Merge pull request #2872 from FOCONIS/issue-2774/encryption-support-f…

…or-in #2774 Locally encrypted properties can be used in "in" queries
ebean-orm · Nov 2, 2022 · 08e1a05 · 08e1a05
2 parents f145aaa + 66f4055
commit 08e1a05
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 26 deletions.
diff --git a/ebean-core/src/main/java/io/ebeaninternal/server/expression/InExpression.java b/ebean-core/src/main/java/io/ebeaninternal/server/expression/InExpression.java
@@ -117,29 +117,39 @@ public void addBindValues(SpiExpressionRequest request) {
       }
     }
     ElPropertyValue prop = getElProp(request);
-    if (prop != null && !prop.isAssocId()) {
-      prop = null;
-    }
 
-    if (prop == null) {
-      if (bindValues.size() > 0) {
-        // if we have no property, we wrap them in a multi value wrapper.
-        // later the binder will decide, which bind strategy to use.
-        request.addBindValue(new MultiValueWrapper(bindValues));
-      }
-    } else {
-      List<Object> idList = new ArrayList<>();
+    List<Object> values = bindValues;
+    if (prop != null && prop.isAssocId()) {
+      values = new ArrayList<>();
       for (Object bindValue : bindValues) {
         // extract the id values from the bean
         Object[] ids = prop.assocIdValues((EntityBean) bindValue);
         if (ids != null) {
-          Collections.addAll(idList, ids);
+          Collections.addAll(values, ids);
         }
       }
-      if (!idList.isEmpty()) {
-        request.addBindValue(new MultiValueWrapper(idList));
+    }
+    if (values.isEmpty()) {
+      // nothing in in-query
+      return;
+    } else if (prop.isDbEncrypted()) {
+      // bind the key as well as the value
+      String encryptKey = prop.beanProperty().encryptKey().getStringValue();
+      request.addBindEncryptKey(encryptKey);
+    } else if (prop.isLocalEncrypted()) {
+      List<Object> encValues = new ArrayList<>(values.size());
+      for (Object value : values) {
+        encValues.add(prop.localEncrypt(value));
       }
+      // this is most likely binary garbage, so don't add it to the bind log
+      request.addBindEncryptKey(new MultiValueWrapper(encValues));
+      return;
     }
+
+    // if we have no property, we wrap them in a multi value wrapper.
+    // later the binder will decide, which bind strategy to use.
+    request.addBindValue(new MultiValueWrapper(values));
+
   }
 
   @Override
@@ -154,17 +164,23 @@ public void addSql(SpiExpressionRequest request) {
     }
 
     ElPropertyValue prop = getElProp(request);
-    if (prop != null && !prop.isAssocId()) {
-      prop = null;
-    }
 
     if (prop != null) {
-      request.append(prop.assocIdInExpr(propName));
-      request.append(prop.assocIdInValueExpr(not, bindValues.size()));
-    } else {
-      request.append(propName);
-      request.appendInExpression(not, bindValues);
+      if (prop.isAssocId()) {
+        request.append(prop.assocIdInExpr(propName));
+        request.append(prop.assocIdInValueExpr(not, bindValues.size()));
+        return;
+      }
+      if (prop.isDbEncrypted()) {
+        String dsql = prop.beanProperty().decryptProperty(propName);
+        request.append(dsql);
+        request.appendInExpression(not, bindValues);
+        return;
+      }
     }
+    request.append(propName);
+    request.appendInExpression(not, bindValues);
+
   }
 
   /**

diff --git a/ebean-test/src/test/java/org/tests/basic/encrypt/TestEncrypt.java b/ebean-test/src/test/java/org/tests/basic/encrypt/TestEncrypt.java
@@ -1,13 +1,13 @@
 package org.tests.basic.encrypt;
 
-import io.ebean.xtest.BaseTestCase;
 import io.ebean.DB;
 import io.ebean.SqlRow;
-import io.ebean.xtest.ForPlatform;
-import io.ebean.xtest.IgnorePlatform;
 import io.ebean.annotation.Platform;
 import io.ebean.config.dbplatform.DbEncrypt;
 import io.ebean.test.LoggedSql;
+import io.ebean.xtest.BaseTestCase;
+import io.ebean.xtest.ForPlatform;
+import io.ebean.xtest.IgnorePlatform;
 import io.ebeaninternal.api.SpiEbeanServer;
 import org.junit.jupiter.api.Test;
 import org.tests.model.basic.EBasicEncrypt;
@@ -149,6 +149,11 @@ public void test() {
 
       assertEquals(1, list.size());
 
+      list = DB.find(EBasicEncrypt.class).where()
+        .in("description", "moddesc").findList();
+
+      assertEquals(1, list.size());
+
       list = DB.find(EBasicEncrypt.class).where().startsWith("description", "modde").findList();
 
       assertEquals(1, list.size());

diff --git a/ebean-test/src/test/java/org/tests/basic/encrypt/TestEncryptClientSide.java b/ebean-test/src/test/java/org/tests/basic/encrypt/TestEncryptClientSide.java
@@ -1,7 +1,7 @@
 package org.tests.basic.encrypt;
 
-import io.ebean.xtest.BaseTestCase;
 import io.ebean.DB;
+import io.ebean.xtest.BaseTestCase;
 import org.junit.jupiter.api.Test;
 import org.tests.model.basic.EBasicEncryptClient;
 
@@ -50,6 +50,16 @@ public void insertUpdate() {
     assertThat(found).isNotNull();
     assertThat(found.getDescription()).isEqualTo("goodbye");
 
+    found = DB.find(EBasicEncryptClient.class)
+      .where()
+      .in("description", "goodbye")
+      .in("status", EBasicEncryptClient.Status.TWO)
+      .in("dob", today)
+      .findOne();
+    assertThat(found).isNotNull();
+    assertThat(found.getDescription()).isEqualTo("goodbye");
+
+
     DB.delete(found);
   }
 }