Fix cast error in CryptoManager.

Closes #763.

Author: mikereiche

spring-data-couchbase/src/main/java/org/springframework/data/couchbase/core/convert/CryptoConverter.java

@@ -142,8 +142,7 @@ public CouchbaseDocument write(Object value, ValueConversionContext<? extends Pe
 
 		value = ctx.getConverter().getPotentiallyConvertedSimpleWrite(property, ctx.getAccessor(), false);
 		if (conversions.isSimpleType(sourceType)) {
-			String plainString;
-			plainString = (String) value;
+			String plainString = value.toString();
 			if (sourceType == String.class || targetType == String.class) {
 				plainString = "\"" + plainString.replaceAll("\"", "\\\"") + "\"";
 			}

spring-data-couchbase/src/main/java/org/springframework/data/couchbase/core/convert/MappingCouchbaseConverter.java

@@ -76,6 +76,7 @@
 import org.springframework.util.CollectionUtils;
 
 import com.couchbase.client.core.encryption.CryptoManager;
+import com.couchbase.client.java.encryption.annotation.Encrypted;
 import com.couchbase.client.java.json.JsonObject;
 
 /**
@@ -287,7 +288,7 @@ public void doWithPersistentProperty(final CouchbasePersistentProperty prop) {
 			 * @return
 			 */
 			private boolean doesPropertyExistInSource(final CouchbasePersistentProperty property) {
-				return property.isIdProperty() || source.containsKey(maybeMangle(property));
+				return property.isIdProperty() || source.containsKey(property.getFieldName()) || source.containsKey(maybeMangle(property));
 			}
 
 			private boolean isIdConstructionProperty(final CouchbasePersistentProperty property) {
@@ -937,9 +938,9 @@ private <R> R readValue(Object value, TypeInformation type, Object parent) {
 	 * @return the converted object.
 	 */
 	@SuppressWarnings("unchecked")
-	private <R> R readValue(Object value, CouchbasePersistentProperty prop, Object parent) {
+	private <R> R readValue(Object value, CouchbasePersistentProperty prop, Object parent, boolean noDecrypt) {
 		Class<?> rawType = prop.getType();
-		if (conversions.hasValueConverter(prop)) {
+		if (conversions.hasValueConverter(prop) && !noDecrypt) {
 			return (R) conversions.getPropertyValueConversions().getValueConverter(prop).read(value,
 					new CouchbaseConversionContext(prop, this, null));
 		} else if (conversions.hasCustomReadTarget(value.getClass(), rawType)) {
@@ -1055,15 +1056,23 @@ public CouchbasePropertyValueProvider(final CouchbaseDocument source,
 		@SuppressWarnings("unchecked")
 		public <R> R getPropertyValue(final CouchbasePersistentProperty property) {
 			String expression = property.getSpelExpression();
-			Object value = expression != null ? evaluator.evaluate(expression) : source.get(maybeMangle(property));
+			String maybeFieldName = maybeMangle(property);
+			Object value = expression != null ? evaluator.evaluate(expression) : source.get(maybeFieldName);
+			boolean noDecrypt=false;
+			if (value == null && !maybeFieldName.equals(property.getFieldName())) {
+				if (property.findAnnotation(Encrypted.class) != null
+						&& property.findAnnotation(Encrypted.class).migration().equals(Encrypted.Migration.FROM_UNENCRYPTED))
+					value = source.get(property.getFieldName());
+				noDecrypt = true;
+			}
 
 			if (property == entity.getIdProperty() && parent == null) {
 				return readValue(source.getId(), property.getTypeInformation(), source);
 			}
 			if (value == null) {
 				return null;
 			}
-			return readValue(value, property, source);
+			return readValue(value, property, source, noDecrypt);
 		}
 	}
 

spring-data-couchbase/src/test/java/org/springframework/data/couchbase/domain/Address.java

@@ -15,12 +15,14 @@
  */
 package org.springframework.data.couchbase.domain;
 
+import com.couchbase.client.java.encryption.annotation.Encrypted;
 import org.springframework.data.couchbase.core.mapping.Document;
 
 @Document
 public class Address extends ComparableEntity {
 
 	private String street;
+	private @Encrypted String encStreet;
 	private String city;
 	// for N1qlJoin
 	private String id;
@@ -36,6 +38,14 @@ public void setStreet(String street) {
 		this.street = street;
 	}
 
