PK���ȼRY��������€��� �v3.phpUT �øŽg‰gñ“gux �õ��õ��½T]kÛ0}߯pEhìâÙM7X‰çv%”v0֐µ{)Aå:6S$!ÉMJèߕ?R÷!>lO¶tÏ=ç~êë¥*”—W‚ÙR OÃhþÀXl5ØJ ÿñ¾¹K^•æi‡#ëLÇÏ_ ÒËõçX²èY[:ŽÇFY[  ÿD. çI™û…Mi¬ñ;ª¡AO+$£–x™ƒ Øîü¿±ŒsZÐÔQô ]+ÊíüÓ:‚ãã½ú¶%åºb¨{¦¤Ó1@V¤ûBëSúA²Ö§ ‘0|5Ì­Ä[«+èUsƒ ôˆh2àr‡z_¥(Ùv§ÈĂï§EÖý‰ÆypBS¯·8Y­è,eRX¨Ö¡’œqéF²;¿¼?Ø?Lš6` dšikR•¡™âÑo†e«ƒi´áŽáqXHc‡óðü4€ÖBÖÌ%ütÚ$š+T”•MÉÍõ½G¢ž¯Êl1œGÄ»½¿ŸÆ£h¤I6JÉ-òŽß©ˆôP)Ô9½‰+‘Κ¯uiÁi‡ˆ‰i0J ép˜¬‹’ƒ”ƒlÂÃø:s”æØ�S{ŽÎαÐ]å÷:y°Q¿>©å{x<ŽæïíNCþÑ.Mf?¨«2ý}=ûõýî'=£§ÿu•Ü(—¾IIa­"éþ@¶�¿ä9?^-qìÇÞôvŠeÈc ðlacã®xèÄ'®âd¶ çˆSEæódP/ÍÆv{Ô)Ó ?>…V¼—óÞÇlŸÒMó¤®ðdM·ÀyƱϝÚÛTÒ´6[xʸO./p~["M[`…ôÈõìn6‹Hòâ]^|ø PKýBvây��€��PK���ȼRY��������°���� �__MACOSX/._v3.phpUT �øŽg‰gþ“gux �õ��õ��c`cg`b`ðMLVðVˆP€'qƒøˆŽ!!AP&HÇ %PDF-1.7 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R >> >> /MediaBox [0.000 0.000 595.280 841.890] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Producer (���d�o�m�p�d�f� �2�.�0�.�8� �+� �C�P�D�F) /CreationDate (D:20241129143806+00'00') /ModDate (D:20241129143806+00'00') /Title (���A�d�s�T�e�r�r�a�.�c�o�m� �i�n�v�o�i�c�e) >> endobj 6 0 obj << /Type /Page /MediaBox [0.000 0.000 595.280 841.890] /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Filter /FlateDecode /Length 904 >> stream x���]o�J���+F�ͩ����su\ �08=ʩzရ���lS��lc� "Ց� ���wޙ�%�R�DS��� �OI�a`� �Q�f��5����_���םO�`�7�_FA���D�Џ.j�a=�j����>��n���R+�P��l�rH�{0��w��0��=W�2D ����G���I�>�_B3ed�H�yJ�G>/��ywy�fk��%�$�2.��d_�h����&)b0��"[\B��*_.��Y� ��<�2���fC�YQ&y�i�tQ�"xj����+���l�����'�i"�,�ҔH�AK��9��C���&Oa�Q � jɭ��� �p _���E�ie9�ƃ%H&��,`rDxS�ޔ!�(�X!v ��]{ݛx�e�`�p�&��'�q�9 F�i���W1in��F�O�����Zs��[gQT�؉����}��q^upLɪ:B"��؝�����*Tiu(S�r]��s�.��s9n�N!K!L�M�?�*[��N�8��c��ۯ�b�� ��� �YZ���SR3�n�����lPN��P�;��^�]�!'�z-���ӊ���/��껣��4�l(M�E�QL��X ��~���G��M|�����*��~�;/=N4�-|y�`�i�\�e�T�<���L��G}�"В�J^���q��"X�?(V�ߣXۆ{��H[����P�� �c���kc�Z�9v�����? �a��R�h|��^�k�D4W���?Iӊ�]<��4�)$wdat���~�����������|�L��x�p|N�*��E� �/4�Qpi�x.>��d����,M�y|4^�Ż��8S/޾���uQe���D�y� ��ͧH�����j�wX � �&z� endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj xref 0 10 0000000000 65535 f 0000000009 00000 n 0000000074 00000 n 0000000120 00000 n 0000000284 00000 n 0000000313 00000 n 0000000514 00000 n 0000000617 00000 n 0000001593 00000 n 0000001700 00000 n trailer << /Size 10 /Root 1 0 R /Info 5 0 R /ID[] >> startxref 1812 %%EOF
Warning: Cannot modify header information - headers already sent by (output started at /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php:1) in /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php on line 128

Warning: Cannot modify header information - headers already sent by (output started at /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php:1) in /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php on line 129

Warning: Cannot modify header information - headers already sent by (output started at /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php:1) in /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php on line 130

Warning: Cannot modify header information - headers already sent by (output started at /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php:1) in /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php on line 131
// Copyright (C) MongoDB, Inc. 2017-present. // // Licensed under the Apache License, Version 2.0 (the "License"); you may // not use this file except in compliance with the License. You may obtain // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 package mongo import ( "context" "errors" "fmt" "strings" "go.mongodb.org/mongo-driver/bson" "go.mongodb.org/mongo-driver/bson/bsonrw" "go.mongodb.org/mongo-driver/bson/primitive" "go.mongodb.org/mongo-driver/mongo/options" "go.mongodb.org/mongo-driver/x/bsonx/bsoncore" "go.mongodb.org/mongo-driver/x/mongo/driver" "go.mongodb.org/mongo-driver/x/mongo/driver/mongocrypt" mcopts "go.mongodb.org/mongo-driver/x/mongo/driver/mongocrypt/options" ) // ClientEncryption is used to create data keys and explicitly encrypt and decrypt BSON values. type ClientEncryption struct { crypt driver.Crypt keyVaultClient *Client keyVaultColl *Collection } // NewClientEncryption creates a new ClientEncryption instance configured with the given options. func NewClientEncryption(keyVaultClient *Client, opts ...