libmongocrypt-helper 1.12.0.0.1001 → 1.14.0.0.1001
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +27 -0
- data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +15 -1
- data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +3 -3
- data/ext/libmongocrypt/libmongocrypt/CONTRIBUTING.md +14 -0
- data/ext/libmongocrypt/libmongocrypt/Earthfile +50 -50
- data/ext/libmongocrypt/libmongocrypt/README.md +8 -17
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +13 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CONTRIBUTING.md +34 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py +6 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +57 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +40 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/options.py +14 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/state_machine.py +6 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +8 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/libmongocrypt-version.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/{release.sh → scripts/release.sh} +9 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/python/{synchro.py → scripts/synchro.py} +16 -9
- data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/synchro.sh +8 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/update-version.sh +27 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/update_binding.py +78 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/compact/success/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-field-config-map.json +0 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +26 -11
- data/ext/libmongocrypt/libmongocrypt/cmake/FetchMongoC.cmake +4 -2
- data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +3 -5
- data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +37 -43
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version.py +39 -13
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version_selftest.sh +1 -1
- data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +9 -9
- data/ext/libmongocrypt/libmongocrypt/etc/format.sh +0 -2
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-in-functions.patch +158 -0
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-pragma.patch +3 -3
- data/ext/libmongocrypt/libmongocrypt/etc/purls.txt +1 -1
- data/ext/libmongocrypt/libmongocrypt/integrating.md +42 -11
- data/ext/libmongocrypt/libmongocrypt/kms-message/CMakeLists.txt +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/hexlify.c +5 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/hexlify.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_azure_request.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_crypto_windows.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_gcp_request.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_request.c +1 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message_private.h +7 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +4 -4
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_opt.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.c +2 -8
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.h +9 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_response_parser.c +0 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/sort.c +7 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/sort.h +2 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +13 -6
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_assert.h +29 -11
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_azure_online.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_gcp_online.c +4 -4
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_request.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_response.c +3 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_response_parser.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_online_util.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_online_util.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_request.c +50 -48
- data/ext/libmongocrypt/libmongocrypt/src/crypto/libcrypto.c +235 -65
- data/ext/libmongocrypt/libmongocrypt/src/crypto/none.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/csfle-markup.cpp +4 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.h +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.test.cpp +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +6 -4
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +44 -12
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle-blob-subtype-private.h +5 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +89 -8
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +346 -131
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +6 -18
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +6 -18
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-v2.c +25 -26
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload.c +2 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-text-payload-private.h +122 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-text-payload.c +477 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +35 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +193 -44
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload.c +6 -18
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-private-v2.h +105 -7
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +386 -74
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev.c +13 -10
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-uev-common.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds.c +7 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block-private.h +7 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block.c +21 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-optional-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/benchmarks/build.gradle.kts → src/mc-parse-utils-private.h} +10 -11
- data/ext/libmongocrypt/libmongocrypt/src/mc-parse-utils.c +48 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation-private.h +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +15 -20
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding-private.h +4 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +9 -18
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +4 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-private.h +5 -9
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +14 -19
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +2 -4
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +109 -119
- data/ext/libmongocrypt/libmongocrypt/src/mc-reader-private.h +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-reader.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker-private.h +123 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker.c +1065 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets-private.h +95 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets.c +304 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode-private.h +52 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode.c +324 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +130 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +159 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-writer-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-writer.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/src/mlib/error.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.h +12 -1
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.test.cpp +5 -0
- data/ext/libmongocrypt/libmongocrypt/src/mlib/path.h +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mlib/path.test.c +2 -5
- data/ext/libmongocrypt/libmongocrypt/src/mlib/str.h +65 -58
- data/ext/libmongocrypt/libmongocrypt/src/mlib/str.test.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/src/mlib/thread.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mlib/user-check.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mlib/windows-lean.h +2 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer-private.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +36 -3
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ciphertext-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto-private.h +4 -4
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto.c +29 -25
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +14 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +463 -900
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +5 -19
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-rewrap-many-datakey.c +12 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +5 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-dll-private.h +19 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +9 -9
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +3 -4
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +773 -584
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +0 -6
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +0 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +8 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-traverse-util.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +7 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +53 -40
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +5 -1
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_mutex.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_dll.c +3 -1
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_mutex.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/unicode/case-fold-map.c +1434 -0
- data/ext/libmongocrypt/libmongocrypt/src/unicode/diacritic-fold-map.c +2884 -0
