Polishing for formatting

Original Pull Request: #4455

.mvn/wrapper/maven-wrapper.properties

@@ -1,2 +1,2 @@
-#Tue Jun 13 08:54:58 CEST 2023
-distributionUrl=https\://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.2/apache-maven-3.9.2-bin.zip
+#Mon Jul 03 09:49:43 CEST 2023
+distributionUrl=https\://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.3/apache-maven-3.9.3-bin.zip

ci/pipeline.properties

@@ -1,5 +1,5 @@
 # Java versions
-java.main.tag=17.0.6_10-jdk-focal
+java.main.tag=17.0.7_7-jdk-focal
 java.next.tag=20-jdk-jammy
 
 # Docker container images - standard
@@ -7,15 +7,15 @@ docker.java.main.image=harbor-repo.vmware.com/dockerhub-proxy-cache/library/ecli
 docker.java.next.image=harbor-repo.vmware.com/dockerhub-proxy-cache/library/eclipse-temurin:${java.next.tag}
 
 # Supported versions of MongoDB
-docker.mongodb.4.4.version=4.4.18
-docker.mongodb.5.0.version=5.0.14
-docker.mongodb.6.0.version=6.0.4
+docker.mongodb.4.4.version=4.4.22
+docker.mongodb.5.0.version=5.0.18
+docker.mongodb.6.0.version=6.0.7
 
 # Supported versions of Redis
-docker.redis.6.version=6.2.10
+docker.redis.6.version=6.2.12
 
 # Supported versions of Cassandra
-docker.cassandra.3.version=3.11.14
+docker.cassandra.3.version=3.11.15
 
 # Docker environment settings
 docker.java.inside.basic=-v $HOME:/tmp/jenkins-home

pom.xml

@@ -5,7 +5,7 @@
 
 	<groupId>org.springframework.data</groupId>
 	<artifactId>spring-data-mongodb-parent</artifactId>
-	<version>4.2.0-SNAPSHOT</version>
+	<version>4.2.x-4454-SNAPSHOT</version>
 	<packaging>pom</packaging>
 
 	<name>Spring Data MongoDB</name>
@@ -27,7 +27,7 @@
 		<project.type>multi</project.type>
 		<dist.id>spring-data-mongodb</dist.id>
 		<springdata.commons>3.2.0-SNAPSHOT</springdata.commons>
-		<mongo>4.9.1</mongo>
+		<mongo>4.10.2</mongo>
 		<mongo.reactivestreams>${mongo}</mongo.reactivestreams>
 		<jmh.version>1.19</jmh.version>
 	</properties>

spring-data-mongodb-benchmarks/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>org.springframework.data</groupId>
 		<artifactId>spring-data-mongodb-parent</artifactId>
-		<version>4.2.0-SNAPSHOT</version>
+		<version>4.2.x-4454-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 

spring-data-mongodb-distribution/pom.xml

@@ -15,7 +15,7 @@
 	<parent>
 		<groupId>org.springframework.data</groupId>
 		<artifactId>spring-data-mongodb-parent</artifactId>
-		<version>4.2.0-SNAPSHOT</version>
+		<version>4.2.x-4454-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 

spring-data-mongodb/pom.xml

@@ -13,7 +13,7 @@
 	<parent>
 		<groupId>org.springframework.data</groupId>
 		<artifactId>spring-data-mongodb-parent</artifactId>
-		<version>4.2.0-SNAPSHOT</version>
+		<version>4.2.x-4454-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
@@ -115,7 +115,7 @@
 		<dependency>
 			<groupId>org.mongodb</groupId>
 			<artifactId>mongodb-crypt</artifactId>
-			<version>1.6.1</version>
+			<version>1.8.0</version>
 			<optional>true</optional>
 		</dependency>
 

spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreator.java

@@ -203,8 +203,9 @@ class MappingMongoJsonSchemaCreator implements MongoJsonSchemaCreator {
 								target.properties(nestedProperties.toArray(new JsonSchemaProperty[0])), required));
 					}
 				}
-				return targetProperties.size() == 1 ? targetProperties.iterator().next()
+				JsonSchemaProperty schemaProperty = targetProperties.size() == 1 ? targetProperties.iterator().next()
 						: JsonSchemaProperty.merged(targetProperties);
+				return applyEncryptionDataIfNecessary(property, schemaProperty);
 			}
 		}
 

spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/convert/QueryMapper.java

@@ -1089,7 +1089,7 @@ public class QueryMapper {
 	protected static class MetadataBackedField extends Field {
 
 		private static final Pattern POSITIONAL_PARAMETER_PATTERN = Pattern.compile("\\.\\$(\\[.*?\\])?");
-		private static final Pattern DOT_POSITIONAL_PATTERN = Pattern.compile("\\.\\d+(?!$)");
+		private static final Pattern NUMERIC_SEGMENT = Pattern.compile("\\d+");
 		private static final String INVALID_ASSOCIATION_REFERENCE = "Invalid path reference %s; Associations can only be pointed to directly or via their id property";
 
 		private final MongoPersistentEntity<?> entity;
@@ -1231,14 +1231,13 @@ public class QueryMapper {
 		private PersistentPropertyPath<MongoPersistentProperty> getPath(String pathExpression,
 				@Nullable MongoPersistentProperty sourceProperty) {
 
-			String rawPath = removePlaceholders(POSITIONAL_OPERATOR,
-					removePlaceholders(DOT_POSITIONAL_PATTERN, pathExpression));
-
 			if (sourceProperty != null && sourceProperty.getOwner().equals(entity)) {
 				return mappingContext.getPersistentPropertyPath(
 						PropertyPath.from(Pattern.quote(sourceProperty.getName()), entity.getTypeInformation()));
 			}
 
+			String rawPath = resolvePath(pathExpression);
+
 			PropertyPath path = forName(rawPath);
 			if (path == null || isPathToJavaLangClassProperty(path)) {
 				return null;
@@ -1333,6 +1332,38 @@ public class QueryMapper {
 			return false;
 		}
 
+		private static String resolvePath(String source) {
+
+			String[] segments = source.split("\\.");
+			if (segments.length == 1) {
+				return source;
+			}
+
+			List<String> path = new ArrayList<>(segments.length);
+
+			/* always start from a property, so we can skip the first segment.
+			   from there remove any position placeholder */
+			for(int i=1; i < segments.length; i++) {
+				String segment = segments[i];
+				if (segment.startsWith("[") && segment.endsWith("]")) {
+					continue;
+				}
+				if (NUMERIC_SEGMENT.matcher(segment).matches()) {
+					continue;
+				}
+				path.add(segment);
+			}
+
+			// when property is followed only by placeholders eg. 'values.0.3.90'
+			// or when there is no difference in the number of segments
+			if (path.isEmpty() || segments.length == path.size() + 1) {
+				return source;
+			}
+
+			path.add(0, segments[0]);
+			return StringUtils.collectionToDelimitedString(path, ".");
+		}
+
 		/**
 		 * Return the {@link Converter} to be used to created the mapped key. Default implementation will use
 		 * {@link PropertyToFieldNameConverter}.

spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/convert/encryption/MongoEncryptionConverter.java

@@ -17,6 +17,7 @@ package org.springframework.data.mongodb.core.convert.encryption;
 
 import java.util.Collection;
 import java.util.LinkedHashMap;
+import java.util.Map;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -63,7 +64,7 @@ public class MongoEncryptionConverter implements EncryptingConverter<Object, Obj
 	public Object read(Object value, MongoConversionContext context) {
 
 		Object decrypted = EncryptingConverter.super.read(value, context);
-		return decrypted instanceof BsonValue ? BsonUtils.toJavaType((BsonValue) decrypted) : decrypted;
+		return decrypted instanceof BsonValue bsonValue ? BsonUtils.toJavaType(bsonValue) : decrypted;
 	}
 
 	@Override
@@ -87,36 +88,56 @@ public class MongoEncryptionConverter implements EncryptingConverter<Object, Obj
 		}
 
 		MongoPersistentProperty persistentProperty = getProperty(context);
-
 		if (getProperty(context).isCollectionLike() && decryptedValue instanceof Iterable<?> iterable) {
 
 			int size = iterable instanceof Collection<?> c ? c.size() : 10;
 
 			if (!persistentProperty.isEntity()) {
 				Collection<Object> collection = CollectionFactory.createCollection(persistentProperty.getType(), size);
-				iterable.forEach(it -> collection.add(BsonUtils.toJavaType((BsonValue) it)));
+				iterable.forEach(it -> {
+					if (it instanceof BsonValue bsonValue) {
+						collection.add(BsonUtils.toJavaType(bsonValue));
+					} else {
+						collection.add(context.read(it, persistentProperty.getActualType()));
+					}
+				});
+
 				return collection;
 			} else {
 				Collection<Object> collection = CollectionFactory.createCollection(persistentProperty.getType(), size);
 				iterable.forEach(it -> {
-					collection.add(context.read(BsonUtils.toJavaType((BsonValue) it), persistentProperty.getActualType()));
+					if (it instanceof BsonValue bsonValue) {
+						collection.add(context.read(BsonUtils.toJavaType(bsonValue), persistentProperty.getActualType()));
+					} else {
+						collection.add(context.read(it, persistentProperty.getActualType()));
+					}
 				});
 				return collection;
 			}
 		}
 
-		if (!persistentProperty.isEntity() && decryptedValue instanceof BsonValue bsonValue) {
-			if (persistentProperty.isMap() && persistentProperty.getType() != Document.class) {
-				return new LinkedHashMap<>((Document) BsonUtils.toJavaType(bsonValue));
-
+		if (!persistentProperty.isEntity() && persistentProperty.isMap()) {
+			if (persistentProperty.getType() != Document.class) {
+				if (decryptedValue instanceof BsonValue bsonValue) {
+					return new LinkedHashMap<>((Document) BsonUtils.toJavaType(bsonValue));
+				}
+				if (decryptedValue instanceof Document document) {
+					return new LinkedHashMap<>(document);
+				}
+				if (decryptedValue instanceof Map map) {
+					return map;
+				}
 			}
-			return BsonUtils.toJavaType(bsonValue);
 		}
 
 		if (persistentProperty.isEntity() && decryptedValue instanceof BsonDocument bsonDocument) {
 			return context.read(BsonUtils.toJavaType(bsonDocument), persistentProperty.getTypeInformation().getType());
 		}
 
+		if (persistentProperty.isEntity() && decryptedValue instanceof Document document) {
+			return context.read(document, persistentProperty.getTypeInformation().getType());
+		}
+
 		return decryptedValue;
 	}
 

spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/query/Query.java

@@ -31,6 +31,7 @@ import java.util.Set;
 
 import org.bson.Document;
 import org.springframework.data.domain.KeysetScrollPosition;
+import org.springframework.data.domain.Limit;
 import org.springframework.data.domain.OffsetScrollPosition;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.domain.ScrollPosition;
@@ -66,7 +67,7 @@ public class Query implements ReadConcernAware, ReadPreferenceAware {
 	private @Nullable Field fieldSpec = null;
 	private Sort sort = Sort.unsorted();
 	private long skip;
-	private int limit;
+	private Limit limit = Limit.unlimited();
 
 	private KeysetScrollPosition keysetScrollPosition;
 	private @Nullable ReadConcern readConcern;
@@ -155,10 +156,30 @@ public class Query implements ReadConcernAware, ReadPreferenceAware {
 	 * @return this.
 	 */
 	public Query limit(int limit) {
-		this.limit = limit;
+		this.limit = limit > 0 ? Limit.of(limit) : Limit.unlimited();
 		return this;
 	}
 
+	/**
+	 * Limit the number of returned documents to {@link Limit}.
+	 *
+	 * @param limit number of documents to return.
+	 * @return this.
+	 * @since 4.2
+	 */
+	public Query limit(Limit limit) {
+
+		Assert.notNull(limit, "Limit must not be null");
+
+		if (limit.isUnlimited()) {
+			this.limit = limit;
+			return this;
+		}
+
+		// retain zero/negative semantics for unlimited.
+		return limit(limit.max());
+	}
+
 	/**
 	 * Configures the query to use the given hint when being executed. The {@code hint} can either be an index name or a
 	 * json {@link Document} representation.
@@ -254,7 +275,7 @@ public class Query implements ReadConcernAware, ReadPreferenceAware {
 			return this;
 		}
 