+	public String getEncStreet() {
+		return encStreet;
+	}
+
+	public void setEncStreet(String encStreet) {
+		this.encStreet = encStreet;
+	}
+
 	public String getCity() {
 		return city;
 	}

spring-data-couchbase/src/test/java/org/springframework/data/couchbase/domain/UserEncrypted.java

@@ -73,20 +73,22 @@ public UserEncrypted(final String id, final String firstname, final String lastn
 		this.encryptedField = encryptedField;
 	}
 
+	static DateTime NOW_DateTime = DateTime.now(DateTimeZone.UTC);
+	static Date NOW_Date = Date.from(Instant.now());
 	@Version protected long version;
-	@Encrypted public String encryptedField;
+	@Encrypted(migration= Encrypted.Migration.FROM_UNENCRYPTED)public String encryptedField;
 	@Encrypted public Integer encInteger = 1;
 	@Encrypted public Long encLong = Long.valueOf(1);
 	@Encrypted public Boolean encBoolean = Boolean.TRUE;
 	@Encrypted public BigInteger encBigInteger = new BigInteger("123");
 	@Encrypted public BigDecimal encBigDecimal = new BigDecimal("456");
-	@Encrypted public UUID encUUID = UUID.randomUUID();
-	@Encrypted public DateTime encDateTime = DateTime.now(DateTimeZone.UTC);
-	@Encrypted public Date encDate = Date.from(Instant.now());
+	@Encrypted public UUID encUUID = UUID.fromString("00000000-0000-0000-0000-000000000000");
+	@Encrypted public DateTime encDateTime = NOW_DateTime;
+	@Encrypted public Date encDate = NOW_Date;
 	@Encrypted public Address encAddress = new Address();
 
-	public Date plainDate = Date.from(Instant.now());
-	public DateTime plainDateTime = DateTime.now(DateTimeZone.UTC);
+	public Date plainDate = NOW_Date;
+	public DateTime plainDateTime = NOW_DateTime;
 
 	public List nicknames = List.of("Happy", "Sleepy");
 

spring-data-couchbase/src/test/java/org/springframework/data/couchbase/repository/CouchbaseRepositoryFieldLevelEncryptionIntegrationTests.java

@@ -18,6 +18,7 @@
 
 import static com.couchbase.client.core.util.CbCollections.mapOf;
 import static com.couchbase.client.java.query.QueryScanConsistency.REQUEST_PLUS;
+import static org.junit.Assert.assertNull;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -27,25 +28,23 @@
 import java.security.NoSuchAlgorithmException;
 import java.util.Base64;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.UUID;
 
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.datatype.joda.JodaModule;
-import org.joda.time.DateTime;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.dao.DataRetrievalFailureException;
 import org.springframework.data.couchbase.CouchbaseClientFactory;
 import org.springframework.data.couchbase.config.AbstractCouchbaseConfiguration;
 import org.springframework.data.couchbase.core.CouchbaseTemplate;
 import org.springframework.data.couchbase.domain.Address;
-import org.springframework.data.couchbase.domain.PersonValueRepository;
 import org.springframework.data.couchbase.domain.UserEncrypted;
 import org.springframework.data.couchbase.domain.UserEncryptedRepository;
 import org.springframework.data.couchbase.repository.config.EnableCouchbaseRepositories;
@@ -64,6 +63,9 @@
 import com.couchbase.client.encryption.EncryptionResult;
 import com.couchbase.client.encryption.Keyring;
 import com.couchbase.client.java.env.ClusterEnvironment;
+import com.couchbase.client.java.json.JsonObject;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.datatype.joda.JodaModule;
 
 /**
  * Repository KV tests
@@ -78,13 +80,20 @@ public class CouchbaseRepositoryFieldLevelEncryptionIntegrationTests extends Clu
 	@Autowired UserEncryptedRepository userEncryptedRepository;
 	@Autowired CouchbaseClientFactory clientFactory;
 
-	@Autowired PersonValueRepository personValueRepository;
 	@Autowired CouchbaseTemplate couchbaseTemplate;
 
 	@BeforeEach
 	public void beforeEach() {
 		super.beforeEach();
-		couchbaseTemplate.removeByQuery(UserEncrypted.class).withConsistency(REQUEST_PLUS).all();
+		List<UserEncrypted> users = couchbaseTemplate.findByQuery(UserEncrypted.class).withConsistency(REQUEST_PLUS).all();
+		for (UserEncrypted user : users) {
+			couchbaseTemplate.removeById(UserEncrypted.class).one(user.getId());
+			try { // may have also used upperCased-id
+				couchbaseTemplate.removeById(UserEncrypted.class).one(user.getId().toUpperCase());
+			} catch (DataRetrievalFailureException iae) {
+				// ignore
+			}
+		}
 		couchbaseTemplate.findByQuery(UserEncrypted.class).withConsistency(REQUEST_PLUS).all();
 	}
 