- data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.c +139 -0
- data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.h +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/crypt_shared-stub.cpp +0 -14
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/payload.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/missing-key-id/collinfo.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/collinfo.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/collinfo.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +20 -21
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/missing-key-id/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-fields/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +6 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload-range-v2.json +20 -21
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/encrypted-payload.json +2 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/encrypted-payload.json +2 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_fle1/collinfo.json +2 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-extraField.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-missingKeyId.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-badVersionSet.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-goodVersionSet.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-badVersionSet.json +48 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-goodVersionSet.json +48 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-twoFields.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/encrypted-field-config-map.json +1 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1DeterministicEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1EncryptionPlaceholder.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1RandomEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2EncryptionPlaceholder.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2FindEqualityPayloadV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayload-RangeV1.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/insert-indexed.json → explicit-decrypt/FLE2InsertUpdatePayload.json} +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2-RangeV1.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2-RangeV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/find-with-encryptionInformation.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-csfle/collinfo.json +2 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-mongocryptd/collinfo.json +2 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-collinfo.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json +51 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/int32/encrypted-field-map.json → fle2-bad-str-encode-version/bad-encrypted-field-config-map.json} +7 -12
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-bad-str-encode-version}/encrypted-payload.json +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/encrypted-field-config-map.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-equality/encrypted-field-map.json → fle2-create-encrypted-collection/encrypted-field-config-map.json} +9 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/encrypted-payload.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json +50 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/cmd-to-mongocryptd.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/mongocryptd-reply.json +51 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +46 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +25 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +52 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload-v2.json +57 -59
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/mongocryptd-reply.json +63 -64
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload-v2.json +64 -66
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/mongocryptd-reply.json +69 -70
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json +2 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongocryptd.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongod.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/reply-from-mongocryptd.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/mongocryptd-reply.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json +14 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double-precision/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-openinterval/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json +14 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-field-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/encrypted-payload.json +3 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/double → fle2-insert-text-search}/encrypted-field-map.json +10 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/encrypted-payload.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/mongocryptd-reply.json +55 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/double-precision → fle2-insert-text-search-with-str-encode-version}/encrypted-field-map.json +12 -13
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/encrypted-payload.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/mongocryptd-reply.json +55 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/encrypted-field-map.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/mongocryptd-reply.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd-to-mongocryptd.json +55 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd.json +22 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-field-config-map.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/mongocryptd-reply.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +56 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneText.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneTextLarge.json +930 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd-to-mongocryptd.json +60 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-facet/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-mismatch/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/collection-info.json → test/data/lookup/csfle-mismatch/collInfo-c1.json} +13 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-mismatch/collInfo-c3.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-nested/cmd.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd-to-mongocryptd.json +60 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/schemaMap.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd-to-mongocryptd.json +60 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/schemaMap.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd-to-mongocryptd.json +34 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd-to-mongocryptd.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c2.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/reply-from-mongocryptd.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-unionWith/cmd.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-v1.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongocryptd.json +65 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongod.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/keys/ABCDEFAB123498761234123456789012-local-document.json → test/data/lookup/mixed/csfle/csfle/key-doc.json} +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/reply-from-mongocryptd.json +33 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongocryptd.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongod.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c2.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/reply-from-mongocryptd.json +33 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd-to-mongocryptd.json +70 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongocryptd.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongod.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c1.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/reply-from-mongocryptd.json +33 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongocryptd.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongod.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c1.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c2.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/reply-from-mongocryptd.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongocryptd.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongod.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c1.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/reply-from-mongocryptd.json +65 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd-to-mongocryptd.json +70 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongocryptd.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongod.json +56 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c2.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/reply-from-mongocryptd.json +63 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongocryptd.json +66 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongod.json +71 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/reply-from-mongocryptd.json +78 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongocryptd.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongod.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/reply-from-mongocryptd.json +68 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongocryptd.json +66 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongod.json +71 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert-unindexed/encrypted-field-map.json → lookup/qe-encryptedFieldsMap/encryptedFieldsMap.json} +6 -7