-		this.limit = pageable.getPageSize();
+		this.limit = pageable.toLimit();
 		this.skip = pageable.getOffset();
 
 		return with(pageable.getSort());
@@ -457,7 +478,7 @@ public class Query implements ReadConcernAware, ReadPreferenceAware {
 	 * @since 4.1
 	 */
 	public boolean isLimited() {
-		return this.limit > 0;
+		return this.limit.isLimited();
 	}
 
 	/**
@@ -468,7 +489,7 @@ public class Query implements ReadConcernAware, ReadPreferenceAware {
 	 * @see #isLimited()
 	 */
 	public int getLimit() {
-		return this.limit;
+		return limit.isUnlimited() ? 0 : this.limit.max();
 	}
 
 	/**
@@ -683,7 +704,8 @@ public class Query implements ReadConcernAware, ReadPreferenceAware {
 		};
 
 		target.skip = source.getSkip();
-		target.limit = source.getLimit();
+
+		target.limit = source.isLimited() ? Limit.of(source.getLimit()) : Limit.unlimited();
 		target.hint = source.getHint();
 		target.collation = source.getCollation();
 		target.restrictedTypes = new HashSet<>(source.getRestrictedTypes());
@@ -746,7 +768,7 @@ public class Query implements ReadConcernAware, ReadPreferenceAware {
 		result += 31 * nullSafeHashCode(sort);
 		result += 31 * nullSafeHashCode(hint);
 		result += 31 * skip;
-		result += 31 * limit;
+		result += 31 * limit.hashCode();
 		result += 31 * nullSafeHashCode(meta);
 		result += 31 * nullSafeHashCode(collation.orElse(null));
 

spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/schema/IdentifiableJsonSchemaProperty.java

@@ -36,6 +36,7 @@ import org.springframework.data.mongodb.core.schema.TypedJsonSchemaObject.Timest
 import org.springframework.lang.Nullable;
 import org.springframework.util.Assert;
 import org.springframework.util.ObjectUtils;
+import org.springframework.util.StringUtils;
 
 /**
  * {@link JsonSchemaProperty} implementation.
@@ -1139,7 +1140,9 @@ public class IdentifiableJsonSchemaProperty<T extends JsonSchemaObject> implemen
 				enc.append("bsonType", type.toBsonType().value()); // TODO: no samples with type -> is it bson type all the way?
 			}
 
-			enc.append("algorithm", algorithm);
+			if (StringUtils.hasText(algorithm)) {
+				enc.append("algorithm", algorithm);
+			}
 
 			propertySpecification.append("encrypt", enc);
 

spring-data-mongodb/src/main/java/org/springframework/data/mongodb/repository/query/ConvertingParameterAccessor.java

@@ -21,6 +21,7 @@ import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
 
+import org.springframework.data.domain.Limit;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.domain.Range;
 import org.springframework.data.domain.ScrollPosition;
@@ -117,6 +118,11 @@ public class ConvertingParameterAccessor implements MongoParameterAccessor {
 		return delegate.getUpdate();
 	}
 
+	@Override
+	public Limit getLimit() {
+		return delegate.getLimit();
+	}
+
 	/**
 	 * Converts the given value with the underlying {@link MongoWriter}.
 	 *

spring-data-mongodb/src/main/java/org/springframework/data/mongodb/util/BsonUtils.java

@@ -15,26 +15,33 @@
  */
 package org.springframework.data.mongodb.util;
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
+import java.util.List;
 import java.util.Map;
 import java.util.StringJoiner;
 import java.util.function.Function;
 import java.util.stream.StreamSupport;
 
 import org.bson.*;
+import org.bson.codecs.Codec;
 import org.bson.codecs.DocumentCodec;
+import org.bson.codecs.EncoderContext;
+import org.bson.codecs.configuration.CodecConfigurationException;
 import org.bson.codecs.configuration.CodecRegistry;
 import org.bson.conversions.Bson;
 import org.bson.json.JsonParseException;
 import org.bson.types.Binary;
+import org.bson.types.Decimal128;
 import org.bson.types.ObjectId;
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.data.mongodb.CodecRegistryProvider;
 import org.springframework.lang.Nullable;
 import org.springframework.util.Assert;
+import org.springframework.util.ClassUtils;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.ObjectUtils;
 import org.springframework.util.StringUtils;
@@ -103,7 +110,7 @@ public class BsonUtils {
 			return dbo.toMap();
 		}
 
-		return new Document((Map) bson.toBsonDocument(Document.class, codecRegistry));
+		return new Document(bson.toBsonDocument(Document.class, codecRegistry));
 	}
 
 	/**
@@ -280,36 +287,22 @@ public class BsonUtils {
 	 */
 	public static Object toJavaType(BsonValue value) {
 
-		switch (value.getBsonType()) {
-			case INT32:
-				return value.asInt32().getValue();
-			case INT64:
-				return value.asInt64().getValue();
-			case STRING:
-				return value.asString().getValue();
-			case DECIMAL128:
-				return value.asDecimal128().doubleValue();
-			case DOUBLE:
-				return value.asDouble().getValue();
-			case BOOLEAN:
-				return value.asBoolean().getValue();
-			case OBJECT_ID:
-				return value.asObjectId().getValue();
-			case DB_POINTER:
-				return new DBRef(value.asDBPointer().getNamespace(), value.asDBPointer().getId());
-			case BINARY:
-				return value.asBinary().getData();
-			case DATE_TIME:
-				return new Date(value.asDateTime().getValue());
-			case SYMBOL:
-				return value.asSymbol().getSymbol();
-			case ARRAY:
-				return value.asArray().toArray();
-			case DOCUMENT:
-				return Document.parse(value.asDocument().toJson());
-			default:
-				return value;
-		}
+		return switch (value.getBsonType()) {
+			case INT32 -> value.asInt32().getValue();
+			case INT64 -> value.asInt64().getValue();
+			case STRING -> value.asString().getValue();
+			case DECIMAL128 -> value.asDecimal128().doubleValue();
+			case DOUBLE -> value.asDouble().getValue();
+			case BOOLEAN -> value.asBoolean().getValue();
+			case OBJECT_ID -> value.asObjectId().getValue();
+			case DB_POINTER -> new DBRef(value.asDBPointer().getNamespace(), value.asDBPointer().getId());
+			case BINARY -> value.asBinary().getData();
+			case DATE_TIME -> new Date(value.asDateTime().getValue());
+			case SYMBOL -> value.asSymbol().getSymbol();
+			case ARRAY -> value.asArray().toArray();
+			case DOCUMENT -> Document.parse(value.asDocument().toJson());
+			default -> value;
+		};
 	}
 
 	/**
@@ -321,6 +314,21 @@ public class BsonUtils {
 	 * @since 3.0
 	 */
 	public static BsonValue simpleToBsonValue(Object source) {
+		return simpleToBsonValue(source, MongoClientSettings.getDefaultCodecRegistry());
+	}
+
+	/**
+	 * Convert a given simple value (eg. {@link String}, {@link Long}) to its corresponding {@link BsonValue}.
+	 *
+	 * @param source must not be {@literal null}.
+	 * @param codecRegistry The {@link CodecRegistry} used as a fallback to convert types using native {@link Codec}. Must
+	 *          not be {@literal null}.
+	 * @return the corresponding {@link BsonValue} representation.
+	 * @throws IllegalArgumentException if {@literal source} does not correspond to a {@link BsonValue} type.
+	 * @since 4.2
+	 */
+	@SuppressWarnings("unchecked")
+	public static BsonValue simpleToBsonValue(Object source, CodecRegistry codecRegistry) {
 
 		if (source instanceof BsonValue bsonValue) {
 			return bsonValue;
@@ -358,17 +366,35 @@ public class BsonUtils {
 			return new BsonDouble(floatValue);
 		}
 
-		if(source instanceof Binary binary) {
+		if (source instanceof Binary binary) {
 			return new BsonBinary(binary.getType(), binary.getData());
 		}
 
-		throw new IllegalArgumentException(String.format("Unable to convert %s (%s) to BsonValue.", source,
-				source != null ? source.getClass().getName() : "null"));
+		if (source instanceof Date date) {
+			new BsonDateTime(date.getTime());
+		}
+
+		try {
+
+			Object value = source;
+			if (ClassUtils.isPrimitiveArray(source.getClass())) {
+				value = CollectionUtils.arrayToList(source);
+			}
+
+			Codec codec = codecRegistry.get(value.getClass());
+			BsonCapturingWriter writer = new BsonCapturingWriter(value.getClass());
+			codec.encode(writer, value,
+					ObjectUtils.isArray(value) || value instanceof Collection<?> ? EncoderContext.builder().build() : null);
+			return writer.getCapturedValue();
+		} catch (CodecConfigurationException e) {
+			throw new IllegalArgumentException(
+					String.format("Unable to convert %s to BsonValue.", source != null ? source.getClass().getName() : "null"));
+		}
 	}
 
 	/**
 	 * Merge the given {@link Document documents} into on in the given order. Keys contained within multiple documents are
-	 * overwritten by their follow ups.
+	 * overwritten by their follow-ups.
 	 *
 	 * @param documents must not be {@literal null}. Can be empty.
 	 * @return the document containing all key value pairs.
@@ -669,7 +695,7 @@ public class BsonUtils {
 
 			if (value instanceof Collection<?> collection) {
 				return toString(collection);
-			} else if (value instanceof Map<?,?> map) {
+			} else if (value instanceof Map<?, ?> map) {
 				return toString(map);
 			} else if (ObjectUtils.isArray(value)) {
 				return toString(Arrays.asList(ObjectUtils.toObjectArray(value)));
@@ -691,8 +717,9 @@ public class BsonUtils {
 
 	private static String toString(Map<?, ?> source) {
 
+		// Avoid String.format for performance
 		return iterableToDelimitedString(source.entrySet(), "{ ", " }",
-				entry -> String.format("\"%s\" : %s", entry.getKey(), toJson(entry.getValue())));
+				entry -> "\"" + entry.getKey() + "\" : " + toJson(entry.getValue()));
 	}
 
 	private static String toString(Collection<?> source) {
@@ -708,4 +735,160 @@ public class BsonUtils {
 
