libmongocrypt-helper 1.11.0.0.1001 → 1.13.2.0.1001
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +27 -1
- data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +13 -2
- data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +1 -7
- data/ext/libmongocrypt/libmongocrypt/CONTRIBUTING.md +14 -0
- data/ext/libmongocrypt/libmongocrypt/Earthfile +49 -50
- data/ext/libmongocrypt/libmongocrypt/README.md +39 -23
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/README.md +4 -67
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +14 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +39 -7
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +32 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pyproject.toml +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/release.sh +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +10 -9
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/compact/success/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-field-config-map.json +0 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +13 -12
- data/ext/libmongocrypt/libmongocrypt/cmake/FetchMongoC.cmake +4 -2
- data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +1 -1
- data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +37 -40
- data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +10 -9
- data/ext/libmongocrypt/libmongocrypt/etc/format.sh +0 -2
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-in-functions.patch +158 -0
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-pragma.patch +3 -3
- data/ext/libmongocrypt/libmongocrypt/etc/purls.txt +1 -1
- data/ext/libmongocrypt/libmongocrypt/integrating.md +51 -13
- data/ext/libmongocrypt/libmongocrypt/kms-message/README.md +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_crypto_windows.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_response_parser.h +3 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message_private.h +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_response_parser.c +8 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_assert.h +25 -8
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_azure_online.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_gcp_online.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_request.c +12 -10
- data/ext/libmongocrypt/libmongocrypt/src/mc-cmp-private.h +137 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +5 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +35 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle-blob-subtype-private.h +5 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +99 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +226 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +0 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +0 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +5 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +39 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +165 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload.c +0 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-private-v2.h +183 -60
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +498 -115
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds-private.h +10 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block-private.h +49 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block.c +98 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +2 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +1 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +6 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +2 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker-private.h +126 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker.c +1075 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets-private.h +95 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets.c +304 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode-private.h +45 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode.c +248 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +112 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +166 -2
- data/ext/libmongocrypt/libmongocrypt/src/mlib/windows-lean.h +2 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer-private.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +36 -3
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-key.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-private.h +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ciphertext.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +2 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +8 -4
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +429 -858
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +55 -19
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +13 -10
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +15 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-private.h +9 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key.c +6 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx-private.h +6 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +174 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-log.c +0 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +4 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +518 -524
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +0 -4
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +8 -12
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-traverse-util.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +3 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +25 -9
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +65 -6
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +3 -1
- data/ext/libmongocrypt/libmongocrypt/src/unicode/case-fold-map.c +1434 -0
- data/ext/libmongocrypt/libmongocrypt/src/unicode/diacritic-fold-map.c +2884 -0
- data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.c +139 -0
- data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.h +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/payload.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/missing-key-id/collinfo.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/collinfo.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/collinfo.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +20 -21
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/missing-key-id/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-fields/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload-range-v2.json +20 -21
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/encrypted-payload.json +2 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/encrypted-payload.json +2 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_fle1/collinfo.json +2 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-extraField.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-missingKeyId.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-badVersionSet.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-goodVersionSet.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-badVersionSet.json +48 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-goodVersionSet.json +48 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-twoFields.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/encrypted-field-config-map.json +1 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1DeterministicEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1EncryptionPlaceholder.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1RandomEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2EncryptionPlaceholder.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2EqualityIndexedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2FindEqualityPayloadV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayload-with-edges-V2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayload-with-edges.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/insert-indexed.json → explicit-decrypt/FLE2InsertUpdatePayload.json} +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2RangeIndexedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/find-with-encryptionInformation.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-csfle/collinfo.json +2 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-mongocryptd/collinfo.json +2 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-collinfo.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json +51 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/int32/encrypted-field-map.json → fle2-bad-str-encode-version/bad-encrypted-field-config-map.json} +7 -12
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-bad-str-encode-version}/encrypted-payload.json +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/encrypted-field-config-map.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-equality/encrypted-field-map.json → fle2-create-encrypted-collection/encrypted-field-config-map.json} +9 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/encrypted-payload.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json +50 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/cmd-to-mongocryptd.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/mongocryptd-reply.json +51 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +46 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +25 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +52 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload-v2.json +57 -59
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/mongocryptd-reply.json +63 -64
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload-v2.json +64 -66
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/mongocryptd-reply.json +69 -70
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json +2 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongocryptd.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongod.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/reply-from-mongocryptd.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-field-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/double → fle2-insert-text-search}/encrypted-field-map.json +10 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/encrypted-payload.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/mongocryptd-reply.json +55 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/date → fle2-insert-text-search-with-str-encode-version}/encrypted-field-map.json +12 -10
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/encrypted-payload.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/mongocryptd-reply.json +55 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/encrypted-field-map.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/mongocryptd-reply.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd-to-mongocryptd.json +55 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd.json +22 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-field-config-map.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/mongocryptd-reply.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +56 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneRangeV2.json +9 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneText.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneTextLarge.json +930 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneV2.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-tests.json +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd-to-mongocryptd.json +60 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-facet/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-mismatch/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/{bindings/cs/MongoDB.Libmongocrypt.Test/test/example/collection-info.json → test/data/lookup/csfle-mismatch/collInfo-c1.json} +12 -10
- data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/collection-info.json → test/data/lookup/csfle-mismatch/collInfo-c3.json} +13 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-nested/cmd.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd-to-mongocryptd.json +60 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/schemaMap.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd-to-mongocryptd.json +60 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/schemaMap.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd-to-mongocryptd.json +34 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd-to-mongocryptd.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c2.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/reply-from-mongocryptd.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-unionWith/cmd.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-v1.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongocryptd.json +65 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongod.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/keys/ABCDEFAB123498761234123456789012-local-document.json → test/data/lookup/mixed/csfle/csfle/key-doc.json} +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/reply-from-mongocryptd.json +33 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongocryptd.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongod.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c2.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/reply-from-mongocryptd.json +33 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd-to-mongocryptd.json +70 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongocryptd.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongod.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c1.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/reply-from-mongocryptd.json +33 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongocryptd.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongod.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c1.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c2.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/reply-from-mongocryptd.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongocryptd.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongod.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c1.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/reply-from-mongocryptd.json +65 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd-to-mongocryptd.json +70 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongocryptd.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongod.json +56 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c2.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/reply-from-mongocryptd.json +63 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongocryptd.json +66 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongod.json +71 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/reply-from-mongocryptd.json +78 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongocryptd.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongod.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/reply-from-mongocryptd.json +68 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongocryptd.json +66 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongod.json +71 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert-unindexed/encrypted-field-map.json → lookup/qe-encryptedFieldsMap/encryptedFieldsMap.json} +6 -7
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/reply-from-mongocryptd.json +78 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongocryptd.json +46 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongod.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/reply-from-mongocryptd.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongocryptd.json +66 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongod.json +75 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/reply-from-mongocryptd.json +78 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-create/mongocryptd-ismaster.json → mongocryptd-ismaster-17.json} +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/mongocryptd-ismaster-26.json +12 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/multikey/command.json +7 -0
- data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/key-document.json → test/data/multikey/key-document-a.json} +18 -19
- data/ext/libmongocrypt/libmongocrypt/test/data/multikey/key-document-b.json +37 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/multikey/mongocryptd_reply.json +34 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/multikey/schema_map.json +35 -0
- data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/kms-reply.txt → test/data/rmd/kms-decrypt-reply-429.txt} +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-jsonSchema.json +43 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-noSchema.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/create-with-jsonSchema.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields2.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFieldsMap.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema2.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/schemaMap.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +28 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +28 -2
- data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-cmp.c +304 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +70 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-encryption-placeholder.c +468 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-equality-payload-v2.c +20 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev-v2.c +370 -22
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +25 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup.c +24 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-uev.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-tag-and-encrypted-metadata-block.c +91 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +6 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +32 -33
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +68 -75
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-schema-broker.c +1124 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-text-search-str-encode.c +1207 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +144 -37
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +13 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.h +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert.h +21 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-buffer.c +25 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache.c +3 -20
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +57 -46
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto.c +37 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +226 -146
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +1529 -1197
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +79 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +160 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kek.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-key-cache.c +7 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-responses.c +6 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +750 -110
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +143 -33
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +39 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-unicode-fold.c +97 -0
- data/lib/libmongocrypt_helper/version.rb +2 -2
- metadata +233 -225
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/CMakeLists.txt +0 -17
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Driver.snk +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/AssemblyInfo.cs +0 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Binary.cs +0 -145
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/BinarySafeHandle.cs +0 -60
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CheckableSafeHandle.cs +0 -46
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CipherCallbacks.cs +0 -168
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/ContextSafeHandle.cs +0 -48
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptClient.cs +0 -257
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptClientFactory.cs +0 -138
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptContext.cs +0 -214
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptException.cs +0 -37
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptOptions.cs +0 -67
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/HashCallback.cs +0 -59
