Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trainer only #12

Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

Trainer only #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
01e89e6
Added new class for manual_encryption/answers.go
manishsahni2000 Apr 14, 2023
c53a11a
Added decryption/answers.go and improved main.go in manual_decryption
manishsahni2000 Apr 14, 2023
cdceba6
Added answers to man_enc_auto_decr in go
manishsahni2000 Apr 14, 2023
c47fb2d
Added answers & few minor changes to the main code
manishsahni2000 Apr 17, 2023
e03770b
Added more answers.go and some minor changes
manishsahni2000 Apr 17, 2023
1d67f26
Merge branch 'main' into trainer_only
manishsahni2000 Apr 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion auto_complete/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -241,8 +241,9 @@ func main() {
}
fmt.Print(result.InsertedID)

err = encryptedColl.FindOne(context.TODO(), bson.M{"salary": 999999.99}).Decode(&findResult) // As per the excercise attempt to query salary field
err = encryptedColl.FindOne(context.TODO(), bson.M{"salary": 999999.99}).Decode(&findResult) // As per the excercise attempt to query salary field
//err = encryptedColl.FindOne(context.TODO(), bson.M{"name.firstName": firstname}).Decode(&findResult) // Uncomment this to attemt to query name.firstName

if err != nil {
fmt.Printf("MongoDB find error: %s\n", err)
exitCode = 1
Expand Down
259 changes: 259 additions & 0 deletions automatic_decryption/answers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,259 @@
package main

import (
"C"
"context"
"crypto/tls"
"encoding/json"
"fmt"
"os"
"encoding/base64"
"strings"
"time"

"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/bson/primitive"
"go.mongodb.org/mongo-driver/mongo"
"go.mongodb.org/mongo-driver/mongo/options"
"github.com/goombaio/namegenerator"
)

var (
PETNAME = "valid-rabbit"
MDB_PASSWORD = "passwordone"
)

func createClient(c string) (*mongo.Client, error) {
client, err := mongo.Connect(context.TODO(), options.Client().ApplyURI(c))

if err != nil {
return nil, err
}

return client, nil
}

func createManualEncryptionClient(c *mongo.Client, kp map[string]map[string]interface{}, kns string, tlsOps map[string]*tls.Config) (*mongo.ClientEncryption, error) {
o := options.ClientEncryption().SetKeyVaultNamespace(kns).SetKmsProviders(kp).SetTLSConfig(tlsOps)
client, err := mongo.NewClientEncryption(c, o)
if err != nil {
return nil, err
}

return client, nil
}

func createAutoEncryptionClient(c string, ns string, kms map[string]map[string]interface{}, tlsOps map[string]*tls.Config, s bson.M) (*mongo.Client, error) {
autoEncryptionOpts := options.AutoEncryption().
SetKeyVaultNamespace(ns).
SetKmsProviders(kms).
SetSchemaMap(s).
SetTLSConfig(tlsOps)

client, err := mongo.Connect(context.TODO(), options.Client().ApplyURI(c).SetAutoEncryptionOptions(autoEncryptionOpts))

if err != nil {
return nil, err
}

return client, nil
}

func nameGenerator()(string, string) {
seed := time.Now().UTC().UnixNano()
nameGenerator := namegenerator.NewNameGenerator(seed)

name := nameGenerator.Generate()

firstName := strings.Split(name, "-")[0]
lastName := strings.Split(name, "-")[1]

return firstName, lastName
}

func main() {
var (
keyVaultDB = "__encryption"
keyVaultColl = "__keyVault"
keySpace = keyVaultDB + "." + keyVaultColl
connectionString = "mongodb://app_user:" + MDB_PASSWORD + "@csfle-mongodb-" + PETNAME + ".mdbtraining.net/?replicaSet=rs0&tls=true&tlsCAFile=%2Fetc%2Fpki%2Ftls%2Fcerts%2Fca.cert"
kmipEndpoint = "csfle-kmip-" + PETNAME + ".mdbtraining.net"
encryptedClient *mongo.Client
client *mongo.Client
exitCode = 0
result *mongo.InsertOneResult
dekFindResult bson.M
findResult bson.M
dek primitive.Binary
kmipTLSConfig *tls.Config
err error
)

defer func() {
os.Exit(exitCode)
}()

provider := "kmip"
kmsProvider := map[string]map[string]interface{}{
provider: {
"endpoint": kmipEndpoint,
},
}

client, err = createClient(connectionString)
if err != nil {
fmt.Printf("MDB client error: %s\n", err)
exitCode = 1
return
}

coll := client.Database("__encryption").Collection("__keyVault")

