hacking

christophstrobl · christophstrobl · commit 335418f383dd · 2025-06-03T16:57:30.000+02:00
diff --git a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/CollectionOptions.java b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/CollectionOptions.java
@@ -34,6 +34,7 @@
 import org.springframework.data.mongodb.core.mapping.Field;
 import org.springframework.data.mongodb.core.query.Collation;
 import org.springframework.data.mongodb.core.schema.IdentifiableJsonSchemaProperty;
+import org.springframework.data.mongodb.core.schema.IdentifiableJsonSchemaProperty.EncryptedJsonSchemaProperty;
 import org.springframework.data.mongodb.core.schema.IdentifiableJsonSchemaProperty.QueryableJsonSchemaProperty;
 import org.springframework.data.mongodb.core.schema.JsonSchemaProperty;
 import org.springframework.data.mongodb.core.schema.MongoJsonSchema;
@@ -681,17 +682,17 @@ public static class EncryptedFieldsOptions {
 		private static final EncryptedFieldsOptions NONE = new EncryptedFieldsOptions();
 
 		private final @Nullable MongoJsonSchema schema;
-		private final List<QueryableJsonSchemaProperty> queryableProperties;
+		private final List<JsonSchemaProperty> properties;
 
 		EncryptedFieldsOptions() {
 			this(null, List.of());
 		}
 
 		private EncryptedFieldsOptions(@Nullable MongoJsonSchema schema,
-				List<QueryableJsonSchemaProperty> queryableProperties) {
+				List<JsonSchemaProperty> queryableProperties) {
 
 			this.schema = schema;
-			this.queryableProperties = queryableProperties;
+			this.properties = queryableProperties;
 		}
 
 		/**
@@ -731,13 +732,33 @@ public static EncryptedFieldsOptions fromProperties(List<QueryableJsonSchemaProp
 		@CheckReturnValue
 		public EncryptedFieldsOptions queryable(JsonSchemaProperty property, QueryCharacteristic... characteristics) {
 
-			List<QueryableJsonSchemaProperty> targetPropertyList = new ArrayList<>(queryableProperties.size() + 1);
-			targetPropertyList.addAll(queryableProperties);
+			List<JsonSchemaProperty> targetPropertyList = new ArrayList<>(properties.size() + 1);
+			targetPropertyList.addAll(properties);
 			targetPropertyList.add(JsonSchemaProperty.queryable(property, List.of(characteristics)));
 
 			return new EncryptedFieldsOptions(schema, targetPropertyList);
 		}
 
+		public EncryptedFieldsOptions with(EncryptedJsonSchemaProperty property) {
+			return encrypted(property, null);
+		}
+
+		public EncryptedFieldsOptions encrypted(JsonSchemaProperty property, @Nullable Object key) {
+
+			List<JsonSchemaProperty> targetPropertyList = new ArrayList<>(properties.size() + 1);
+			targetPropertyList.addAll(properties);
+			if(property instanceof IdentifiableJsonSchemaProperty.EncryptedJsonSchemaProperty) {
+				targetPropertyList.add(property);
+			} else {
+				EncryptedJsonSchemaProperty encryptedJsonSchemaProperty = new EncryptedJsonSchemaProperty(property);
+				if(key != null) {
+					targetPropertyList.add(encryptedJsonSchemaProperty.keyId(key));
+				}
+			}
+
+			return new EncryptedFieldsOptions(schema, targetPropertyList);
+		}
+
 		public Document toDocument() {
 			return new Document("fields", selectPaths());
 		}
@@ -756,20 +777,20 @@ private List<Document> selectPaths() {
 
 		private List<Document> fromProperties() {
 
-			if (queryableProperties.isEmpty()) {
+			if (properties.isEmpty()) {
 				return List.of();
 			}
 
-			List<Document> converted = new ArrayList<>(queryableProperties.size());
-			for (QueryableJsonSchemaProperty property : queryableProperties) {
+			List<Document> converted = new ArrayList<>(properties.size());
+			for (JsonSchemaProperty property : properties) {
 
 				Document field = new Document("path", property.getIdentifier());
 
 				if (!property.getTypes().isEmpty()) {
 					field.append("bsonType", property.getTypes().iterator().next().toBsonType().value());
 				}
 
-				if (property
+				if (property instanceof QueryableJsonSchemaProperty qproperty && qproperty
 						.getTargetProperty() instanceof IdentifiableJsonSchemaProperty.EncryptedJsonSchemaProperty encrypted) {
 					if (encrypted.getKeyId() != null) {
 						if (encrypted.getKeyId() instanceof String stringKey) {
@@ -780,10 +801,21 @@ private List<Document> fromProperties() {
 						}
 					}
 				}
+				else if (property instanceof IdentifiableJsonSchemaProperty.EncryptedJsonSchemaProperty encrypted) {
+					if (encrypted.getKeyId() != null) {
+						if (encrypted.getKeyId() instanceof String stringKey) {
+							field.append("keyId",
+								new BsonBinary(BsonBinarySubType.UUID_STANDARD, stringKey.getBytes(StandardCharsets.UTF_8)));
+						} else {
+							field.append("keyId", encrypted.getKeyId());
+						}
+					}
+				}
 