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/HmacShaCallbacks.cs +0 -96
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/IStatus.cs +0 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/KmsCredentials.cs +0 -53
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/KmsKeyId.cs +0 -91
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/KmsRequest.cs +0 -125
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/KmsRequestCollection.cs +0 -60
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Library.cs +0 -684
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/LibraryLoader.cs +0 -289
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/LibraryLoadingException.cs +0 -34
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/License.txt +0 -14
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/LogLevel.cs +0 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoCryptSafeHandle.cs +0 -48
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoDB.Libmongocrypt.csproj +0 -107
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoDB.Libmongocrypt.ruleset +0 -85
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoDB.Libmongocrypt.targets +0 -21
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/OperatingSystemHelper.cs +0 -59
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Package.include.template.csproj +0 -38
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/PinnedBinary.cs +0 -49
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/SecureRandomCallback.cs +0 -51
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/SigningRSAESPKCSCallback.cs +0 -74
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Status.cs +0 -94
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/StatusSafeHandle.cs +0 -60
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/StyleCop.ruleset +0 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/stylecop.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Example/MongoDB.Libmongocrypt.Example.csproj +0 -23
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Example/Package.include.template.csproj +0 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Example/Program.cs +0 -442
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/BasicTests.cs +0 -748
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/BsonUtil.cs +0 -82
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/CallbackUtils.cs +0 -37
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/CipherCallbacksTests.cs +0 -46
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/HashCallbackTests.cs +0 -37
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/HmacShaCallbacksTests.cs +0 -37
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/MongoDB.Libmongocrypt.Test.csproj +0 -37
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/Package.include.template.csproj +0 -23
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/SigningRSAESPKCSCallbackTests.cs +0 -64
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/command-reply.json +0 -13
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/encrypted-command-reply.json +0 -16
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/encrypted-command.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/encrypted-value.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/key-document.json +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/key-filter.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/list-collections-filter.json +0 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/mongocryptd-command.json +0 -22
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/xunit.runner.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test32/BasicTests.cs +0 -54
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test32/MongoDB.Libmongocrypt.Test32.csproj +0 -44
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test32/Package.include.template.csproj +0 -23
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.cake +0 -215
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.config +0 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.ps1 +0 -275
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.sh +0 -77
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/README.md +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/build.gradle.kts +0 -28
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java +0 -217
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/resources/keyDocument.json +0 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +0 -354
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.jar +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.properties +0 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew +0 -234
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew.bat +0 -89
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/settings.gradle.kts +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/BinaryHolder.java +0 -45
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java +0 -1165
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPIHelper.java +0 -96
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CipherCallback.java +0 -92
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/DisposableMemory.java +0 -31
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/JULLogger.java +0 -130
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Logger.java +0 -144
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Loggers.java +0 -50
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MacCallback.java +0 -60
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MessageDigestCallback.java +0 -55
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoAwsKmsProviderOptions.java +0 -104
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypt.java +0 -100
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContext.java +0 -137
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContextImpl.java +0 -164
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptException.java +0 -67
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptImpl.java +0 -423
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptOptions.java +0 -284
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypts.java +0 -38
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoDataKeyOptions.java +0 -125
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoExplicitEncryptOptions.java +0 -227
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptor.java +0 -76
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptorImpl.java +0 -105
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoLocalKmsProviderOptions.java +0 -83
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoRewrapManyDataKeyOptions.java +0 -104
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SLF4JLogger.java +0 -110
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SecureRandomCallback.java +0 -51
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SigningRSAESPKCSCallback.java +0 -76
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/package-info.java +0 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/jni-config.json +0 -180
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/reflect-config.json +0 -134
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +0 -389
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command-reply.json +0 -13
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command-reply.json +0 -16
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-value.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/key-filter.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/rangeopts.json +0 -14
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/value-to-encrypt.json +0 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/json-schema.json +0 -15
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter-keyAltName.json +0 -14
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/list-collections-filter.json +0 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-command.json +0 -22
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-reply.json +0 -18
- data/ext/libmongocrypt/libmongocrypt/etc/silk-create-asset-group.sh +0 -70
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd.json +0 -20
- data/ext/libmongocrypt/libmongocrypt/test/data/collection-info-no-schema.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-field-config-map.json +0 -47
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/collinfo.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/ismaster-to-mongocryptd.json +0 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload.json +0 -91
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload.json +0 -98
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/find-indexed-contentionFactor1.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-contentionFactor1.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-same-user-and-index-key.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/encrypted-payload.json +0 -41
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/mongocryptd-reply.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/cmd.json +0 -10
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-payload.json +0 -51
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/mongocryptd-reply.json +0 -59
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double-precision/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-openinterval/encrypted-payload.json +0 -16
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/cmd.json +0 -13
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/cmd.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/cmd.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-payload.json +0 -54
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/mongocryptd-reply.json +0 -62
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/cmd.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/cmd.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-payload.json +0 -48
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/mongocryptd-reply.json +0 -56
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/cmd.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/encrypted-payload.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/encrypted-payload.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/encrypted-payload.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/cmd.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/encrypted-payload.json +0 -14
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/mongocryptd-reply.json +0 -46
- data/ext/libmongocrypt/libmongocrypt/test/data/schema.json +0 -19
- /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/find-indexed.json → explicit-decrypt/FLE2FindEqualityPayload.json} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-text-search-with-str-encode-version}/cmd.json +0 -0
@@ -22,476 +22,30 @@
|
|
22
22
|
#include "mongocrypt-ctx-private.h"
|
23
23
|
#include "mongocrypt-key-broker-private.h"
|
24
24
|
#include "mongocrypt-marking-private.h"
|
25
|
+
#include "mongocrypt-private.h"
|
25
26
|
#include "mongocrypt-traverse-util-private.h"
|
26
27
|
#include "mongocrypt-util-private.h" // mc_iter_document_as_bson
|
27
28
|
#include "mongocrypt.h"
|
28
29
|
|
29
|
-
/* _fle2_append_encryptedFieldConfig copies encryptedFieldConfig and applies
|
30
|
-
* default state collection names for escCollection, eccCollection, and
|
31
|
-
* ecocCollection if required. */
|
32
|
-
static bool _fle2_append_encryptedFieldConfig(const mongocrypt_ctx_t *ctx,
|
33
|
-
bson_t *dst,
|
34
|
-
bson_t *encryptedFieldConfig,
|
35
|
-
const char *target_coll,
|
36
|
-
mongocrypt_status_t *status) {
|
37
|
-
bson_iter_t iter;
|
38
|
-
bool has_escCollection = false;
|
39
|
-
bool has_eccCollection = false;
|
40
|
-
bool has_ecocCollection = false;
|
41
|
-
|
42
|
-
BSON_ASSERT_PARAM(dst);
|
43
|
-
BSON_ASSERT_PARAM(encryptedFieldConfig);
|
44
|
-
BSON_ASSERT_PARAM(target_coll);
|
45
|
-
|
46
|
-
if (!bson_iter_init(&iter, encryptedFieldConfig)) {
|
47
|
-
CLIENT_ERR("unable to iterate encryptedFieldConfig");
|
48
|
-
return false;
|
49
|
-
}
|
50
|
-
|
51
|
-
while (bson_iter_next(&iter)) {
|
52
|
-
if (strcmp(bson_iter_key(&iter), "escCollection") == 0) {
|
53
|
-
has_escCollection = true;
|
54
|
-
}
|
55
|
-
if (strcmp(bson_iter_key(&iter), "eccCollection") == 0) {
|
56
|
-
has_eccCollection = true;
|
57
|
-
}
|
58
|
-
if (strcmp(bson_iter_key(&iter), "ecocCollection") == 0) {
|
59
|
-
has_ecocCollection = true;
|
60
|
-
}
|
61
|
-
if (!BSON_APPEND_VALUE(dst, bson_iter_key(&iter), bson_iter_value(&iter))) {
|
62
|
-
CLIENT_ERR("unable to append field: %s", bson_iter_key(&iter));
|
63
|
-
return false;
|
64
|
-
}
|
65
|
-
}
|
66
|
-
|
67
|
-
if (!has_escCollection) {
|
68
|
-
char *default_escCollection = bson_strdup_printf("enxcol_.%s.esc", target_coll);
|
69
|
-
if (!BSON_APPEND_UTF8(dst, "escCollection", default_escCollection)) {
|
70
|
-
CLIENT_ERR("unable to append escCollection");
|
71
|
-
bson_free(default_escCollection);
|
72
|
-
return false;
|
73
|
-
}
|
74
|
-
bson_free(default_escCollection);
|
75
|
-
}
|
76
|
-
if (!has_eccCollection && !ctx->crypt->opts.use_fle2_v2) {
|
77
|
-
char *default_eccCollection = bson_strdup_printf("enxcol_.%s.ecc", target_coll);
|
78
|
-
if (!BSON_APPEND_UTF8(dst, "eccCollection", default_eccCollection)) {
|
79
|
-
CLIENT_ERR("unable to append eccCollection");
|
80
|
-
bson_free(default_eccCollection);
|
81
|
-
return false;
|
82
|
-
}
|
83
|
-
bson_free(default_eccCollection);
|
84
|
-
}
|
85
|
-
if (!has_ecocCollection) {
|
86
|
-
char *default_ecocCollection = bson_strdup_printf("enxcol_.%s.ecoc", target_coll);
|
87
|
-
if (!BSON_APPEND_UTF8(dst, "ecocCollection", default_ecocCollection)) {
|
88
|
-
CLIENT_ERR("unable to append ecocCollection");
|
89
|
-
bson_free(default_ecocCollection);
|
90
|
-
return false;
|
91
|
-
}
|
92
|
-
bson_free(default_ecocCollection);
|
93
|
-
}
|
94
|
-
return true;
|
95
|
-
}
|
96
|
-
|
97
|
-
static bool _fle2_append_encryptionInformation(const mongocrypt_ctx_t *ctx,
|
98
|
-
bson_t *dst,
|
99
|
-
const char *target_ns,
|
100
|
-
bson_t *encryptedFieldConfig,
|
101
|
-
bson_t *deleteTokens,
|
102
|
-
const char *target_coll,
|
103
|
-
mongocrypt_status_t *status) {
|
104
|
-
bson_t encryption_information_bson;
|
105
|
-
bson_t schema_bson;
|
106
|
-
bson_t encrypted_field_config_bson;
|
107
|
-
|
108
|
-
BSON_ASSERT_PARAM(dst);
|
109
|
-
BSON_ASSERT_PARAM(target_ns);
|
110
|
-
BSON_ASSERT_PARAM(encryptedFieldConfig);
|
111
|
-
/* deleteTokens may be NULL */
|
112
|
-
BSON_ASSERT_PARAM(target_coll);
|
113
|
-
|
114
|
-
if (!BSON_APPEND_DOCUMENT_BEGIN(dst, "encryptionInformation", &encryption_information_bson)) {
|
115
|
-
CLIENT_ERR("unable to begin appending 'encryptionInformation'");
|
116
|
-
return false;
|
117
|
-
}
|
118
|
-
if (!BSON_APPEND_INT32(&encryption_information_bson, "type", 1)) {
|
119
|
-
CLIENT_ERR("unable to append type to 'encryptionInformation'");
|
120
|
-
return false;
|
121
|
-
}
|
122
|
-
if (!BSON_APPEND_DOCUMENT_BEGIN(&encryption_information_bson, "schema", &schema_bson)) {
|
123
|
-
CLIENT_ERR("unable to begin appending 'schema' to 'encryptionInformation'");
|
124
|
-
return false;
|
125
|
-
}
|
126
|
-
|
127
|
-
if (!BSON_APPEND_DOCUMENT_BEGIN(&schema_bson, target_ns, &encrypted_field_config_bson)) {
|
128
|
-
CLIENT_ERR("unable to begin appending 'encryptedFieldConfig' to "
|
129
|
-
"'encryptionInformation'.'schema'");
|
130
|
-
return false;
|
131
|
-
}
|
132
|
-
|
133
|
-
if (!_fle2_append_encryptedFieldConfig(ctx,
|
134
|
-
&encrypted_field_config_bson,
|
135
|
-
encryptedFieldConfig,
|
136
|
-
target_coll,
|
137
|
-
status)) {
|
138
|
-
return false;
|
139
|
-
}
|
140
|
-
|
141
|
-
if (!bson_append_document_end(&schema_bson, &encrypted_field_config_bson)) {
|
142
|
-
CLIENT_ERR("unable to end appending 'encryptedFieldConfig' to "
|
143
|
-
"'encryptionInformation'.'schema'");
|
144
|
-
return false;
|
145
|
-
}
|
146
|
-
if (!bson_append_document_end(&encryption_information_bson, &schema_bson)) {
|
147
|
-
CLIENT_ERR("unable to end appending 'schema' to 'encryptionInformation'");
|
148
|
-
return false;
|
149
|
-
}
|
150
|
-
|
151
|
-
if (deleteTokens != NULL) {
|
152
|
-
bson_t delete_tokens_bson;
|
153
|
-
if (!BSON_APPEND_DOCUMENT_BEGIN(&encryption_information_bson, "deleteTokens", &delete_tokens_bson)) {
|
154
|
-
CLIENT_ERR("unable to begin appending 'deleteTokens' to "
|
155
|
-
"'encryptionInformation'");
|
156
|
-
return false;
|
157
|
-
}
|
158
|
-
if (!BSON_APPEND_DOCUMENT(&delete_tokens_bson, target_ns, deleteTokens)) {
|
159
|
-
CLIENT_ERR("unable to append '%s' to 'deleteTokens'", target_ns);
|
160
|
-
return false;
|
161
|
-
}
|
162
|
-
if (!bson_append_document_end(&encryption_information_bson, &delete_tokens_bson)) {
|
163
|
-
CLIENT_ERR("unable to end appending 'deleteTokens' to "
|
164
|
-
"'encryptionInformation'");
|
165
|
-
return false;
|
166
|
-
}
|
167
|
-
}
|
168
|
-
|
169
|
-
if (!bson_append_document_end(dst, &encryption_information_bson)) {
|
170
|
-
CLIENT_ERR("unable to end appending 'encryptionInformation'");
|
171
|
-
return false;
|
172
|
-
}
|
173
|
-
return true;
|
174
|
-
}
|
175
|
-
|
176
|
-
typedef enum { MC_TO_CSFLE, MC_TO_MONGOCRYPTD, MC_TO_MONGOD } mc_cmd_target_t;
|
177
|
-
|
178
|
-
/**
|
179
|
-
* @brief Add "encryptionInformation" to a command.
|
180
|
-
*
|
181
|
-
* @param cmd_name The name of the command.
|
182
|
-
* @param cmd The command being rewritten. It is an input and output.
|
183
|
-
* @param target_ns The <db>.<collection> namespace for the command.
|
184
|
-
* @param encryptedFieldConfig The "encryptedFields" document for the
|
185
|
-
* collection.
|
186
|
-
* @param deleteTokens Delete tokens to append to "encryptionInformation". May
|
187
|
-
* be NULL.
|
188
|
-
* @param target_coll The collection name.
|
189
|
-
* @param cmd_target The intended destination of the command. csfle,
|
190
|
-
* mongocryptd, and mongod have different requirements for the location of
|
191
|
-
* "encryptionInformation".
|
192
|
-
* @param status Output status.
|
193
|
-
* @return true On success
|
194
|
-
* @return false Otherwise. Sets a failing status message in this case.
|
195
|
-
*/
|
196
|
-
static bool _fle2_insert_encryptionInformation(const mongocrypt_ctx_t *ctx,
|
197
|
-
const char *cmd_name,
|
198
|
-
bson_t *cmd /* in and out */,
|
199
|
-
const char *target_ns,
|
200
|
-
bson_t *encryptedFieldConfig,
|
201
|
-
bson_t *deleteTokens,
|
202
|
-
const char *target_coll,
|
203
|
-
mc_cmd_target_t cmd_target,
|
204
|
-
mongocrypt_status_t *status) {
|
205
|
-
bson_t out = BSON_INITIALIZER;
|
206
|
-
bson_t explain = BSON_INITIALIZER;
|
207
|
-
bson_iter_t iter;
|
208
|
-
bool ok = false;
|
209
|
-
|
210
|
-
BSON_ASSERT_PARAM(cmd_name);
|
211
|
-
BSON_ASSERT_PARAM(cmd);
|
212
|
-
BSON_ASSERT_PARAM(target_ns);
|
213
|
-
BSON_ASSERT_PARAM(encryptedFieldConfig);
|
214
|
-
/* deleteTokens may be NULL */
|
215
|
-
BSON_ASSERT_PARAM(target_coll);
|
216
|
-
|
217
|
-
// For `bulkWrite`, append `encryptionInformation` inside the `nsInfo.0` document.
|
218
|
-
if (0 == strcmp(cmd_name, "bulkWrite")) {
|
219
|
-
// Get the single `nsInfo` document from the input command.
|
220
|
-
bson_t nsInfo; // Non-owning.
|
221
|
-
{
|
222
|
-
bson_iter_t nsInfo_iter;
|
223
|
-
if (!bson_iter_init(&nsInfo_iter, cmd)) {
|
224
|
-
CLIENT_ERR("failed to iterate command");
|
225
|
-
goto fail;
|
226
|
-
}
|
227
|
-
if (!bson_iter_find_descendant(&nsInfo_iter, "nsInfo.0", &nsInfo_iter)) {
|
228
|
-
CLIENT_ERR("expected one namespace in `bulkWrite`, but found zero.");
|
229
|
-
goto fail;
|
230
|
-
}
|
231
|
-
if (bson_has_field(cmd, "nsInfo.1")) {
|
232
|
-
CLIENT_ERR(
|
233
|
-
"expected one namespace in `bulkWrite`, but found more than one. Only one namespace is supported.");
|
234
|
-
goto fail;
|
235
|
-
}
|
236
|
-
if (!mc_iter_document_as_bson(&nsInfo_iter, &nsInfo, status)) {
|
237
|
-
goto fail;
|
238
|
-
}
|
239
|
-
// Ensure `nsInfo` does not already have an `encryptionInformation` field.
|
240
|
-
if (bson_has_field(&nsInfo, "encryptionInformation")) {
|
241
|
-
CLIENT_ERR("unexpected `encryptionInformation` present in input `nsInfo`.");
|
242
|
-
goto fail;
|
243
|
-
}
|
244
|
-
}
|
245
|
-
|
246
|
-
// Copy input and append `encryptionInformation` to `nsInfo`.
|
247
|
-
{
|
248
|
-
// Append everything from input except `nsInfo`.
|
249
|
-
bson_copy_to_excluding_noinit(cmd, &out, "nsInfo", NULL);
|
250
|
-
// Append `nsInfo` array.
