Cosmos v4 encryption

eng/code-quality-reports/src/main/resources/checkstyle/checkstyle-suppressions.xml

@@ -430,6 +430,7 @@
 
   <!-- Cosmos sdk suppressions -->
   <suppress checks="[a-zA-Z0-9]*" files="[/\\]azure-cosmos[/\\]src[/\\]test[/\\]"/>
+  <suppress checks="[a-zA-Z0-9]*" files="[/\\]azure-cosmos-encryption[/\\]src[/\\]test[/\\]"/>
   <suppress checks="[a-zA-Z0-9]*" files="[/\\]cosmos[/\\]examples[/\\]"/>
   <suppress checks="[a-zA-Z0-9]*" files="[/\\]cosmos[/\\]implementation[/\\]"/>
   <suppress checks="[a-zA-Z0-9]*"

eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml

@@ -790,6 +790,25 @@
     <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"/>
   </Match>
 
+  <Match>
+    <Class name="com.azure.cosmos.implementation.encryption.AeadAes256CbcHmac256Algorithm"/>
+    <Method name="decryptData"/>
+    <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"/>
+  </Match>
+
+  <Match>
+    <Class name="com.azure.cosmos.implementation.encryption.AeadAes256CbcHmac256Algorithm"/>
+    <Method name="encryptData"/>
+    <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"/>
+  </Match>
+
+
+  <Match>
+    <Class name="com.azure.cosmos.implementation.encryption.SecurityUtility"/>
+    <Method name="getSHA256Hash"/>
+    <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"/>
+  </Match>
+
   <!-- Suppress false positive, there is no null in the flagged code -->
   <Match>
     <Class name="com.azure.cosmos.implementation.TestConfigurations"/>
@@ -1452,6 +1471,12 @@
     <Bug pattern="DLS_DEAD_LOCAL_STORE_OF_NULL"/>
   </Match>
 
+  <Match>
+    <Class name="com.azure.cosmos.implementation.encryption.AeadAes256CbcHmac256Algorithm"/>
+    <Method name="encryptData"/>
+    <Bug pattern="DLS_DEAD_LOCAL_STORE"/>
+  </Match>
+
   <!-- Bug: https://github.com/Azure/azure-sdk-for-java/issues/9093 -->
   <Match>
     <Class name="com.azure.cosmos.implementation.QueryMetrics"/>
@@ -1647,13 +1672,56 @@
     <Bug pattern="EI_EXPOSE_REP"/>
   </Match>
 
+  <!-- Returning a new copy of the object is not necessary -->
+  <Match>
+    <Class name="com.azure.cosmos.implementation.encryption.EncryptionKeyUnwrapResult"/>
+    <Method name="getDataEncryptionKey"/>
+    <Bug pattern="EI_EXPOSE_REP"/>
+  </Match>
+
+  <!-- Returning a new copy of the object is not necessary -->
+  <Match>
+    <Class name="com.azure.cosmos.implementation.encryption.EncryptionKeyUnwrapResult"/>
+    <Method name="getWrappedDataEncryptionKey"/>
+    <Bug pattern="EI_EXPOSE_REP"/>
+  </Match>
+
+
+  <!-- Returning a new copy of the object is not necessary -->
+  <Match>
+    <Class name="com.azure.cosmos.implementation.encryption.EncryptionKeyUnwrapResult"/>
+    <Method name="&lt;init&gt;"/>
+    <Bug pattern="EI_EXPOSE_REP2"/>
+  </Match>
+
   <!-- Returning a new copy of the object is not necessary -->
   <Match>
     <Class name="com.azure.cosmos.implementation.directconnectivity.StoreResponse"/>
     <Method name="&lt;init&gt;"/>
     <Bug pattern="EI_EXPOSE_REP2"/>
   </Match>
 
+  <!-- Returning a new copy of the object is not necessary -->
+  <Match>
+    <Class name="com.azure.cosmos.implementation.encryption.EncryptionKeyWrapResult"/>
+    <Method name="getWrappedDataEncryptionKey"/>
+    <Bug pattern="EI_EXPOSE_REP2,EI_EXPOSE_REP"/>
+  </Match>
+
+  <!-- Returning a new copy of the object is not necessary -->
+  <Match>
+    <Class name="com.azure.cosmos.implementation.encryption.EncryptionKeyWrapResult"/>
+    <Method name="getEncryptionKeyWrapMetadata"/>
+    <Bug pattern="EI_EXPOSE_REP2,EI_EXPOSE_REP"/>
+  </Match>
+
+  <!-- Returning a new copy of the object is not necessary -->
+  <Match>
+    <Class name="com.azure.cosmos.implementation.encryption.EncryptionKeyWrapResult"/>
+    <Method name="&lt;init&gt;"/>
+    <Bug pattern="EI_EXPOSE_REP2"/>
+  </Match>
+
   <!-- Returning a new copy of the object is not necessary -->
   <Match>
     <Class name="com.azure.cosmos.implementation.RxDocumentServiceRequest"/>
@@ -1817,6 +1885,12 @@
     <Bug pattern="NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE"/>
   </Match>
 
+  <Match>
+    <Class name="com.azure.cosmos.implementation.encryption.CosmosDataEncryptionKeyProvider"/>
+    <Method name="initialize"/>
+    <Bug pattern="NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE"/>
+  </Match>
+
   <!-- https://github.com/Azure/azure-sdk-for-java/issues/9179 -->
   <Match>
     <Class name="com.azure.cosmos.implementation.SessionContainer"/>

eng/jacoco-test-coverage/pom.xml

@@ -111,6 +111,11 @@
       <artifactId>azure-cosmos</artifactId>
       <version>4.2.0-beta.1</version> <!-- {x-version-update;com.azure:azure-cosmos;current} -->
     </dependency>
+    <dependency>
+      <groupId>com.azure</groupId>
+      <artifactId>azure-cosmos-encryption</artifactId>
+      <version>1.0.0-beta.1</version> <!-- {x-version-update;com.azure:azure-cosmos-encryption;current} -->
+    </dependency>
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-data-appconfiguration</artifactId>

eng/versioning/version_client.txt

@@ -21,6 +21,7 @@ com.azure:azure-core-test;1.3.1;1.4.0-beta.1
 com.azure:azure-core-tracing-opentelemetry;1.0.0-beta.5;1.0.0-beta.6
 com.azure:azure-cosmos;4.1.0;4.2.0-beta.1
 com.azure:azure-cosmos-benchmark;4.0.1-beta.1;4.0.1-beta.1
+com.azure:azure-cosmos-encryption;1.0.0-beta.1;1.0.0-beta.1
 com.azure:azure-data-appconfiguration;1.1.3;1.2.0-beta.1
 com.azure:azure-data-schemaregistry;1.0.0-beta.2;1.0.0-beta.3
 com.azure:azure-data-schemaregistry-avro;1.0.0-beta.2;1.0.0-beta.3

sdk/cosmos/azure-cosmos-encryption/README.md

@@ -0,0 +1,13 @@
+# Azure CosmosDB Client Library Encryption Extension
+
+To add client side encryption support you need to add
+
+[//]: # ({x-version-update-start;com.azure:azure-cosmos;current})
+```xml
+<dependency>
+  <groupId>com.azure</groupId>
+  <artifactId>azure-cosmos-encryption</artifactId>
+  <version>1.0.0-beta.1</version>
+</dependency>
+```
+[//]: # ({x-version-update-end})