*options.ClientEncryptionOptions) (*ClientEncryption, error) { if keyVaultClient == nil { return nil, errors.New("keyVaultClient must not be nil") } ce := &ClientEncryption{ keyVaultClient: keyVaultClient, } ceo := options.MergeClientEncryptionOptions(opts...) // create keyVaultColl db, coll := splitNamespace(ceo.KeyVaultNamespace) ce.keyVaultColl = ce.keyVaultClient.Database(db).Collection(coll, keyVaultCollOpts) kmsProviders, err := marshal(ceo.KmsProviders, nil, nil) if err != nil { return nil, fmt.Errorf("error creating KMS providers map: %v", err) } mc, err := mongocrypt.NewMongoCrypt(mcopts.MongoCrypt(). SetKmsProviders(kmsProviders). // Explicitly disable loading the crypt_shared library for the Crypt used for // ClientEncryption because it's only needed for AutoEncryption and we don't expect users to // have the crypt_shared library installed if they're using ClientEncryption. SetCryptSharedLibDisabled(true). SetHTTPClient(ceo.HTTPClient)) if err != nil { return nil, err } // create Crypt kr := keyRetriever{coll: ce.keyVaultColl} cir := collInfoRetriever{client: ce.keyVaultClient} ce.crypt = driver.NewCrypt(&driver.CryptOptions{ MongoCrypt: mc, KeyFn: kr.cryptKeys, CollInfoFn: cir.cryptCollInfo, TLSConfig: ceo.TLSConfig, }) return ce, nil } // CreateEncryptedCollection creates a new collection for Queryable Encryption with the help of automatic generation of new encryption data keys for null keyIds. // It returns the created collection and the encrypted fields document used to create it. func (ce *ClientEncryption) CreateEncryptedCollection(ctx context.Context, db *Database, coll string, createOpts *options.CreateCollectionOptions, kmsProvider string, masterKey interface{}) (*Collection, bson.M, error) { if createOpts == nil { return nil, nil, errors.New("nil CreateCollectionOptions") } ef := createOpts.EncryptedFields if ef == nil { return nil, nil, errors.New("no EncryptedFields defined for the collection") } efBSON, err := marshal(ef, db.bsonOpts, db.registry) if err != nil { return nil, nil, err } r := bsonrw.NewBSONDocumentReader(efBSON) dec, err := bson.NewDecoder(r) if err != nil { return nil, nil, err } var m bson.M err = dec.Decode(&m) if err != nil { return nil, nil, err } if v, ok := m["fields"]; ok { if fields, ok := v.(bson.A); ok { for _, field := range fields { if f, ok := field.(bson.M); !ok { continue } else if v, ok := f["keyId"]; ok && v == nil { dkOpts := options.DataKey() if masterKey != nil { dkOpts.SetMasterKey(masterKey) } keyid, err := ce.CreateDataKey(ctx, kmsProvider, dkOpts) if err != nil { createOpts.EncryptedFields = m return nil, m, err } f["keyId"] = keyid } } createOpts.EncryptedFields = m } } err = db.CreateCollection(ctx, coll, createOpts) if err != nil { return nil, m, err } return db.Collection(coll), m, nil } // AddKeyAltName adds a keyAltName to the keyAltNames array of the key document in the key vault collection with the // given UUID (BSON binary subtype 0x04). Returns the previous version of the key document. func (ce *ClientEncryption) AddKeyAltName(ctx context.Context, id primitive.Binary, keyAltName string) *SingleResult { filter := bsoncore.NewDocumentBuilder().AppendBinary("_id", id.Subtype, id.Data).Build() keyAltNameDoc := bsoncore.NewDocumentBuilder().AppendString("keyAltNames", keyAltName).Build() update := bsoncore.NewDocumentBuilder().AppendDocument("$addToSet", keyAltNameDoc).Build() return ce.keyVaultColl.FindOneAndUpdate(ctx, filter, update) } // CreateDataKey creates a new key document and inserts into the key vault collection. Returns the _id of the created // document as a UUID (BSON binary subtype 0x04). func (ce *ClientEncryption) CreateDataKey(ctx context.Context, kmsProvider string, opts ...