spring-data-couchbase是否支持使用@EncryptField注解的字段级加密？

Question

我正在尝试通过CrudRepository或CouchbaseTemplate在couchbase中使用加密字段持久化/检索文档

从devguide of couchbase中的示例开始，我在spring配置中添加了加密提供程序，如下所示

@Configuration
@EnableCouchbaseRepositories(basePackages = { "com.example.demo.db" })
public class MyCouchbaseConfig extends AbstractCouchbaseConfiguration {

    private static final Logger log = LoggerFactory.getLogger(MyCouchbaseConfig.class);

    @Override
    protected List<String> getBootstrapHosts() {
        return Arrays.asList("localhost", "127.0.0.1");
    }

    @Override
    protected String getBucketName() {
        return "TEST";
    }

    @Override
    protected String getUsername() {
        return "user";
    }

    @Override
    protected String getBucketPassword() {
        return "p4$$w0rd";
    }

    @Override
    public String typeKey() {
        return MappingCouchbaseConverter.TYPEKEY_SYNCGATEWAY_COMPATIBLE;
    }

    @Override
    protected CouchbaseEnvironment getEnvironment() {
        try {
            JceksKeyStoreProvider kp = new JceksKeyStoreProvider("secret");
            kp.publicKeyName("mypublickey");
            kp.storeKey("mypublickey", "!mysecretkey#9^5usdk39d&dlf)03sL".getBytes(Charset.forName("UTF-8")));
            kp.signingKeyName("HMACsecret");
            kp.storeKey("HMACsecret", "myauthpassword".getBytes(Charset.forName("UTF-8")));
            AES256CryptoProvider aes256CryptoProvider = new AES256CryptoProvider(kp);
            CryptoManager cryptoManager = new CryptoManager();
            cryptoManager.registerProvider("MyAESProvider", aes256CryptoProvider);
            return DefaultCouchbaseEnvironment.builder().cryptoManager(cryptoManager).build();
        } catch (Exception ex) {
            log.error(ex.getMessage(), ex);
            return null;
        }
    }

这是要持久化的文档

@Document
public class Person {

    @Id
    public String id;

    @EncryptedField(provider = "MyAESProvider")
    public String password;

    //The rest will be transported and stored unencrypted
    public String firstName;
    public String lastName;
    public String userName;
    public int age;
}

这是存储库

public interface PersonRepository extends CrudRepository<Person, String> {

}

调用(自动连接)

personRepository.save(person);

或

couchbaseTemplate.insert(person);

将以clear格式存储对象

{
  "firstName": "John",
  "lastName": "Doe",
  "password": "password",
  "javaClass": "com.example.demo.db.Person",
  "userName": "jdoe",
  "age": 20
}

虽然这段代码(来自示例，但使用了我的spring配置)

Bucket bucket = couchConfig.couchbaseClient();
EntityDocument<Person> document = EntityDocument.create(person);
bucket.repository().upsert(document);
EntityDocument<Person> stored = bucket.repository().get(person.id, Person.class);
System.out.println("Password: " + stored.content().password);

存储此对象

{
  "firstName": "John",
  "lastName": "Doe",
  "__crypt_password": {
    "sig": "h1QS9JacNxTBrep4TEkZj/N7EsV3zJQ6vXmYtzADdG8=",
    "ciphertext": "G3rAivta7NOnLP5Qb1nEfw==",
    "alg": "AES-256-HMAC-SHA256",
    "iv": "cGjOOgA4M+wg4WcM0pHAFw==",
    "kid": "mypublickey"
  },
  "userName": "jdoe",
  "age": 20
}

在我看来，Spring Data Couchbase使用的是Bucket接口(忽略文档上的注释)，而不是Bucket.repository() (考虑了FLE )。

所以最后的问题是：“我如何使用spring Spring Data Couchbase Repository或CouchbaseTemplate来存储具有Couchbase的@EncryptedField特性的@Document的@EncryptedField？”

Answer 1

我现在有完全相同的问题，但不幸的是，我发现这是SpringDataCouchbase团队Jira板未来的改进。

https://jira.spring.io/projects/DATACOUCH/issues/DATACOUCH-455?filter=allopenissuess。

所以，现在没什么可做的。你有没有找到比使用bucket.repository().upsert(document); @Domenico U更好的方法？