From ca95513f603dae73f258b9e091f004ffea785d90 Mon Sep 17 00:00:00 2001
From: Christoph Strobl <cstrobl@vmware.com>
Date: Wed, 12 Jan 2022 08:56:27 +0100
Subject: [PATCH 1/4] Prepare issue branch.

---
 pom.xml                                  | 2 +-
 spring-data-mongodb-benchmarks/pom.xml   | 2 +-
 spring-data-mongodb-distribution/pom.xml | 2 +-
 spring-data-mongodb/pom.xml              | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index 63af8ca470..3521265e86 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 
 	<groupId>org.springframework.data</groupId>
 	<artifactId>spring-data-mongodb-parent</artifactId>
-	<version>3.4.0-SNAPSHOT</version>
+	<version>3.4.0-GH-3929-SNAPSHOT</version>
 	<packaging>pom</packaging>
 
 	<name>Spring Data MongoDB</name>
diff --git a/spring-data-mongodb-benchmarks/pom.xml b/spring-data-mongodb-benchmarks/pom.xml
index e2704a6753..1fc93c70d0 100644
--- a/spring-data-mongodb-benchmarks/pom.xml
+++ b/spring-data-mongodb-benchmarks/pom.xml
@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>org.springframework.data</groupId>
 		<artifactId>spring-data-mongodb-parent</artifactId>
-		<version>3.4.0-SNAPSHOT</version>
+		<version>3.4.0-GH-3929-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/spring-data-mongodb-distribution/pom.xml b/spring-data-mongodb-distribution/pom.xml
index b75f8bf624..334e0beefb 100644
--- a/spring-data-mongodb-distribution/pom.xml
+++ b/spring-data-mongodb-distribution/pom.xml
@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>org.springframework.data</groupId>
 		<artifactId>spring-data-mongodb-parent</artifactId>
-		<version>3.4.0-SNAPSHOT</version>
+		<version>3.4.0-GH-3929-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/spring-data-mongodb/pom.xml b/spring-data-mongodb/pom.xml
index ca96626cc9..d1f0cc54f7 100644
--- a/spring-data-mongodb/pom.xml
+++ b/spring-data-mongodb/pom.xml
@@ -11,7 +11,7 @@
 	<parent>
 		<groupId>org.springframework.data</groupId>
 		<artifactId>spring-data-mongodb-parent</artifactId>
-		<version>3.4.0-SNAPSHOT</version>
+		<version>3.4.0-GH-3929-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 

From aa56fa7d77d963b1530b69fe6d3f82e9f7c9dd57 Mon Sep 17 00:00:00 2001
From: Christoph Strobl <cstrobl@vmware.com>
Date: Wed, 12 Jan 2022 09:29:43 +0100
Subject: [PATCH 2/4] Avoid schema keyId uuid representation errors.

To avoid driver configuration specific UUID representation format errors (binary subtype 3 vs. subtype 4) we now directly convert the given key into its subtype 4 format.

Resolves: #3929
---
 .../data/mongodb/util/encryption/EncryptionUtils.java  | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/util/encryption/EncryptionUtils.java b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/util/encryption/EncryptionUtils.java
index 809f83fdc9..e0ea7fa923 100644
--- a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/util/encryption/EncryptionUtils.java
+++ b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/util/encryption/EncryptionUtils.java
@@ -35,8 +35,7 @@ public final class EncryptionUtils {
 	/**
 	 * Resolve a given plain {@link String} value into the store native {@literal keyId} format, considering potential
 	 * {@link Expression expressions}. <br />
-	 * The potential keyId is probed against an {@link UUID#fromString(String) UUID value} and the {@literal base64}
-	 * encoded {@code $binary} representation.
+	 * The potential keyId is converted to the  {@literal base64} encoded {@code $binary} representation.
 	 *
 	 * @param value the source value to resolve the keyId for. Must not be {@literal null}.
 	 * @param evaluationContext a {@link Supplier} used to provide the {@link EvaluationContext} in case an
@@ -57,11 +56,8 @@ public static Object resolveKeyId(String value, Supplier<EvaluationContext> eval
 				return potentialKeyId;
 			}
 		}
-		try {
-			return UUID.fromString(potentialKeyId.toString());
-		} catch (IllegalArgumentException e) {
-			return org.bson.Document.parse("{ val : { $binary : { base64 : '" + potentialKeyId + "', subType : '04'} } }")
+
+		return org.bson.Document.parse("{ val : { $binary : { base64 : '" + potentialKeyId + "', subType : '04'} } }")
 					.get("val");
-		}
 	}
 }

From 3e7f9bb06a5a1fb8e04ebadb9659ab1167b37e67 Mon Sep 17 00:00:00 2001
From: Christoph Strobl <cstrobl@vmware.com>
Date: Thu, 13 Jan 2022 10:41:49 +0100
Subject: [PATCH 3/4] Update after review.