 		return joiner.toString();
 	}
+
+	static class BsonCapturingWriter extends AbstractBsonWriter {
+
+		private final List<BsonValue> values = new ArrayList<>(0);
+
+		public BsonCapturingWriter(Class<?> type) {
+			super(new BsonWriterSettings());
+
+			if (ClassUtils.isAssignable(Map.class, type)) {
+				setContext(new Context(null, BsonContextType.DOCUMENT));
+			} else if (ClassUtils.isAssignable(List.class, type) || type.isArray()) {
+				setContext(new Context(null, BsonContextType.ARRAY));
+			} else {
+				setContext(new Context(null, BsonContextType.DOCUMENT));
+			}
+		}
+
+		@Nullable
+		BsonValue getCapturedValue() {
+
+			if (values.isEmpty()) {
+				return null;
+			}
+			if (!getContext().getContextType().equals(BsonContextType.ARRAY)) {
+				return values.get(0);
+			}
+
+			return new BsonArray(values);
+		}
+
+		@Override
+		protected void doWriteStartDocument() {
+
+		}
+
+		@Override
+		protected void doWriteEndDocument() {
+
+		}
+
+		@Override
+		public void writeStartArray() {
+			setState(State.VALUE);
+		}
+
+		@Override
+		public void writeEndArray() {
+			setState(State.NAME);
+		}
+
+		@Override
+		protected void doWriteStartArray() {
+
+		}
+
+		@Override
+		protected void doWriteEndArray() {
+
+		}
+
+		@Override
+		protected void doWriteBinaryData(BsonBinary value) {
+			values.add(value);
+		}
+
+		@Override
+		protected void doWriteBoolean(boolean value) {
+			values.add(BsonBoolean.valueOf(value));
+		}
+
+		@Override
+		protected void doWriteDateTime(long value) {
+			values.add(new BsonDateTime(value));
+		}
+
+		@Override
+		protected void doWriteDBPointer(BsonDbPointer value) {
+			values.add(value);
+		}
+
+		@Override
+		protected void doWriteDouble(double value) {
+			values.add(new BsonDouble(value));
+		}
+
+		@Override
+		protected void doWriteInt32(int value) {
+			values.add(new BsonInt32(value));
+		}
+
+		@Override
+		protected void doWriteInt64(long value) {
+			values.add(new BsonInt64(value));
+		}
+
+		@Override
+		protected void doWriteDecimal128(Decimal128 value) {
+			values.add(new BsonDecimal128(value));
+		}
+
+		@Override
+		protected void doWriteJavaScript(String value) {
+			values.add(new BsonJavaScript(value));
+		}
+
+		@Override
+		protected void doWriteJavaScriptWithScope(String value) {
+			throw new UnsupportedOperationException("Cannot capture JavaScriptWith");
+		}
+
+		@Override
+		protected void doWriteMaxKey() {}
+
+		@Override
+		protected void doWriteMinKey() {}
+
+		@Override
+		protected void doWriteNull() {
+			values.add(new BsonNull());
+		}
+
+		@Override
+		protected void doWriteObjectId(ObjectId value) {
+			values.add(new BsonObjectId(value));
+		}
+
+		@Override
+		protected void doWriteRegularExpression(BsonRegularExpression value) {
+			values.add(value);
+		}
+
+		@Override
+		protected void doWriteString(String value) {
+			values.add(new BsonString(value));
+		}
+
+		@Override
+		protected void doWriteSymbol(String value) {
+			values.add(new BsonSymbol(value));
+		}
+
+		@Override
+		protected void doWriteTimestamp(BsonTimestamp value) {
+			values.add(value);
+		}
+
+		@Override
+		protected void doWriteUndefined() {
+			values.add(new BsonUndefined());
+		}
+
+		@Override
+		public void flush() {
+			values.clear();
+		}
+	}
 }

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java

@@ -271,6 +271,17 @@ class MappingMongoJsonSchemaCreatorUnitTests {
 				.containsEntry("properties.value", new Document("type", "string"));
 	}
 
+	@Test // GH-4454
+	void wrapEncryptedEntityTypeLikeProperty() {
+
+		MongoJsonSchema schema = MongoJsonSchemaCreator.create() //
+				.filter(MongoJsonSchemaCreator.encryptedOnly()) // filter non encrypted fields
+				.createSchemaFor(WithEncryptedEntityLikeProperty.class);
+
+		assertThat(schema.schemaDocument()) //
+				.containsEntry("properties.domainTypeValue", Document.parse("{'encrypt': {'bsonType': 'object' } }"));
+	}
+
 	// --> TYPES AND JSON
 
 	// --> ENUM
@@ -676,4 +687,9 @@ class MappingMongoJsonSchemaCreatorUnitTests {
 	static class PropertyClashWithA {
 		Integer aNonEncrypted;
 	}
+
+	@Encrypted(algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic")
+	static class WithEncryptedEntityLikeProperty {
+		@Encrypted SomeDomainType domainTypeValue;
+	}
 }

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MongoTemplateValidationTests.java

@@ -33,8 +33,10 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.dao.DataIntegrityViolationException;
 import org.springframework.data.mongodb.config.AbstractMongoClientConfiguration;
 import org.springframework.data.mongodb.core.CollectionOptions.ValidationOptions;
+import org.springframework.data.mongodb.core.mapping.Encrypted;
 import org.springframework.data.mongodb.core.mapping.Field;
 import org.springframework.data.mongodb.core.query.Criteria;
+import org.springframework.data.mongodb.core.schema.MongoJsonSchema;
 import org.springframework.data.mongodb.test.util.Client;
 import org.springframework.data.mongodb.test.util.MongoClientExtension;
 import org.springframework.lang.Nullable;
@@ -46,11 +48,13 @@ import com.mongodb.client.model.ValidationLevel;
 
 /**
  * Integration tests for {@link CollectionOptions#validation(ValidationOptions)} using
- * {@link org.springframework.data.mongodb.core.validation.CriteriaValidator} and
- * {@link org.springframework.data.mongodb.core.validation.DocumentValidator}.
+ * {@link org.springframework.data.mongodb.core.validation.CriteriaValidator},
+ * {@link org.springframework.data.mongodb.core.validation.DocumentValidator} and
+ * {@link org.springframework.data.mongodb.core.validation.JsonSchemaValidator}.
  *
  * @author Andreas Zink
  * @author Christoph Strobl
+ * @author Julia Lee
  */
 @ExtendWith({ MongoClientExtension.class, SpringExtension.class })
 public class MongoTemplateValidationTests {
@@ -186,6 +190,20 @@ public class MongoTemplateValidationTests {
 		assertThat(getValidatorInfo(COLLECTION_NAME)).isEqualTo(new Document("customName", new Document("$type", "bool")));
 	}
 
+	@Test // GH-4454
+	public void failsJsonSchemaValidationForEncryptedDomainEntityProperty() {
+
+		MongoJsonSchema schema = MongoJsonSchemaCreator.create().createSchemaFor(BeanWithEncryptedDomainEntity.class);
+		template.createCollection(COLLECTION_NAME, CollectionOptions.empty().schema(schema));
+
+		BeanWithEncryptedDomainEntity person = new BeanWithEncryptedDomainEntity();
+		person.encryptedDomainEntity = new SimpleBean("some string", 100, null);
+
+		assertThatExceptionOfType(DataIntegrityViolationException.class)
+			.isThrownBy(() -> template.save(person))
+			.withMessageContaining("Document failed validation");
+	}
+
 	private Document getCollectionOptions(String collectionName) {
 		return getCollectionInfo(collectionName).get("options", Document.class);
 	}
@@ -271,4 +289,10 @@ public class MongoTemplateValidationTests {
 			return "MongoTemplateValidationTests.SimpleBean(nonNullString=" + this.getNonNullString() + ", rangedInteger=" + this.getRangedInteger() + ", customFieldName=" + this.getCustomFieldName() + ")";
 		}
 	}
+
+	@org.springframework.data.mongodb.core.mapping.Document(collection = COLLECTION_NAME)
+	@Encrypted(algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic")
+	static class BeanWithEncryptedDomainEntity {
+		@Encrypted SimpleBean encryptedDomainEntity;
+	}
 }

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/convert/MappingMongoConverterUnitTests.java

@@ -25,7 +25,6 @@ import java.math.BigInteger;
 import java.net.URL;
 import java.time.LocalDate;
 import java.time.LocalDateTime;
-import java.time.ZoneOffset;
 import java.time.temporal.ChronoUnit;
 import java.util.*;
 
@@ -106,6 +105,7 @@ import com.mongodb.DBRef;
  * @author Mark Paluch
  * @author Roman Puchkovskiy
  * @author Heesu Jung
+ * @author Julia Lee
  */
 @ExtendWith(MockitoExtension.class)
 class MappingMongoConverterUnitTests {
@@ -2619,7 +2619,7 @@ class MappingMongoConverterUnitTests {
 	void projectShouldReadSimpleInterfaceProjection() {
 
 		org.bson.Document source = new org.bson.Document("birthDate",
-				Date.from(LocalDate.of(1999, 12, 1).atStartOfDay().toInstant(ZoneOffset.UTC))).append("foo", "Walter");
+				Date.from(LocalDate.of(1999, 12, 1).atStartOfDay(systemDefault()).toInstant())).append("foo", "Walter");
 
 		EntityProjectionIntrospector discoverer = EntityProjectionIntrospector.create(converter.getProjectionFactory(),
 				EntityProjectionIntrospector.ProjectionPredicate.typeHierarchy()
@@ -2637,7 +2637,7 @@ class MappingMongoConverterUnitTests {
 	void projectShouldReadSimpleDtoProjection() {
 
 		org.bson.Document source = new org.bson.Document("birthDate",
-				Date.from(LocalDate.of(1999, 12, 1).atStartOfDay().toInstant(ZoneOffset.UTC))).append("foo", "Walter");
+				Date.from(LocalDate.of(1999, 12, 1).atStartOfDay(systemDefault()).toInstant())).append("foo", "Walter");
 
 		EntityProjectionIntrospector introspector = EntityProjectionIntrospector.create(converter.getProjectionFactory(),
 				EntityProjectionIntrospector.ProjectionPredicate.typeHierarchy()

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/convert/UpdateMapperUnitTests.java

@@ -31,6 +31,8 @@ import org.bson.types.ObjectId;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.Mockito;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.core.convert.converter.Converter;
@@ -1207,24 +1209,26 @@ class UpdateMapperUnitTests {
 		assertThat(mappedUpdate).isEqualTo(new org.bson.Document("$set", new org.bson.Document("levelOne.a.b.d", "e")));
 	}
 
-	@Test // GH-3775
-	void mapNestedIntegerFieldCorrectly() {
+	@ParameterizedTest // GH-3775, GH-4426
+	@ValueSource(strings = {"levelOne.0.1.3", "levelOne.0.1.32", "levelOne2.0.1.32", "levelOne2.0.1.320"})
+	void mapNestedIntegerFieldCorrectly(String path) {
 
-		Update update = new Update().set("levelOne.0.1.3", "4");
+		Update update = new Update().set(path, "4");
 		Document mappedUpdate = mapper.getMappedObject(update.getUpdateObject(),
 				context.getPersistentEntity(EntityWithNestedMap.class));
 
-		assertThat(mappedUpdate).isEqualTo(new org.bson.Document("$set", new org.bson.Document("levelOne.0.1.3", "4")));
+		assertThat(mappedUpdate).isEqualTo(new org.bson.Document("$set", new org.bson.Document(path, "4")));
 	}
 
-	@Test // GH-3775
-	void mapNestedMixedStringIntegerFieldCorrectly() {
+	@ParameterizedTest // GH-3775, GH-4426
+	@ValueSource(strings = {"levelOne.0.1.c", "levelOne.0.1.c.32", "levelOne2.0.1.32.c", "levelOne2.0.1.c.320"})
+	void mapNestedMixedStringIntegerFieldCorrectly(String path) {
 
-		Update update = new Update().set("levelOne.0.1.c", "4");
+		Update update = new Update().set(path, "4");
 		Document mappedUpdate = mapper.getMappedObject(update.getUpdateObject(),
 				context.getPersistentEntity(EntityWithNestedMap.class));
 
-		assertThat(mappedUpdate).isEqualTo(new org.bson.Document("$set", new org.bson.Document("levelOne.0.1.c", "4")));
+		assertThat(mappedUpdate).isEqualTo(new org.bson.Document("$set", new org.bson.Document(path, "4")));
 	}
 
 	@Test // GH-3775
@@ -1732,6 +1736,7 @@ class UpdateMapperUnitTests {
 
 	static class EntityWithNestedMap {
 		Map<String, Map<String, Map<String, Object>>> levelOne;
+		Map<String, Map<String, Map<String, Object>>> levelOne2;
 	}
 
 	static class Customer {

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/encryption/AbstractEncryptionTestBase.java