|
251
|
-
bson_t nsInfo_array;
|
252
|
-
if (!BSON_APPEND_ARRAY_BEGIN(&out, "nsInfo", &nsInfo_array)) {
|
253
|
-
CLIENT_ERR("unable to begin appending 'nsInfo' array");
|
254
|
-
goto fail;
|
255
|
-
}
|
256
|
-
bson_t nsInfo_array_0;
|
257
|
-
if (!BSON_APPEND_DOCUMENT_BEGIN(&nsInfo_array, "0", &nsInfo_array_0)) {
|
258
|
-
CLIENT_ERR("unable to append 'nsInfo.0' document");
|
259
|
-
goto fail;
|
260
|
-
}
|
261
|
-
// Copy everything from input `nsInfo`.
|
262
|
-
bson_concat(&nsInfo_array_0, &nsInfo);
|
263
|
-
// And append `encryptionInformation`.
|
264
|
-
if (!_fle2_append_encryptionInformation(ctx,
|
265
|
-
&nsInfo_array_0,
|
266
|
-
target_ns,
|
267
|
-
encryptedFieldConfig,
|
268
|
-
deleteTokens,
|
269
|
-
target_coll,
|
270
|
-
status)) {
|
271
|
-
goto fail;
|
272
|
-
}
|
273
|
-
if (!bson_append_document_end(&nsInfo_array, &nsInfo_array_0)) {
|
274
|
-
CLIENT_ERR("unable to end appending 'nsInfo' document in array");
|
275
|
-
}
|
276
|
-
if (!bson_append_array_end(&out, &nsInfo_array)) {
|
277
|
-
CLIENT_ERR("unable to end appending 'nsInfo' array");
|
278
|
-
goto fail;
|
279
|
-
}
|
280
|
-
// Overwrite `cmd`.
|
281
|
-
bson_destroy(cmd);
|
282
|
-
if (!bson_steal(cmd, &out)) {
|
283
|
-
CLIENT_ERR("failed to steal BSON with encryptionInformation");
|
284
|
-
goto fail;
|
285
|
-
}
|
286
|
-
}
|
287
|
-
|
288
|
-
goto success;
|
289
|
-
}
|
290
|
-
|
291
|
-
if (0 != strcmp(cmd_name, "explain") || cmd_target == MC_TO_MONGOCRYPTD) {
|
292
|
-
// All commands except "explain" and "bulkWrite" expect "encryptionInformation"
|
293
|
-
// at top-level. "explain" sent to mongocryptd expects
|
294
|
-
// "encryptionInformation" at top-level.
|
295
|
-
if (!_fle2_append_encryptionInformation(ctx,
|
296
|
-
cmd,
|
297
|
-
target_ns,
|
298
|
-
encryptedFieldConfig,
|
299
|
-
deleteTokens,
|
300
|
-
target_coll,
|
301
|
-
status)) {
|
302
|
-
goto fail;
|
303
|
-
}
|
304
|
-
bson_destroy(&out);
|
305
|
-
goto success;
|
306
|
-
}
|
307
|
-
|
308
|
-
// The "explain" command for csfle is a special case.
|
309
|
-
// mongocryptd expects "encryptionInformation" to be a sibling of the
|
310
|
-
// "explain" document. Example:
|
311
|
-
// {
|
312
|
-
// "explain": { "find": "to-mongocryptd" },
|
313
|
-
// "encryptionInformation": {}
|
314
|
-
// }
|
315
|
-
// csfle and mongod expect "encryptionInformation" to be nested in the
|
316
|
-
// "explain" document. Example:
|
317
|
-
// {
|
318
|
-
// "explain": {
|
319
|
-
// "find": "to-csfle-or-mongod"
|
320
|
-
// "encryptionInformation": {}
|
321
|
-
// }
|
322
|
-
// }
|
323
|
-
BSON_ASSERT(bson_iter_init_find(&iter, cmd, "explain"));
|
324
|
-
if (!BSON_ITER_HOLDS_DOCUMENT(&iter)) {
|
325
|
-
CLIENT_ERR("expected 'explain' to be document");
|
326
|
-
goto fail;
|
327
|
-
}
|
328
|
-
|
329
|
-
{
|
330
|
-
bson_t tmp;
|
331
|
-
if (!mc_iter_document_as_bson(&iter, &tmp, status)) {
|
332
|
-
goto fail;
|
333
|
-
}
|
334
|
-
bson_destroy(&explain);
|
335
|
-
bson_copy_to(&tmp, &explain);
|
336
|
-
}
|
337
|
-
|
338
|
-
if (!_fle2_append_encryptionInformation(ctx,
|
339
|
-
&explain,
|
340
|
-
target_ns,
|
341
|
-
encryptedFieldConfig,
|
342
|
-
deleteTokens,
|
343
|
-
target_coll,
|
344
|
-
status)) {
|
345
|
-
goto fail;
|
346
|
-
}
|
347
|
-
|
348
|
-
if (!BSON_APPEND_DOCUMENT(&out, "explain", &explain)) {
|
349
|
-
CLIENT_ERR("unable to append 'explain' document");
|
350
|
-
goto fail;
|
351
|
-
}
|
352
|
-
|
353
|
-
bson_copy_to_excluding_noinit(cmd, &out, "explain", NULL);
|
354
|
-
bson_destroy(cmd);
|
355
|
-
if (!bson_steal(cmd, &out)) {
|
356
|
-
CLIENT_ERR("failed to steal BSON with encryptionInformation");
|
357
|
-
goto fail;
|
358
|
-
}
|
359
|
-
|
360
|
-
success:
|
361
|
-
ok = true;
|
362
|
-
fail:
|
363
|
-
bson_destroy(&explain);
|
364
|
-
if (!ok) {
|
365
|
-
bson_destroy(&out);
|
366
|
-
}
|
367
|
-
return ok;
|
368
|
-
}
|
369
|
-
|
370
30
|
/* Construct the list collections command to send. */
|
371
31
|
static bool _mongo_op_collinfo(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
372
32
|
_mongocrypt_ctx_encrypt_t *ectx;
|
373
|
-
bson_t *cmd;
|
374
33
|
|
375
34
|
BSON_ASSERT_PARAM(ctx);
|
376
35
|
BSON_ASSERT_PARAM(out);
|
377
36
|
|
378
37
|
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
379
|
-
|
380
|
-
|
381
|
-
|
38
|
+
bson_t filter = BSON_INITIALIZER;
|
39
|
+
if (!mc_schema_broker_append_listCollections_filter(ectx->sb, &filter, ctx->status)) {
|
40
|
+
_mongocrypt_ctx_fail(ctx);
|
41
|
+
return false;
|
42
|
+
}
|
43
|
+
_mongocrypt_buffer_steal_from_bson(&ectx->list_collections_filter, &filter);
|
382
44
|
out->data = ectx->list_collections_filter.data;
|
383
45
|
out->len = ectx->list_collections_filter.len;
|
384
46
|
return true;
|
385
47
|
}
|
386
48
|
|
387
|
-
static bool _set_schema_from_collinfo(mongocrypt_ctx_t *ctx, bson_t *collinfo) {
|
388
|
-
bson_iter_t iter;
|
389
|
-
_mongocrypt_ctx_encrypt_t *ectx;
|
390
|
-
bool found_jsonschema = false;
|
391
|
-
|
392
|
-
BSON_ASSERT_PARAM(ctx);
|
393
|
-
BSON_ASSERT_PARAM(collinfo);
|
394
|
-
|
395
|
-
/* Parse out the schema. */
|
396
|
-
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
397
|
-
|
398
|
-
/* Disallow views. */
|
399
|
-
if (bson_iter_init_find(&iter, collinfo, "type") && BSON_ITER_HOLDS_UTF8(&iter) && bson_iter_utf8(&iter, NULL)
|
400
|
-
&& 0 == strcmp("view", bson_iter_utf8(&iter, NULL))) {
|
401
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "cannot auto encrypt a view");
|
402
|
-
}
|
403
|
-
|
404
|
-
if (!bson_iter_init(&iter, collinfo)) {
|
405
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "BSON malformed");
|
406
|
-
}
|
407
|
-
|
408
|
-
if (bson_iter_find_descendant(&iter, "options.encryptedFields", &iter)) {
|
409
|
-
if (!BSON_ITER_HOLDS_DOCUMENT(&iter)) {
|
410
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "options.encryptedFields is not a BSON document");
|
411
|
-
}
|
412
|
-
if (!_mongocrypt_buffer_copy_from_document_iter(&ectx->encrypted_field_config, &iter)) {
|
413
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "unable to copy options.encryptedFields");
|
414
|
-
}
|
415
|
-
bson_t efc_bson;
|
416
|
-
if (!_mongocrypt_buffer_to_bson(&ectx->encrypted_field_config, &efc_bson)) {
|
417
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "unable to create BSON from encrypted_field_config");
|
418
|
-
}
|
419
|
-
if (!mc_EncryptedFieldConfig_parse(&ectx->efc, &efc_bson, ctx->status, ctx->crypt->opts.use_range_v2)) {
|
420
|
-
_mongocrypt_ctx_fail(ctx);
|
421
|
-
return false;
|
422
|
-
}
|
423
|
-
} else if (0 == strcmp(ectx->cmd_name, "bulkWrite")) {
|
424
|
-
ectx->used_empty_encryptedFields = true;
|
425
|
-
// `bulkWrite` is a special case. Sending `bulkWrite` with `jsonSchema` to query analysis results in an error:
|
426
|
-
// `The bulkWrite command only supports Queryable Encryption`
|
427
|
-
//
|
428
|
-
// Add an empty encryptedFields (rather than an empty JSON schema) to ensure `bulkWrite` can be sent to query
|
429
|
-
// analysis.
|
430
|
-
bson_t empty_encryptedFields = BSON_INITIALIZER;
|
431
|
-
{
|
432
|
-
char *escCollection = bson_strdup_printf("enxcol_.%s.esc", ectx->target_coll);
|
433
|
-
char *ecocCollection = bson_strdup_printf("enxcol_.%s.ecoc", ectx->target_coll);
|
434
|
-
bson_t empty_array = BSON_INITIALIZER;
|
435
|
-
if (!BSON_APPEND_UTF8(&empty_encryptedFields, "escCollection", escCollection)) {
|
436
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "failed to append `escCollection`");
|
437
|
-
}
|
438
|
-
if (!BSON_APPEND_UTF8(&empty_encryptedFields, "ecocCollection", ecocCollection)) {
|
439
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "failed to append `ecocCollection`");
|
440
|
-
}
|
441
|
-
if (!BSON_APPEND_ARRAY(&empty_encryptedFields, "fields", &empty_array)) {
|
442
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "failed to append `fields`");
|
443
|
-
}
|
444
|
-
|
445
|
-
bson_destroy(&empty_array);
|
446
|
-
bson_free(escCollection);
|
447
|
-
bson_free(ecocCollection);
|
448
|
-
}
|
449
|
-
|
450
|
-
if (!mc_EncryptedFieldConfig_parse(&ectx->efc,
|
451
|
-
&empty_encryptedFields,
|
452
|
-
ctx->status,
|
453
|
-
ctx->crypt->opts.use_range_v2)) {
|
454
|
-
bson_destroy(&empty_encryptedFields);
|
455
|
-
_mongocrypt_ctx_fail(ctx);
|
456
|
-
return false;
|
457
|
-
}
|
458
|
-
_mongocrypt_buffer_steal_from_bson(&ectx->encrypted_field_config, &empty_encryptedFields);
|
459
|
-
}
|
460
|
-
|
461
|
-
BSON_ASSERT(bson_iter_init(&iter, collinfo));
|
462
|
-
|
463
|
-
if (bson_iter_find_descendant(&iter, "options.validator", &iter) && BSON_ITER_HOLDS_DOCUMENT(&iter)) {
|
464
|
-
if (!bson_iter_recurse(&iter, &iter)) {
|
465
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "BSON malformed");
|
466
|
-
}
|
467
|
-
while (bson_iter_next(&iter)) {
|
468
|
-
const char *key;
|
469
|
-
|
470
|
-
key = bson_iter_key(&iter);
|
471
|
-
BSON_ASSERT(key);
|
472
|
-
if (0 == strcmp("$jsonSchema", key)) {
|
473
|
-
if (found_jsonschema) {
|
474
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "duplicate $jsonSchema fields found");
|
475
|
-
}
|
476
|
-
if (!_mongocrypt_buffer_copy_from_document_iter(&ectx->schema, &iter)) {
|
477
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "malformed $jsonSchema");
|
478
|
-
}
|
479
|
-
found_jsonschema = true;
|
480
|
-
} else {
|
481
|
-
ectx->collinfo_has_siblings = true;
|
482
|
-
}
|
483
|
-
}
|
484
|
-
}
|
485
|
-
|
486
|
-
if (!found_jsonschema) {
|
487
|
-
bson_t empty = BSON_INITIALIZER;
|
488
|
-
|
489
|
-
_mongocrypt_buffer_steal_from_bson(&ectx->schema, &empty);
|
490
|
-
}
|
491
|
-
|
492
|
-
return true;
|
493
|
-
}
|
494
|
-
|
495
49
|
/* get_command_name returns the name of a command. The command name is the first
|
496
50
|
* field. For example, the command name of: {"find": "foo", "filter": {"bar":
|
497
51
|
* 1}} is "find". */
|
@@ -526,29 +80,6 @@ static const char *get_command_name(_mongocrypt_buffer_t *cmd, mongocrypt_status
|
|
526
80
|
return cmd_name;
|
527
81
|
}
|
528
82
|
|
529
|
-
static bool command_needs_deleteTokens(mongocrypt_ctx_t *ctx, const char *command_name) {
|
530
|
-
BSON_ASSERT_PARAM(ctx);
|
531
|
-
BSON_ASSERT_PARAM(command_name);
|
532
|
-
BSON_ASSERT(ctx->kb.crypt);
|
533
|
-
|
534
|
-
if (ctx->crypt->opts.use_fle2_v2) {
|
535
|
-
return false;
|
536
|
-
}
|
537
|
-
|
538
|
-
const char *cmds_needing_deleteTokens[] = {"delete", "update", "findAndModify"};
|
539
|
-
|
540
|
-
BSON_ASSERT_PARAM(command_name);
|
541
|
-
|
542
|
-
size_t i;
|
543
|
-
for (i = 0; i < sizeof(cmds_needing_deleteTokens) / sizeof(cmds_needing_deleteTokens[0]); i++) {
|
544
|
-
if (0 == strcmp(cmds_needing_deleteTokens[i], command_name)) {
|
545
|
-
return true;
|
546
|
-
}
|
547
|
-
}
|
548
|
-
|
549
|
-
return false;
|
550
|
-
}
|
551
|
-
|
552
83
|
/* context_uses_fle2 returns true if the context uses FLE 2 behavior.
