From b6cd129c93700127a82e2bfe8ea4bfa037551568 Mon Sep 17 00:00:00 2001
From: Christoph Strobl <cstrobl@vmware.com>
Date: Tue, 18 Jul 2023 06:25:13 +0200
Subject: [PATCH] Fix schema generation for encrypted fields that are
 considered domain entities.

This commit makes sure to consider the encrypted annotation on fields that are considered domain type property values, encrypting the entire object if necessary.
---
 .../core/MappingMongoJsonSchemaCreator.java      |  3 ++-
 .../schema/IdentifiableJsonSchemaProperty.java   |  5 ++++-
 .../MappingMongoJsonSchemaCreatorUnitTests.java  | 16 ++++++++++++++++
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreator.java b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreator.java
index 0265382c4..33bbec8a7 100644
--- a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreator.java
+++ b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreator.java
@@ -203,8 +203,9 @@ class MappingMongoJsonSchemaCreator implements MongoJsonSchemaCreator {
 								target.properties(nestedProperties.toArray(new JsonSchemaProperty[0])), required));
 					}
 				}
-				return targetProperties.size() == 1 ? targetProperties.iterator().next()
+				JsonSchemaProperty schemaProperty = targetProperties.size() == 1 ? targetProperties.iterator().next()
 						: JsonSchemaProperty.merged(targetProperties);
+				return applyEncryptionDataIfNecessary(property, schemaProperty);
 			}
 		}
 
diff --git a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/schema/IdentifiableJsonSchemaProperty.java b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/schema/IdentifiableJsonSchemaProperty.java
index 3713a61a3..1d8df3f6b 100644
--- a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/schema/IdentifiableJsonSchemaProperty.java
+++ b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/schema/IdentifiableJsonSchemaProperty.java
@@ -36,6 +36,7 @@ import org.springframework.data.mongodb.core.schema.TypedJsonSchemaObject.Timest
 import org.springframework.lang.Nullable;
 import org.springframework.util.Assert;
 import org.springframework.util.ObjectUtils;
+import org.springframework.util.StringUtils;
 
 /**
  * {@link JsonSchemaProperty} implementation.
@@ -1139,7 +1140,9 @@ public class IdentifiableJsonSchemaProperty<T extends JsonSchemaObject> implemen
 				enc.append("bsonType", type.toBsonType().value()); // TODO: no samples with type -> is it bson type all the way?
 			}
 
-			enc.append("algorithm", algorithm);
+			if(StringUtils.hasText(algorithm)) {
+				enc.append("algorithm", algorithm);
+			}
 
 			propertySpecification.append("encrypt", enc);
 
diff --git a/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java b/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java
index 2b3368275..ac2fd8a94 100644
--- a/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java
+++ b/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java
@@ -271,6 +271,17 @@ class MappingMongoJsonSchemaCreatorUnitTests {
 				.containsEntry("properties.value", new Document("type", "string"));
 	}
 
+	@Test // GH-4454
+	void wrapEncryptedEntityTypeLikeProperty() {
+
+		MongoJsonSchema schema = MongoJsonSchemaCreator.create() //
+				.filter(MongoJsonSchemaCreator.encryptedOnly()) // filter non encrypted fields
+				.createSchemaFor(WithEncryptedEntityLikeProperty.class);
+
+		assertThat(schema.schemaDocument()) //
+				.containsEntry("properties.domainTypeValue", Document.parse("{'encrypt': {'bsonType': 'object' } }"));
+	}
+
 	// --> TYPES AND JSON
 
 	// --> ENUM
@@ -676,4 +687,9 @@ class MappingMongoJsonSchemaCreatorUnitTests {
 	static class PropertyClashWithA {
 		Integer aNonEncrypted;
 	}
+
+	@Encrypted(algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic")
+	static class WithEncryptedEntityLikeProperty {
+		@Encrypted SomeDomainType domainTypeValue;
+	}
 }