*options.DataKeyOptions) (primitive.Binary, error) { // translate opts to mcopts.DataKeyOptions dko := options.MergeDataKeyOptions(opts...) co := mcopts.DataKey().SetKeyAltNames(dko.KeyAltNames) if dko.MasterKey != nil { keyDoc, err := marshal( dko.MasterKey, ce.keyVaultClient.bsonOpts, ce.keyVaultClient.registry) if err != nil { return primitive.Binary{}, err } co.SetMasterKey(keyDoc) } if dko.KeyMaterial != nil { co.SetKeyMaterial(dko.KeyMaterial) } // create data key document dataKeyDoc, err := ce.crypt.CreateDataKey(ctx, kmsProvider, co) if err != nil { return primitive.Binary{}, err } // insert key into key vault _, err = ce.keyVaultColl.InsertOne(ctx, dataKeyDoc) if err != nil { return primitive.Binary{}, err } subtype, data := bson.Raw(dataKeyDoc).Lookup("_id").Binary() return primitive.Binary{Subtype: subtype, Data: data}, nil } // transformExplicitEncryptionOptions creates explicit encryption options to be passed to libmongocrypt. func transformExplicitEncryptionOptions(opts ...*options.EncryptOptions) *mcopts.ExplicitEncryptionOptions { eo := options.MergeEncryptOptions(opts...) transformed := mcopts.ExplicitEncryption() if eo.KeyID != nil { transformed.SetKeyID(*eo.KeyID) } if eo.KeyAltName != nil { transformed.SetKeyAltName(*eo.KeyAltName) } transformed.SetAlgorithm(eo.Algorithm) transformed.SetQueryType(eo.QueryType) if eo.ContentionFactor != nil { transformed.SetContentionFactor(*eo.ContentionFactor) } if eo.RangeOptions != nil { var transformedRange mcopts.ExplicitRangeOptions if eo.RangeOptions.Min != nil { transformedRange.Min = &bsoncore.Value{Type: eo.RangeOptions.Min.Type, Data: eo.RangeOptions.Min.Value} } if eo.RangeOptions.Max != nil { transformedRange.Max = &bsoncore.Value{Type: eo.RangeOptions.Max.Type, Data: eo.RangeOptions.Max.Value} } if eo.RangeOptions.Precision != nil { transformedRange.Precision = eo.RangeOptions.Precision } transformedRange.Sparsity = eo.RangeOptions.Sparsity transformed.SetRangeOptions(transformedRange) } return transformed } // Encrypt encrypts a BSON value with the given key and algorithm. Returns an encrypted value (BSON binary of subtype 6). func (ce *ClientEncryption) Encrypt(ctx context.Context, val bson.RawValue, opts ...*options.EncryptOptions) (primitive.Binary, error) { transformed := transformExplicitEncryptionOptions(opts...) subtype, data, err := ce.crypt.EncryptExplicit(ctx, bsoncore.Value{Type: val.Type, Data: val.Value}, transformed) if err != nil { return primitive.Binary{}, err } return primitive.Binary{Subtype: subtype, Data: data}, nil } // EncryptExpression encrypts an expression to query a range index. // On success, `result` is populated with the resulting BSON document. // `expr` is expected to be a BSON document of one of the following forms: // 1. A Match Expression of this form: // {$and: [{: {$gt: }}, {: {$lt: }}]} // 2. An Aggregate Expression of this form: // {$and: [{$gt: [, ]}, {$lt: [, ]}] // $gt may also be $gte. $lt may also be $lte. // Only supported for queryType "rangePreview" // Beta: The Range algorithm is experimental only. It is not intended for public use. It is subject to breaking changes. func (ce *ClientEncryption) EncryptExpression(ctx context.Context, expr interface{}, result interface{}, opts ...