|
553
84
|
* If a collection has an encryptedFields document, it uses FLE 2.
|
554
85
|
*/
|
@@ -557,40 +88,7 @@ static bool context_uses_fle2(mongocrypt_ctx_t *ctx) {
|
|
557
88
|
|
558
89
|
BSON_ASSERT_PARAM(ctx);
|
559
90
|
|
560
|
-
return
|
561
|
-
}
|
562
|
-
|
563
|
-
/* _fle2_collect_keys_for_deleteTokens requests keys required to produce
|
564
|
-
* deleteTokens. deleteTokens is only applicable to FLE 2. */
|
565
|
-
static bool _fle2_collect_keys_for_deleteTokens(mongocrypt_ctx_t *ctx) {
|
566
|
-
_mongocrypt_ctx_encrypt_t *ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
567
|
-
|
568
|
-
BSON_ASSERT_PARAM(ctx);
|
569
|
-
|
570
|
-
/* deleteTokens are only appended for FLE 2. */
|
571
|
-
if (!context_uses_fle2(ctx)) {
|
572
|
-
return true;
|
573
|
-
}
|
574
|
-
|
575
|
-
const char *cmd_name = ectx->cmd_name;
|
576
|
-
|
577
|
-
if (!command_needs_deleteTokens(ctx, cmd_name)) {
|
578
|
-
/* Command does not require deleteTokens. */
|
579
|
-
return true;
|
580
|
-
}
|
581
|
-
|
582
|
-
mc_EncryptedField_t *field;
|
583
|
-
|
584
|
-
for (field = ectx->efc.fields; field != NULL; field = field->next) {
|
585
|
-
if (field->supported_queries) {
|
586
|
-
if (!_mongocrypt_key_broker_request_id(&ctx->kb, &field->keyId)) {
|
587
|
-
_mongocrypt_key_broker_status(&ctx->kb, ctx->status);
|
588
|
-
_mongocrypt_ctx_fail(ctx);
|
589
|
-
return false;
|
590
|
-
}
|
591
|
-
}
|
592
|
-
}
|
593
|
-
return true;
|
91
|
+
return mc_schema_broker_has_any_qe_schemas(ectx->sb);
|
594
92
|
}
|
595
93
|
|
596
94
|
/* _fle2_collect_keys_for_compaction requests keys required to produce
|
@@ -616,15 +114,20 @@ static bool _fle2_collect_keys_for_compaction(mongocrypt_ctx_t *ctx) {
|
|
616
114
|
/* (compact/cleanup)StructuredEncryptionData must not be sent to mongocryptd. */
|
617
115
|
ectx->bypass_query_analysis = true;
|
618
116
|
|
619
|
-
|
117
|
+
const mc_EncryptedFieldConfig_t *efc =
|
118
|
+
mc_schema_broker_get_encryptedFields(ectx->sb, ectx->target_coll, ctx->status);
|
119
|
+
if (!efc) {
|
120
|
+
return _mongocrypt_ctx_fail(ctx);
|
121
|
+
}
|
620
122
|
|
621
|
-
for (field =
|
123
|
+
for (const mc_EncryptedField_t *field = efc->fields; field != NULL; field = field->next) {
|
622
124
|
if (!_mongocrypt_key_broker_request_id(&ctx->kb, &field->keyId)) {
|
623
125
|
_mongocrypt_key_broker_status(&ctx->kb, ctx->status);
|
624
126
|
_mongocrypt_ctx_fail(ctx);
|
625
127
|
return false;
|
626
128
|
}
|
627
129
|
}
|
130
|
+
|
628
131
|
return true;
|
629
132
|
}
|
630
133
|
|
@@ -641,15 +144,10 @@ static bool _mongo_feed_collinfo(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *in)
|
|
641
144
|
return _mongocrypt_ctx_fail_w_msg(ctx, "BSON malformed");
|
642
145
|
}
|
643
146
|
|
644
|
-
|
645
|
-
if (!_mongocrypt_cache_add_copy(&ctx->crypt->cache_collinfo, ectx->target_ns, &as_bson, ctx->status)) {
|
147
|
+
if (!mc_schema_broker_satisfy_from_collinfo(ectx->sb, &as_bson, &ctx->crypt->cache_collinfo, ctx->status)) {
|
646
148
|
return _mongocrypt_ctx_fail(ctx);
|
647
149
|
}
|
648
150
|
|
649
|
-
if (!_set_schema_from_collinfo(ctx, &as_bson)) {
|
650
|
-
return false;
|
651
|
-
}
|
652
|
-
|
653
151
|
return true;
|
654
152
|
}
|
655
153
|
|
@@ -661,23 +159,10 @@ static bool _mongo_done_collinfo(mongocrypt_ctx_t *ctx) {
|
|
661
159
|
BSON_ASSERT_PARAM(ctx);
|
662
160
|
|
663
161
|
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
664
|
-
if (_mongocrypt_buffer_empty(&ectx->schema)) {
|
665
|
-
bson_t empty_collinfo = BSON_INITIALIZER;
|
666
162
|
|
667
|
-
|
668
|
-
|
669
|
-
|
670
|
-
return false;
|
671
|
-
}
|
672
|
-
if (!_mongocrypt_cache_add_copy(&ctx->crypt->cache_collinfo, ectx->target_ns, &empty_collinfo, ctx->status)) {
|
673
|
-
bson_destroy(&empty_collinfo);
|
674
|
-
return _mongocrypt_ctx_fail(ctx);
|
675
|
-
}
|
676
|
-
bson_destroy(&empty_collinfo);
|
677
|
-
}
|
678
|
-
|
679
|
-
if (!_fle2_collect_keys_for_deleteTokens(ctx)) {
|
680
|
-
return false;
|
163
|
+
// If there are collections still needing schemas, assume no schema exists.
|
164
|
+
if (!mc_schema_broker_satisfy_remaining_with_empty_schemas(ectx->sb, &ctx->crypt->cache_collinfo, ctx->status)) {
|
165
|
+
return _mongocrypt_ctx_fail(ctx);
|
681
166
|
}
|
682
167
|
|
683
168
|
if (!_fle2_collect_keys_for_compaction(ctx)) {
|
@@ -685,7 +170,7 @@ static bool _mongo_done_collinfo(mongocrypt_ctx_t *ctx) {
|
|
685
170
|
}
|
686
171
|
|
687
172
|
if (ectx->bypass_query_analysis) {
|
688
|
-
/* Keys may have been requested for
|
173
|
+
/* Keys may have been requested for compactionTokens.
|
689
174
|
* Finish key requests. */
|
690
175
|
_mongocrypt_key_broker_requests_done(&ctx->kb);
|
691
176
|
return _mongocrypt_ctx_state_from_key_broker(ctx);
|
@@ -694,58 +179,17 @@ static bool _mongo_done_collinfo(mongocrypt_ctx_t *ctx) {
|
|
694
179
|
return _try_run_csfle_marking(ctx);
|
695
180
|
}
|
696
181
|
|
697
|
-
static const char *_mongo_db_collinfo(mongocrypt_ctx_t *ctx) {
|
698
|
-
_mongocrypt_ctx_encrypt_t *ectx;
|
699
|
-
|
700
|
-
BSON_ASSERT_PARAM(ctx);
|
701
|
-
|
702
|
-
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
703
|
-
if (!ectx->target_db) {
|
704
|
-
_mongocrypt_ctx_fail_w_msg(ctx, "Expected target database for `listCollections`, but none exists.");
|
705
|
-
return NULL;
|
706
|
-
}
|
707
|
-
return ectx->target_db;
|
708
|
-
}
|
709
|
-
|
710
|
-
static bool _fle2_mongo_op_markings(mongocrypt_ctx_t *ctx, bson_t *out) {
|
711
|
-
_mongocrypt_ctx_encrypt_t *ectx;
|
712
|
-
bson_t cmd_bson = BSON_INITIALIZER, encrypted_field_config_bson = BSON_INITIALIZER;
|
713
|
-
|
714
|
-
BSON_ASSERT_PARAM(ctx);
|
715
|
-
BSON_ASSERT_PARAM(out);
|
716
|
-
|
717
|
-
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
718
|
-
|
719
|
-
BSON_ASSERT(ctx->state == MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
|
720
|
-
BSON_ASSERT(context_uses_fle2(ctx));
|
721
|
-
|
722
|
-
if (!_mongocrypt_buffer_to_bson(&ectx->original_cmd, &cmd_bson)) {
|
723
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "unable to convert original_cmd to BSON");
|
724
|
-
}
|
725
|
-
|
726
|
-
if (!_mongocrypt_buffer_to_bson(&ectx->encrypted_field_config, &encrypted_field_config_bson)) {
|
727
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "unable to convert encrypted_field_config to BSON");
|
728
|
-
}
|
182
|
+
static const char *_mongo_db_collinfo(mongocrypt_ctx_t *ctx) {
|
183
|
+
_mongocrypt_ctx_encrypt_t *ectx;
|
729
184
|
|
730
|
-
|
185
|
+
BSON_ASSERT_PARAM(ctx);
|
731
186
|
|
732
|
-
|
733
|
-
|
734
|
-
|
735
|
-
|
736
|
-
bson_copy_to_excluding_noinit(&cmd_bson, out, "$db", NULL);
|
737
|
-
if (!_fle2_insert_encryptionInformation(ctx,
|
738
|
-
cmd_name,
|
739
|
-
out,
|
740
|
-
ectx->target_ns,
|
741
|
-
&encrypted_field_config_bson,
|
742
|
-
NULL /* deleteTokens */,
|
743
|
-
ectx->target_coll,
|
744
|
-
ctx->crypt->csfle.okay ? MC_TO_CSFLE : MC_TO_MONGOCRYPTD,
|
745
|
-
ctx->status)) {
|
746
|
-
return _mongocrypt_ctx_fail(ctx);
|
187
|
+
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
188
|
+
if (!ectx->target_db) {
|
189
|
+
_mongocrypt_ctx_fail_w_msg(ctx, "Expected target database for `listCollections`, but none exists.");
|
190
|
+
return NULL;
|
747
191
|
}
|
748
|
-
return
|
192
|
+
return ectx->target_db;
|
749
193
|
}
|
750
194
|
|
751
195
|
/**
|
@@ -763,41 +207,23 @@ static bool _create_markings_cmd_bson(mongocrypt_ctx_t *ctx, bson_t *out) {
|
|
763
207
|
BSON_ASSERT_PARAM(ctx);
|
764
208
|
BSON_ASSERT_PARAM(out);
|
765
209
|
|
766
|
-
if (context_uses_fle2(ctx)) {
|
767
|
-
// Defer to FLE2 to generate the markings command
|
768
|
-
return _fle2_mongo_op_markings(ctx, out);
|
769
|
-
}
|
770
|
-
|
771
|
-
// For FLE1:
|
772
|
-
// Get the original command document
|
773
210
|
bson_t bson_view = BSON_INITIALIZER;
|
774
211
|
if (!_mongocrypt_buffer_to_bson(&ectx->original_cmd, &bson_view)) {
|
775
212
|
_mongocrypt_ctx_fail_w_msg(ctx, "invalid BSON cmd");
|
776
213
|
return false;
|
777
214
|
}
|
778
|
-
|
779
|
-
// Copy the command to the output
|
780
215
|
// If input command included $db, do not include it in the command to
|
781
216
|
// mongocryptd. Drivers are expected to append $db in the RunCommand helper
|
782
217
|
// used to send the command.
|
783
|
-
bson_init(out);
|
784
218
|
bson_copy_to_excluding_noinit(&bson_view, out, "$db", NULL);
|
785
|
-
|
786
|
-
|
787
|
-
|
788
|
-
|
789
|
-
|
790
|
-
|
791
|
-
}
|
792
|
-
// Append the jsonSchema to the output command
|
793
|
-
BSON_APPEND_DOCUMENT(out, "jsonSchema", &bson_view);
|
794
|
-
} else {
|
795
|
-
bson_t empty = BSON_INITIALIZER;
|
796
|
-
BSON_APPEND_DOCUMENT(out, "jsonSchema", &empty);
|
219
|
+
if (!mc_schema_broker_add_schemas_to_cmd(ectx->sb,
|
220
|
+
out,
|
221
|
+
ctx->crypt->csfle.okay ? MC_CMD_SCHEMAS_FOR_CRYPT_SHARED
|
222
|
+
: MC_CMD_SCHEMAS_FOR_MONGOCRYPTD,
|
223
|
+
ctx->status)) {
|
224
|
+
return _mongocrypt_ctx_fail(ctx);
|
797
225
|
}
|
798
226
|
|
799
|
-
// if a local schema was not set, set isRemoteSchema=true
|
800
|
-
BSON_APPEND_BOOL(out, "isRemoteSchema", !ectx->used_local_schema);
|
801
227
|
return true;
|
802
228
|
}
|
803
229
|
|
@@ -904,23 +330,8 @@ static bool _mongo_feed_markings(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *in)
|
|
904
330
|
|
905
331
|
if (bson_iter_init_find(&iter, &as_bson, "schemaRequiresEncryption") && !bson_iter_as_bool(&iter)) {
|
906
332
|
/* TODO: update cache: this schema does not require encryption. */
|
907
|
-
|
908
|
-
/* If using a local schema, warn if there are no encrypted fields. */
|
909
|
-
if (ectx->used_local_schema) {
|
910
|
-
_mongocrypt_log(&ctx->crypt->log,
|
911
|
-
MONGOCRYPT_LOG_LEVEL_WARNING,
|
912
|
-
"local schema used but does not have encryption specifiers");
|
913
|
-
}
|
333
|
+
// Schema does not require encryption. Skip copying the `result`.