@@ -0,0 +1,756 @@
+/*
+ * Copyright 2023 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.data.mongodb.core.encryption;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.springframework.data.mongodb.core.EncryptionAlgorithms.*;
+import static org.springframework.data.mongodb.core.aggregation.Aggregation.*;
+import static org.springframework.data.mongodb.core.query.Criteria.*;
+
+import java.security.SecureRandom;
+import java.time.LocalDate;
+import java.time.Month;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.concurrent.atomic.AtomicReference;
+import java.util.function.Consumer;
+import java.util.function.Function;
+import java.util.function.Supplier;
+
+import org.assertj.core.api.Assertions;
+import org.bson.BsonBinary;
+import org.bson.Document;
+import org.bson.types.Binary;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.DisposableBean;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.dao.PermissionDeniedDataAccessException;
+import org.springframework.data.convert.PropertyValueConverterFactory;
+import org.springframework.data.mongodb.config.AbstractMongoClientConfiguration;
+import org.springframework.data.mongodb.core.MongoTemplate;
+import org.springframework.data.mongodb.core.aggregation.Aggregation;
+import org.springframework.data.mongodb.core.aggregation.AggregationResults;
+import org.springframework.data.mongodb.core.convert.MongoCustomConversions.MongoConverterConfigurationAdapter;
+import org.springframework.data.mongodb.core.convert.encryption.MongoEncryptionConverter;
+import org.springframework.data.mongodb.core.mapping.ExplicitEncrypted;
+import org.springframework.data.mongodb.core.query.Update;
+import org.springframework.data.util.Lazy;
+
+import com.mongodb.ClientEncryptionSettings;
+import com.mongodb.ConnectionString;
+import com.mongodb.MongoClientSettings;
+import com.mongodb.MongoNamespace;
+import com.mongodb.client.MongoClient;
+import com.mongodb.client.MongoClients;
+import com.mongodb.client.MongoCollection;
+import com.mongodb.client.model.Filters;
+import com.mongodb.client.model.IndexOptions;
+import com.mongodb.client.model.Indexes;
+import com.mongodb.client.model.vault.DataKeyOptions;
+import com.mongodb.client.vault.ClientEncryption;
+import com.mongodb.client.vault.ClientEncryptions;
+
+/**
+ * @author Christoph Strobl
+ * @author Julia Lee
+ */
+public abstract class AbstractEncryptionTestBase {
+
+	@Autowired MongoTemplate template;
+
+	@Test // GH-4284
+	void encryptAndDecryptSimpleValue() {
+
+		Person source = new Person();
+		source.id = "id-1";
+		source.ssn = "mySecretSSN";
+
+		template.save(source);
+
+		verifyThat(source) //
+				.identifiedBy(Person::getId) //
+				.wasSavedMatching(it -> assertThat(it.get("ssn")).isInstanceOf(Binary.class)) //
+				.loadedIsEqualToSource();
+	}
+
+	@Test // GH-4432
+	void encryptAndDecryptJavaTime() {
+
+		Person source = new Person();
+		source.id = "id-1";
+		source.today = LocalDate.of(1979, Month.SEPTEMBER, 18);
+
+		template.save(source);
+
+		verifyThat(source) //
+				.identifiedBy(Person::getId) //
+				.wasSavedMatching(it -> assertThat(it.get("today")).isInstanceOf(Binary.class)) //
+				.loadedIsEqualToSource();
+	}
+
+	@Test // GH-4284
+	void encryptAndDecryptComplexValue() {
+
+		Person source = new Person();
+		source.id = "id-1";
+		source.address = new Address();
+		source.address.city = "NYC";
+		source.address.street = "4th Ave.";
+
+		template.save(source);
+
+		verifyThat(source) //
+				.identifiedBy(Person::getId) //
+				.wasSavedMatching(it -> assertThat(it.get("address")).isInstanceOf(Binary.class)) //
+				.loadedIsEqualToSource();
+	}
+
+	@Test // GH-4284
+	void encryptAndDecryptValueWithinComplexOne() {
+
+		Person source = new Person();
+		source.id = "id-1";
+		source.encryptedZip = new AddressWithEncryptedZip();
+		source.encryptedZip.city = "Boston";
+		source.encryptedZip.street = "central square";
+		source.encryptedZip.zip = "1234567890";
+
+		template.save(source);
+
+		verifyThat(source) //
+				.identifiedBy(Person::getId) //
+				.wasSavedMatching(it -> {
+					assertThat(it.get("encryptedZip")).isInstanceOf(Document.class);
+					assertThat(it.get("encryptedZip", Document.class).get("city")).isInstanceOf(String.class);
+					assertThat(it.get("encryptedZip", Document.class).get("street")).isInstanceOf(String.class);
+					assertThat(it.get("encryptedZip", Document.class).get("zip")).isInstanceOf(Binary.class);
+				}) //
+				.loadedIsEqualToSource();
+	}
+
+	@Test // GH-4284
+	void encryptAndDecryptListOfSimpleValue() {
+
+		Person source = new Person();
+		source.id = "id-1";
+		source.listOfString = Arrays.asList("spring", "data", "mongodb");
+
+		template.save(source);
+
+		verifyThat(source) //
+				.identifiedBy(Person::getId) //
+				.wasSavedMatching(it -> assertThat(it.get("listOfString")).isInstanceOf(Binary.class)) //
+				.loadedIsEqualToSource();
+	}
+
+	@Test // GH-4284
+	void encryptAndDecryptListOfComplexValue() {
+
+		Person source = new Person();
+		source.id = "id-1";
+
+		Address address = new Address();
+		address.city = "SFO";
+		address.street = "---";
+
+		source.listOfComplex = Collections.singletonList(address);
+
+		template.save(source);
+
+		verifyThat(source) //
+				.identifiedBy(Person::getId) //
+				.wasSavedMatching(it -> assertThat(it.get("listOfComplex")).isInstanceOf(Binary.class)) //
+				.loadedIsEqualToSource();
+	}
+
+	@Test // GH-4284
+	void encryptAndDecryptMapOfSimpleValues() {
+
+		Person source = new Person();
+		source.id = "id-1";
+		source.mapOfString = Map.of("k1", "v1", "k2", "v2");
+
+		template.save(source);
+
+		verifyThat(source) //
+				.identifiedBy(Person::getId) //
+				.wasSavedMatching(it -> assertThat(it.get("mapOfString")).isInstanceOf(Binary.class)) //
+				.loadedIsEqualToSource();
+	}
+
+	@Test // GH-4284
+	void encryptAndDecryptMapOfComplexValues() {
+
+		Person source = new Person();
+		source.id = "id-1";
+
+		Address address1 = new Address();
+		address1.city = "SFO";
+		address1.street = "---";
+
+		Address address2 = new Address();
+		address2.city = "NYC";
+		address2.street = "---";
+
+		source.mapOfComplex = Map.of("a1", address1, "a2", address2);
+
+		template.save(source);
+
+		verifyThat(source) //
+				.identifiedBy(Person::getId) //
+				.wasSavedMatching(it -> assertThat(it.get("mapOfComplex")).isInstanceOf(Binary.class)) //
+				.loadedIsEqualToSource();
+	}
+
+	@Test // GH-4284
+	void canQueryDeterministicallyEncrypted() {
+
+		Person source = new Person();
+		source.id = "id-1";
+		source.ssn = "mySecretSSN";
+
+		template.save(source);
+
+		Person loaded = template.query(Person.class).matching(where("ssn").is(source.ssn)).firstValue();
+		assertThat(loaded).isEqualTo(source);
+	}
+
+	@Test // GH-4284
+	void cannotQueryRandomlyEncrypted() {
+
+		Person source = new Person();
+		source.id = "id-1";
+		source.wallet = "secret-wallet-id";
+
+		template.save(source);
+
+		Person loaded = template.query(Person.class).matching(where("wallet").is(source.wallet)).firstValue();
+		assertThat(loaded).isNull();
+	}
+
+	@Test // GH-4284
+	void updateSimpleTypeEncryptedFieldWithNewValue() {
+
+		Person source = new Person();
+		source.id = "id-1";
+
+		template.save(source);
+
+		template.update(Person.class).matching(where("id").is(source.id)).apply(Update.update("ssn", "secret-value"))
+				.first();
+
+		verifyThat(source) //
+				.identifiedBy(Person::getId) //
+				.wasSavedMatching(it -> assertThat(it.get("ssn")).isInstanceOf(Binary.class)) //
+				.loadedMatches(it -> assertThat(it.getSsn()).isEqualTo("secret-value"));
+	}
+
+	@Test // GH-4284
+	void updateComplexTypeEncryptedFieldWithNewValue() {
+
+		Person source = new Person();
+		source.id = "id-1";
+
+		template.save(source);
+
+		Address address = new Address();
+		address.city = "SFO";
+		address.street = "---";
+
+		template.update(Person.class).matching(where("id").is(source.id)).apply(Update.update("address", address)).first();
+
+		verifyThat(source) //
+				.identifiedBy(Person::getId) //
+				.wasSavedMatching(it -> assertThat(it.get("address")).isInstanceOf(Binary.class)) //
+				.loadedMatches(it -> assertThat(it.getAddress()).isEqualTo(address));
+	}
+
+	@Test // GH-4284
+	void updateEncryptedFieldInNestedElementWithNewValue() {
+
+		Person source = new Person();
+		source.id = "id-1";
+		source.encryptedZip = new AddressWithEncryptedZip();
+		source.encryptedZip.city = "Boston";
+		source.encryptedZip.street = "central square";
+
+		template.save(source);
+
+		template.update(Person.class).matching(where("id").is(source.id)).apply(Update.update("encryptedZip.zip", "179"))
+				.first();
+
+		verifyThat(source) //
+				.identifiedBy(Person::getId) //
+				.wasSavedMatching(it -> {
+					assertThat(it.get("encryptedZip")).isInstanceOf(Document.class);
+					assertThat(it.get("encryptedZip", Document.class).get("city")).isInstanceOf(String.class);
+					assertThat(it.get("encryptedZip", Document.class).get("street")).isInstanceOf(String.class);
+					assertThat(it.get("encryptedZip", Document.class).get("zip")).isInstanceOf(Binary.class);
+				}) //
+				.loadedMatches(it -> assertThat(it.getEncryptedZip().getZip()).isEqualTo("179"));
+	}
+
+	@Test
+	void aggregationWithMatch() {
+
+		Person person = new Person();
+		person.id = "id-1";
+		person.name = "p1-name";
+		person.ssn = "mySecretSSN";
+
+		template.save(person);
+
+		AggregationResults<Person> aggregationResults = template.aggregateAndReturn(Person.class)
+				.by(newAggregation(Person.class, Aggregation.match(where("ssn").is(person.ssn)))).all();
+		assertThat(aggregationResults.getMappedResults()).containsExactly(person);
+	}
+
+	@Test
+	void altKeyDetection(@Autowired CachingMongoClientEncryption mongoClientEncryption) throws InterruptedException {
+
+		BsonBinary user1key = mongoClientEncryption.getClientEncryption().createDataKey("local",
+				new DataKeyOptions().keyAltNames(Collections.singletonList("user-1")));
+
+		BsonBinary user2key = mongoClientEncryption.getClientEncryption().createDataKey("local",
+				new DataKeyOptions().keyAltNames(Collections.singletonList("user-2")));
+
+		Person p1 = new Person();
+		p1.id = "id-1";
+		p1.name = "user-1";
+		p1.ssn = "ssn";
+		p1.viaAltKeyNameField = "value-1";
+
+		Person p2 = new Person();
+		p2.id = "id-2";
+		p2.name = "user-2";
+		p2.viaAltKeyNameField = "value-1";
+
+		Person p3 = new Person();
+		p3.id = "id-3";
+		p3.name = "user-1";
+		p3.viaAltKeyNameField = "value-1";
+
+		template.save(p1);
+		template.save(p2);
+		template.save(p3);
+
+		template.execute(Person.class, collection -> {
+			collection.find(new Document()).forEach(it -> System.out.println(it.toJson()));
+			return null;
+		});
+
+		// remove the key and invalidate encrypted data
+		mongoClientEncryption.getClientEncryption().deleteKey(user2key);
+
+		// clear the 60 second key cache within the mongo client
+		mongoClientEncryption.destroy();
+
+		assertThat(template.query(Person.class).matching(where("id").is(p1.id)).firstValue()).isEqualTo(p1);
+
+		assertThatExceptionOfType(PermissionDeniedDataAccessException.class)
+				.isThrownBy(() -> template.query(Person.class).matching(where("id").is(p2.id)).firstValue());