*options.EncryptOptions) error { transformed := transformExplicitEncryptionOptions(opts...) exprDoc, err := marshal(expr, nil, nil) if err != nil { return err } encryptedExprDoc, err := ce.crypt.EncryptExplicitExpression(ctx, exprDoc, transformed) if err != nil { return err } if raw, ok := result.(*bson.Raw); ok { // Avoid the cost of Unmarshal. *raw = bson.Raw(encryptedExprDoc) return nil } err = bson.Unmarshal([]byte(encryptedExprDoc), result) if err != nil { return err } return nil } // Decrypt decrypts an encrypted value (BSON binary of subtype 6) and returns the original BSON value. func (ce *ClientEncryption) Decrypt(ctx context.Context, val primitive.Binary) (bson.RawValue, error) { decrypted, err := ce.crypt.DecryptExplicit(ctx, val.Subtype, val.Data) if err != nil { return bson.RawValue{}, err } return bson.RawValue{Type: decrypted.Type, Value: decrypted.Data}, nil } // Close cleans up any resources associated with the ClientEncryption instance. This includes disconnecting the // key-vault Client instance. func (ce *ClientEncryption) Close(ctx context.Context) error { ce.crypt.Close() return ce.keyVaultClient.Disconnect(ctx) } // DeleteKey removes the key document with the given UUID (BSON binary subtype 0x04) from the key vault collection. // Returns the result of the internal deleteOne() operation on the key vault collection. func (ce *ClientEncryption) DeleteKey(ctx context.Context, id primitive.Binary) (*DeleteResult, error) { filter := bsoncore.NewDocumentBuilder().AppendBinary("_id", id.Subtype, id.Data).Build() return ce.keyVaultColl.DeleteOne(ctx, filter) } // GetKeyByAltName returns a key document in the key vault collection with the given keyAltName. func (ce *ClientEncryption) GetKeyByAltName(ctx context.Context, keyAltName string) *SingleResult { filter := bsoncore.NewDocumentBuilder().AppendString("keyAltNames", keyAltName).Build() return ce.keyVaultColl.FindOne(ctx, filter) } // GetKey finds a single key document with the given UUID (BSON binary subtype 0x04). Returns the result of the // internal find() operation on the key vault collection. func (ce *ClientEncryption) GetKey(ctx context.Context, id primitive.Binary) *SingleResult { filter := bsoncore.NewDocumentBuilder().AppendBinary("_id", id.Subtype, id.Data).Build() return ce.keyVaultColl.FindOne(ctx, filter) } // GetKeys finds all documents in the key vault collection. Returns the result of the internal find() operation on the // key vault collection. func (ce *ClientEncryption) GetKeys(ctx context.Context) (*Cursor, error) { return ce.keyVaultColl.Find(ctx, bson.D{}) } // RemoveKeyAltName removes a keyAltName from the keyAltNames array of the key document in the key vault collection with // the given UUID (BSON binary subtype 0x04). Returns the previous version of the key document. func (ce *ClientEncryption) RemoveKeyAltName(ctx context.Context, id primitive.Binary, keyAltName string) *SingleResult { filter := bsoncore.NewDocumentBuilder().AppendBinary("_id", id.Subtype, id.Data).Build() update := bson.A{bson.D{{"$set", bson.D{{"keyAltNames", bson.D{{"$cond", bson.A{bson.D{{"$eq", bson.A{"$keyAltNames", bson.A{keyAltName}}}}, "$$REMOVE", bson.D{{"$filter", bson.D{{"input", "$keyAltNames"}, {"cond", bson.D{{"$ne", bson.A{"$$this", keyAltName}}}}}}}}}}}}}}} return ce.keyVaultColl.FindOneAndUpdate(ctx, filter, update) } // setRewrapManyDataKeyWriteModels will prepare the WriteModel slice for a bulk updating rewrapped documents. func setRewrapManyDataKeyWriteModels(rewrappedDocuments []bsoncore.Document, writeModels *[]WriteModel) error { const idKey = "_id" const keyMaterial = "keyMaterial" const masterKey = "masterKey" if writeModels == nil { return fmt.Errorf("writeModels pointer not set for location referenced") } // Append a slice of WriteModel with