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/reply-from-mongocryptd.json +78 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongocryptd.json +46 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongod.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/reply-from-mongocryptd.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongocryptd.json +66 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongod.json +75 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/reply-from-mongocryptd.json +78 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-create/mongocryptd-ismaster.json → mongocryptd-ismaster-17.json} +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/mongocryptd-ismaster-26.json +12 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-jsonSchema.json +43 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-noSchema.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/create-with-jsonSchema.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields2.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFieldsMap.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema2.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/schemaMap.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +36 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +36 -2
- data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-dll.cpp +11 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-gcp-auth.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +74 -6
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-encryption-placeholder.c +457 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-equality-payload-v2.c +20 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-range-payload-v2.c +2 -18
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-text-payload.c +320 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev-v2.c +286 -24
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +24 -17
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup.c +24 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-uev.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +10 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-tag-and-encrypted-metadata-block.c +36 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +12 -17
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +58 -63
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +69 -85
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +7 -22
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-reader.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-schema-broker.c +1124 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-text-search-str-encode.c +1336 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +165 -37
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-writer.c +10 -10
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +16 -21
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert.h +55 -26
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-buffer.c +29 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache.c +5 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ciphertext.c +13 -13
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cleanup.c +49 -55
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-compact.c +64 -67
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +19 -19
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto.c +41 -10
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +33 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +247 -149
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +1342 -1229
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +28 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-setopt.c +50 -91
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-dll.c +7 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-endpoint.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kek.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-key-cache.c +9 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-ctx.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-responses.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-local-kms.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-log.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +1101 -161
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-status.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +157 -82
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +38 -6
- data/ext/libmongocrypt/libmongocrypt/test/test-named-kms-providers.c +11 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-unicode-fold.c +101 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/HELP.autogen +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/csfle.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/util.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/util/util.h +7 -6
- data/lib/libmongocrypt_helper/version.rb +2 -2
- metadata +219 -165
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/README.md +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java +0 -217
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/resources/keyDocument.json +0 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +0 -354
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.jar +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.properties +0 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew +0 -234
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew.bat +0 -89
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/settings.gradle.kts +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/BinaryHolder.java +0 -45
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java +0 -1165
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPIHelper.java +0 -96
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CipherCallback.java +0 -92
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/DisposableMemory.java +0 -31
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/JULLogger.java +0 -130
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Logger.java +0 -144
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Loggers.java +0 -50
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MacCallback.java +0 -60
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MessageDigestCallback.java +0 -55
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoAwsKmsProviderOptions.java +0 -104
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypt.java +0 -100
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContext.java +0 -137
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContextImpl.java +0 -164
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptException.java +0 -67
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptImpl.java +0 -423
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptOptions.java +0 -284
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypts.java +0 -38
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoDataKeyOptions.java +0 -125
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoExplicitEncryptOptions.java +0 -227
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptor.java +0 -76
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptorImpl.java +0 -105
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoLocalKmsProviderOptions.java +0 -83
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoRewrapManyDataKeyOptions.java +0 -104
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SLF4JLogger.java +0 -110
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SecureRandomCallback.java +0 -51
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SigningRSAESPKCSCallback.java +0 -76
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/package-info.java +0 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/jni-config.json +0 -180
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/reflect-config.json +0 -134
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +0 -389
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command-reply.json +0 -13
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command-reply.json +0 -16
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-value.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/key-filter.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/rangeopts.json +0 -14
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/value-to-encrypt.json +0 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/json-schema.json +0 -15
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-document.json +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter-keyAltName.json +0 -14
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/kms-reply.txt +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/list-collections-filter.json +0 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-command.json +0 -22
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-reply.json +0 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/strip_header.py +0 -50
- data/ext/libmongocrypt/libmongocrypt/bindings/python/update-sbom.sh +0 -14
- data/ext/libmongocrypt/libmongocrypt/etc/silk-create-asset-group.sh +0 -70
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd.json +0 -20
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload.json +0 -29
- data/ext/libmongocrypt/libmongocrypt/test/data/collection-info-no-schema.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-field-config-map.json +0 -47
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload.json +0 -29