+	}
+
+	<T> SaveAndLoadAssert<T> verifyThat(T source) {
+		return new SaveAndLoadAssert<>(source);
+	}
+
+	class SaveAndLoadAssert<T> {
+
+		T source;
+		Function<T, ?> idProvider;
+
+		SaveAndLoadAssert(T source) {
+			this.source = source;
+		}
+
+		SaveAndLoadAssert<T> identifiedBy(Function<T, ?> idProvider) {
+			this.idProvider = idProvider;
+			return this;
+		}
+
+		SaveAndLoadAssert<T> wasSavedAs(Document expected) {
+			return wasSavedMatching(it -> Assertions.assertThat(it).isEqualTo(expected));
+		}
+
+		SaveAndLoadAssert<T> wasSavedMatching(Consumer<Document> saved) {
+			AbstractEncryptionTestBase.this.assertSaved(source, idProvider, saved);
+			return this;
+		}
+
+		SaveAndLoadAssert<T> loadedMatches(Consumer<T> expected) {
+			AbstractEncryptionTestBase.this.assertLoaded(source, idProvider, expected);
+			return this;
+		}
+
+		SaveAndLoadAssert<T> loadedIsEqualToSource() {
+			return loadedIsEqualTo(source);
+		}
+
+		SaveAndLoadAssert<T> loadedIsEqualTo(T expected) {
+			return loadedMatches(it -> Assertions.assertThat(it).isEqualTo(expected));
+		}
+
+	}
+
+	<T> void assertSaved(T source, Function<T, ?> idProvider, Consumer<Document> dbValue) {
+
+		Document savedDocument = template.execute(Person.class, collection -> {
+
+			MongoNamespace namespace = collection.getNamespace();
+
+			try (MongoClient rawClient = MongoClients.create()) {
+				return rawClient.getDatabase(namespace.getDatabaseName()).getCollection(namespace.getCollectionName())
+						.find(new Document("_id", idProvider.apply(source))).first();
+			}
+		});
+		dbValue.accept(savedDocument);
+	}
+
+	<T> void assertLoaded(T source, Function<T, ?> idProvider, Consumer<T> loadedValue) {
+
+		T loaded = template.query((Class<T>) source.getClass()).matching(where("id").is(idProvider.apply(source)))
+				.firstValue();
+
+		loadedValue.accept(loaded);
+	}
+
+	protected static class EncryptionConfig extends AbstractMongoClientConfiguration {
+
+		@Autowired ApplicationContext applicationContext;
+
+		@Override
+		protected String getDatabaseName() {
+			return "fle-test";
+		}
+
+		@Bean
+		public MongoClient mongoClient() {
+			return super.mongoClient();
+		}
+
+		@Override
+		protected void configureConverters(MongoConverterConfigurationAdapter converterConfigurationAdapter) {
+
+			converterConfigurationAdapter
+					.registerPropertyValueConverterFactory(PropertyValueConverterFactory.beanFactoryAware(applicationContext))
+					.useNativeDriverJavaTimeCodecs();
+		}
+
+		@Bean
+		MongoEncryptionConverter encryptingConverter(MongoClientEncryption mongoClientEncryption) {
+
+			Lazy<BsonBinary> dataKey = Lazy.of(() -> mongoClientEncryption.getClientEncryption().createDataKey("local",
+					new DataKeyOptions().keyAltNames(Collections.singletonList("mySuperSecretKey"))));
+
+			return new MongoEncryptionConverter(mongoClientEncryption,
+					EncryptionKeyResolver.annotated((ctx) -> EncryptionKey.keyId(dataKey.get())));
+		}
+
+		@Bean
+		CachingMongoClientEncryption clientEncryption(ClientEncryptionSettings encryptionSettings) {
+			return new CachingMongoClientEncryption(() -> ClientEncryptions.create(encryptionSettings));
+		}
+
+		@Bean
+		ClientEncryptionSettings encryptionSettings(MongoClient mongoClient) {
+
+			MongoNamespace keyVaultNamespace = new MongoNamespace("encryption.testKeyVault");
+			MongoCollection<Document> keyVaultCollection = mongoClient.getDatabase(keyVaultNamespace.getDatabaseName())
+					.getCollection(keyVaultNamespace.getCollectionName());
+			keyVaultCollection.drop();
+			// Ensure that two data keys cannot share the same keyAltName.
+			keyVaultCollection.createIndex(Indexes.ascending("keyAltNames"),
+					new IndexOptions().unique(true).partialFilterExpression(Filters.exists("keyAltNames")));
+
+			MongoCollection<Document> collection = mongoClient.getDatabase(getDatabaseName()).getCollection("test");
+			collection.drop(); // Clear old data
+
+			byte[] localMasterKey = new byte[96];
+			new SecureRandom().nextBytes(localMasterKey);
+			Map<String, Map<String, Object>> kmsProviders = Map.of("local", Map.of("key", localMasterKey));
+
+			// Create the ClientEncryption instance
+			return ClientEncryptionSettings.builder() //
+					.keyVaultMongoClientSettings(
+							MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build()) //
+					.keyVaultNamespace(keyVaultNamespace.getFullName()) //
+					.kmsProviders(kmsProviders) //
+					.build();
+		}
+	}
+
+	static class CachingMongoClientEncryption extends MongoClientEncryption implements DisposableBean {
+
+		static final AtomicReference<ClientEncryption> cache = new AtomicReference<>();
+
+		CachingMongoClientEncryption(Supplier<ClientEncryption> source) {
+			super(() -> {
+
+				if (cache.get() != null) {
+					return cache.get();
+				}
+
+				ClientEncryption clientEncryption = source.get();
+				cache.set(clientEncryption);
+
+				return clientEncryption;
+			});
+		}
+
+		@Override
+		public void destroy() {
+
+			ClientEncryption clientEncryption = cache.get();
+			if (clientEncryption != null) {
+				clientEncryption.close();
+				cache.set(null);
+			}
+		}
+	}
+
+	@org.springframework.data.mongodb.core.mapping.Document("test")
+	static class Person {
+
+		String id;
+		String name;
+
+		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic) //
+		String ssn;
+
+		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random, keyAltName = "mySuperSecretKey") //
+		String wallet;
+
+		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random) // full document must be random
+		Address address;
+
+		AddressWithEncryptedZip encryptedZip;
+
+		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random) // lists must be random
+		List<String> listOfString;
+
+		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random) // lists must be random
+		List<Address> listOfComplex;
+
+		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random, keyAltName = "/name") //
+		String viaAltKeyNameField;
+
+		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random) //
+		Map<String, String> mapOfString;
+
+		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random) //
+		Map<String, Address> mapOfComplex;
+
+		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random) //
+		LocalDate today;
+
+		public String getId() {
+			return this.id;
+		}
+
+		public String getName() {
+			return this.name;
+		}
+
+		public String getSsn() {
+			return this.ssn;
+		}
+
+		public String getWallet() {
+			return this.wallet;
+		}
+
+		public Address getAddress() {
+			return this.address;
+		}
+
+		public AddressWithEncryptedZip getEncryptedZip() {
+			return this.encryptedZip;
+		}
+
+		public List<String> getListOfString() {
+			return this.listOfString;
+		}
+
+		public List<Address> getListOfComplex() {
+			return this.listOfComplex;
+		}
+
+		public String getViaAltKeyNameField() {
+			return this.viaAltKeyNameField;
+		}
+
+		public Map<String, String> getMapOfString() {
+			return this.mapOfString;
+		}
+
+		public Map<String, Address> getMapOfComplex() {
+			return this.mapOfComplex;
+		}
+
+		public LocalDate getToday() {
+			return today;
+		}
+
+		public void setId(String id) {
+			this.id = id;
+		}
+
+		public void setName(String name) {
+			this.name = name;
+		}
+
+		public void setSsn(String ssn) {
+			this.ssn = ssn;
+		}
+
+		public void setWallet(String wallet) {
+			this.wallet = wallet;
+		}
+
+		public void setAddress(Address address) {
+			this.address = address;
+		}
+
+		public void setEncryptedZip(AddressWithEncryptedZip encryptedZip) {
+			this.encryptedZip = encryptedZip;
+		}
+
+		public void setListOfString(List<String> listOfString) {
+			this.listOfString = listOfString;
+		}
+
+		public void setListOfComplex(List<Address> listOfComplex) {
+			this.listOfComplex = listOfComplex;
+		}
+
+		public void setViaAltKeyNameField(String viaAltKeyNameField) {
+			this.viaAltKeyNameField = viaAltKeyNameField;
+		}
+
+		public void setMapOfString(Map<String, String> mapOfString) {
+			this.mapOfString = mapOfString;
+		}
+
+		public void setMapOfComplex(Map<String, Address> mapOfComplex) {
+			this.mapOfComplex = mapOfComplex;
+		}
+
+		public void setToday(LocalDate today) {
+			this.today = today;
+		}
+
+		@Override
+		public boolean equals(Object o) {
+			if (o == this) {
+				return true;
+			}
+			if (o == null || getClass() != o.getClass()) {
+				return false;
+			}
+			Person person = (Person) o;
+			return Objects.equals(id, person.id) && Objects.equals(name, person.name) && Objects.equals(ssn, person.ssn)
+					&& Objects.equals(wallet, person.wallet) && Objects.equals(address, person.address)
+					&& Objects.equals(encryptedZip, person.encryptedZip) && Objects.equals(listOfString, person.listOfString)
+					&& Objects.equals(listOfComplex, person.listOfComplex)
+					&& Objects.equals(viaAltKeyNameField, person.viaAltKeyNameField)
+					&& Objects.equals(mapOfString, person.mapOfString) && Objects.equals(mapOfComplex, person.mapOfComplex)
+					&& Objects.equals(today, person.today);
+		}
+
+		@Override
+		public int hashCode() {
+			return Objects.hash(id, name, ssn, wallet, address, encryptedZip, listOfString, listOfComplex, viaAltKeyNameField,
+					mapOfString, mapOfComplex, today);
+		}
+
+		public String toString() {
+			return "EncryptionTests.Person(id=" + this.getId() + ", name=" + this.getName() + ", ssn=" + this.getSsn()
+					+ ", wallet=" + this.getWallet() + ", address=" + this.getAddress() + ", encryptedZip="
+					+ this.getEncryptedZip() + ", listOfString=" + this.getListOfString() + ", listOfComplex="
+					+ this.getListOfComplex() + ", viaAltKeyNameField=" + this.getViaAltKeyNameField() + ", mapOfString="
+					+ this.getMapOfString() + ", mapOfComplex=" + this.getMapOfComplex() + ", today=" + this.getToday() + ")";
+		}
+	}
+
+	static class Address {
+		String city;
+		String street;
+
+		public Address() {}
+
+		public String getCity() {
+			return this.city;
+		}
+
+		public String getStreet() {
+			return this.street;
+		}
+
+		public void setCity(String city) {
+			this.city = city;
+		}
+
+		public void setStreet(String street) {
+			this.street = street;
+		}
+
+		@Override
+		public boolean equals(Object o) {
+			if (o == this) {
+				return true;
+			}
+			if (o == null || getClass() != o.getClass()) {
+				return false;
+			}
+			Address address = (Address) o;
+			return Objects.equals(city, address.city) && Objects.equals(street, address.street);
+		}
+
+		@Override
+		public int hashCode() {
+			return Objects.hash(city, street);
+		}
+
+		public String toString() {
+			return "EncryptionTests.Address(city=" + this.getCity() + ", street=" + this.getStreet() + ")";
+		}
+	}
+
+	static class AddressWithEncryptedZip extends Address {
+
+		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random) String zip;
+
+		@Override
+		public String toString() {
+			return "AddressWithEncryptedZip{" + "zip='" + zip + '\'' + ", city='" + getCity() + '\'' + ", street='"
+					+ getStreet() + '\'' + '}';
+		}
+
+		public String getZip() {
+			return this.zip;
+		}
+
+		public void setZip(String zip) {
+			this.zip = zip;
+		}
+	}
+}