-				field.append("queries", StreamSupport.stream(property.getCharacteristics().spliterator(), false)
+				if (property instanceof QueryableJsonSchemaProperty qproperty) {
+					field.append("queries", StreamSupport.stream(qproperty.getCharacteristics().spliterator(), false)
 						.map(QueryCharacteristic::toDocument).toList());
-
+				}
 				if (!field.containsKey("keyId")) {
 					field.append("keyId", BsonNull.VALUE);
 				}
@@ -812,7 +844,9 @@ private List<Document> fromSchema() {
 					if (entry.getValue().containsKey("bsonType")) {
 						field.append("bsonType", entry.getValue().get("bsonType"));
 					}
-					field.put("queries", entry.getValue().get("queries"));
+					if(entry.getValue().containsKey("queries")) {
+						field.put("queries", entry.getValue().get("queries"));
+					}
 					fields.add(field);
 				}
 			}
diff --git a/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/encryption/MongoQueryableEncryptionCollectionCreationTests.java b/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/encryption/MongoQueryableEncryptionCollectionCreationTests.java
@@ -15,9 +15,12 @@
  */
 package org.springframework.data.mongodb.core.encryption;
 
-import static org.springframework.data.mongodb.core.schema.JsonSchemaProperty.*;
-import static org.springframework.data.mongodb.core.schema.QueryCharacteristics.*;
-import static org.springframework.data.mongodb.test.util.Assertions.*;
+import static org.springframework.data.mongodb.core.schema.JsonSchemaProperty.encrypted;
+import static org.springframework.data.mongodb.core.schema.JsonSchemaProperty.int32;
+import static org.springframework.data.mongodb.core.schema.JsonSchemaProperty.int64;
+import static org.springframework.data.mongodb.core.schema.JsonSchemaProperty.queryable;
+import static org.springframework.data.mongodb.core.schema.QueryCharacteristics.range;
+import static org.springframework.data.mongodb.test.util.Assertions.assertThat;
 
 import java.util.List;
 import java.util.UUID;
@@ -31,7 +34,6 @@
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.mongodb.config.AbstractMongoClientConfiguration;
@@ -94,12 +96,16 @@ public void createsCollectionWithEncryptedFieldsCorrectly(CollectionOptions coll
 		assertThat(encryptedFields).containsKey("fields");
 
 		List<Document> fields = encryptedFields.get("fields", List.of());
-		assertThat(fields.get(0)).containsEntry("path", "encryptedInt") //
+		assertThat(fields.get(0)).containsEntry("path", "encrypted-but-not-queryable") //
+				.containsEntry("bsonType", "int") //
+				.doesNotContainKey("queries");
+
+		assertThat(fields.get(1)).containsEntry("path", "encryptedInt") //
 				.containsEntry("bsonType", "int") //
 				.containsEntry("queries", List
 						.of(Document.parse("{'queryType': 'range', 'contention': { '$numberLong' : '1' }, 'min': 5, 'max': 100}")));
 
-		assertThat(fields.get(1)).containsEntry("path", "nested.encryptedLong") //
+		assertThat(fields.get(2)).containsEntry("path", "nested.encryptedLong") //
 				.containsEntry("bsonType", "long") //
 				.containsEntry("queries", List.of(Document.parse(
 						"{'queryType': 'range', 'contention': { '$numberLong' : '0' }, 'min': { '$numberLong' : '-1' }, 'max': { '$numberLong' : '1' }}")));
@@ -109,16 +115,19 @@ private static Stream<Arguments> collectionOptions() {
 
 		BsonBinary key1 = new BsonBinary(UUID.randomUUID(), UuidRepresentation.STANDARD);
 		BsonBinary key2 = new BsonBinary(UUID.randomUUID(), UuidRepresentation.STANDARD);
+		BsonBinary key3 = new BsonBinary(UUID.randomUUID(), UuidRepresentation.STANDARD);
 
 		CollectionOptions manualOptions = CollectionOptions.encryptedCollection(options -> options //
-				.queryable(encrypted(int32("encryptedInt")).keys(key1), range().min(5).max(100).contention(1)) //
-				.queryable(encrypted(JsonSchemaProperty.int64("nested.encryptedLong")).keys(key2),
+				.encrypted(int32("encrypted-but-not-queryable"), key1) //
+				.queryable(encrypted(int32("encryptedInt")).keyId(key2), range().min(5).max(100).contention(1)) //
+				.queryable(encrypted(JsonSchemaProperty.int64("nested.encryptedLong")).keyId(key3),
 						range().min(-1L).max(1L).contention(0)));
 
-		CollectionOptions schemaOptions = CollectionOptions.encryptedCollection(MongoJsonSchema.builder()
+		CollectionOptions schemaOptions = CollectionOptions.encryptedCollection(MongoJsonSchema.builder() //
+				.property(encrypted(int32("encrypted-but-not-queryable")).keyId(key1)) //
 				.property(
-						queryable(encrypted(int32("encryptedInt")).keyId(key1), List.of(range().min(5).max(100).contention(1))))
-				.property(queryable(encrypted(int64("nested.encryptedLong")).keyId(key2),
+						queryable(encrypted(int32("encryptedInt")).keyId(key2), List.of(range().min(5).max(100).contention(1))))
+				.property(queryable(encrypted(int64("nested.encryptedLong")).keyId(key3),
 						List.of(range().min(-1L).max(1L).contention(0))))
 				.build());
 