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/collinfo.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/ismaster-to-mongocryptd.json +0 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload.json +0 -91
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload.json +0 -98
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/find-indexed-contentionFactor1.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-contentionFactor1.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-same-user-and-index-key.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/encrypted-payload.json +0 -41
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/mongocryptd-reply.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/cmd.json +0 -10
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-payload.json +0 -51
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/mongocryptd-reply.json +0 -59
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double-precision/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-openinterval/encrypted-payload.json +0 -16
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/cmd.json +0 -13
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/cmd.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/cmd.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-payload.json +0 -54
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/mongocryptd-reply.json +0 -62
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/cmd.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/cmd.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-payload.json +0 -48
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/mongocryptd-reply.json +0 -56
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/cmd.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/encrypted-payload.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/encrypted-payload.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/encrypted-payload.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/cmd.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/encrypted-payload.json +0 -14
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/mongocryptd-reply.json +0 -46
- data/ext/libmongocrypt/libmongocrypt/test/data/schema.json +0 -19
- /data/ext/libmongocrypt/libmongocrypt/bindings/python/{build-manylinux-wheel.sh → scripts/build-manylinux-wheel.sh} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/find-indexed.json → explicit-decrypt/FLE2FindEqualityPayload.json} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-text-search-with-str-encode-version}/cmd.json +0 -0
|
@@ -15,6 +15,7 @@
|
|
|
15
15
|
*/
|
|
16
16
|
|
|
17
17
|
#include "mc-efc-private.h"
|
|
18
|
+
#include "mc-fle-blob-subtype-private.h"
|
|
18
19
|
#include "mc-fle2-rfds-private.h"
|
|
19
20
|
#include "mc-tokens-private.h"
|
|
20
21
|
#include "mongocrypt-ciphertext-private.h"
|
|
@@ -22,476 +23,30 @@
|
|
|
22
23
|
#include "mongocrypt-ctx-private.h"
|
|
23
24
|
#include "mongocrypt-key-broker-private.h"
|
|
24
25
|
#include "mongocrypt-marking-private.h"
|
|
26
|
+
#include "mongocrypt-private.h"
|
|
25
27
|
#include "mongocrypt-traverse-util-private.h"
|
|
26
28
|
#include "mongocrypt-util-private.h" // mc_iter_document_as_bson
|
|
27
29
|
#include "mongocrypt.h"
|
|
28
30
|
|
|
29
|
-
/* _fle2_append_encryptedFieldConfig copies encryptedFieldConfig and applies
|
|
30
|
-
* default state collection names for escCollection, eccCollection, and
|
|
31
|
-
* ecocCollection if required. */
|
|
32
|
-
static bool _fle2_append_encryptedFieldConfig(const mongocrypt_ctx_t *ctx,
|
|
33
|
-
bson_t *dst,
|
|
34
|
-
bson_t *encryptedFieldConfig,
|
|
35
|
-
const char *target_coll,
|
|
36
|
-
mongocrypt_status_t *status) {
|
|
37
|
-
bson_iter_t iter;
|
|
38
|
-
bool has_escCollection = false;
|
|
39
|
-
bool has_eccCollection = false;
|
|
40
|
-
bool has_ecocCollection = false;
|
|
41
|
-
|
|
42
|
-
BSON_ASSERT_PARAM(dst);
|
|
43
|
-
BSON_ASSERT_PARAM(encryptedFieldConfig);
|
|
44
|
-
BSON_ASSERT_PARAM(target_coll);
|
|
45
|
-
|
|
46
|
-
if (!bson_iter_init(&iter, encryptedFieldConfig)) {
|
|
47
|
-
CLIENT_ERR("unable to iterate encryptedFieldConfig");
|
|
48
|
-
return false;
|
|
49
|
-
}
|
|
50
|
-
|
|
51
|
-
while (bson_iter_next(&iter)) {
|
|
52
|
-
if (strcmp(bson_iter_key(&iter), "escCollection") == 0) {
|
|
53
|
-
has_escCollection = true;
|
|
54
|
-
}
|
|
55
|
-
if (strcmp(bson_iter_key(&iter), "eccCollection") == 0) {
|
|
56
|
-
has_eccCollection = true;
|
|
57
|
-
}
|
|
58
|
-
if (strcmp(bson_iter_key(&iter), "ecocCollection") == 0) {
|
|
59
|
-
has_ecocCollection = true;
|
|
60
|
-
}
|
|
61
|
-
if (!BSON_APPEND_VALUE(dst, bson_iter_key(&iter), bson_iter_value(&iter))) {
|
|
62
|
-
CLIENT_ERR("unable to append field: %s", bson_iter_key(&iter));
|
|
63
|
-
return false;
|
|
64
|
-
}
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
if (!has_escCollection) {
|
|
68
|
-
char *default_escCollection = bson_strdup_printf("enxcol_.%s.esc", target_coll);
|
|
69
|
-
if (!BSON_APPEND_UTF8(dst, "escCollection", default_escCollection)) {
|
|
70
|
-
CLIENT_ERR("unable to append escCollection");
|
|
71
|
-
bson_free(default_escCollection);
|
|
72
|
-
return false;
|
|
73
|
-
}
|
|
74
|
-
bson_free(default_escCollection);
|
|
75
|
-
}
|
|
76
|
-
if (!has_eccCollection && !ctx->crypt->opts.use_fle2_v2) {
|
|
77
|
-
char *default_eccCollection = bson_strdup_printf("enxcol_.%s.ecc", target_coll);
|
|
78
|
-
if (!BSON_APPEND_UTF8(dst, "eccCollection", default_eccCollection)) {
|
|
79
|
-
CLIENT_ERR("unable to append eccCollection");
|
|
80
|
-
bson_free(default_eccCollection);
|
|
81
|
-
return false;
|
|
82
|
-
}
|
|
83
|
-
bson_free(default_eccCollection);
|
|
84
|
-
}
|
|
85
|
-
if (!has_ecocCollection) {
|
|
86
|
-
char *default_ecocCollection = bson_strdup_printf("enxcol_.%s.ecoc", target_coll);
|
|
87
|
-
if (!BSON_APPEND_UTF8(dst, "ecocCollection", default_ecocCollection)) {
|
|
88
|
-
CLIENT_ERR("unable to append ecocCollection");
|
|
89
|
-
bson_free(default_ecocCollection);
|
|
90
|
-
return false;
|
|
91
|
-
}
|
|
92
|
-
bson_free(default_ecocCollection);
|
|
93
|
-
}
|
|
94
|
-
return true;
|
|
95
|
-
}
|
|
96
|
-
|
|
97
|
-
static bool _fle2_append_encryptionInformation(const mongocrypt_ctx_t *ctx,
|
|
98
|
-
bson_t *dst,
|
|
99
|
-
const char *target_ns,
|
|
100
|
-
bson_t *encryptedFieldConfig,
|
|
101
|
-
bson_t *deleteTokens,
|
|
102
|
-
const char *target_coll,
|
|
103
|
-
mongocrypt_status_t *status) {
|
|
104
|
-
bson_t encryption_information_bson;
|
|
105
|
-
bson_t schema_bson;
|
|
106
|
-
bson_t encrypted_field_config_bson;
|
|
107
|
-
|
|
108
|
-
BSON_ASSERT_PARAM(dst);
|
|
109
|
-
BSON_ASSERT_PARAM(target_ns);
|
|
110
|
-
BSON_ASSERT_PARAM(encryptedFieldConfig);
|
|
111
|
-
/* deleteTokens may be NULL */
|
|
112
|
-
BSON_ASSERT_PARAM(target_coll);
|
|
113
|
-
|
|
114
|
-
if (!BSON_APPEND_DOCUMENT_BEGIN(dst, "encryptionInformation", &encryption_information_bson)) {
|
|
115
|
-
CLIENT_ERR("unable to begin appending 'encryptionInformation'");
|
|
116
|
-
return false;
|
|
117
|
-
}
|
|
118
|
-
if (!BSON_APPEND_INT32(&encryption_information_bson, "type", 1)) {
|
|
119
|
-
CLIENT_ERR("unable to append type to 'encryptionInformation'");
|
|
120
|
-
return false;
|
|
121
|
-
}
|
|
122
|
-
if (!BSON_APPEND_DOCUMENT_BEGIN(&encryption_information_bson, "schema", &schema_bson)) {
|
|
123
|
-
CLIENT_ERR("unable to begin appending 'schema' to 'encryptionInformation'");
|
|
124
|
-
return false;
|
|
125
|
-
}
|
|
126
|
-
|
|
127
|
-
if (!BSON_APPEND_DOCUMENT_BEGIN(&schema_bson, target_ns, &encrypted_field_config_bson)) {
|
|
128
|
-
CLIENT_ERR("unable to begin appending 'encryptedFieldConfig' to "
|
|
129
|
-
"'encryptionInformation'.'schema'");
|
|
130
|
-
return false;
|
|
131
|
-
}
|
|
132
|
-
|
|
133
|
-
if (!_fle2_append_encryptedFieldConfig(ctx,
|
|
134
|
-
&encrypted_field_config_bson,
|
|
135
|
-
encryptedFieldConfig,
|
|
136
|
-
target_coll,
|
|
137
|
-
status)) {
|
|
138
|
-
return false;
|
|
139
|
-
}
|
|
140
|
-
|
|
141
|
-
if (!bson_append_document_end(&schema_bson, &encrypted_field_config_bson)) {
|
|
142
|
-
CLIENT_ERR("unable to end appending 'encryptedFieldConfig' to "
|
|
143
|
-
"'encryptionInformation'.'schema'");
|
|
144
|
-
return false;
|
|
145
|
-
}
|
|
146
|
-
if (!bson_append_document_end(&encryption_information_bson, &schema_bson)) {
|
|
147
|
-
CLIENT_ERR("unable to end appending 'schema' to 'encryptionInformation'");
|
|
148
|
-
return false;
|
|
149
|
-
}
|
|
150
|
-
|
|
151
|
-
if (deleteTokens != NULL) {
|
|
152
|
-
bson_t delete_tokens_bson;
|
|
153
|
-
if (!BSON_APPEND_DOCUMENT_BEGIN(&encryption_information_bson, "deleteTokens", &delete_tokens_bson)) {
|
|
154
|
-
CLIENT_ERR("unable to begin appending 'deleteTokens' to "
|
|
155
|
-
"'encryptionInformation'");
|
|
156
|
-
return false;
|
|
157
|
-
}
|
|
158
|
-
if (!BSON_APPEND_DOCUMENT(&delete_tokens_bson, target_ns, deleteTokens)) {
|
|
159
|
-
CLIENT_ERR("unable to append '%s' to 'deleteTokens'", target_ns);
|
|
160
|
-
return false;
|
|
161
|
-
}
|
|
162
|
-
if (!bson_append_document_end(&encryption_information_bson, &delete_tokens_bson)) {
|
|
163
|
-
CLIENT_ERR("unable to end appending 'deleteTokens' to "
|
|
164
|
-
"'encryptionInformation'");
|
|
165
|
-
return false;
|
|
166
|
-
}
|
|
167
|
-
}
|
|
168
|
-
|
|
169
|
-
if (!bson_append_document_end(dst, &encryption_information_bson)) {
|
|
170
|
-
CLIENT_ERR("unable to end appending 'encryptionInformation'");
|
|
171
|
-
return false;
|
|
172
|
-
}
|
|
173
|
-
return true;
|
|
174
|
-
}
|
|
175
|
-
|
|
176
|
-
typedef enum { MC_TO_CSFLE, MC_TO_MONGOCRYPTD, MC_TO_MONGOD } mc_cmd_target_t;
|
|
177
|
-
|
|
178
|
-
/**
|
|
179
|
-
* @brief Add "encryptionInformation" to a command.