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/encryption/BypassAutoEncryptionTest.java

@@ -0,0 +1,64 @@
+/*
+ * Copyright 2023 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.data.mongodb.core.encryption;
+
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+
+import com.mongodb.AutoEncryptionSettings;
+import com.mongodb.ClientEncryptionSettings;
+import com.mongodb.MongoClientSettings.Builder;
+import com.mongodb.client.MongoClient;
+import com.mongodb.client.MongoClients;
+
+/**
+ * Encryption tests for client having {@link AutoEncryptionSettings#isBypassAutoEncryption()}.
+ *
+ * @author Christoph Strobl
+ * @author Julia Lee
+ */
+@ExtendWith(SpringExtension.class)
+@ContextConfiguration(classes = BypassAutoEncryptionTest.Config.class)
+public class BypassAutoEncryptionTest extends AbstractEncryptionTestBase {
+
+	@Disabled
+	@Override
+	void altKeyDetection(@Autowired CachingMongoClientEncryption mongoClientEncryption) throws InterruptedException {
+		super.altKeyDetection(mongoClientEncryption);
+	}
+
+	@Configuration
+	static class Config extends EncryptionConfig {
+
+		@Override
+		protected void configureClientSettings(Builder builder) {
+
+			MongoClient mongoClient = MongoClients.create();
+			ClientEncryptionSettings clientEncryptionSettings = encryptionSettings(mongoClient);
+			mongoClient.close();
+
+			builder.autoEncryptionSettings(AutoEncryptionSettings.builder() //
+					.kmsProviders(clientEncryptionSettings.getKmsProviders()) //
+					.keyVaultNamespace(clientEncryptionSettings.getKeyVaultNamespace()) //
+					.bypassAutoEncryption(true).build());
+		}
+	}
+}

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/encryption/EncryptionTests.java

@@ -15,721 +15,16 @@
  */
 package org.springframework.data.mongodb.core.encryption;
 
-import static org.assertj.core.api.Assertions.*;
-import static org.springframework.data.mongodb.core.EncryptionAlgorithms.*;
-import static org.springframework.data.mongodb.core.aggregation.Aggregation.*;
-import static org.springframework.data.mongodb.core.query.Criteria.*;
-
-import java.security.SecureRandom;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.concurrent.atomic.AtomicReference;
-import java.util.function.Consumer;
-import java.util.function.Function;
-import java.util.function.Supplier;
-
-import org.assertj.core.api.Assertions;
-import org.bson.BsonBinary;
-import org.bson.Document;
-import org.bson.types.Binary;
-import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.springframework.beans.factory.DisposableBean;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.dao.PermissionDeniedDataAccessException;
-import org.springframework.data.convert.PropertyValueConverterFactory;
-import org.springframework.data.mongodb.config.AbstractMongoClientConfiguration;
-import org.springframework.data.mongodb.core.MongoTemplate;
-import org.springframework.data.mongodb.core.aggregation.Aggregation;
-import org.springframework.data.mongodb.core.aggregation.AggregationResults;
-import org.springframework.data.mongodb.core.convert.MongoCustomConversions.MongoConverterConfigurationAdapter;
-import org.springframework.data.mongodb.core.convert.encryption.MongoEncryptionConverter;
-import org.springframework.data.mongodb.core.encryption.EncryptionTests.Config;
-import org.springframework.data.mongodb.core.mapping.ExplicitEncrypted;
-import org.springframework.data.mongodb.core.query.Update;
-import org.springframework.data.util.Lazy;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
 
-import com.mongodb.ClientEncryptionSettings;
-import com.mongodb.ConnectionString;
-import com.mongodb.MongoClientSettings;
-import com.mongodb.MongoNamespace;
-import com.mongodb.client.MongoClient;
-import com.mongodb.client.MongoCollection;
-import com.mongodb.client.model.Filters;
-import com.mongodb.client.model.IndexOptions;
-import com.mongodb.client.model.Indexes;
-import com.mongodb.client.model.vault.DataKeyOptions;
-import com.mongodb.client.vault.ClientEncryption;
-import com.mongodb.client.vault.ClientEncryptions;
-
 /**
  * @author Christoph Strobl
+ * @author Julia Lee
  */
 @ExtendWith(SpringExtension.class)
-@ContextConfiguration(classes = Config.class)
-public class EncryptionTests {
+@ContextConfiguration(classes = AbstractEncryptionTestBase.EncryptionConfig.class)
+public class EncryptionTests extends AbstractEncryptionTestBase {
 