@@ -96,46 +105,92 @@ void javaSDKEncryption() {
 	@Test
 	@IgnoreWhen(clusterTypes = ClusterType.MOCKED)
 	void saveAndFindById() {
+		boolean cleanAfter = true;
 		UserEncrypted user = new UserEncrypted(UUID.randomUUID().toString(), "saveAndFindById", "l", "hello");
 		Address address = new Address(); // plaintext address with encrypted street
-		// address.setEncStreet("Olcott Street");
-		address.setStreet("Castro Street");
+		address.setEncStreet("Castro Street");
 		address.setCity("Santa Clara");
 		user.addAddress(address);
 		user.setHomeAddress(null);
-		// cannot set encrypted fields within encrypted objects (i.e. setEncAddress())
 		Address encAddress = new Address(); // encrypted address with plaintext street.
 		encAddress.setStreet("Castro St");
 		encAddress.setCity("Mountain View");
 		user.setEncAddress(encAddress);
 		assertFalse(userEncryptedRepository.existsById(user.getId()));
-		DateTime beforeDateTime = user.plainDateTime.plus(1).minus(1);
-		assertEquals(user.plainDateTime, beforeDateTime);
-		System.err.println("before: "+beforeDateTime);
 		userEncryptedRepository.save(user);
-		DateTime afterDateTime = user.plainDateTime.plus(1).minus(1);
-		assertEquals(beforeDateTime, afterDateTime);
-		System.err.println("afterDateTime: "+afterDateTime);
 		Optional<UserEncrypted> found = userEncryptedRepository.findById(user.getId());
 		assertTrue(found.isPresent());
-		System.err.println("Found: "+found.get());
 		found.ifPresent(u -> assertEquals(user, u));
 		assertTrue(userEncryptedRepository.existsById(user.getId()));
-
-		clientFactory.getCluster().bucket(config().bucketname()).defaultCollection().insert(user.getId().toUpperCase(), user);
+		clientFactory.getCluster().bucket(config().bucketname()).defaultCollection().insert(user.getId().toUpperCase(),
+				user);
 		UserEncrypted sdkUser = clientFactory.getCluster().bucket(config().bucketname()).defaultCollection()
 				.get(user.getId()).contentAs(UserEncrypted.class);
-		System.err.println("user:   : " + user);
 		sdkUser.setId(user.getId());
 		sdkUser.setVersion(user.getVersion());
-		//assertTrue(user.encDateTime.equals( sdkUser.encDateTime));
-		System.err.println("sdkUser : " + sdkUser);
 		assertEquals(user.plainDateTime, found.get().plainDateTime);
 		assertEquals(user.plainDateTime, sdkUser.plainDateTime);
 		assertEquals(user.encDateTime, found.get().encDateTime);
 		assertEquals(user.encDateTime, sdkUser.encDateTime);
+		assertEquals(user, found.get());
 		assertEquals(user, sdkUser);
-		// userEncryptedRepository.delete(user);
+		if (cleanAfter) {
+			couchbaseTemplate.removeById(UserEncrypted.class).one(user.getId());
+			try { // may have also used upperCased-id
+				couchbaseTemplate.removeById(UserEncrypted.class).one(user.getId().toUpperCase());
+			} catch (DataRetrievalFailureException iae) {
+				// ignore
+			}
+		}
+	}
+
+	@Test
+	@IgnoreWhen(clusterTypes = ClusterType.MOCKED)
+	void testFromMigration() {
+		boolean cleanAfter = true;
+		UserEncrypted user = new UserEncrypted(UUID.randomUUID().toString(), "testFromMigration", "l",
+				"migrating from unencrypted");
+		JsonObject jo = JsonObject.jo();
+		jo.put("firstname", user.getFirstname());
+		jo.put("lastname", user.getLastname());
+		jo.put("encryptedField", user.encryptedField);
+		jo.put("_class", UserEncrypted.class.getName());
+
+		// save it unencrypted
+		clientFactory.getCluster().bucket(config().bucketname()).defaultCollection().insert(user.getId(), jo);
+		JsonObject migration = clientFactory.getCluster().bucket(config().bucketname()).defaultCollection()
+				.get(user.getId()).contentAsObject();
+		assertEquals("migrating from unencrypted", migration.get("encryptedField"));
+		assertNull( migration.get(CryptoManager.DEFAULT_ENCRYPTER_ALIAS+"encryptedField"));
+
+
+		// it will be retrieved successfully
+		Optional<UserEncrypted> found = userEncryptedRepository.findById(user.getId());
+		assertTrue(found.isPresent());
+		user.setVersion(found.get().getVersion());
+		found.ifPresent(u -> assertEquals(user, u));
+		// save it encrypted
+		UserEncrypted saved = userEncryptedRepository.save(user);
+		// it will be retrieved successfully
+		Optional<UserEncrypted> foundEnc = userEncryptedRepository.findById(user.getId());
+		assertTrue(foundEnc.isPresent());
+		user.setVersion(foundEnc.get().getVersion());
+		foundEnc.ifPresent(u -> assertEquals(user, u));
+
+		// retrieve it without decrypting
+		JsonObject encrypted = clientFactory.getCluster().bucket(config().bucketname()).defaultCollection()
+				.get(user.getId()).contentAsObject();
+		assertEquals("myKey", ((JsonObject)encrypted.get(CryptoManager.DEFAULT_ENCRYPTED_FIELD_NAME_PREFIX+"encryptedField")).get("kid"));
+		assertNull( encrypted.get("encryptedField"));
+
+		if (cleanAfter) {
+			couchbaseTemplate.removeById(UserEncrypted.class).one(user.getId());
+			try { // may have also used upperCased-id
+				couchbaseTemplate.removeById(UserEncrypted.class).one(user.getId().toUpperCase());
+			} catch (DataRetrievalFailureException iae) {
+				// ignore
+			}
+		}
 	}
 
