C# additions to the CSFLE guide (#696)

terakilobyte · Chris Cho · Chris Cho · web-flow · commit e2a64cddacc5 · 2020-11-09T08:38:46.000-08:00
* add dotnet gcp info; cleanup node note * fix found typo * adds c# driver to csfle guide * add steps for mongoclient * DOCSP-13035: CSFLE Azure and Java (#687) * DOCSP-12575: add Azure instructions for Java * DOCSP-13038: Google Cloud KMS and Python (#688) * DOCSP-13038- update steps for Python and GCP * Update source/includes/steps-fle-configure-the-mongodb-client.yaml Co-authored-by: Chris Cho <chris.cho@10gen.com> * fix found typo * adds c# driver to csfle guide * add steps for mongoclient * Update source/includes/steps-fle-configure-the-mongodb-client.yaml Co-authored-by: Chris Cho <chris.cho@10gen.com> * update placeholder links * conform to style guide * dataKeyId paste note Co-authored-by: Chris Cho <chris.cho@mongodb.com> Co-authored-by: Chris Cho <chris.cho@10gen.com>
diff --git a/source/includes/steps-fle-configure-the-mongodb-client.yaml b/source/includes/steps-fle-configure-the-mongodb-client.yaml
@@ -26,6 +26,13 @@ content: |
         .. code-block:: python
 
            key_vault_namespace = "encryption.__keyVault"
+     .. tab::
+        :tabid: csharp
+
+        .. code-block:: csharp
+
+           var keyVaultNamespace = CollectionNamespace.FromFullName("encryption.__keyVault");
+
 ---
 title: Specify the Local Master Encryption Key
 ref: specify-the-local-master-encryption-key
@@ -70,6 +77,20 @@ content: |
                "key": local_master_key
              }
            }
+     .. tab::
+        :tabid: csharp
+
+        .. code-block:: csharp
+
+           var kmsProviders = new Dictionary<string, IReadOnlyDictionary<string, object>>();
+           var localMasterKeyBase64 = File.ReadAllText(__localMasterKeyPath);
+           var localMasterKeyBytes = Convert.FromBase64String(localMasterKeyBase64);
+           var localOptions = new Dictionary<string, object>
+           {
+               { "key", localMasterKeyBytes }
+           };
+           kmsProviders.Add("local", localOptions);
+
 ---
 title: Map the JSON Schema to the Patients Collection
 ref: map-the-json-schema-to-the-patients-collection
@@ -107,6 +128,15 @@ content: |
            patient_schema = {
              "medicalRecords.patients": json_schema
            }
+
+     .. tab::
+        :tabid: csharp
+
+        .. code-block:: csharp
+
+           // JsonSchemaCreator is a utility class found in the C# companion
+           // project to this guide
+           var schema = JsonSchemaCreator.CreateJsonSchema(keyIdBase64);
 ---
 title: Specify the Location of the Encryption Binary
 ref: specify-the-location-of-the-encryption-binary
@@ -184,6 +214,14 @@ content: |
               :emphasize-lines: 1
 
                extra_options['mongocryptd_bypass_spawn'] = True
+     .. tab::
+        :tabid: csharp
+
+
+        .. note:: Encryption Library
+
+           Ensure ``mongocrypt.dll` is included with your application's build
+           assets.
 
 ---
 title: Create the MongoClient
@@ -242,3 +280,17 @@ content: |
               **extra_options
            )
            client = MongoClient(connection_string, auto_encryption_opts=fle_opts)
+
+     .. tab::
+        :tabid: csharp
+
+        .. code-block:: csharp
+
+           var clientSettings = MongoClientSettings.FromConnectionString(_connectionString);
+           var autoEncryptionOptions = new AutoEncryptionOptions(
+               keyVaultNamespace: keyVaultNamespace,
+               kmsProviders: kmsProviders,
+               schemaMap: schemaMap,
+               extraOptions: extraOptions);
+           clientSettings.AutoEncryptionOptions = autoEncryptionOptions;
+           var client = new MongoClient(clientSettings);
diff --git a/source/includes/steps-fle-convert-to-a-remote-master-key-azure.yaml b/source/includes/steps-fle-convert-to-a-remote-master-key-azure.yaml
@@ -132,7 +132,7 @@ content: |
      .. tab::
         :tabid: csharp
 
-        .. code-block:: chsarp
+        .. code-block:: csharp
 
            var kmsProviders = new Dictionary<string, IReadOnlyDictionary<string, object>>();
 
diff --git a/source/includes/steps-fle-create-data-encryption-key.yaml b/source/includes/steps-fle-create-data-encryption-key.yaml
@@ -47,6 +47,14 @@ content: |
            with open(path, "rb") as f:
              local_master_key = f.read()
 