|
914
334
|
return true;
|
915
|
-
} else {
|
916
|
-
/* if the schema requires encryption, but has sibling validators, error.
|
917
|
-
*/
|
918
|
-
if (ectx->collinfo_has_siblings) {
|
919
|
-
return _mongocrypt_ctx_fail_w_msg(ctx,
|
920
|
-
"schema requires encryption, "
|
921
|
-
"but collection JSON schema "
|
922
|
-
"validator has siblings");
|
923
|
-
}
|
924
335
|
}
|
925
336
|
|
926
337
|
if (bson_iter_init_find(&iter, &as_bson, "hasEncryptedPlaceholders") && !bson_iter_as_bool(&iter)) {
|
@@ -1214,14 +625,12 @@ fail:
|
|
1214
625
|
|
1215
626
|
static bool
|
1216
627
|
_replace_marking_with_ciphertext(void *ctx, _mongocrypt_buffer_t *in, bson_value_t *out, mongocrypt_status_t *status) {
|
1217
|
-
_mongocrypt_marking_t marking;
|
628
|
+
_mongocrypt_marking_t marking = {0};
|
1218
629
|
bool ret;
|
1219
630
|
|
1220
631
|
BSON_ASSERT_PARAM(ctx);
|
1221
632
|
BSON_ASSERT_PARAM(in);
|
1222
633
|
|
1223
|
-
memset(&marking, 0, sizeof(marking));
|
1224
|
-
|
1225
634
|
if (!_mongocrypt_marking_parse_unowned(in, &marking, status)) {
|
1226
635
|
_mongocrypt_marking_cleanup(&marking);
|
1227
636
|
return false;
|
@@ -1232,116 +641,6 @@ _replace_marking_with_ciphertext(void *ctx, _mongocrypt_buffer_t *in, bson_value
|
|
1232
641
|
return ret;
|
1233
642
|
}
|
1234
643
|
|
1235
|
-
/* generate_delete_tokens generates the 'deleteTokens' document to be appended
|
1236
|
-
* to 'encryptionInformation'. */
|
1237
|
-
static bson_t *generate_delete_tokens(_mongocrypt_crypto_t *crypto,
|
1238
|
-
_mongocrypt_key_broker_t *kb,
|
1239
|
-
mc_EncryptedFieldConfig_t *efc,
|
1240
|
-
mongocrypt_status_t *status) {
|
1241
|
-
bool ret = false;
|
1242
|
-
bson_t *out = bson_new();
|
1243
|
-
mc_EncryptedField_t *ef;
|
1244
|
-
|
1245
|
-
BSON_ASSERT_PARAM(crypto);
|
1246
|
-
BSON_ASSERT_PARAM(kb);
|
1247
|
-
BSON_ASSERT_PARAM(efc);
|
1248
|
-
|
1249
|
-
for (ef = efc->fields; ef != NULL; ef = ef->next) {
|
1250
|
-
_mongocrypt_buffer_t IndexKey = {0};
|
1251
|
-
_mongocrypt_buffer_t TokenKey = {0};
|
1252
|
-
mc_ServerDataEncryptionLevel1Token_t *sdel1t = NULL;
|
1253
|
-
mc_CollectionsLevel1Token_t *cl1t = NULL;
|
1254
|
-
mc_ECOCToken_t *ecoc = NULL;
|
1255
|
-
bool loop_ok = false;
|
1256
|
-
/* deleteTokens are only necessary for indexed fields. */
|
1257
|
-
if (!ef->supported_queries) {
|
1258
|
-
goto loop_continue;
|
1259
|
-
}
|
1260
|
-
|
1261
|
-
if (!_mongocrypt_key_broker_decrypted_key_by_id(kb, &ef->keyId, &IndexKey)) {
|
1262
|
-
_mongocrypt_key_broker_status(kb, status);
|
1263
|
-
goto loop_fail;
|
1264
|
-
}
|
1265
|
-
|
1266
|
-
/* Get the TokenKey from the last 32 bytes of IndexKey */
|
1267
|
-
if (IndexKey.len < MONGOCRYPT_TOKEN_KEY_LEN) {
|
1268
|
-
CLIENT_ERR("IndexKey too short");
|
1269
|
-
goto loop_fail;
|
1270
|
-
}
|
1271
|
-
if (!_mongocrypt_buffer_from_subrange(&TokenKey,
|
1272
|
-
&IndexKey,
|
1273
|
-
IndexKey.len - MONGOCRYPT_TOKEN_KEY_LEN,
|
1274
|
-
MONGOCRYPT_TOKEN_KEY_LEN)) {
|
1275
|
-
CLIENT_ERR("generate_delete_tokens unable to parse TokenKey from IndexKey");
|
1276
|
-
goto loop_fail;
|
1277
|
-
}
|
1278
|
-
|
1279
|
-
sdel1t = mc_ServerDataEncryptionLevel1Token_new(crypto, &TokenKey, status);
|
1280
|
-
if (!sdel1t) {
|
1281
|
-
goto loop_fail;
|
1282
|
-
}
|
1283
|
-
|
1284
|
-
cl1t = mc_CollectionsLevel1Token_new(crypto, &TokenKey, status);
|
1285
|
-
if (!cl1t) {
|
1286
|
-
goto loop_fail;
|
1287
|
-
}
|
1288
|
-
|
1289
|
-
ecoc = mc_ECOCToken_new(crypto, cl1t, status);
|
1290
|
-
if (!ecoc) {
|
1291
|
-
goto loop_fail;
|
1292
|
-
}
|
1293
|
-
|
1294
|
-
bson_t field_bson;
|
1295
|
-
if (!BSON_APPEND_DOCUMENT_BEGIN(out, ef->path, &field_bson)) {
|
1296
|
-
CLIENT_ERR("failed to begin document for 'deleteTokens.%s'", ef->path);
|
1297
|
-
goto loop_fail;
|
1298
|
-
}
|
1299
|
-
|
1300
|
-
if (!BSON_APPEND_BINARY(&field_bson,
|
1301
|
-
"e",
|
1302
|
-
BSON_SUBTYPE_BINARY,
|
1303
|
-
mc_ServerDataEncryptionLevel1Token_get(sdel1t)->data,
|
1304
|
-
mc_ServerDataEncryptionLevel1Token_get(sdel1t)->len)) {
|
1305
|
-
CLIENT_ERR("failed to append ServerDataEncryptionLevel1Token for %s", ef->path);
|
1306
|
-
goto loop_fail;
|
1307
|
-
}
|
1308
|
-
|
1309
|
-
if (!BSON_APPEND_BINARY(&field_bson,
|
1310
|
-
"o",
|
1311
|
-
BSON_SUBTYPE_BINARY,
|
1312
|
-
mc_ECOCToken_get(ecoc)->data,
|
1313
|
-
mc_ECOCToken_get(ecoc)->len)) {
|
1314
|
-
CLIENT_ERR("failed to append ECOCToken for %s", ef->path);
|
1315
|
-
goto loop_fail;
|
1316
|
-
}
|
1317
|
-
|
1318
|
-
if (!bson_append_document_end(out, &field_bson)) {
|
1319
|
-
CLIENT_ERR("failed to end document for 'deleteTokens.%s'", ef->path);
|
1320
|
-
goto loop_fail;
|
1321
|
-
}
|
1322
|
-
|
1323
|
-
loop_continue:
|
1324
|
-
loop_ok = true;
|
1325
|
-
loop_fail:
|
1326
|
-
_mongocrypt_buffer_cleanup(&IndexKey);
|
1327
|
-
_mongocrypt_buffer_cleanup(&TokenKey);
|
1328
|
-
mc_ServerDataEncryptionLevel1Token_destroy(sdel1t);
|
1329
|
-
mc_CollectionsLevel1Token_destroy(cl1t);
|
1330
|
-
mc_ECOCToken_destroy(ecoc);
|
1331
|
-
if (!loop_ok) {
|
1332
|
-
goto fail;
|
1333
|
-
}
|
1334
|
-
}
|
1335
|
-
|
1336
|
-
ret = true;
|
1337
|
-
fail:
|
1338
|
-
if (!ret) {
|
1339
|
-
bson_destroy(out);
|
1340
|
-
return NULL;
|
1341
|
-
}
|
1342
|
-
return out;
|
1343
|
-
}
|
1344
|
-
|
1345
644
|
static bool
|
1346
645
|
_check_for_payload_requiring_encryptionInformation(void *ctx, _mongocrypt_buffer_t *in, mongocrypt_status_t *status) {
|
1347
646
|
bool *out = (bool *)ctx;
|
@@ -1386,9 +685,12 @@ static moe_result must_omit_encryptionInformation(const char *command_name,
|
|
1386
685
|
|
1387
686
|
BSON_ASSERT_PARAM(command_name);
|
1388
687
|
BSON_ASSERT_PARAM(command);
|
1389
|
-
BSON_ASSERT_PARAM(efc);
|
1390
688
|
|
1391
689
|
if (0 == strcmp("compactStructuredEncryptionData", command_name)) {
|
690
|
+
if (!efc) {
|
691
|
+
CLIENT_ERR("expected to have encryptedFields for compactStructuredEncryptionData command but have none");
|
692
|
+
return (moe_result){.ok = false};
|
693
|
+
}
|
1392
694
|
// `compactStructuredEncryptionData` is a special case:
|
1393
695
|
// - Server 7.0 prohibits `encryptionInformation`.
|
1394
696
|
// - Server 8.0 requires `encryptionInformation` if "range" fields are referenced. Otherwise ignores.
|
@@ -1447,7 +749,7 @@ static moe_result must_omit_encryptionInformation(const char *command_name,
|
|
1447
749
|
*/
|
1448
750
|
static bool _fle2_append_compactionTokens(mongocrypt_t *crypt,
|
1449
751
|
_mongocrypt_key_broker_t *kb,
|
1450
|
-
mc_EncryptedFieldConfig_t *efc,
|
752
|
+
const mc_EncryptedFieldConfig_t *efc,
|
1451
753
|
const char *command_name,
|
1452
754
|
bson_t *out,
|
1453
755
|
mongocrypt_status_t *status) {
|
@@ -1456,7 +758,6 @@ static bool _fle2_append_compactionTokens(mongocrypt_t *crypt,
|
|
1456
758
|
|
1457
759
|
BSON_ASSERT_PARAM(crypt);
|
1458
760
|
BSON_ASSERT_PARAM(kb);
|
1459
|
-
BSON_ASSERT_PARAM(efc);
|
1460
761
|
BSON_ASSERT_PARAM(command_name);
|
1461
762
|
BSON_ASSERT_PARAM(out);
|
1462
763
|
_mongocrypt_crypto_t *crypto = crypt->crypto;
|
@@ -1467,13 +768,18 @@ static bool _fle2_append_compactionTokens(mongocrypt_t *crypt,
|
|
1467
768
|
return true;
|
1468
769
|
}
|
1469
770
|
|
771
|
+
if (!efc) {
|
772
|
+
CLIENT_ERR("expected to have encryptedFields for %s command but have none", command_name);
|
773
|
+
return false;
|
774
|
+
}
|
775
|
+
|
1470
776
|
if (cleanup) {
|
1471
777
|
BSON_APPEND_DOCUMENT_BEGIN(out, "cleanupTokens", &result_compactionTokens);
|
1472
778
|
} else {
|
1473
779
|
BSON_APPEND_DOCUMENT_BEGIN(out, "compactionTokens", &result_compactionTokens);
|
1474
780
|
}
|
1475
781
|
|
1476
|
-
mc_EncryptedField_t *ptr;
|
782
|
+
const mc_EncryptedField_t *ptr;
|
1477
783
|
for (ptr = efc->fields; ptr != NULL; ptr = ptr->next) {
|
1478
784
|
/* Append tokens. */
|
1479
785
|
_mongocrypt_buffer_t key = {0};
|
@@ -1673,12 +979,108 @@ fail:
|
|
1673
979
|
return ok;
|
1674
980
|
}
|
1675
981
|
|
982
|
+
/*
|
983
|
+
* Checks the "encryptedFields.strEncodeVersion" field for "create" commands for validity, and sets it to the default if
|
984
|
+
* it does not exist.
|
985
|
+
*/
|
986
|
+
static bool _fle2_fixup_encryptedFields_strEncodeVersion(const char *cmd_name,
|
987
|
+
bson_t *cmd /* in and out */,
|
988
|
+
const mc_EncryptedFieldConfig_t *efc,
|
989
|
+
mongocrypt_status_t *status) {
|
990
|
+
BSON_ASSERT_PARAM(cmd_name);
|
991
|
+
BSON_ASSERT_PARAM(cmd);
|
992
|
+
|
993
|
+
if (0 == strcmp(cmd_name, "create")) {
|
994
|
+
if (!efc) {
|
995
|
+
CLIENT_ERR("expected to have encryptedFields for create command but have none");
|
996
|
+
return false;
|
997
|
+
}
|
998
|
+
bson_iter_t ef_iter;
|
999
|
+
if (!bson_iter_init_find(&ef_iter, cmd, "encryptedFields")) {
|
1000
|
+
// No encryptedFields, nothing to check or fix
|
1001
|
+
return true;
|
1002
|
+
}
|
1003
|
+
if (!BSON_ITER_HOLDS_DOCUMENT(&ef_iter)) {
|
1004
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Expected encryptedFields to be type obj, got: %s",
|
1005
|
+
mc_bson_type_to_string(bson_iter_type(&ef_iter)));
|
1006
|
+
return false;
|
1007
|
+
}
|
1008
|
+
bson_iter_t sev_iter;
|
1009
|
+
if (!bson_iter_recurse(&ef_iter, &sev_iter)) {
|
1010
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to recurse bson_iter");
|
1011
|
+
return false;
|
1012
|
+
}
|
1013
|
+
if (!bson_iter_find(&sev_iter, "strEncodeVersion")) {
|
1014
|
+
if (efc->str_encode_version == 0) {
|
1015
|
+
// Unset StrEncodeVersion matches the EFC, nothing to fix.