|
|
180
|
-
*
|
|
181
|
-
* @param cmd_name The name of the command.
|
|
182
|
-
* @param cmd The command being rewritten. It is an input and output.
|
|
183
|
-
* @param target_ns The <db>.<collection> namespace for the command.
|
|
184
|
-
* @param encryptedFieldConfig The "encryptedFields" document for the
|
|
185
|
-
* collection.
|
|
186
|
-
* @param deleteTokens Delete tokens to append to "encryptionInformation". May
|
|
187
|
-
* be NULL.
|
|
188
|
-
* @param target_coll The collection name.
|
|
189
|
-
* @param cmd_target The intended destination of the command. csfle,
|
|
190
|
-
* mongocryptd, and mongod have different requirements for the location of
|
|
191
|
-
* "encryptionInformation".
|
|
192
|
-
* @param status Output status.
|
|
193
|
-
* @return true On success
|
|
194
|
-
* @return false Otherwise. Sets a failing status message in this case.
|
|
195
|
-
*/
|
|
196
|
-
static bool _fle2_insert_encryptionInformation(const mongocrypt_ctx_t *ctx,
|
|
197
|
-
const char *cmd_name,
|
|
198
|
-
bson_t *cmd /* in and out */,
|
|
199
|
-
const char *target_ns,
|
|
200
|
-
bson_t *encryptedFieldConfig,
|
|
201
|
-
bson_t *deleteTokens,
|
|
202
|
-
const char *target_coll,
|
|
203
|
-
mc_cmd_target_t cmd_target,
|
|
204
|
-
mongocrypt_status_t *status) {
|
|
205
|
-
bson_t out = BSON_INITIALIZER;
|
|
206
|
-
bson_t explain = BSON_INITIALIZER;
|
|
207
|
-
bson_iter_t iter;
|
|
208
|
-
bool ok = false;
|
|
209
|
-
|
|
210
|
-
BSON_ASSERT_PARAM(cmd_name);
|
|
211
|
-
BSON_ASSERT_PARAM(cmd);
|
|
212
|
-
BSON_ASSERT_PARAM(target_ns);
|
|
213
|
-
BSON_ASSERT_PARAM(encryptedFieldConfig);
|
|
214
|
-
/* deleteTokens may be NULL */
|
|
215
|
-
BSON_ASSERT_PARAM(target_coll);
|
|
216
|
-
|
|
217
|
-
// For `bulkWrite`, append `encryptionInformation` inside the `nsInfo.0` document.
|
|
218
|
-
if (0 == strcmp(cmd_name, "bulkWrite")) {
|
|
219
|
-
// Get the single `nsInfo` document from the input command.
|
|
220
|
-
bson_t nsInfo; // Non-owning.
|
|
221
|
-
{
|
|
222
|
-
bson_iter_t nsInfo_iter;
|
|
223
|
-
if (!bson_iter_init(&nsInfo_iter, cmd)) {
|
|
224
|
-
CLIENT_ERR("failed to iterate command");
|
|
225
|
-
goto fail;
|
|
226
|
-
}
|
|
227
|
-
if (!bson_iter_find_descendant(&nsInfo_iter, "nsInfo.0", &nsInfo_iter)) {
|
|
228
|
-
CLIENT_ERR("expected one namespace in `bulkWrite`, but found zero.");
|
|
229
|
-
goto fail;
|
|
230
|
-
}
|
|
231
|
-
if (bson_has_field(cmd, "nsInfo.1")) {
|
|
232
|
-
CLIENT_ERR(
|
|
233
|
-
"expected one namespace in `bulkWrite`, but found more than one. Only one namespace is supported.");
|
|
234
|
-
goto fail;
|
|
235
|
-
}
|
|
236
|
-
if (!mc_iter_document_as_bson(&nsInfo_iter, &nsInfo, status)) {
|
|
237
|
-
goto fail;
|
|
238
|
-
}
|
|
239
|
-
// Ensure `nsInfo` does not already have an `encryptionInformation` field.
|
|
240
|
-
if (bson_has_field(&nsInfo, "encryptionInformation")) {
|
|
241
|
-
CLIENT_ERR("unexpected `encryptionInformation` present in input `nsInfo`.");
|
|
242
|
-
goto fail;
|
|
243
|
-
}
|
|
244
|
-
}
|
|
245
|
-
|
|
246
|
-
// Copy input and append `encryptionInformation` to `nsInfo`.
|
|
247
|
-
{
|
|
248
|
-
// Append everything from input except `nsInfo`.
|
|
249
|
-
bson_copy_to_excluding_noinit(cmd, &out, "nsInfo", NULL);
|
|
250
|
-
// Append `nsInfo` array.