 	@Configuration
@@ -163,7 +218,7 @@ public String getBucketName() {
 		}
 
 		@Override
-		public ObjectMapper couchbaseObjectMapper(CryptoManager cryptoManager){
+		public ObjectMapper couchbaseObjectMapper(CryptoManager cryptoManager) {
 			ObjectMapper om = super.couchbaseObjectMapper(cryptoManager);
 			om.registerModule(new JodaModule());
 			return om;
@@ -182,29 +237,8 @@ protected void configureEnvironment(ClusterEnvironment.Builder builder) {
 		@Override
 		protected CryptoManager cryptoManager() {
 
-			Decrypter decrypter = new Decrypter() {
-				@Override
-				public String algorithm() {
-					return "myAlg";
-				}
-
-				@Override
-				public byte[] decrypt(EncryptionResult encrypted) {
-					return Base64.getDecoder().decode(encrypted.getString("ciphertext"));
-				}
-			};
-
-			Encrypter encrypter = new Encrypter() {
-				@Override
-				public EncryptionResult encrypt(byte[] plaintext) {
-					return EncryptionResult
-							.fromMap(mapOf("alg", "myAlg", "ciphertext", Base64.getEncoder().encodeToString(plaintext)));
-				}
-			};
 			Map<String, byte[]> keyMap = new HashMap();
-			keyMap.put("myKey",
-					new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-							0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, });
+			keyMap.put("myKey",	new byte[64] /* all zeroes */);
 			Keyring keyring = Keyring.fromMap(keyMap);
 			// Provider secProvider;
 			AeadAes256CbcHmacSha512Provider provider = AeadAes256CbcHmacSha512Provider.builder().keyring(keyring)
@@ -213,6 +247,7 @@ public EncryptionResult encrypt(byte[] plaintext) {
 					.defaultEncrypter(provider.encrypterForKey("myKey")).build();
 		}
 
+		// not used
 		byte[] hmacMe(String cbc_secret_key, String cbc_api_message) {
 			try {
 				return hmac("hmacSHA256", cbc_secret_key.getBytes("utf-8"), cbc_api_message.getBytes("utf-8"));
@@ -221,6 +256,7 @@ byte[] hmacMe(String cbc_secret_key, String cbc_api_message) {
 			}
 		}
 
+		// not used
 		static byte[] hmac(String algorithm, byte[] key, byte[] message)
 				throws NoSuchAlgorithmException, InvalidKeyException {
 			Mac mac = Mac.getInstance(algorithm);
@@ -229,5 +265,4 @@ static byte[] hmac(String algorithm, byte[] key, byte[] message)
 		}
 
 	}
-
 }