New bindings to support KMIP (#210)

JAVA-4374
mongodb · Nov 3, 2021 · c4b2b1e · c4b2b1e
1 parent 6404806
commit c4b2b1e
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 0 deletions.
diff --git a/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java b/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java
@@ -711,6 +711,22 @@ public interface mongocrypt_random_fn extends Callback {
     public static native mongocrypt_kms_ctx_t
     mongocrypt_ctx_next_kms_ctx(mongocrypt_ctx_t ctx);
 
+    /**
+     * Get the KMS provider identifier associated with this KMS request.
+     *
+     * This is used to conditionally configure TLS connections based on the KMS
+     * request. It is useful for KMIP, which authenticates with a client
+     * certificate.
+     *
+     * @param kms The mongocrypt_kms_ctx_t object.
+     * @param len Receives the length of the returned string.
+     *
+     * @return The name of the KMS provider
+     */
+    public static native cstring
+    mongocrypt_kms_ctx_get_kms_provider(mongocrypt_kms_ctx_t kms,
+                                        Pointer len);
+
     /**
      * Get the HTTP request message for a KMS handle.
      *

diff --git a/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptor.java b/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptor.java
@@ -24,6 +24,13 @@
  */
 public interface MongoKeyDecryptor {
 
+    /**
+     * Gets the name of the KMS provider, e.g. "aws" or "kmip"
+     *
+     * @return the KMS provider name
+     */
+    String getKmsProvider();
+
     /**
      * Gets the host name of the key management service.
      *

diff --git a/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptorImpl.java b/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptorImpl.java
@@ -30,6 +30,7 @@
 import static com.mongodb.crypt.capi.CAPI.mongocrypt_kms_ctx_bytes_needed;
 import static com.mongodb.crypt.capi.CAPI.mongocrypt_kms_ctx_endpoint;
 import static com.mongodb.crypt.capi.CAPI.mongocrypt_kms_ctx_feed;
+import static com.mongodb.crypt.capi.CAPI.mongocrypt_kms_ctx_get_kms_provider;
 import static com.mongodb.crypt.capi.CAPI.mongocrypt_kms_ctx_message;
 import static com.mongodb.crypt.capi.CAPI.mongocrypt_kms_ctx_status;
 import static com.mongodb.crypt.capi.CAPI.mongocrypt_status;
@@ -47,6 +48,11 @@ class MongoKeyDecryptorImpl implements MongoKeyDecryptor {
         this.wrapped = wrapped;
     }
 
+    @Override
+    public String getKmsProvider() {
+        return mongocrypt_kms_ctx_get_kms_provider(wrapped, null).toString();
+    }
+
     @Override
     public String getHostName() {
         PointerByReference hostNamePointerByReference = new PointerByReference();

diff --git a/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java b/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java
@@ -217,6 +217,7 @@ private void testKeyDecryptor(final MongoCryptContext context, final boolean key
         assertEquals(State.NEED_KMS, context.getState());
 
         MongoKeyDecryptor keyDecryptor = context.nextKeyDecryptor();
+        assertEquals("aws", keyDecryptor.getKmsProvider());
         assertEquals("kms.us-east-1.amazonaws.com:443", keyDecryptor.getHostName());
 
         ByteBuffer keyDecryptorMessage = keyDecryptor.getMessage();