|
|
251
|
-
bson_t nsInfo_array;
|
|
252
|
-
if (!BSON_APPEND_ARRAY_BEGIN(&out, "nsInfo", &nsInfo_array)) {
|
|
253
|
-
CLIENT_ERR("unable to begin appending 'nsInfo' array");
|
|
254
|
-
goto fail;
|
|
255
|
-
}
|
|
256
|
-
bson_t nsInfo_array_0;
|
|
257
|
-
if (!BSON_APPEND_DOCUMENT_BEGIN(&nsInfo_array, "0", &nsInfo_array_0)) {
|
|
258
|
-
CLIENT_ERR("unable to append 'nsInfo.0' document");
|
|
259
|
-
goto fail;
|
|
260
|
-
}
|
|
261
|
-
// Copy everything from input `nsInfo`.
|
|
262
|
-
bson_concat(&nsInfo_array_0, &nsInfo);
|
|
263
|
-
// And append `encryptionInformation`.
|
|
264
|
-
if (!_fle2_append_encryptionInformation(ctx,
|
|
265
|
-
&nsInfo_array_0,
|
|
266
|
-
target_ns,
|
|
267
|
-
encryptedFieldConfig,
|
|
268
|
-
deleteTokens,
|
|
269
|
-
target_coll,
|
|
270
|
-
status)) {
|
|
271
|
-
goto fail;
|
|
272
|
-
}
|
|
273
|
-
if (!bson_append_document_end(&nsInfo_array, &nsInfo_array_0)) {
|
|
274
|
-
CLIENT_ERR("unable to end appending 'nsInfo' document in array");
|
|
275
|
-
}
|
|
276
|
-
if (!bson_append_array_end(&out, &nsInfo_array)) {
|
|
277
|
-
CLIENT_ERR("unable to end appending 'nsInfo' array");
|
|
278
|
-
goto fail;
|
|
279
|
-
}
|
|
280
|
-
// Overwrite `cmd`.
|
|
281
|
-
bson_destroy(cmd);
|
|
282
|
-
if (!bson_steal(cmd, &out)) {
|
|
283
|
-
CLIENT_ERR("failed to steal BSON with encryptionInformation");
|
|
284
|
-
goto fail;
|
|
285
|
-
}
|
|
286
|
-
}
|
|
287
|
-
|
|
288
|
-
goto success;
|
|
289
|
-
}
|
|
290
|
-
|
|
291
|
-
if (0 != strcmp(cmd_name, "explain") || cmd_target == MC_TO_MONGOCRYPTD) {
|
|
292
|
-
// All commands except "explain" and "bulkWrite" expect "encryptionInformation"
|
|
293
|
-
// at top-level. "explain" sent to mongocryptd expects
|
|
294
|
-
// "encryptionInformation" at top-level.
|
|
295
|
-
if (!_fle2_append_encryptionInformation(ctx,
|
|
296
|
-
cmd,
|
|
297
|
-
target_ns,
|
|
298
|
-
encryptedFieldConfig,
|
|
299
|
-
deleteTokens,
|
|
300
|
-
target_coll,
|
|
301
|
-
status)) {
|
|
302
|
-
goto fail;
|
|
303
|
-
}
|
|
304
|
-
bson_destroy(&out);
|
|
305
|
-
goto success;
|
|
306
|
-
}
|
|
307
|
-
|
|
308
|
-
// The "explain" command for csfle is a special case.
|
|
309
|
-
// mongocryptd expects "encryptionInformation" to be a sibling of the
|
|
310
|
-
// "explain" document. Example:
|
|
311
|
-
// {
|
|
312
|
-
// "explain": { "find": "to-mongocryptd" },
|
|
313
|
-
// "encryptionInformation": {}
|
|
314
|
-
// }
|
|
315
|
-
// csfle and mongod expect "encryptionInformation" to be nested in the
|
|
316
|
-
// "explain" document. Example:
|
|
317
|
-
// {
|
|
318
|
-
// "explain": {
|
|
319
|
-
// "find": "to-csfle-or-mongod"
|
|
320
|
-
// "encryptionInformation": {}
|
|
321
|
-
// }
|
|
322
|
-
// }
|
|
323
|
-
BSON_ASSERT(bson_iter_init_find(&iter, cmd, "explain"));
|
|
324
|
-
if (!BSON_ITER_HOLDS_DOCUMENT(&iter)) {
|
|
325
|
-
CLIENT_ERR("expected 'explain' to be document");
|
|
326
|
-
goto fail;
|
|
327
|
-
}
|
|
328
|
-
|
|
329
|
-
{
|
|
330
|
-
bson_t tmp;
|
|
331
|
-
if (!mc_iter_document_as_bson(&iter, &tmp, status)) {
|
|
332
|
-
goto fail;
|
|
333
|
-
}
|
|
334
|
-
bson_destroy(&explain);
|
|
335
|
-
bson_copy_to(&tmp, &explain);
|
|
336
|
-
}
|
|
337
|
-
|
|
338
|
-
if (!_fle2_append_encryptionInformation(ctx,
|
|
339
|
-
&explain,
|
|
340
|
-
target_ns,
|
|
341
|
-
encryptedFieldConfig,
|
|
342
|
-
deleteTokens,
|
|
343
|
-
target_coll,
|
|
344
|
-
status)) {
|
|
345
|
-
goto fail;
|
|
346
|
-
}
|
|
347
|
-
|
|
348
|
-
if (!BSON_APPEND_DOCUMENT(&out, "explain", &explain)) {
|
|
349
|
-
CLIENT_ERR("unable to append 'explain' document");
|
|
350
|
-
goto fail;
|
|
351
|
-
}
|
|
352
|
-
|
|
353
|
-