// Set the KMIP TLS options
kmsTLSOptions := make(map[string]*tls.Config)
tlsOptions := map[string]interface{}{
"tlsCAFile": "/etc/pki/tls/certs/ca.cert",
"tlsCertificateKeyFile": "/home/ec2-user/server.pem",
}
kmipTLSConfig, err = options.BuildTLSConfig(tlsOptions)
if err != nil {
fmt.Printf("Cannot create KMS TLS Config: %s\n", err)
exitCode = 1
return
}
kmsTLSOptions["kmip"] = kmipTLSConfig

firstname, lastname := nameGenerator()
payload := bson.M{
"name": bson.M{
"firstName": firstname,
"lastName": lastname,
"otherNames": nil,
},
"address": bson.M{
"streetAddress": "29 Bson Street",
"suburbCounty": "Mongoville",
"stateProvince": "Victoria",
"zipPostcode": "3999",
"country": "Oz",
},
"dob": time.Date(1999, 1, 12, 0, 0, 0, 0, time.Local),
"phoneNumber": "1800MONGO",
"salary": 999999.99,
"taxIdentifier": "78SDSSWN001",
"role": []string{"Student"},
}

// Retrieve our DEK
opts := options.FindOne().SetProjection(bson.D{{Key: "_id", Value: 1}})
err = coll.FindOne(context.TODO(), bson.D{{Key: "keyAltNames", Value: "dataKey1"}}, opts).Decode(&dekFindResult)
if err != nil || len(dekFindResult) == 0 {
fmt.Printf("DEK find error: %s\n", err)
exitCode = 1
return
}
dek = dekFindResult["_id"].(primitive.Binary)

db := "companyData"
collection := "employee"

schemaMap := `{
"bsonType": "object",
"encryptMetadata": {
"keyId": [` + base64.StdEncoding.EncodeToString(dek.Data) + `],
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random",
},
"properties": {
"name": {
"bsonType": "object",
"properties": {
"firstName": {
"encrypt": {
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
},
"lastName": {
"encrypt": {
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
},
"otherNames": {
"encrypt": {
"bsonType": "string"
}
}
}
},
"address": {
"encrypt": {
"bsonType": "object"
}
},
"dob": {
"encrypt": {
"bsonType": "date"
}
},
"phoneNumber": {
"encrypt": {
"bsonType": "string"
}
},
"salary": {
"encrypt": {
"bsonType": "double"
}
},
"taxIdentifier": {
"encrypt": {
"bsonType": "string"
}
}
}
}`

// Auto Encryption Client
var testSchema bson.M
json.Unmarshal([]byte(schemaMap), &testSchema)
encryptedClient, err = createAutoEncryptionClient(connectionString, keySpace, kmsProvider, kmsTLSOptions, testSchema)
if err != nil {
fmt.Printf("MDB encrypted client error: %s\n", err)
exitCode = 1
return
}

encryptedColl := encryptedClient.Database(db).Collection(collection)

// remove the otherNames field if it is nil
name := payload["name"].(bson.M)
if name["otherNames"] == nil {
fmt.Println("Removing nil")
delete(name, "otherNames")
}

result, err = encryptedColl.InsertOne(context.TODO(), payload)
if err != nil {
fmt.Printf("Insert error: %s\n", err)
exitCode = 1
return
}
fmt.Print(result.InsertedID)

// WRITE YOUR QUERY HERE FOR AUTODECRYPTION. REMEMBER WHICH CLIENT TO USE!
err = encryptedColl.FindOne(context.TODO(), bson.M{"salary": 999999.99}).Decode(&findResult) // As per the excercise attempt to query salary field
//err = encryptedColl.FindOne(context.TODO(), bson.M{"name.firstName": firstname}).Decode(&findResult) // Uncomment this to attemt to query name.firstName field as per excercise
if err != nil {
fmt.Printf("MongoDB find error: %s\n", err)
exitCode = 1
return
}
if len(findResult) == 0 {
fmt.Println("Cannot find document")
exitCode = 1
return
}
fmt.Printf("%+v\n", findResult)
exitCode = 0
}
Loading