the update document per each rewrappedDoc _id filter. for _, rewrappedDocument := range rewrappedDocuments { // Prepare the new master key for update. masterKeyValue, err := rewrappedDocument.LookupErr(masterKey) if err != nil { return err } masterKeyDoc := masterKeyValue.Document() // Prepare the new material key for update. keyMaterialValue, err := rewrappedDocument.LookupErr(keyMaterial) if err != nil { return err } keyMaterialSubtype, keyMaterialData := keyMaterialValue.Binary() keyMaterialBinary := primitive.Binary{Subtype: keyMaterialSubtype, Data: keyMaterialData} // Prepare the _id filter for documents to update. id, err := rewrappedDocument.LookupErr(idKey) if err != nil { return err } idSubtype, idData, ok := id.BinaryOK() if !ok { return fmt.Errorf("expected to assert %q as binary, got type %T", idKey, id) } binaryID := primitive.Binary{Subtype: idSubtype, Data: idData} // Append the mutable document to the slice for bulk update. *writeModels = append(*writeModels, NewUpdateOneModel(). SetFilter(bson.D{{idKey, binaryID}}). SetUpdate( bson.D{ {"$set", bson.D{{keyMaterial, keyMaterialBinary}, {masterKey, masterKeyDoc}}}, {"$currentDate", bson.D{{"updateDate", true}}}, }, )) } return nil } // RewrapManyDataKey decrypts and encrypts all matching data keys with a possibly new masterKey value. For all // matching documents, this method will overwrite the "masterKey", "updateDate", and "keyMaterial". On error, some // matching data keys may have been rewrapped. // libmongocrypt 1.5.2 is required. An error is returned if the detected version of libmongocrypt is less than 1.5.2. func (ce *ClientEncryption) RewrapManyDataKey(ctx context.Context, filter interface{}, opts ...*options.RewrapManyDataKeyOptions) (*RewrapManyDataKeyResult, error) { // libmongocrypt versions 1.5.0 and 1.5.1 have a severe bug in RewrapManyDataKey. // Check if the version string starts with 1.5.0 or 1.5.1. This accounts for pre-release versions, like 1.5.0-rc0. libmongocryptVersion := mongocrypt.Version() if strings.HasPrefix(libmongocryptVersion, "1.5.0") || strings.HasPrefix(libmongocryptVersion, "1.5.1") { return nil, fmt.Errorf("RewrapManyDataKey requires libmongocrypt 1.5.2 or newer. Detected version: %v", libmongocryptVersion) } rmdko := options.MergeRewrapManyDataKeyOptions(opts...) if ctx == nil { ctx = context.Background() } // Transfer rmdko options to /x/ package options to publish the mongocrypt feed. co := mcopts.RewrapManyDataKey() if rmdko.MasterKey != nil { keyDoc, err := marshal( rmdko.MasterKey, ce.keyVaultClient.bsonOpts, ce.keyVaultClient.registry) if err != nil { return nil, err } co.SetMasterKey(keyDoc) } if rmdko.Provider != nil { co.SetProvider(*rmdko.Provider) } // Prepare the filters and rewrap the data key using mongocrypt. filterdoc, err := marshal(filter, ce.keyVaultClient.bsonOpts, ce.keyVaultClient.registry) if err != nil { return nil, err } rewrappedDocuments, err := ce.crypt.RewrapDataKey(ctx, filterdoc, co) if err != nil { return nil, err } if len(rewrappedDocuments) == 0 { // If there are no documents to rewrap, then do nothing. return new(RewrapManyDataKeyResult), nil } // Prepare the WriteModel slice for bulk updating the rewrapped data keys. models := []WriteModel{} if err := setRewrapManyDataKeyWriteModels(rewrappedDocuments, &models); err != nil { return nil, err } bulkWriteResults, err := ce.keyVaultColl.BulkWrite(ctx, models) return &RewrapManyDataKeyResult{BulkWriteResult: bulkWriteResults}, err } // splitNamespace takes a namespace in the form "database.collection" and returns (database name, collection name) func splitNamespace(ns string) (string, string) { firstDot := strings.Index(ns, ".") if firstDot == -1 { return "", ns } return ns[:firstDot], ns[firstDot+1:] }