|
1016
|
+
return true;
|
1017
|
+
}
|
1018
|
+
|
1019
|
+
// No strEncodeVersion and the EFC has a nonzero strEncodeVersion, add it.
|
1020
|
+
// Initialize the new cmd object from the old one, excluding encryptedFields.
|
1021
|
+
bson_t fixed = BSON_INITIALIZER;
|
1022
|
+
bson_copy_to_excluding_noinit(cmd, &fixed, "encryptedFields", NULL);
|
1023
|
+
|
1024
|
+
// Recurse the original encryptedFields and copy everything over.
|
1025
|
+
bson_iter_t copy_iter;
|
1026
|
+
if (!bson_iter_recurse(&ef_iter, ©_iter)) {
|
1027
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to recurse bson_iter");
|
1028
|
+
goto fail;
|
1029
|
+
}
|
1030
|
+
bson_t fixed_ef;
|
1031
|
+
if (!BSON_APPEND_DOCUMENT_BEGIN(&fixed, "encryptedFields", &fixed_ef)) {
|
1032
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to start appending encryptedFields");
|
1033
|
+
goto fail;
|
1034
|
+
}
|
1035
|
+
while (bson_iter_next(©_iter)) {
|
1036
|
+
if (!bson_append_iter(&fixed_ef, NULL, 0, ©_iter)) {
|
1037
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to copy element");
|
1038
|
+
goto fail;
|
1039
|
+
}
|
1040
|
+
}
|
1041
|
+
|
1042
|
+
// Add the EFC's strEncodeVersion to encryptedFields.
|
1043
|
+
if (!BSON_APPEND_INT32(&fixed_ef, "strEncodeVersion", efc->str_encode_version)) {
|
1044
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to append strEncodeVersion");
|
1045
|
+
goto fail;
|
1046
|
+
}
|
1047
|
+
if (!bson_append_document_end(&fixed, &fixed_ef)) {
|
1048
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to finish appending encryptedFields");
|
1049
|
+
goto fail;
|
1050
|
+
}
|
1051
|
+
|
1052
|
+
bson_destroy(cmd);
|
1053
|
+
if (!bson_steal(cmd, &fixed)) {
|
1054
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to steal BSON");
|
1055
|
+
goto fail;
|
1056
|
+
}
|
1057
|
+
return true;
|
1058
|
+
fail:
|
1059
|
+
bson_destroy(&fixed);
|
1060
|
+
return false;
|
1061
|
+
} else {
|
1062
|
+
// Check strEncodeVersion for match against EFC
|
1063
|
+
if (!BSON_ITER_HOLDS_INT32(&sev_iter)) {
|
1064
|
+
CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", bson_iter_type(&sev_iter));
|
1065
|
+
return false;
|
1066
|
+
}
|
1067
|
+
int32_t version = bson_iter_int32(&sev_iter);
|
1068
|
+
if (version != efc->str_encode_version) {
|
1069
|
+
CLIENT_ERR("'strEncodeVersion' of %d does not match efc->str_encode_version of %d",
|
1070
|
+
version,
|
1071
|
+
efc->str_encode_version);
|
1072
|
+
return false;
|
1073
|
+
}
|
1074
|
+
}
|
1075
|
+
}
|
1076
|
+
return true;
|
1077
|
+
}
|
1078
|
+
|
1676
1079
|
/* Process a call to mongocrypt_ctx_finalize when an encryptedFieldConfig is
|
1677
1080
|
* associated with the command. */
|
1678
1081
|
static bool _fle2_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
1679
1082
|
bson_t converted;
|
1680
1083
|
_mongocrypt_ctx_encrypt_t *ectx;
|
1681
|
-
bson_t encrypted_field_config_bson;
|
1682
1084
|
bson_t original_cmd_bson;
|
1683
1085
|
|
1684
1086
|
BSON_ASSERT_PARAM(ctx);
|
@@ -1693,10 +1095,6 @@ static bool _fle2_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
|
1693
1095
|
return _mongocrypt_ctx_fail_w_msg(ctx, "explicit encryption is not yet supported. See MONGOCRYPT-409.");
|
1694
1096
|
}
|
1695
1097
|
|
1696
|
-
if (!_mongocrypt_buffer_to_bson(&ectx->encrypted_field_config, &encrypted_field_config_bson)) {
|
1697
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "malformed bson in encrypted_field_config_bson");
|
1698
|
-
}
|
1699
|
-
|
1700
1098
|
if (!_mongocrypt_buffer_to_bson(&ectx->original_cmd, &original_cmd_bson)) {
|
1701
1099
|
return _mongocrypt_ctx_fail_w_msg(ctx, "malformed bson in original_cmd");
|
1702
1100
|
}
|
@@ -1735,45 +1133,38 @@ static bool _fle2_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
|
1735
1133
|
return _mongocrypt_ctx_fail(ctx);
|
1736
1134
|
}
|
1737
1135
|
|
1738
|
-
|
1739
|
-
|
1740
|
-
|
1741
|
-
|
1742
|
-
|
1743
|
-
return _mongocrypt_ctx_fail(ctx);
|
1744
|
-
}
|
1745
|
-
}
|
1136
|
+
// Defer error handling for potentially missing encryptedFields to command-specific routines below.
|
1137
|
+
// For create/cleanupStructuredEncryptionData/compactStructuredEncryptionData, get encryptedFields for the
|
1138
|
+
// single target collection. For other commands, encryptedFields may not be on the target collection.
|
1139
|
+
const mc_EncryptedFieldConfig_t *target_efc =
|
1140
|
+
mc_schema_broker_get_encryptedFields(ectx->sb, ectx->target_coll, NULL);
|
1746
1141
|
|
1747
1142
|
moe_result result = must_omit_encryptionInformation(command_name,
|
1748
1143
|
&converted,
|
1749
1144
|
ctx->crypt->opts.use_range_v2,
|
1750
|
-
|
1145
|
+
target_efc,
|
1751
1146
|
ctx->status);
|
1752
1147
|
if (!result.ok) {
|
1753
1148
|
bson_destroy(&converted);
|
1754
|
-
|
1149
|
+
return _mongocrypt_ctx_fail(ctx);
|
1150
|
+
}
|
1151
|
+
|
1152
|
+
/* If this is a create command, append the encryptedFields.strEncodeVersion field if it's necessary. If the field
|
1153
|
+
* already exists, check it against the EFC for correctness. */
|
1154
|
+
if (!_fle2_fixup_encryptedFields_strEncodeVersion(command_name, &converted, target_efc, ctx->status)) {
|
1155
|
+
bson_destroy(&converted);
|
1755
1156
|
return _mongocrypt_ctx_fail(ctx);
|
1756
1157
|
}
|
1757
1158
|
|
1758
1159
|
/* Append a new 'encryptionInformation'. */
|
1759
|
-
if (!result.must_omit
|
1760
|
-
if (!
|
1761
|
-
command_name,
|
1762
|
-
&converted,
|
1763
|
-
ectx->target_ns,
|
1764
|
-
&encrypted_field_config_bson,
|
1765
|
-
deleteTokens,
|
1766
|
-
ectx->target_coll,
|
1767
|
-
MC_TO_MONGOD,
|
1768
|
-
ctx->status)) {
|
1160
|
+
if (!result.must_omit) {
|
1161
|
+
if (!mc_schema_broker_add_schemas_to_cmd(ectx->sb, &converted, MC_CMD_SCHEMAS_FOR_SERVER, ctx->status)) {
|
1769
1162
|
bson_destroy(&converted);
|
1770
|
-
bson_destroy(deleteTokens);
|
1771
1163
|
return _mongocrypt_ctx_fail(ctx);
|
1772
1164
|
}
|
1773
1165
|
}
|
1774
|
-
bson_destroy(deleteTokens);
|
1775
1166
|
|
1776
|
-
if (!_fle2_append_compactionTokens(ctx->crypt, &ctx->kb,
|
1167
|
+
if (!_fle2_append_compactionTokens(ctx->crypt, &ctx->kb, target_efc, command_name, &converted, ctx->status)) {
|
1777
1168
|
bson_destroy(&converted);
|
1778
1169
|
return _mongocrypt_ctx_fail(ctx);
|
1779
1170
|
}
|
@@ -2141,26 +1532,23 @@ static void _cleanup(mongocrypt_ctx_t *ctx) {
|
|
2141
1532
|
}
|
2142
1533
|
|
2143
1534
|
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
1535
|
+
mc_schema_broker_destroy(ectx->sb);
|
2144
1536
|
bson_free(ectx->target_ns);
|
2145
1537
|
bson_free(ectx->cmd_db);
|
2146
1538
|
bson_free(ectx->target_db);
|
2147
1539
|
bson_free(ectx->target_coll);
|
2148
1540
|
_mongocrypt_buffer_cleanup(&ectx->list_collections_filter);
|
2149
|
-
_mongocrypt_buffer_cleanup(&ectx->schema);
|
2150
|
-
_mongocrypt_buffer_cleanup(&ectx->encrypted_field_config);
|
2151
1541
|
_mongocrypt_buffer_cleanup(&ectx->original_cmd);
|
2152
1542
|
_mongocrypt_buffer_cleanup(&ectx->mongocryptd_cmd);
|
2153
1543
|
_mongocrypt_buffer_cleanup(&ectx->marked_cmd);
|
2154
1544
|
_mongocrypt_buffer_cleanup(&ectx->encrypted_cmd);
|
2155
1545
|
_mongocrypt_buffer_cleanup(&ectx->ismaster.cmd);
|
2156
|
-
mc_EncryptedFieldConfig_cleanup(&ectx->efc);
|
2157
1546
|
}
|
2158
1547
|
|
2159
1548
|
static bool _try_schema_from_schema_map(mongocrypt_ctx_t *ctx) {
|
2160
1549
|
mongocrypt_t *crypt;
|
2161
1550
|
_mongocrypt_ctx_encrypt_t *ectx;
|
2162
1551
|
bson_t schema_map;
|
2163
|
-
bson_iter_t iter;
|
2164
1552
|
|
2165
1553
|
BSON_ASSERT_PARAM(ctx);
|
2166
1554
|
|
@@ -2176,15 +1564,13 @@ static bool _try_schema_from_schema_map(mongocrypt_ctx_t *ctx) {
|
|
2176
1564
|
return _mongocrypt_ctx_fail_w_msg(ctx, "malformed schema map");
|
2177
1565
|
}
|
2178
1566
|
|
2179
|
-
if (
|
2180
|
-
|
2181
|
-
|
2182
|
-
|
2183
|
-
|
1567
|
+
if (!mc_schema_broker_satisfy_from_schemaMap(ectx->sb, &schema_map, ctx->status)) {
|
1568
|
+
return _mongocrypt_ctx_fail(ctx);
|
1569
|
+
}
|
1570
|
+
if (!mc_schema_broker_need_more_schemas(ectx->sb)) {
|
1571
|
+
// Have all needed schemas. Proceed to next state.
|
2184
1572
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_MARKINGS;
|
2185
1573
|
}
|
2186
|
-
|
2187
|
-
/* No schema found in map. */
|
2188
1574
|
return true;
|
2189
1575
|
}
|
2190
1576
|
|
@@ -2196,7 +1582,6 @@ static bool _fle2_try_encrypted_field_config_from_map(mongocrypt_ctx_t *ctx) {
|
|
2196
1582
|
mongocrypt_t *crypt;
|
2197
1583
|
_mongocrypt_ctx_encrypt_t *ectx;
|
2198
1584
|
bson_t encrypted_field_config_map;
|
2199
|
-
bson_iter_t iter;
|
2200
1585
|
|
2201
1586
|
BSON_ASSERT_PARAM(ctx);
|
2202
1587
|
|
@@ -2212,51 +1597,31 @@ static bool _fle2_try_encrypted_field_config_from_map(mongocrypt_ctx_t *ctx) {
|
|
2212
1597
|
return _mongocrypt_ctx_fail_w_msg(ctx, "unable to convert encrypted_field_config_map to BSON");
|
2213
1598
|
}
|
2214
1599
|
|
2215
|
-
if (
|
2216
|
-
|
2217
|
-
|
2218
|
-
|
2219
|
-
|
2220
|
-
}
|
2221
|
-
bson_t efc_bson;
|
2222
|
-
if (!_mongocrypt_buffer_to_bson(&ectx->encrypted_field_config, &efc_bson)) {
|
2223
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "unable to create BSON from encrypted_field_config");
|
2224
|
-
}
|
2225
|
-
if (!mc_EncryptedFieldConfig_parse(&ectx->efc, &efc_bson, ctx->status, ctx->crypt->opts.use_range_v2)) {
|
2226
|
-
_mongocrypt_ctx_fail(ctx);
|
2227
|
-
return false;
|
2228
|
-
}
|
1600
|
+
if (!mc_schema_broker_satisfy_from_encryptedFieldsMap(ectx->sb, &encrypted_field_config_map, ctx->status)) {
|
1601
|
+
return _mongocrypt_ctx_fail(ctx);
|
1602
|
+
}
|
1603
|
+
if (!mc_schema_broker_need_more_schemas(ectx->sb)) {
|
1604
|
+
// Have all needed schemas. Proceed to next state.