+     .. tab::
+        :tabid: csharp
+
+        .. code-block:: csharp
+
+           string localMasterKeyBase64 = File.ReadAllText(__localMasterKeyPath);
+           var localMasterKeyBytes = Convert.FromBase64String(localMasterKeyBase64);
+
 ---
 title: Specify KMS Provider Settings
 ref: specify-kms-provider-settings
@@ -91,11 +99,23 @@ content: |
         .. code-block:: python
            :emphasize-lines: 2,3
 
-            kms_providers = {
-              "local": {
-                "key": local_master_key # local_master_key variable from the previous step
-              },
-            }
+           kms_providers = {
+             "local": {
+               "key": local_master_key # local_master_key variable from the previous step
+             },
+           }
+
+     .. tab::
+        :tabid: csharp
+
+        .. code-block:: csharp
+
+           var kmsProviders = new Dictionary<string, IReadOnlyDictionary<string, object>>();
+           var localOptions = new Dictionary<string, object>
+           {
+               { "key", localMasterKeyBytes }
+           };
+           kmsProviders.Add("local", localOptions);
 
 ---
 title: Create a Data Encryption Key
@@ -104,8 +124,8 @@ level: 4
 content: |
   Construct a client with the MongoDB connection string and key vault
   namespace configuration, create a unique index on the ``keyAltNames`` field
-  in that collection, and create a data encryption key with the following 
-  **code snippet**. The key vault in this example uses the ``encryption`` 
+  in that collection, and create a data encryption key with the following
+  **code snippet**. The key vault in this example uses the ``encryption``
   database and ``__keyVault`` collection.
 
   .. tabs-drivers::
@@ -213,6 +233,23 @@ content: |
 
            data_key_id = create_data_encryption_key()
 
+     .. tab::
+        :tabid: csharp
+
+        .. code-block:: csharp
+
+           var keyVaultClient = new MongoClient(_connectionString);
+           var clientEncryptionOptions = new ClientEncryptionOptions(
+               keyVaultClient: keyVaultClient,
+               keyVaultNamespace: _keyVaultNamespace,
+               kmsProviders: kmsProviders);
+           var clientEncryption = new ClientEncryption(kmsProviders);
+           var dataKeyId = clientEncryption.CreateDataKey("local", new DataKeyOptions(), CancellationToken.None);
+           Console.WriteLine($"Local DataKeyId [UUID]: {dataKeyId}");
+           var dataKeyIdBase64 = Convert.ToBase64String(GuidConverter.ToBytes(dataKeyId, GuidRepresentation.Standard));
+           Console.WriteLine($"Local DataKeyId [base64]: {dataKeyIdBase64}");
+
+
 
   The ``_id`` field of the data encryption key is represented as a **UUID**
   and is encoded in **Base64** format. Use your **Base64**-encoded data key
@@ -387,6 +424,49 @@ content: |
              }
            }
 
+     .. tab::
+        :tabid: csharp
+
+        .. code-block:: csharp
+
+
+           var client = new MongoClient("mongodb://localhost:27017");
+           // dataKeyId is the UUID from the previous step that was printed
+           // to the console
+           var dataKeyId = "<paste your dataKeyId value here>"
+           var collection = client
+               .GetDatabase(_keyVaultNamespace.DatabaseNamespace.DatabaseName)
+               .GetCollection<BsonDocument>(
+                   _keyVaultNamespace.CollectionName,
+                   new MongoCollectionSettings
+                   {
+#pragma warning disable CS0618
+                       GuidRepresentation = GuidRepresentation.Standard
+#pragma warning restore CS0618
+                    });
+           var query = Builders<BsonDocument>.Filter.Eq("_id", new BsonBinaryData(dataKeyId, GuidRepresentation.Standard));
+           var keyDocument = collection
+               .Find(query)
+               .Single();
+
+           Console.WriteLine(keyDocument);
+
+        This code example should print a retrieved document that resembles the
+        following:
+
+        .. code-block:: none
+
+           {
+             "_id" : CSUUID("aae4f3b4-91b6-4cef-8867-3113a6dfb27b"),
+             "keyMaterial" : new BinData(0, "rcfTQLRxF1mg98/Jr7iFwXWshvAVIQY6JCswrW+4bSqvLwa8bQrc65w7+3P3k+TqFS+1Ce6FW4Epf5o/eqDyT//I73IRc+yPUoZew7TB1pyIKmxL6ABPXJDkUhvGMiwwkRABzZcU9NNpFfH+HhIXjs324FuLzylIhAmJA/gvXcuz6QSD2vFpSVTRBpNu1sq0C9eZBSBaOxxotMZAcRuqMA=="),
+             "creationDate" : ISODate("2020-11-08T17:58:36.372Z"),
+             "updateDate" : ISODate("2020-11-08T17:58:36.372Z"),
+             "status" : 0,
+             "masterKey" : {
+                "provider" : "local"
+             }
+           }
+
 
   This retrieved document contains the following data:
 
diff --git a/source/security/client-side-field-level-encryption-guide.txt b/source/security/client-side-field-level-encryption-guide.txt
