test/resources/unified-test-format/client-side-encryption/createDataKey.json

@@ -337,6 +337,70 @@
  }
  ]
  },
+ {
+ "description": "create datakey with KMIP delegated KMS provider",
+ "operations": [
+ {
+ "name": "createDataKey",
+ "object": "clientEncryption0",
+ "arguments": {
+ "kmsProvider": "kmip",
+ "opts": {
+ "masterKey": {
+ "delegated": true
+ }
+ }
+ },
+ "expectResult": {
+ "$$type": "binData"
+ }
+ }
+ ],
+ "expectEvents": [
+ {
+ "client": "client0",
+ "events": [
+ {
+ "commandStartedEvent": {
+ "databaseName": "keyvault",
+ "command": {
+ "insert": "datakeys",
+ "documents": [
+ {
+ "_id": {
+ "$$type": "binData"
+ },
+ "keyMaterial": {
+ "$$type": "binData"
+ },
+ "creationDate": {
+ "$$type": "date"
+ },
+ "updateDate": {
+ "$$type": "date"
+ },
+ "status": {
+ "$$exists": true
+ },
+ "masterKey": {
+ "provider": "kmip",
+ "keyId": {
+ "$$type": "string"
+ },
+ "delegated": true
+ }
+ }
+ ],
+ "writeConcern": {
+ "w": "majority"
+ }
+ }
+ }
+ }
+ ]
+ }
+ ]
+ },
  {
  "description": "create datakey with local KMS provider",
  "operations": [