Added support for the Key Management API

JAVA-4433

build.gradle

@@ -48,7 +48,7 @@ ext {
     nettyTcnativeBoringsslVersion = '2.0.48.Final'
     snappyVersion = '1.1.8.4'
     zstdVersion = '1.5.0-4'
-    mongoCryptVersion = '1.5.0-rc2'
+    mongoCryptVersion = '1.5.1.1'
     projectReactorVersion = 'Californium-SR23'
     junitBomVersion = '5.8.1'
     gitVersion = getGitVersion()

driver-core/src/main/com/mongodb/client/model/vault/DataKeyOptions.java

@@ -16,8 +16,10 @@
 
 package com.mongodb.client.model.vault;
 
+import com.mongodb.lang.Nullable;
 import org.bson.BsonDocument;
 
+import java.util.Arrays;
 import java.util.List;
 
 /**
@@ -28,6 +30,7 @@
 public class DataKeyOptions {
     private List<String> keyAltNames;
     private BsonDocument masterKey;
+    private byte[] keyMaterial;
 
     /**
      * Set the alternate key names.
@@ -53,6 +56,23 @@ public DataKeyOptions masterKey(final BsonDocument masterKey) {
         return this;
     }
 
+    /**
+     * Sets the key material
+     *
+     * <p>An optional BinData of 96 bytes to use as custom key material for the data key being created.
+     * If set the custom key material is used for encrypting and decrypting data. Otherwise, the key material for the new data key is
+     * generated from a cryptographically secure random device.</p>
+     *
+     * @param keyMaterial the optional custom key material for the data key
+     * @return this
+     * @since 4.7
+     * @see #getKeyMaterial()
+     */
+    public DataKeyOptions keyMaterial(final byte[] keyMaterial) {
+        this.keyMaterial = keyMaterial;
+        return this;
+    }
+
     /**
      * Gets the alternate key names.
      *
@@ -63,6 +83,7 @@ public DataKeyOptions masterKey(final BsonDocument masterKey) {
      *
      * @return the list of alternate key names
      */
+    @Nullable
     public List<String> getKeyAltNames() {
         return keyAltNames;
     }
@@ -113,15 +134,32 @@ public List<String> getKeyAltNames() {
      * </p>
      * @return the master key document
      */
+    @Nullable
     public BsonDocument getMasterKey() {
         return masterKey;
     }
 
+    /**
+     * Gets the custom key material if set.
+     *
+     * <p>The optional BinData of 96 bytes to use as custom key material for the data key being created.
+     * If set the custom key material is used for encrypting and decrypting data. Otherwise, the key material for the new data key is
+     * generated from a cryptographically secure random device.</p>
+
+     * @return the custom key material for the data key or null
+     * @since 4.7
+     */
+    @Nullable
+    public byte[] getKeyMaterial() {
+        return keyMaterial;
+    }
+
     @Override
     public String toString() {
         return "DataKeyOptions{"
                 + "keyAltNames=" + keyAltNames
                 + ", masterKey=" + masterKey
+                + ", keyMaterial=" + Arrays.toString(keyMaterial)
                 + '}';
     }
 }

driver-core/src/main/com/mongodb/client/model/vault/RewrapManyDataKeyOptions.java