-	@Autowired MongoTemplate template;
-
-	@Test // GH-4284
-	void encryptAndDecryptSimpleValue() {
-
-		Person source = new Person();
-		source.id = "id-1";
-		source.ssn = "mySecretSSN";
-
-		template.save(source);
-
-		verifyThat(source) //
-				.identifiedBy(Person::getId) //
-				.wasSavedMatching(it -> assertThat(it.get("ssn")).isInstanceOf(Binary.class)) //
-				.loadedIsEqualToSource();
-	}
-
-	@Test // GH-4284
-	void encryptAndDecryptComplexValue() {
-
-		Person source = new Person();
-		source.id = "id-1";
-		source.address = new Address();
-		source.address.city = "NYC";
-		source.address.street = "4th Ave.";
-
-		template.save(source);
-
-		verifyThat(source) //
-				.identifiedBy(Person::getId) //
-				.wasSavedMatching(it -> assertThat(it.get("address")).isInstanceOf(Binary.class)) //
-				.loadedIsEqualToSource();
-	}
-
-	@Test // GH-4284
-	void encryptAndDecryptValueWithinComplexOne() {
-
-		Person source = new Person();
-		source.id = "id-1";
-		source.encryptedZip = new AddressWithEncryptedZip();
-		source.encryptedZip.city = "Boston";
-		source.encryptedZip.street = "central square";
-		source.encryptedZip.zip = "1234567890";
-
-		template.save(source);
-
-		verifyThat(source) //
-				.identifiedBy(Person::getId) //
-				.wasSavedMatching(it -> {
-					assertThat(it.get("encryptedZip")).isInstanceOf(Document.class);
-					assertThat(it.get("encryptedZip", Document.class).get("city")).isInstanceOf(String.class);
-					assertThat(it.get("encryptedZip", Document.class).get("street")).isInstanceOf(String.class);
-					assertThat(it.get("encryptedZip", Document.class).get("zip")).isInstanceOf(Binary.class);
-				}) //
-				.loadedIsEqualToSource();
-	}
-
-	@Test // GH-4284
-	void encryptAndDecryptListOfSimpleValue() {
-
-		Person source = new Person();
-		source.id = "id-1";
-		source.listOfString = Arrays.asList("spring", "data", "mongodb");
-
-		template.save(source);
-
-		verifyThat(source) //
-				.identifiedBy(Person::getId) //
-				.wasSavedMatching(it -> assertThat(it.get("listOfString")).isInstanceOf(Binary.class)) //
-				.loadedIsEqualToSource();
-	}
-
-	@Test // GH-4284
-	void encryptAndDecryptListOfComplexValue() {
-
-		Person source = new Person();
-		source.id = "id-1";
-
-		Address address = new Address();
-		address.city = "SFO";
-		address.street = "---";
-
-		source.listOfComplex = Collections.singletonList(address);
-
-		template.save(source);
-
-		verifyThat(source) //
-				.identifiedBy(Person::getId) //
-				.wasSavedMatching(it -> assertThat(it.get("listOfComplex")).isInstanceOf(Binary.class)) //
-				.loadedIsEqualToSource();
-	}
-
-	@Test // GH-4284
-	void encryptAndDecryptMapOfSimpleValues() {
-
-		Person source = new Person();
-		source.id = "id-1";
-		source.mapOfString = Map.of("k1", "v1", "k2", "v2");
-
-		template.save(source);
-
-		verifyThat(source) //
-				.identifiedBy(Person::getId) //
-				.wasSavedMatching(it -> assertThat(it.get("mapOfString")).isInstanceOf(Binary.class)) //
-				.loadedIsEqualToSource();
-	}
-
-	@Test // GH-4284
-	void encryptAndDecryptMapOfComplexValues() {
-
-		Person source = new Person();
-		source.id = "id-1";
-
-		Address address1 = new Address();
-		address1.city = "SFO";
-		address1.street = "---";
-
-		Address address2 = new Address();
-		address2.city = "NYC";
-		address2.street = "---";
-
-		source.mapOfComplex = Map.of("a1", address1, "a2", address2);
-
-		template.save(source);
-
-		verifyThat(source) //
-				.identifiedBy(Person::getId) //
-				.wasSavedMatching(it -> assertThat(it.get("mapOfComplex")).isInstanceOf(Binary.class)) //
-				.loadedIsEqualToSource();
-	}
-
-	@Test // GH-4284
-	void canQueryDeterministicallyEncrypted() {
-
-		Person source = new Person();
-		source.id = "id-1";
-		source.ssn = "mySecretSSN";
-
-		template.save(source);
-
-		Person loaded = template.query(Person.class).matching(where("ssn").is(source.ssn)).firstValue();
-		assertThat(loaded).isEqualTo(source);
-	}
-
-	@Test // GH-4284
-	void cannotQueryRandomlyEncrypted() {
-
-		Person source = new Person();
-		source.id = "id-1";
-		source.wallet = "secret-wallet-id";
-
-		template.save(source);
-
-		Person loaded = template.query(Person.class).matching(where("wallet").is(source.wallet)).firstValue();
-		assertThat(loaded).isNull();
-	}
-
-	@Test // GH-4284
-	void updateSimpleTypeEncryptedFieldWithNewValue() {
-
-		Person source = new Person();
-		source.id = "id-1";
-
-		template.save(source);
-
-		template.update(Person.class).matching(where("id").is(source.id)).apply(Update.update("ssn", "secret-value"))
-				.first();
-
-		verifyThat(source) //
-				.identifiedBy(Person::getId) //
-				.wasSavedMatching(it -> assertThat(it.get("ssn")).isInstanceOf(Binary.class)) //
-				.loadedMatches(it -> assertThat(it.getSsn()).isEqualTo("secret-value"));
-	}
-
-	@Test // GH-4284
-	void updateComplexTypeEncryptedFieldWithNewValue() {
-
-		Person source = new Person();
-		source.id = "id-1";
-
-		template.save(source);
-
-		Address address = new Address();
-		address.city = "SFO";
-		address.street = "---";
-
-		template.update(Person.class).matching(where("id").is(source.id)).apply(Update.update("address", address)).first();
-
-		verifyThat(source) //
-				.identifiedBy(Person::getId) //
-				.wasSavedMatching(it -> assertThat(it.get("address")).isInstanceOf(Binary.class)) //
-				.loadedMatches(it -> assertThat(it.getAddress()).isEqualTo(address));
-	}
-
-	@Test // GH-4284
-	void updateEncryptedFieldInNestedElementWithNewValue() {
-
-		Person source = new Person();
-		source.id = "id-1";
-		source.encryptedZip = new AddressWithEncryptedZip();
-		source.encryptedZip.city = "Boston";
-		source.encryptedZip.street = "central square";
-
-		template.save(source);
-
-		template.update(Person.class).matching(where("id").is(source.id)).apply(Update.update("encryptedZip.zip", "179"))
-				.first();
-
-		verifyThat(source) //
-				.identifiedBy(Person::getId) //
-				.wasSavedMatching(it -> {
-					assertThat(it.get("encryptedZip")).isInstanceOf(Document.class);
-					assertThat(it.get("encryptedZip", Document.class).get("city")).isInstanceOf(String.class);
-					assertThat(it.get("encryptedZip", Document.class).get("street")).isInstanceOf(String.class);
-					assertThat(it.get("encryptedZip", Document.class).get("zip")).isInstanceOf(Binary.class);
-				}) //
-				.loadedMatches(it -> assertThat(it.getEncryptedZip().getZip()).isEqualTo("179"));
-	}
-
-	@Test
-	void aggregationWithMatch() {
-
-		Person person = new Person();
-		person.id = "id-1";
-		person.name = "p1-name";
-		person.ssn = "mySecretSSN";
-
-		template.save(person);
-
-		AggregationResults<Person> aggregationResults = template.aggregateAndReturn(Person.class)
-				.by(newAggregation(Person.class, Aggregation.match(where("ssn").is(person.ssn)))).all();
-		assertThat(aggregationResults.getMappedResults()).containsExactly(person);
-	}
-
-	@Test
-	void altKeyDetection(@Autowired CachingMongoClientEncryption mongoClientEncryption) throws InterruptedException {
-
-		BsonBinary user1key = mongoClientEncryption.getClientEncryption().createDataKey("local",
-				new DataKeyOptions().keyAltNames(Collections.singletonList("user-1")));
-
-		BsonBinary user2key = mongoClientEncryption.getClientEncryption().createDataKey("local",
-				new DataKeyOptions().keyAltNames(Collections.singletonList("user-2")));
-
-		Person p1 = new Person();
-		p1.id = "id-1";
-		p1.name = "user-1";
-		p1.ssn = "ssn";
-		p1.viaAltKeyNameField = "value-1";
-
-		Person p2 = new Person();
-		p2.id = "id-2";
-		p2.name = "user-2";
-		p2.viaAltKeyNameField = "value-1";
-
-		Person p3 = new Person();
-		p3.id = "id-3";
-		p3.name = "user-1";
-		p3.viaAltKeyNameField = "value-1";
-
-		template.save(p1);
-		template.save(p2);
-		template.save(p3);
-
-		template.execute(Person.class, collection -> {
-			collection.find(new Document()).forEach(it -> System.out.println(it.toJson()));
-			return null;
-		});
-
-		// remove the key and invalidate encrypted data
-		mongoClientEncryption.getClientEncryption().deleteKey(user2key);
-
-		// clear the 60 second key cache within the mongo client
-		mongoClientEncryption.destroy();
-
-		assertThat(template.query(Person.class).matching(where("id").is(p1.id)).firstValue()).isEqualTo(p1);
-
-		assertThatExceptionOfType(PermissionDeniedDataAccessException.class)
-				.isThrownBy(() -> template.query(Person.class).matching(where("id").is(p2.id)).firstValue());
-	}
-
-	<T> SaveAndLoadAssert<T> verifyThat(T source) {
-		return new SaveAndLoadAssert<>(source);
-	}
-
-	class SaveAndLoadAssert<T> {
-
-		T source;
-		Function<T, ?> idProvider;
-
-		SaveAndLoadAssert(T source) {
-			this.source = source;
-		}
-
-		SaveAndLoadAssert<T> identifiedBy(Function<T, ?> idProvider) {
-			this.idProvider = idProvider;
-			return this;
-		}
-
-		SaveAndLoadAssert<T> wasSavedAs(Document expected) {
-			return wasSavedMatching(it -> Assertions.assertThat(it).isEqualTo(expected));
-		}
-
-		SaveAndLoadAssert<T> wasSavedMatching(Consumer<Document> saved) {
-			EncryptionTests.this.assertSaved(source, idProvider, saved);
-			return this;
-		}
-
-		SaveAndLoadAssert<T> loadedMatches(Consumer<T> expected) {
-			EncryptionTests.this.assertLoaded(source, idProvider, expected);
-			return this;
-		}
-
-		SaveAndLoadAssert<T> loadedIsEqualToSource() {
-			return loadedIsEqualTo(source);
-		}
-
-		SaveAndLoadAssert<T> loadedIsEqualTo(T expected) {
-			return loadedMatches(it -> Assertions.assertThat(it).isEqualTo(expected));
-		}
-
-	}
-
-	<T> void assertSaved(T source, Function<T, ?> idProvider, Consumer<Document> dbValue) {
-
-		Document savedDocument = template.execute(Person.class, collection -> {
-			return collection.find(new Document("_id", idProvider.apply(source))).first();
-		});
-		dbValue.accept(savedDocument);
-	}
-
-	<T> void assertLoaded(T source, Function<T, ?> idProvider, Consumer<T> loadedValue) {
-
-		T loaded = template.query((Class<T>) source.getClass()).matching(where("id").is(idProvider.apply(source)))
-				.firstValue();
-
-		loadedValue.accept(loaded);
-	}
-
-	@Configuration
-	static class Config extends AbstractMongoClientConfiguration {
-
-		@Autowired ApplicationContext applicationContext;
-
-		@Override
-		protected String getDatabaseName() {
-			return "fle-test";
-		}
-
-		@Bean
-		public MongoClient mongoClient() {
-			return super.mongoClient();
-		}
-
-		@Override
-		protected void configureConverters(MongoConverterConfigurationAdapter converterConfigurationAdapter) {
-
-			converterConfigurationAdapter
-					.registerPropertyValueConverterFactory(PropertyValueConverterFactory.beanFactoryAware(applicationContext));
-		}
-
-		@Bean
-		MongoEncryptionConverter encryptingConverter(MongoClientEncryption mongoClientEncryption) {
-
-			Lazy<BsonBinary> dataKey = Lazy.of(() -> mongoClientEncryption.getClientEncryption().createDataKey("local",
-					new DataKeyOptions().keyAltNames(Collections.singletonList("mySuperSecretKey"))));
-
-			return new MongoEncryptionConverter(mongoClientEncryption,
-					EncryptionKeyResolver.annotated((ctx) -> EncryptionKey.keyId(dataKey.get())));
-		}
-
-		@Bean
-		CachingMongoClientEncryption clientEncryption(ClientEncryptionSettings encryptionSettings) {
-			return new CachingMongoClientEncryption(() -> ClientEncryptions.create(encryptionSettings));
-		}
-
-		@Bean
-		ClientEncryptionSettings encryptionSettings(MongoClient mongoClient) {
-
-			MongoNamespace keyVaultNamespace = new MongoNamespace("encryption.testKeyVault");
-			MongoCollection<Document> keyVaultCollection = mongoClient.getDatabase(keyVaultNamespace.getDatabaseName())
-					.getCollection(keyVaultNamespace.getCollectionName());
-			keyVaultCollection.drop();
-			// Ensure that two data keys cannot share the same keyAltName.
-			keyVaultCollection.createIndex(Indexes.ascending("keyAltNames"),
-					new IndexOptions().unique(true).partialFilterExpression(Filters.exists("keyAltNames")));
-
-			MongoCollection<Document> collection = mongoClient.getDatabase(getDatabaseName()).getCollection("test");
-			collection.drop(); // Clear old data
-
-			final byte[] localMasterKey = new byte[96];
-			new SecureRandom().nextBytes(localMasterKey);
-			Map<String, Map<String, Object>> kmsProviders = new HashMap<>() {
-				{
-					put("local", new HashMap<>() {
-						{
-							put("key", localMasterKey);
-						}
-					});
-				}
-			};
-
-			// Create the ClientEncryption instance
-			ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder()
-					.keyVaultMongoClientSettings(
-							MongoClientSettings.builder().applyConnectionString(new ConnectionString("mongodb://localhost")).build())
-					.keyVaultNamespace(keyVaultNamespace.getFullName()).kmsProviders(kmsProviders).build();
-			return clientEncryptionSettings;
-		}
-
-	}
-
-	static class CachingMongoClientEncryption extends MongoClientEncryption implements DisposableBean {
-
-		static final AtomicReference<ClientEncryption> cache = new AtomicReference<>();
-
-		CachingMongoClientEncryption(Supplier<ClientEncryption> source) {
-			super(() -> {
-
-				if (cache.get() != null) {
-					return cache.get();
-				}
-
-				ClientEncryption clientEncryption = source.get();
-				cache.set(clientEncryption);
-
-				return clientEncryption;
-			});
-		}
-
-		@Override
-		public void destroy() {
-
-			ClientEncryption clientEncryption = cache.get();
-			if (clientEncryption != null) {
-				clientEncryption.close();
-				cache.set(null);
-			}
-		}
-	}
-
-	@org.springframework.data.mongodb.core.mapping.Document("test")
-	static class Person {
-
-		String id;
-		String name;
-
-		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic) //
-		String ssn;
-
-		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random, keyAltName = "mySuperSecretKey") //
-		String wallet;
-
-		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random) // full document must be random
-		Address address;
-
-		AddressWithEncryptedZip encryptedZip;
-
-		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random) // lists must be random
-		List<String> listOfString;
-
-		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random) // lists must be random
-		List<Address> listOfComplex;
-
-		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random, keyAltName = "/name") //
-		String viaAltKeyNameField;
-
-		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random) //
-		Map<String, String> mapOfString;
-
-		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random) //
-		Map<String, Address> mapOfComplex;
-
-		public String getId() {
-			return this.id;
-		}
-
-		public String getName() {
-			return this.name;
-		}
-
-		public String getSsn() {
-			return this.ssn;
-		}
-
-		public String getWallet() {
-			return this.wallet;
-		}
-
-		public Address getAddress() {
-			return this.address;
-		}
-
-		public AddressWithEncryptedZip getEncryptedZip() {
-			return this.encryptedZip;
-		}
-
-		public List<String> getListOfString() {
-			return this.listOfString;
-		}
-
-		public List<Address> getListOfComplex() {
-			return this.listOfComplex;
-		}
-
-		public String getViaAltKeyNameField() {
-			return this.viaAltKeyNameField;
-		}
-
-		public Map<String, String> getMapOfString() {
-			return this.mapOfString;
-		}
-
-		public Map<String, Address> getMapOfComplex() {
-			return this.mapOfComplex;
-		}
-
-		public void setId(String id) {
-			this.id = id;
-		}
-
-		public void setName(String name) {
-			this.name = name;
-		}
-
-		public void setSsn(String ssn) {
-			this.ssn = ssn;
-		}
-
-		public void setWallet(String wallet) {
-			this.wallet = wallet;
-		}
-
-		public void setAddress(Address address) {
-			this.address = address;
-		}
-
-		public void setEncryptedZip(AddressWithEncryptedZip encryptedZip) {
-			this.encryptedZip = encryptedZip;
-		}
-
-		public void setListOfString(List<String> listOfString) {
-			this.listOfString = listOfString;
-		}
-
-		public void setListOfComplex(List<Address> listOfComplex) {
-			this.listOfComplex = listOfComplex;
-		}
-
-		public void setViaAltKeyNameField(String viaAltKeyNameField) {
-			this.viaAltKeyNameField = viaAltKeyNameField;
-		}
-
-		public void setMapOfString(Map<String, String> mapOfString) {
-			this.mapOfString = mapOfString;
-		}
-
-		public void setMapOfComplex(Map<String, Address> mapOfComplex) {
-			this.mapOfComplex = mapOfComplex;
-		}
-
-		@Override
-		public boolean equals(Object o) {
-			if (o == this) {
-				return true;
-			}
-			if (o == null || getClass() != o.getClass()) {
-				return false;
-			}
-			Person person = (Person) o;
-			return Objects.equals(id, person.id) && Objects.equals(name, person.name) && Objects.equals(ssn, person.ssn)
-					&& Objects.equals(wallet, person.wallet) && Objects.equals(address, person.address)
-					&& Objects.equals(encryptedZip, person.encryptedZip) && Objects.equals(listOfString, person.listOfString)
-					&& Objects.equals(listOfComplex, person.listOfComplex)
-					&& Objects.equals(viaAltKeyNameField, person.viaAltKeyNameField)
-					&& Objects.equals(mapOfString, person.mapOfString) && Objects.equals(mapOfComplex, person.mapOfComplex);
-		}
-
-		@Override
-		public int hashCode() {
-			return Objects.hash(id, name, ssn, wallet, address, encryptedZip, listOfString, listOfComplex, viaAltKeyNameField,
-					mapOfString, mapOfComplex);
-		}
-
-		public String toString() {
-			return "EncryptionTests.Person(id=" + this.getId() + ", name=" + this.getName() + ", ssn=" + this.getSsn()
-					+ ", wallet=" + this.getWallet() + ", address=" + this.getAddress() + ", encryptedZip="
-					+ this.getEncryptedZip() + ", listOfString=" + this.getListOfString() + ", listOfComplex="
-					+ this.getListOfComplex() + ", viaAltKeyNameField=" + this.getViaAltKeyNameField() + ", mapOfString="
-					+ this.getMapOfString() + ", mapOfComplex=" + this.getMapOfComplex() + ")";
-		}
-	}
-
-	static class Address {
-		String city;
-		String street;
-
-		public Address() {}
-
-		public String getCity() {
-			return this.city;
-		}
-
-		public String getStreet() {
-			return this.street;
-		}
-
-		public void setCity(String city) {
-			this.city = city;
-		}
-
-		public void setStreet(String street) {
-			this.street = street;
-		}
-
-		@Override
-		public boolean equals(Object o) {
-			if (o == this) {
-				return true;
-			}
-			if (o == null || getClass() != o.getClass()) {
-				return false;
-			}
-			Address address = (Address) o;
-			return Objects.equals(city, address.city) && Objects.equals(street, address.street);
-		}
-
-		@Override
-		public int hashCode() {
-			return Objects.hash(city, street);
-		}
-
-		public String toString() {
-			return "EncryptionTests.Address(city=" + this.getCity() + ", street=" + this.getStreet() + ")";
-		}
-	}
-
-	static class AddressWithEncryptedZip extends Address {
-
-		@ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random) String zip;
-
-		@Override
-		public String toString() {
-			return "AddressWithEncryptedZip{" + "zip='" + zip + '\'' + ", city='" + getCity() + '\'' + ", street='"
-					+ getStreet() + '\'' + '}';
-		}
-
-		public String getZip() {
-			return this.zip;
-		}
-
-		public void setZip(String zip) {
-			this.zip = zip;
-		}
-	}
 }