bson_copy_to_excluding_noinit(cmd, &out, "explain", NULL);
|
|
354
|
-
bson_destroy(cmd);
|
|
355
|
-
if (!bson_steal(cmd, &out)) {
|
|
356
|
-
CLIENT_ERR("failed to steal BSON with encryptionInformation");
|
|
357
|
-
goto fail;
|
|
358
|
-
}
|
|
359
|
-
|
|
360
|
-
success:
|
|
361
|
-
ok = true;
|
|
362
|
-
fail:
|
|
363
|
-
bson_destroy(&explain);
|
|
364
|
-
if (!ok) {
|
|
365
|
-
bson_destroy(&out);
|
|
366
|
-
}
|
|
367
|
-
return ok;
|
|
368
|
-
}
|
|
369
|
-
|
|
370
31
|
/* Construct the list collections command to send. */
|
|
371
32
|
static bool _mongo_op_collinfo(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
|
372
33
|
_mongocrypt_ctx_encrypt_t *ectx;
|
|
373
|
-
bson_t *cmd;
|
|
374
34
|
|
|
375
35
|
BSON_ASSERT_PARAM(ctx);
|
|
376
36
|
BSON_ASSERT_PARAM(out);
|
|
377
37
|
|
|
378
38
|
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
39
|
+
bson_t filter = BSON_INITIALIZER;
|
|
40
|
+
if (!mc_schema_broker_append_listCollections_filter(ectx->sb, &filter, ctx->status)) {
|
|
41
|
+
_mongocrypt_ctx_fail(ctx);
|
|
42
|
+
return false;
|
|
43
|
+
}
|
|
44
|
+
_mongocrypt_buffer_steal_from_bson(&ectx->list_collections_filter, &filter);
|
|
382
45
|
out->data = ectx->list_collections_filter.data;
|
|
383
46
|
out->len = ectx->list_collections_filter.len;
|
|
384
47
|
return true;
|
|
385
48
|
}
|
|
386
49
|
|
|
387
|
-
static bool _set_schema_from_collinfo(mongocrypt_ctx_t *ctx, bson_t *collinfo) {
|
|
388
|
-
bson_iter_t iter;
|
|
389
|
-
_mongocrypt_ctx_encrypt_t *ectx;
|
|
390
|
-
bool found_jsonschema = false;
|
|
391
|
-
|
|
392
|
-
BSON_ASSERT_PARAM(ctx);
|
|
393
|
-
BSON_ASSERT_PARAM(collinfo);
|
|
394
|
-
|
|
395
|
-
/* Parse out the schema. */
|
|
396
|
-
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
|
397
|
-
|
|
398
|
-
/* Disallow views. */
|
|
399
|
-
if (bson_iter_init_find(&iter, collinfo, "type") && BSON_ITER_HOLDS_UTF8(&iter) && bson_iter_utf8(&iter, NULL)
|
|
400
|
-
&& 0 == strcmp("view", bson_iter_utf8(&iter, NULL))) {
|
|
401
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "cannot auto encrypt a view");
|
|
402
|
-
}
|
|
403
|
-
|
|
404
|
-
if (!bson_iter_init(&iter, collinfo)) {
|
|
405
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "BSON malformed");
|
|
406
|
-
}
|
|
407
|
-
|
|
408
|
-
if (bson_iter_find_descendant(&iter, "options.encryptedFields", &iter)) {
|
|
409
|
-
if (!BSON_ITER_HOLDS_DOCUMENT(&iter)) {
|
|
410
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "options.encryptedFields is not a BSON document");
|
|
411
|
-
}
|
|
412
|
-
if (!_mongocrypt_buffer_copy_from_document_iter(&ectx->encrypted_field_config, &iter)) {
|
|
413
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "unable to copy options.encryptedFields");
|
|
414
|
-
}
|
|
415
|
-
bson_t efc_bson;
|
|
416
|
-
if (!_mongocrypt_buffer_to_bson(&ectx->encrypted_field_config, &efc_bson)) {
|
|
417
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "unable to create BSON from encrypted_field_config");
|
|
418
|
-
}
|
|
419
|
-
if (!mc_EncryptedFieldConfig_parse(&ectx->efc, &efc_bson, ctx->status, ctx->crypt->opts.use_range_v2)) {
|
|
420
|
-
_mongocrypt_ctx_fail(ctx);
|
|
421
|
-
return false;
|
|
422
|
-
}
|
|
423
|
-
} else if (0 == strcmp(ectx->cmd_name, "bulkWrite")) {
|
|
424
|
-
ectx->used_empty_encryptedFields = true;
|
|
425
|
-
// `bulkWrite` is a special case. Sending `bulkWrite` with `jsonSchema` to query analysis results in an error:
|
|
426
|
-
// `The bulkWrite command only supports Queryable Encryption`
|
|
427
|
-
//
|
|
428
|
-
// Add an empty encryptedFields (rather than an empty JSON schema) to ensure `bulkWrite` can be sent to query
|
|
429
|
-
// analysis.