|
2229
1605
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_MARKINGS;
|
2230
1606
|
}
|
2231
|
-
|
2232
|
-
/* No encrypted_field_config found in map. */
|
2233
1607
|
return true;
|
2234
1608
|
}
|
2235
1609
|
|
2236
1610
|
static bool _try_schema_from_cache(mongocrypt_ctx_t *ctx) {
|
2237
1611
|
_mongocrypt_ctx_encrypt_t *ectx;
|
2238
|
-
bson_t *collinfo = NULL;
|
2239
1612
|
|
2240
1613
|
BSON_ASSERT_PARAM(ctx);
|
2241
1614
|
|
2242
1615
|
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
2243
1616
|
|
2244
|
-
|
2245
|
-
|
2246
|
-
if (!_mongocrypt_cache_get(&ctx->crypt->cache_collinfo,
|
2247
|
-
ectx->target_ns /* null terminated */,
|
2248
|
-
(void **)&collinfo)) {
|
2249
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "failed to retrieve from cache");
|
1617
|
+
if (!mc_schema_broker_satisfy_from_cache(ectx->sb, &ctx->crypt->cache_collinfo, ctx->status)) {
|
1618
|
+
return _mongocrypt_ctx_fail(ctx);
|
2250
1619
|
}
|
2251
|
-
|
2252
|
-
|
2253
|
-
if (!_set_schema_from_collinfo(ctx, collinfo)) {
|
2254
|
-
bson_destroy(collinfo);
|
2255
|
-
return _mongocrypt_ctx_fail(ctx);
|
2256
|
-
}
|
1620
|
+
if (!mc_schema_broker_need_more_schemas(ectx->sb)) {
|
1621
|
+
// Have all needed schemas. Proceed to next state.
|
2257
1622
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_MARKINGS;
|
2258
1623
|
} else {
|
2259
|
-
|
1624
|
+
// Request a listCollections command to check for remote schemas.
|
2260
1625
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_COLLINFO;
|
2261
1626
|
if (ectx->target_db) {
|
2262
1627
|
if (!ctx->crypt->opts.use_need_mongo_collinfo_with_db_state) {
|
@@ -2266,12 +1631,10 @@ static bool _try_schema_from_cache(mongocrypt_ctx_t *ctx) {
|
|
2266
1631
|
"upgrading driver, or specify a local schemaMap or encryptedFieldsMap.");
|
2267
1632
|
return false;
|
2268
1633
|
}
|
2269
|
-
// Target database
|
1634
|
+
// Target database differs from command database. Request collection info from target database.
|
2270
1635
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB;
|
2271
1636
|
}
|
2272
1637
|
}
|
2273
|
-
|
2274
|
-
bson_destroy(collinfo);
|
2275
1638
|
return true;
|
2276
1639
|
}
|
2277
1640
|
|
@@ -2291,8 +1654,12 @@ static bool _try_empty_schema_for_create(mongocrypt_ctx_t *ctx) {
|
|
2291
1654
|
return true;
|
2292
1655
|
}
|
2293
1656
|
|
2294
|
-
|
2295
|
-
|
1657
|
+
// Satisfy with an empty schema. Do not cache the entry.
|
1658
|
+
if (!mc_schema_broker_satisfy_remaining_with_empty_schemas(ectx->sb, NULL /* cache */, ctx->status)) {
|
1659
|
+
return _mongocrypt_ctx_fail(ctx);
|
1660
|
+
}
|
1661
|
+
BSON_ASSERT(!mc_schema_broker_need_more_schemas(ectx->sb));
|
1662
|
+
// Have all needed schemas. Proceed to next state.
|
2296
1663
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_MARKINGS;
|
2297
1664
|
return true;
|
2298
1665
|
}
|
@@ -2333,7 +1700,6 @@ static bool _try_schema_from_create_or_collMod_cmd(mongocrypt_ctx_t *ctx) {
|
|
2333
1700
|
}
|
2334
1701
|
|
2335
1702
|
bson_t cmd_bson;
|
2336
|
-
bson_iter_t iter;
|
2337
1703
|
|
2338
1704
|
if (!_mongocrypt_buffer_to_bson(&ectx->original_cmd, &cmd_bson)) {
|
2339
1705
|
CLIENT_ERR("unable to convert command buffer to BSON");
|
@@ -2341,22 +1707,13 @@ static bool _try_schema_from_create_or_collMod_cmd(mongocrypt_ctx_t *ctx) {
|
|
2341
1707
|
return false;
|
2342
1708
|
}
|
2343
1709
|
|
2344
|
-
if (!
|
2345
|
-
|
2346
|
-
_mongocrypt_ctx_fail(ctx);
|
2347
|
-
return false;
|
1710
|
+
if (!mc_schema_broker_satisfy_from_create_or_collMod(ectx->sb, &cmd_bson, ctx->status)) {
|
1711
|
+
return _mongocrypt_ctx_fail(ctx);
|
2348
1712
|
}
|
2349
|
-
|
2350
|
-
|
2351
|
-
if (!_mongocrypt_buffer_copy_from_document_iter(&ectx->schema, &iter)) {
|
2352
|
-
CLIENT_ERR("failed to parse BSON document from create validator.$jsonSchema");
|
2353
|
-
_mongocrypt_ctx_fail(ctx);
|
2354
|
-
return false;
|
2355
|
-
}
|
1713
|
+
if (!mc_schema_broker_need_more_schemas(ectx->sb)) {
|
1714
|
+
// Have all needed schemas. Proceed to next state.
|
2356
1715
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_MARKINGS;
|
2357
|
-
return true;
|
2358
1716
|
}
|
2359
|
-
|
2360
1717
|
return true;
|
2361
1718
|
}
|
2362
1719
|
|
@@ -2425,7 +1782,7 @@ static bool explicit_encrypt_init(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *ms
|
|
2425
1782
|
_mongocrypt_ctx_encrypt_t *ectx;
|
2426
1783
|
bson_t as_bson;
|
2427
1784
|
bson_iter_t iter;
|
2428
|
-
_mongocrypt_ctx_opts_spec_t opts_spec;
|
1785
|
+
_mongocrypt_ctx_opts_spec_t opts_spec = {0};
|
2429
1786
|
|
2430
1787
|
if (!ctx) {
|
2431
1788
|
return false;
|
@@ -2559,6 +1916,7 @@ static bool explicit_encrypt_init(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *ms
|
|
2559
1916
|
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
2560
1917
|
ctx->type = _MONGOCRYPT_TYPE_ENCRYPT;
|
2561
1918
|
ectx->explicit = true;
|
1919
|
+
ectx->sb = mc_schema_broker_new();
|
2562
1920
|
ctx->vtable.finalize = _finalize;
|
2563
1921
|
ctx->vtable.cleanup = _cleanup;
|
2564
1922
|
|
@@ -2861,9 +2219,161 @@ static bool needs_ismaster_check(mongocrypt_ctx_t *ctx) {
|
|
2861
2219
|
BSON_ASSERT_PARAM(ctx);
|
2862
2220
|
|
2863
2221
|
bool using_mongocryptd = !ectx->bypass_query_analysis && !ctx->crypt->csfle.okay;
|
2864
|
-
|
2865
|
-
|
2866
|
-
|
2222
|
+
|
2223
|
+
if (!using_mongocryptd) {
|
2224
|
+
return false;
|
2225
|
+
}
|
2226
|
+
|
2227
|
+
if (mc_schema_broker_has_multiple_requests(ectx->sb)) {
|
2228
|
+
// Only mongocryptd 8.1 (wire version 26) supports multiple schemas with csfleEncryptionSchemas.
|
2229
|
+
return true;
|
2230
|
+
}
|
2231
|
+
// MONGOCRYPT-429: The "create" and "createIndexes" command are only supported on mongocrypt 6.0 (wire version 17).
|
2232
|
+
if (0 == strcmp(ectx->cmd_name, "create") || 0 == strcmp(ectx->cmd_name, "createIndexes")) {
|
2233
|
+
return true;
|
2234
|
+
}
|
2235
|
+
|
2236
|
+
return false;
|
2237
|
+
}
|
2238
|
+
|
2239
|
+
// `find_collections_in_pipeline` finds other collection names in an aggregate pipeline that may need schemas.
|
2240
|
+
static bool find_collections_in_pipeline(mc_schema_broker_t *sb,
|
2241
|
+
bson_iter_t pipeline_iter,
|
2242
|
+
const char *db,
|
2243
|
+
mstr_view path,
|
2244
|
+
mongocrypt_status_t *status) {
|
2245
|
+
bson_iter_t array_iter;
|
2246
|
+
if (!BSON_ITER_HOLDS_ARRAY(&pipeline_iter) || !bson_iter_recurse(&pipeline_iter, &array_iter)) {
|
2247
|
+
CLIENT_ERR("failed to recurse pipeline at path: %s", path.data);
|
2248
|
+
return false;
|
2249
|
+
}
|
2250
|
+
|
2251
|
+
while (bson_iter_next(&array_iter)) {
|
2252
|
+
bson_iter_t stage_iter;
|
2253
|
+
const char *stage_key = bson_iter_key(&array_iter);
|
2254
|
+
|
2255
|
+
if (!BSON_ITER_HOLDS_DOCUMENT(&array_iter) || !bson_iter_recurse(&array_iter, &stage_iter)
|
2256
|
+
|| !bson_iter_next(&stage_iter)) {
|
2257
|
+
CLIENT_ERR("failed to recurse stage at path: %s.%s", path.data, stage_key);
|
2258
|
+
return false;
|
2259
|
+
}
|
2260
|
+
|
2261
|
+
const char *stage = bson_iter_key(&stage_iter);
|
2262
|
+
// Check for $lookup.
|
2263
|
+
if (0 == strcmp(stage, "$lookup")) {
|
2264
|
+
bson_iter_t lookup_iter;
|
2265
|
+
if (!BSON_ITER_HOLDS_DOCUMENT(&stage_iter) || !bson_iter_recurse(&stage_iter, &lookup_iter)) {
|
2266
|
+
CLIENT_ERR("failed to recurse $lookup at path: %s.%s", path.data, stage_key);
|
2267
|
+
return false;
|
2268
|
+
}
|
2269
|
+
|
2270
|
+
while (bson_iter_next(&lookup_iter)) {
|
2271
|
+
const char *field = bson_iter_key(&lookup_iter);
|
2272
|
+
if (0 == strcmp(field, "from")) {
|
2273
|
+
if (!BSON_ITER_HOLDS_UTF8(&lookup_iter)) {
|
2274
|
+
CLIENT_ERR("expected string, but '%s' for 'from' field at path: %s.%s",
|
2275
|
+
mc_bson_type_to_string(bson_iter_type(&lookup_iter)),
|
2276
|
+
path.data,
|
2277
|
+
stage_key);
|
2278
|
+
return false;
|
2279
|
+
}
|
2280
|
+
const char *from = bson_iter_utf8(&lookup_iter, NULL);
|
2281
|
+
if (!mc_schema_broker_request(sb, db, from, status)) {
|
2282
|
+
return false;
|
2283
|
+
}
|
2284
|
+
}
|
2285
|
+
|
2286
|
+
if (0 == strcmp(field, "pipeline")) {
|
2287
|
+
mstr subpath = mstr_append(path, mstrv_lit("."));
|
2288
|
+
mstr_inplace_append(&subpath, mstrv_view_cstr(stage_key));
|
2289
|
+
mstr_inplace_append(&subpath, mstrv_lit(".$lookup.pipeline"));
|
2290
|
+
if (!find_collections_in_pipeline(sb, lookup_iter, db, subpath.view, status)) {
|
2291
|
+
mstr_free(subpath);
|
2292
|
+
return false;
|
2293
|
+
}
|
2294
|
+
mstr_free(subpath);
|
2295
|
+
}
|
2296
|
+
}
|
2297
|
+
}
|
2298
|
+
|
2299
|
+
// Check for $facet.
|
2300
|
+
if (0 == strcmp(stage, "$facet")) {
|
2301
|
+
bson_iter_t facet_iter;
|
2302
|
+
if (!BSON_ITER_HOLDS_DOCUMENT(&stage_iter) || !bson_iter_recurse(&stage_iter, &facet_iter)) {
|
2303
|
+
CLIENT_ERR("failed to recurse $facet at path: %s.%s", path.data, stage_key);
|
2304
|
+
return false;
|
2305
|
+
}
|
2306
|
+
|
2307
|
+
while (bson_iter_next(&facet_iter)) {
|
2308
|
+
const char *field = bson_iter_key(&facet_iter);
|
2309
|
+
mstr subpath = mstr_append(path, mstrv_lit("."));
|
2310
|
+
mstr_inplace_append(&subpath, mstrv_view_cstr(stage_key));
|
2311
|
+
mstr_inplace_append(&subpath, mstrv_lit(".$facet."));
|
2312
|
+
mstr_inplace_append(&subpath, mstrv_view_cstr(field));
|
2313
|
+
if (!find_collections_in_pipeline(sb, facet_iter, db, subpath.view, status)) {
|
2314
|
+
mstr_free(subpath);
|
2315
|
+
return false;
|
2316
|
+
}
|
2317
|
+
mstr_free(subpath);
|
2318
|
+
}
|
2319
|
+
}
|
2320
|
+
|
2321
|
+
// Check for $unionWith.