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/query/QueryTests.java

@@ -22,6 +22,7 @@ import static org.springframework.data.mongodb.core.query.Query.*;
 import org.bson.Document;
 import org.junit.jupiter.api.Test;
 import org.springframework.aop.framework.ProxyFactory;
+import org.springframework.data.domain.Limit;
 import org.springframework.data.domain.Sort;
 import org.springframework.data.domain.Sort.Direction;
 import org.springframework.data.domain.Sort.Order;
@@ -97,6 +98,18 @@ class QueryTests {
 		assertThat(q.getQueryObject()).isEqualTo(Document
 				.parse("{ \"name\" : { \"$gte\" : \"M\" , \"$lte\" : \"T\"} , \"age\" : { \"$not\" : { \"$gt\" : 22}}}"));
 		assertThat(q.getLimit()).isEqualTo(50);
+
+		q.limit(Limit.unlimited());
+		assertThat(q.getLimit()).isZero();
+		assertThat(q.isLimited()).isFalse();
+
+		q.limit(Limit.of(10));
+		assertThat(q.getLimit()).isEqualTo(10);
+		assertThat(q.isLimited()).isTrue();
+
+		q.limit(Limit.of(-1));
+		assertThat(q.getLimit()).isZero();
+		assertThat(q.isLimited()).isFalse();
 	}
 
 	@Test

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/repository/AbstractPersonRepositoryIntegrationTests.java

@@ -213,6 +213,17 @@ public abstract class AbstractPersonRepositoryIntegrationTests implements Dirtie
 		assertThat(page).contains(carter);
 	}
 
+	@Test // GH-4397
+	void appliesLimitToScrollingCorrectly() {
+
+		Window<Person> page = repository.findByLastnameLikeOrderByLastnameAscFirstnameAsc("*a*",
+				ScrollPosition.keyset(), Limit.of(2));
+
+		assertThat(page.isLast()).isFalse();
+		assertThat(page.size()).isEqualTo(2);
+		assertThat(page).contains(carter);
+	}
+
 	@Test // GH-4308
 	void appliesScrollPositionWithProjectionCorrectly() {
 
@@ -236,6 +247,14 @@ public abstract class AbstractPersonRepositoryIntegrationTests implements Dirtie
 		assertThat(page).contains(carter, stefan);
 	}
 
+	@Test // GH-4397
+	void executesFinderCorrectlyWithSortAndLimit() {
+
+		List<Person> page = repository.findByLastnameLike("*a*", Sort.by(Direction.ASC, "lastname", "firstname"), Limit.of(2));
+
+		assertThat(page).containsExactly(carter, stefan);
+	}
+
 	@Test
 	void executesPagedFinderWithAnnotatedQueryCorrectly() {
 

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/repository/PersonRepository.java

@@ -23,6 +23,7 @@ import java.util.UUID;
 import java.util.regex.Pattern;
 import java.util.stream.Stream;
 
+import org.springframework.data.domain.Limit;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.domain.Range;
@@ -126,6 +127,9 @@ public interface PersonRepository extends MongoRepository<Person, String>, Query
 	Window<Person> findTop2ByLastnameLikeOrderByLastnameAscFirstnameAsc(String lastname,
 			ScrollPosition scrollPosition);
 
+	Window<Person> findByLastnameLikeOrderByLastnameAscFirstnameAsc(String lastname,
+			ScrollPosition scrollPosition, Limit limit);
+
 	/**
 	 * Returns a scroll of {@link Person}s applying projections with a lastname matching the given one (*-wildcards
 	 * supported).
@@ -145,6 +149,8 @@ public interface PersonRepository extends MongoRepository<Person, String>, Query
 	 */
 	Page<Person> findByLastnameLike(String lastname, Pageable pageable);
 
+	List<Person> findByLastnameLike(String lastname, Sort sort, Limit limit);
+
 	@Query("{ 'lastname' : { '$regex' : '?0', '$options' : 'i'}}")
 	Page<Person> findByLastnameLikeWithPageable(String lastname, Pageable pageable);
 

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/repository/query/AbstractMongoQueryUnitTests.java

@@ -36,6 +36,7 @@ import org.mockito.Mockito;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.mockito.junit.jupiter.MockitoSettings;
 import org.mockito.quality.Strictness;
+import org.springframework.data.domain.Limit;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
@@ -493,6 +494,30 @@ class AbstractMongoQueryUnitTests {
 		assertThat(captor.getValue().getHint()).isEqualTo("idx-ln");
 	}
 
+	@Test // GH-4397
+	void limitShouldBeAppliedToQuery() {
+
+		createQueryForMethod("findWithLimit", String.class, Limit.class).execute(new Object[] { "dalinar", Limit.of(42) });
+
+		ArgumentCaptor<Query> captor = ArgumentCaptor.forClass(Query.class);
+		verify(withQueryMock).matching(captor.capture());
+
+		assertThat(captor.getValue().getLimit()).isEqualTo(42);
+	}
+
+	@Test // GH-4397
+	void sortAndLimitShouldBeAppliedToQuery() {
+
+		createQueryForMethod("findWithSortAndLimit", String.class, Sort.class, Limit.class)
+				.execute(new Object[] { "dalinar", Sort.by("fn"), Limit.of(42) });
+
+		ArgumentCaptor<Query> captor = ArgumentCaptor.forClass(Query.class);
+		verify(withQueryMock).matching(captor.capture());
+
+		assertThat(captor.getValue().getLimit()).isEqualTo(42);
+		assertThat(captor.getValue().getSortObject()).isEqualTo(new Document("fn", 1));
+	}
+
 	private MongoQueryFake createQueryForMethod(String methodName, Class<?>... paramTypes) {
 		return createQueryForMethod(Repo.class, methodName, paramTypes);
 	}
@@ -614,6 +639,10 @@ class AbstractMongoQueryUnitTests {
 
 		@Hint("idx-fn")
 		void findWithHintByFirstname(String firstname);
+
+		List<Person> findWithLimit(String firstname, Limit limit);
+
+		List<Person> findWithSortAndLimit(String firstname, Sort sort, Limit limit);
 	}
 
 	// DATAMONGO-1872

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/util/json/BsonUtilsTest.java

@@ -17,10 +17,19 @@ package org.springframework.data.mongodb.util.json;
 
 import static org.assertj.core.api.Assertions.*;
 
+import java.time.Instant;
+import java.time.LocalDate;
+import java.time.LocalDateTime;
+import java.time.LocalTime;
+import java.time.temporal.Temporal;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.Date;
+import java.util.List;
+import java.util.stream.Stream;
 
+import org.bson.BsonArray;
 import org.bson.BsonDouble;
 import org.bson.BsonInt32;
 import org.bson.BsonInt64;
@@ -29,7 +38,9 @@ import org.bson.BsonString;
 import org.bson.Document;
 import org.bson.types.ObjectId;
 import org.junit.jupiter.api.Test;
-
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.data.mongodb.util.BsonUtils;
 
 import com.mongodb.BasicDBList;
@@ -105,9 +116,9 @@ class BsonUtilsTest {
 	@Test // GH-3571
 	void asCollectionConvertsArrayToCollection() {
 
-		Object source = new String[]{"one", "two"};
+		Object source = new String[] { "one", "two" };
 
-		assertThat((Collection)BsonUtils.asCollection(source)).containsExactly("one", "two");
+		assertThat((Collection) BsonUtils.asCollection(source)).containsExactly("one", "two");
 	}
 
 	@Test // GH-3571
@@ -115,7 +126,7 @@ class BsonUtilsTest {
 
 		Object source = 100L;
 
-		assertThat((Collection)BsonUtils.asCollection(source)).containsExactly(source);
+		assertThat((Collection) BsonUtils.asCollection(source)).containsExactly(source);
 	}
 
 	@Test // GH-3702
@@ -126,4 +137,41 @@ class BsonUtilsTest {
 		assertThat(BsonUtils.supportsBson(new BasicDBList())).isTrue();
 		assertThat(BsonUtils.supportsBson(Collections.emptyMap())).isTrue();
 	}
+
+	@ParameterizedTest // GH-4432
+	@MethodSource("javaTimeInstances")
+	void convertsJavaTimeTypesToBsonDateTime(Temporal source) {
+
+		assertThat(BsonUtils.simpleToBsonValue(source))
+				.isEqualTo(new Document("value", source).toBsonDocument().get("value"));
+	}
+
+	@ParameterizedTest // GH-4432
+	@MethodSource("collectionLikeInstances")
+	void convertsCollectionLikeToBsonArray(Object source) {
+
+		assertThat(BsonUtils.simpleToBsonValue(source))
+				.isEqualTo(new Document("value", source).toBsonDocument().get("value"));
+	}
+
+	@Test // GH-4432
+	void convertsPrimitiveArrayToBsonArray() {
+
+		assertThat(BsonUtils.simpleToBsonValue(new int[] { 1, 2, 3 }))
+				.isEqualTo(new BsonArray(List.of(new BsonInt32(1), new BsonInt32(2), new BsonInt32(3))));
+	}
+
+	static Stream<Arguments> javaTimeInstances() {
+
+		return Stream.of(Arguments.of(Instant.now()), Arguments.of(LocalDate.now()), Arguments.of(LocalDateTime.now()),
+				Arguments.of(LocalTime.now()));
+	}
+
+	static Stream<Arguments> collectionLikeInstances() {
+
+		return Stream.of(Arguments.of(new String[] { "1", "2", "3" }), Arguments.of(List.of("1", "2", "3")),
+				Arguments.of(new Integer[] { 1, 2, 3 }), Arguments.of(List.of(1, 2, 3)),
+				Arguments.of(new Date[] { new Date() }), Arguments.of(List.of(new Date())),
+				Arguments.of(new LocalDate[] { LocalDate.now() }), Arguments.of(List.of(LocalDate.now())));
+	}
 }

src/main/resources/notice.txt

@@ -1,4 +1,4 @@
-Spring Data MongoDB 4.1 GA (2023.0.0)
+Spring Data MongoDB 4.2 M1 (2023.1.0)
 Copyright (c) [2010-2019] Pivotal Software, Inc.
 
 This product is licensed to you under the Apache License, Version 2.0 (the "License").
@@ -45,5 +45,6 @@ conditions of the subcomponent's license, as noted in the LICENSE file.
 
 
 
+