---
 .../mongodb/util/encryption/EncryptionUtils.java   | 14 +++++++++++---
 .../MappingMongoJsonSchemaCreatorUnitTests.java    |  7 ++++---
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/util/encryption/EncryptionUtils.java b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/util/encryption/EncryptionUtils.java
index e0ea7fa923..93713eb1bb 100644
--- a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/util/encryption/EncryptionUtils.java
+++ b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/util/encryption/EncryptionUtils.java
@@ -18,6 +18,9 @@
 import java.util.UUID;
 import java.util.function.Supplier;
 
+import org.bson.BsonBinary;
+import org.bson.BsonBinarySubType;
+import org.bson.types.Binary;
 import org.springframework.data.mongodb.util.spel.ExpressionUtils;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
@@ -35,7 +38,8 @@ public final class EncryptionUtils {
 	/**
 	 * Resolve a given plain {@link String} value into the store native {@literal keyId} format, considering potential
 	 * {@link Expression expressions}. <br />
-	 * The potential keyId is converted to the  {@literal base64} encoded {@code $binary} representation.
+	 * The potential keyId is probed against an {@link UUID#fromString(String) UUID value} or decoded from the
+	 * {@literal base64} representation prior to conversion into its {@link Binary} format.
 	 *
 	 * @param value the source value to resolve the keyId for. Must not be {@literal null}.
 	 * @param evaluationContext a {@link Supplier} used to provide the {@link EvaluationContext} in case an
@@ -57,7 +61,11 @@ public static Object resolveKeyId(String value, Supplier<EvaluationContext> eval
 			}
 		}
 
-		return org.bson.Document.parse("{ val : { $binary : { base64 : '" + potentialKeyId + "', subType : '04'} } }")
-					.get("val");
+		try {
+			return new Binary(BsonBinarySubType.UUID_STANDARD,
+					new BsonBinary(UUID.fromString(potentialKeyId.toString())).getData());
+		} catch (IllegalArgumentException e) {
+			return new Binary(BsonBinarySubType.UUID_STANDARD, org.bson.internal.Base64.decode(potentialKeyId.toString()));
+		}
 	}
 }
diff --git a/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java b/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java
index 797021cb8f..9f7b3f4e39 100644
--- a/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java
+++ b/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java
@@ -23,6 +23,7 @@
 import java.util.List;
 import java.util.Map;
 
+import org.bson.BsonDocument;
 import org.bson.Document;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -107,7 +108,7 @@ public void converterRegistered() {
 				.createSchemaFor(Patient.class);
 
 		Document targetSchema = schema.schemaDocument();
-		assertThat(targetSchema).isEqualTo(Document.parse(PATIENT));
+		assertThat(targetSchema.toBsonDocument()).isEqualTo(BsonDocument.parse(PATIENT));
 	}
 
 	@Test // GH-3800
@@ -136,7 +137,7 @@ public void csfleWithKeyFromProperties() {
 				.filter(MongoJsonSchemaCreator.encryptedOnly()) //
 				.createSchemaFor(EncryptionMetadataFromProperty.class);
 
-		assertThat(schema.schemaDocument()).isEqualTo(Document.parse(ENC_FROM_PROPERTY_SCHEMA));
+		assertThat(schema.schemaDocument().toBsonDocument()).isEqualTo(BsonDocument.parse(ENC_FROM_PROPERTY_SCHEMA));
 	}
 
 	@Test // GH-3800
@@ -154,7 +155,7 @@ public void csfleWithKeyFromMethod() {
 				.filter(MongoJsonSchemaCreator.encryptedOnly()) //
 				.createSchemaFor(EncryptionMetadataFromMethod.class);
 
-		assertThat(schema.schemaDocument()).isEqualTo(Document.parse(ENC_FROM_METHOD_SCHEMA));
+		assertThat(schema.schemaDocument().toBsonDocument()).isEqualTo(BsonDocument.parse(ENC_FROM_METHOD_SCHEMA));
 	}
 
 	// --> TYPES AND JSON

From defdbee52714fe4c7c2c141f8057acdfb1e92378 Mon Sep 17 00:00:00 2001
From: Christoph Strobl <cstrobl@vmware.com>
Date: Thu, 13 Jan 2022 14:30:14 +0100
Subject: [PATCH 4/4] Fix base64 encoded string

---
 .../data/mongodb/util/encryption/EncryptionUtils.java         | 4 +++-
 .../mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java  | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/util/encryption/EncryptionUtils.java b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/util/encryption/EncryptionUtils.java
index 93713eb1bb..3fd7c360ed 100644
--- a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/util/encryption/EncryptionUtils.java
+++ b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/util/encryption/EncryptionUtils.java
@@ -26,6 +26,7 @@
 import org.springframework.expression.Expression;
 import org.springframework.lang.Nullable;
 import org.springframework.util.Assert;
+import org.springframework.util.Base64Utils;
 
 /**
  * Internal utility class for dealing with encryption related matters.
@@ -65,7 +66,8 @@ public static Object resolveKeyId(String value, Supplier<EvaluationContext> eval
 			return new Binary(BsonBinarySubType.UUID_STANDARD,
 					new BsonBinary(UUID.fromString(potentialKeyId.toString())).getData());
 		} catch (IllegalArgumentException e) {
-			return new Binary(BsonBinarySubType.UUID_STANDARD, org.bson.internal.Base64.decode(potentialKeyId.toString()));
+
+			return new Binary(BsonBinarySubType.UUID_STANDARD, Base64Utils.decodeFromString(potentialKeyId.toString()));
 		}
 	}
 }
diff --git a/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java b/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java
index 9f7b3f4e39..33474c41e7 100644
--- a/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java
+++ b/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java
@@ -393,7 +393,7 @@ static class Insurance {
 	}
 
 	static final String ENC_FROM_PROPERTY_ENTITY_KEY = "C5a5aMB7Ttq4wSJTFeRn8g==";
-	static final String ENC_FROM_PROPERTY_PROPOERTY_KEY = "Mw6mdTVPQfm4quqSCLVB3g=";
+	static final String ENC_FROM_PROPERTY_PROPOERTY_KEY = "Mw6mdTVPQfm4quqSCLVB3g==";
 	static final String ENC_FROM_PROPERTY_SCHEMA = "{" + //
 			"  'encryptMetadata': {" + //
 			"    'keyId': [" + //