|
2322
|
+
if (0 == strcmp(stage, "$unionWith")) {
|
2323
|
+
bson_iter_t unionWith_iter;
|
2324
|
+
if (!BSON_ITER_HOLDS_DOCUMENT(&stage_iter) || !bson_iter_recurse(&stage_iter, &unionWith_iter)) {
|
2325
|
+
CLIENT_ERR("failed to recurse $unionWith at path: %s.%s", path.data, stage_key);
|
2326
|
+
return false;
|
2327
|
+
}
|
2328
|
+
|
2329
|
+
while (bson_iter_next(&unionWith_iter)) {
|
2330
|
+
const char *field = bson_iter_key(&unionWith_iter);
|
2331
|
+
if (0 == strcmp(field, "coll")) {
|
2332
|
+
if (!BSON_ITER_HOLDS_UTF8(&unionWith_iter)) {
|
2333
|
+
CLIENT_ERR("expected string, but got '%s' for 'coll' field at path: %s.%s",
|
2334
|
+
mc_bson_type_to_string(bson_iter_type(&unionWith_iter)),
|
2335
|
+
path.data,
|
2336
|
+
stage_key);
|
2337
|
+
return false;
|
2338
|
+
}
|
2339
|
+
const char *coll = bson_iter_utf8(&unionWith_iter, NULL);
|
2340
|
+
if (!mc_schema_broker_request(sb, db, coll, status)) {
|
2341
|
+
return false;
|
2342
|
+
}
|
2343
|
+
}
|
2344
|
+
|
2345
|
+
if (0 == strcmp(field, "pipeline")) {
|
2346
|
+
mstr subpath = mstr_append(path, mstrv_lit("."));
|
2347
|
+
mstr_inplace_append(&subpath, mstrv_view_cstr(stage_key));
|
2348
|
+
mstr_inplace_append(&subpath, mstrv_lit(".$unionWith.pipeline"));
|
2349
|
+
if (!find_collections_in_pipeline(sb, unionWith_iter, db, subpath.view, status)) {
|
2350
|
+
mstr_free(subpath);
|
2351
|
+
return false;
|
2352
|
+
}
|
2353
|
+
mstr_free(subpath);
|
2354
|
+
}
|
2355
|
+
}
|
2356
|
+
}
|
2357
|
+
}
|
2358
|
+
|
2359
|
+
return true;
|
2360
|
+
}
|
2361
|
+
|
2362
|
+
static bool
|
2363
|
+
find_collections_in_agg(mongocrypt_binary_t *cmd, mc_schema_broker_t *sb, const char *db, mongocrypt_status_t *status) {
|
2364
|
+
bson_t cmd_bson;
|
2365
|
+
if (!_mongocrypt_binary_to_bson(cmd, &cmd_bson)) {
|
2366
|
+
CLIENT_ERR("failed to convert command to BSON");
|
2367
|
+
return false;
|
2368
|
+
}
|
2369
|
+
|
2370
|
+
bson_iter_t iter;
|
2371
|
+
if (!bson_iter_init_find(&iter, &cmd_bson, "pipeline")) {
|
2372
|
+
// Command may be malformed. Let server error.
|
2373
|
+
return true;
|
2374
|
+
}
|
2375
|
+
|
2376
|
+
return find_collections_in_pipeline(sb, iter, db, mstrv_lit("aggregate.pipeline"), status);
|
2867
2377
|
}
|
2868
2378
|
|
2869
2379
|
bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t db_len, mongocrypt_binary_t *cmd) {
|
@@ -2898,6 +2408,10 @@ bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t
|
|
2898
2408
|
ctx->vtable.finalize = _finalize;
|
2899
2409
|
ctx->vtable.cleanup = _cleanup;
|
2900
2410
|
ectx->bypass_query_analysis = ctx->crypt->opts.bypass_query_analysis;
|
2411
|
+
ectx->sb = mc_schema_broker_new();
|
2412
|
+
if (ctx->crypt->opts.use_range_v2) {
|
2413
|
+
mc_schema_broker_use_rangev2(ectx->sb);
|
2414
|
+
}
|
2901
2415
|
|
2902
2416
|
if (!cmd || !cmd->data) {
|
2903
2417
|
return _mongocrypt_ctx_fail_w_msg(ctx, "invalid command");
|
@@ -2923,6 +2437,10 @@ bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t
|
|
2923
2437
|
}
|
2924
2438
|
|
2925
2439
|
ectx->target_ns = bson_strdup_printf("%s.%s", ectx->target_db, ectx->target_coll);
|
2440
|
+
|
2441
|
+
if (!mc_schema_broker_request(ectx->sb, ectx->target_db, ectx->target_coll, ctx->status)) {
|
2442
|
+
return _mongocrypt_ctx_fail(ctx);
|
2443
|
+
}
|
2926
2444
|
} else {
|
2927
2445
|
bool bypass;
|
2928
2446
|
if (!_check_cmd_for_auto_encrypt(cmd, &bypass, &ectx->target_coll, ctx->status)) {
|
@@ -2941,6 +2459,25 @@ bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t
|
|
2941
2459
|
return _mongocrypt_ctx_fail_w_msg(ctx, "unexpected error: did not bypass or error but no collection name");
|
2942
2460
|
}
|
2943
2461
|
ectx->target_ns = bson_strdup_printf("%s.%s", ectx->cmd_db, ectx->target_coll);
|
2462
|
+
if (!mc_schema_broker_request(ectx->sb, ectx->cmd_db, ectx->target_coll, ctx->status)) {
|
2463
|
+
return _mongocrypt_ctx_fail(ctx);
|
2464
|
+
}
|
2465
|
+
}
|
2466
|
+
|
2467
|
+
if (0 == strcmp(ectx->cmd_name, "aggregate")) {
|
2468
|
+
if (!find_collections_in_agg(cmd, ectx->sb, ectx->cmd_db, ctx->status)) {
|
2469
|
+
_mongocrypt_ctx_fail(ctx);
|
2470
|
+
return false;
|
2471
|
+
}
|
2472
|
+
|
2473
|
+
if (mc_schema_broker_has_multiple_requests(ectx->sb)) {
|
2474
|
+
if (!ctx->crypt->multiple_collinfo_enabled) {
|
2475
|
+
return _mongocrypt_ctx_fail_w_msg(ctx,
|
2476
|
+
"aggregate includes a $lookup stage, but libmongocrypt is not "
|
2477
|
+
"configured to support encrypting a "
|
2478
|
+
"command with multiple collections");
|
2479
|
+
}
|
2480
|
+
}
|
2944
2481
|
}
|
2945
2482
|
|
2946
2483
|
if (ctx->opts.kek.provider.aws.region || ctx->opts.kek.provider.aws.cmk) {
|
@@ -2971,11 +2508,8 @@ bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t
|
|
2971
2508
|
bson_free(cmd_val);
|
2972
2509
|
}
|
2973
2510
|
|
2974
|
-
|
2975
|
-
* request to mongocryptd. */
|
2511
|
+
// Check if an isMaster request to mongocryptd is needed to detect feature support:
|
2976
2512
|
if (needs_ismaster_check(ctx)) {
|
2977
|
-
/* We are using mongocryptd. We need to ensure that mongocryptd
|
2978
|
-
* maxWireVersion >= 17. */
|
2979
2513
|
ectx->ismaster.needed = true;
|
2980
2514
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_MARKINGS;
|
2981
2515
|
return true;
|
@@ -2985,6 +2519,10 @@ bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t
|
|
2985
2519
|
}
|
2986
2520
|
|
2987
2521
|
#define WIRE_VERSION_SERVER_6 17
|
2522
|
+
#define WIRE_VERSION_SERVER_8_1 26
|
2523
|
+
// The crypt_shared version format is defined in mongo_crypt-v1.h.
|
2524
|
+
// Example: server 6.2.1 is encoded as 0x0006000200010000
|
2525
|
+
#define CRYPT_SHARED_8_1 0x0008000100000000ull
|
2988
2526
|
|
2989
2527
|
/* mongocrypt_ctx_encrypt_ismaster_done is called when:
|
2990
2528
|
* 1. The max wire version of mongocryptd is known.
|
@@ -2997,36 +2535,72 @@ static bool mongocrypt_ctx_encrypt_ismaster_done(mongocrypt_ctx_t *ctx) {
|
|
2997
2535
|
|
2998
2536
|
ectx->ismaster.needed = false;
|
2999
2537
|
|
3000
|
-
/* The "create" and "createIndexes" command require bypassing on mongocryptd
|
3001
|
-
* older than version 6.0. */
|
3002
2538
|
if (needs_ismaster_check(ctx)) {
|
3003
|
-
|
3004
|
-
|
3005
|
-
|
3006
|
-
|
3007
|
-
|
2539
|
+
// MONGOCRYPT-429: "create" and "createIndexes" require bypassing on mongocryptd older than version 6.0.
|
2540
|
+
if (0 == strcmp(ectx->cmd_name, "create") || 0 == strcmp(ectx->cmd_name, "createIndexes")) {
|
2541
|
+
if (ectx->ismaster.maxwireversion < WIRE_VERSION_SERVER_6) {
|
2542
|
+
// Bypass auto encryption.
|
2543
|
+
// Satisfy schema request with an empty schema.
|
2544
|
+
if (!mc_schema_broker_satisfy_remaining_with_empty_schemas(ectx->sb,
|
2545
|
+
NULL /* do not cache */,
|
2546
|
+
ctx->status)) {
|
2547
|
+
return _mongocrypt_ctx_fail(ctx);
|
2548
|
+
}
|
2549
|
+
ctx->nothing_to_do = true;
|
2550
|
+
ctx->state = MONGOCRYPT_CTX_READY;
|
2551
|
+
return true;
|
2552
|
+
}
|
2553
|
+
}
|
2554
|
+
|
2555
|
+
if (mc_schema_broker_has_multiple_requests(ectx->sb)) {
|
2556
|
+
// Ensure mongocryptd supports multiple schemas.
|
2557
|
+
if (ectx->ismaster.maxwireversion < WIRE_VERSION_SERVER_8_1) {
|
2558
|
+
mongocrypt_status_t *status = ctx->status;
|
2559
|
+
CLIENT_ERR("Encrypting '%s' requires multiple schemas. Detected mongocryptd with wire version %" PRId32
|
2560
|
+
", but need %" PRId32 ". Upgrade mongocryptd to 8.1 or newer.",
|
2561
|
+
ectx->cmd_name,
|
2562
|
+
ectx->ismaster.maxwireversion,
|
2563
|
+
WIRE_VERSION_SERVER_8_1);
|
2564
|
+
_mongocrypt_ctx_fail(ctx);
|
2565
|
+
return false;
|
2566
|
+
}
|
2567
|
+
}
|
2568
|
+
}
|
2569
|
+
|
2570
|
+
if (ctx->crypt->csfle.okay) {
|
2571
|
+
if (mc_schema_broker_has_multiple_requests(ectx->sb)) {
|
2572
|
+
// Ensure crypt_shared supports multiple schemas.
|
2573
|
+
uint64_t version = ctx->crypt->csfle.get_version();
|
2574
|
+
const char *version_str = ctx->crypt->csfle.get_version_str();
|
2575
|
+
if (version < CRYPT_SHARED_8_1) {
|
2576
|
+
mongocrypt_status_t *status = ctx->status;
|
2577
|
+
CLIENT_ERR("Encrypting '%s' requires multiple schemas. Detected crypt_shared with version %s, but "
|
2578
|
+
"need 8.1. Upgrade crypt_shared to 8.1 or newer.",
|
2579
|
+
ectx->cmd_name,
|
2580
|
+
version_str);
|
2581
|
+
_mongocrypt_ctx_fail(ctx);
|
2582
|
+
return false;
|
2583
|
+
}
|
3008
2584
|
}
|
3009
2585
|
}
|
3010
2586
|
|
3011
|
-
/* Check if there is an encrypted field config in encrypted_field_config_map
|
3012
|
-
*/
|
3013
2587
|
if (!_fle2_try_encrypted_field_config_from_map(ctx)) {
|
3014
2588
|
return false;
|
3015
2589
|
}
|
3016
|
-
if (
|
2590
|
+
if (mc_schema_broker_need_more_schemas(ectx->sb)) {
|
3017
2591
|
if (!_try_schema_from_create_or_collMod_cmd(ctx)) {
|
3018
2592
|
return false;
|
3019
2593
|
}
|
3020
2594
|
|
3021
2595
|
/* Check if we have a local schema from schema_map */
|
3022
|
-
if (
|
2596
|
+
if (mc_schema_broker_need_more_schemas(ectx->sb)) {
|
3023
2597
|
if (!_try_schema_from_schema_map(ctx)) {
|
3024
2598
|
return false;
|
3025
2599
|
}
|
3026
2600
|
}
|
3027
2601
|
|
3028
2602
|
/* If we didn't have a local schema, try the cache. */
|
3029
|
-
if (
|
2603
|
+
if (mc_schema_broker_need_more_schemas(ectx->sb)) {
|
3030
2604
|
if (!_try_schema_from_cache(ctx)) {
|
3031
2605
|
return false;
|
3032
2606
|
}
|
@@ -3035,12 +2609,12 @@ static bool mongocrypt_ctx_encrypt_ismaster_done(mongocrypt_ctx_t *ctx) {
|
|
3035
2609
|
/* If we did not have a local or cached schema, check if this is a
|
3036
2610
|
* "create" command. If it is a "create" command, do not run
|
3037
2611
|
* "listCollections" to get a server-side schema. */
|
3038
|
-
if (
|
2612
|
+
if (mc_schema_broker_need_more_schemas(ectx->sb) && !_try_empty_schema_for_create(ctx)) {
|
3039
2613
|
return false;
|
3040
2614
|
}
|
3041
2615
|
|
3042
2616
|
/* Otherwise, we need the the driver to fetch the schema. */
|
3043
|
-
if (
|
2617
|
+
if (mc_schema_broker_need_more_schemas(ectx->sb)) {
|
3044
2618
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_COLLINFO;
|
3045
2619
|
if (ectx->target_db) {
|
3046
2620
|
if (!ctx->crypt->opts.use_need_mongo_collinfo_with_db_state) {
|
@@ -3057,18 +2631,15 @@ static bool mongocrypt_ctx_encrypt_ismaster_done(mongocrypt_ctx_t *ctx) {
|
|
3057
2631
|
}
|
3058
2632
|
|
3059
2633
|
/* If an encrypted_field_config was set, check if keys are required for
|
3060
|
-
*
|
3061
|
-
if (!_fle2_collect_keys_for_deleteTokens(ctx)) {
|
3062
|
-
return false;
|
3063
|
-
}
|
2634
|
+
* compactionTokens. */
|
3064
2635
|
|
3065
|
-
if (!_fle2_collect_keys_for_compaction(ctx)) {
|
2636
|
+
if (!mc_schema_broker_need_more_schemas(ectx->sb) && !_fle2_collect_keys_for_compaction(ctx)) {
|
3066
2637
|
return false;
|
3067
2638
|
}
|
3068
2639
|
|
3069
2640
|
if (ctx->state == MONGOCRYPT_CTX_NEED_MONGO_MARKINGS) {
|
3070
2641
|
if (ectx->bypass_query_analysis) {
|
3071
|
-
/* Keys may have been requested for
|
2642
|
+
/* Keys may have been requested for compactionTokens.
|
3072
2643
|
* Finish key requests.
|
3073
2644
|
*/
|
3074
2645
|
_mongocrypt_key_broker_requests_done(&ctx->kb);
|