@@ -0,0 +1,117 @@
+/*
+ * Copyright 2008-present MongoDB, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.mongodb.client.model.vault;
+
+import org.bson.BsonDocument;
+
+/**
+ * The rewrap many data key options
+ *
+ * <p>
+ *     The {@link #getMasterKey()} document MUST have the fields corresponding to the given provider as specified in masterKey.
+ * </p>
+ *
+ * @since 4.7
+ */
+public final class RewrapManyDataKeyOptions {
+
+    private String provider;
+    private BsonDocument masterKey;
+
+
+    /**
+     * Sets the provider name
+     *
+     * @param provider the provider name
+     * @return this
+     * @see #getProvider()
+     */
+    public RewrapManyDataKeyOptions provider(final String provider) {
+        this.provider = provider;
+        return this;
+    }
+
+    /**
+      * @return the provider name
+     */
+    public String getProvider() {
+        return provider;
+    }
+
+    /**
+     * Sets the optional master key document.
+     *
+     * @param masterKey the master key document
+     * @return this
+     * @see #getMasterKey()
+     */
+    public RewrapManyDataKeyOptions masterKey(final BsonDocument masterKey) {
+        this.masterKey = masterKey;
+        return this;
+    }
+
+    /**
+     * Gets the master key document
+     *
+     * <p>
+     * The masterKey identifies a KMS-specific key used to encrypt the new data key.
+     * </p>
+     * <p>
+     *     If the kmsProvider is "aws" the master key is required and must contain the following fields:
+     * </p>
+     * <ul>
+     *   <li>region: a String containing the AWS region in which to locate the master key</li>
+     *   <li>key: a String containing the Amazon Resource Name (ARN) to the AWS customer master key</li>
+     * </ul>
+     * <p>
+     *     If the kmsProvider is "azure" the master key is required and must contain the following fields:
+     * </p>
+     * <ul>
+     *   <li>keyVaultEndpoint: a String with the host name and an optional port. Example: "example.vault.azure.net".</li>
+     *   <li>keyName: a String</li>
+     *   <li>keyVersion: an optional String, the specific version of the named key, defaults to using the key's primary version.</li>
+     * </ul>
+     * <p>
+     *     If the kmsProvider is "gcp" the master key is required and must contain the following fields:
+     * </p>
+     * <ul>
+     *   <li>projectId: a String</li>
+     *   <li>location: String</li>
+     *   <li>keyRing: String</li>
+     *   <li>keyName: String</li>
+     *   <li>keyVersion: an optional String, the specific version of the named key, defaults to using the key's primary version.</li>
+     *   <li>endpoint: an optional String, with the host with optional port. Defaults to "cloudkms.googleapis.com".</li>
+     * </ul>
+     * <p>
+     *     If the kmsProvider is "kmip" the master key is required and must contain the following fields:
+     * </p>
+     * <ul>
+     *   <li>keyId: optional String, keyId is the KMIP Unique Identifier to a 96 byte KMIP Secret Data managed object. If keyId is
+     *   omitted, the driver creates a random 96 byte KMIP Secret Data managed object.</li>
+     *   <li>endpoint: a String, the endpoint as a host with required port. e.g. "example.com:443". If endpoint is not provided, it
+     *   defaults to the required endpoint from the KMS providers map.</li>
+     * </ul>
+     * <p>
+     * If the kmsProvider is "local" the masterKey is not applicable.
+     * </p>
+     * @return the master key document
+     */
+    public BsonDocument getMasterKey() {
+        return masterKey;
+    }
+
+}

driver-core/src/main/com/mongodb/client/model/vault/RewrapManyDataKeyResult.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2008-present MongoDB, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.mongodb.client.model.vault;
+
+import com.mongodb.bulk.BulkWriteResult;
+import com.mongodb.lang.Nullable;
+
+/**
+ * The result of the rewrapping of data keys
+ *
+ * @since 4.7
+ */
+public final class RewrapManyDataKeyResult {
+    private final BulkWriteResult bulkWriteResult;
+
+    /**
+     * Construct a new instance with no bulk write result
+     */
+    public RewrapManyDataKeyResult() {
+        this.bulkWriteResult = null;
+    }
+
+    /**
+     * Construct a new instance
+     * @param bulkWriteResult the bulk write result of the rewrapping data keys
+     */
+    public RewrapManyDataKeyResult(final BulkWriteResult bulkWriteResult) {
+        this.bulkWriteResult = bulkWriteResult;
+    }
+
+    /**
+     * @return the bulk write result of the rewrapping data keys or null if there was no bulk operation
+     */
+    @Nullable
+    public BulkWriteResult getBulkWriteResult() {
+        return bulkWriteResult;
+    }
+}

driver-core/src/test/functional/com/mongodb/internal/connection/TestCommandListener.java

@@ -133,6 +133,16 @@ public CommandSucceededEvent getCommandSucceededEvent(final String commandName)
         throw new IllegalArgumentException(commandName + " not found in command succeeded event list");
     }
 
+    public CommandFailedEvent getCommandFailedEvent(final String commandName) {
+        return getEvents()
+                .stream()
+                .filter(e -> e instanceof CommandFailedEvent)
+                .filter(e -> e.getCommandName().equals(commandName))
+                .map(e -> (CommandFailedEvent) e)
+                .findFirst()
+                .orElseThrow(() -> new IllegalArgumentException(commandName + " not found in command failed event list"));
+    }
+
     public List<CommandEvent> getCommandStartedEvents() {
         return getCommandStartedEvents(Integer.MAX_VALUE);
     }