|
|
430
|
-
bson_t empty_encryptedFields = BSON_INITIALIZER;
|
|
431
|
-
{
|
|
432
|
-
char *escCollection = bson_strdup_printf("enxcol_.%s.esc", ectx->target_coll);
|
|
433
|
-
char *ecocCollection = bson_strdup_printf("enxcol_.%s.ecoc", ectx->target_coll);
|
|
434
|
-
bson_t empty_array = BSON_INITIALIZER;
|
|
435
|
-
if (!BSON_APPEND_UTF8(&empty_encryptedFields, "escCollection", escCollection)) {
|
|
436
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "failed to append `escCollection`");
|
|
437
|
-
}
|
|
438
|
-
if (!BSON_APPEND_UTF8(&empty_encryptedFields, "ecocCollection", ecocCollection)) {
|
|
439
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "failed to append `ecocCollection`");
|
|
440
|
-
}
|
|
441
|
-
if (!BSON_APPEND_ARRAY(&empty_encryptedFields, "fields", &empty_array)) {
|
|
442
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "failed to append `fields`");
|
|
443
|
-
}
|
|
444
|
-
|
|
445
|
-
bson_destroy(&empty_array);
|
|
446
|
-
bson_free(escCollection);
|
|
447
|
-
bson_free(ecocCollection);
|
|
448
|
-
}
|
|
449
|
-
|
|
450
|
-
if (!mc_EncryptedFieldConfig_parse(&ectx->efc,
|
|
451
|
-
&empty_encryptedFields,
|
|
452
|
-
ctx->status,
|
|
453
|
-
ctx->crypt->opts.use_range_v2)) {
|
|
454
|
-
bson_destroy(&empty_encryptedFields);
|
|
455
|
-
_mongocrypt_ctx_fail(ctx);
|
|
456
|
-
return false;
|
|
457
|
-
}
|
|
458
|
-
_mongocrypt_buffer_steal_from_bson(&ectx->encrypted_field_config, &empty_encryptedFields);
|
|
459
|
-
}
|
|
460
|
-
|
|
461
|
-
BSON_ASSERT(bson_iter_init(&iter, collinfo));
|
|
462
|
-
|
|
463
|
-
if (bson_iter_find_descendant(&iter, "options.validator", &iter) && BSON_ITER_HOLDS_DOCUMENT(&iter)) {
|
|
464
|
-
if (!bson_iter_recurse(&iter, &iter)) {
|
|
465
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "BSON malformed");
|
|
466
|
-
}
|
|
467
|
-
while (bson_iter_next(&iter)) {
|
|
468
|
-
const char *key;
|
|
469
|
-
|
|
470
|
-
key = bson_iter_key(&iter);
|
|
471
|
-
BSON_ASSERT(key);
|
|
472
|
-
if (0 == strcmp("$jsonSchema", key)) {
|
|
473
|
-
if (found_jsonschema) {
|
|
474
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "duplicate $jsonSchema fields found");
|
|
475
|
-
}
|
|
476
|
-
if (!_mongocrypt_buffer_copy_from_document_iter(&ectx->schema, &iter)) {
|
|
477
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "malformed $jsonSchema");
|
|
478
|
-
}
|
|
479
|
-
found_jsonschema = true;
|
|
480
|
-
} else {
|
|
481
|
-
ectx->collinfo_has_siblings = true;
|
|
482
|
-
}
|
|
483
|
-
}
|
|
484
|
-
}
|
|
485
|
-
|
|
486
|
-
if (!found_jsonschema) {
|
|
487
|
-
bson_t empty = BSON_INITIALIZER;
|
|
488
|
-
|
|
489
|
-
_mongocrypt_buffer_steal_from_bson(&ectx->schema, &empty);
|
|
490
|
-
}
|
|
491
|
-
|
|
492
|
-
return true;
|
|
493
|
-
}
|
|
494
|
-
|
|
495
50
|
/* get_command_name returns the name of a command. The command name is the first
|
|
496
51
|
* field. For example, the command name of: {"find": "foo", "filter": {"bar":
|
|
497
52
|
* 1}} is "find". */
|
|
@@ -526,29 +81,6 @@ static const char *get_command_name(_mongocrypt_buffer_t *cmd, mongocrypt_status
|
|
|
526
81
|
return cmd_name;
|
|
527
82
|
}
|
|
528
83
|
|
|
529
|
-
static bool command_needs_deleteTokens(mongocrypt_ctx_t *ctx, const char *command_name) {
|
|
530
|
-
BSON_ASSERT_PARAM(ctx);
|
|
531
|
-
BSON_ASSERT_PARAM(command_name);
|
|
532
|
-
BSON_ASSERT(ctx->kb.crypt);
|
|
533
|
-
|
|
534
|
-
if (ctx->crypt->opts.use_fle2_v2) {
|
|
535
|
-
return false;
|
|
536
|
-
}
|
|
537
|
-
|
|
538
|
-
const char *cmds_needing_deleteTokens[] = {"delete", "update", "findAndModify"};
|
|
539
|
-
|
|
540
|
-
BSON_ASSERT_PARAM(command_name);
|
|
541
|
-
|
|
542
|
-
size_t i;
|
|
543
|
-
for (i = 0; i < sizeof(cmds_needing_deleteTokens) / sizeof(cmds_needing_deleteTokens[0]); i++) {
|
|
544
|
-
if (0 == strcmp(cmds_needing_deleteTokens[i], command_name)) {
|
|
545
|
-
return true;
|
|
546
|
-
}
|
|
547
|
-
}
|
|
548
|
-
|
|
549
|
-
return false;
|
|
550
|
-
}
|
|
551
|
-
|
|
552
84
|
/* context_uses_fle2 returns true if the context uses FLE 2 behavior.
|
|
553
85
|
* If a collection has an encryptedFields document, it uses FLE 2.
|
|
554
86
|
*/
|
|
@@ -557,40 +89,7 @@ static bool context_uses_fle2(mongocrypt_ctx_t *ctx) {
|
|
|
557
89
|
|
|
558
90
|
BSON_ASSERT_PARAM(ctx);
|
|
559
91
|
|
|
560
|
-
return
|
|
561
|
-
}
|
|
562
|
-
|
|
563
|
-
/* _fle2_collect_keys_for_deleteTokens requests keys required to produce
|
|
564
|
-
* deleteTokens. deleteTokens is only applicable to FLE 2. */
|
|
565
|
-
static bool _fle2_collect_keys_for_deleteTokens(mongocrypt_ctx_t *ctx) {
|
|
566
|
-
_mongocrypt_ctx_encrypt_t *ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
|
567
|
-
|
|
568
|
-
BSON_ASSERT_PARAM(ctx);
|
|
569
|
-
|
|
570
|
-
/* deleteTokens are only appended for FLE 2. */
|
|
571
|
-
if (!context_uses_fle2(ctx)) {
|
|
572
|
-
return true;
|
|
573
|
-
}
|
|
574
|
-
|
|
575
|
-
const char *cmd_name = ectx->cmd_name;
|
|
576
|
-
|
|
577
|
-
if (!command_needs_deleteTokens(ctx, cmd_name)) {
|
|
578
|
-
/* Command does not require deleteTokens. */
|
|
579
|
-
return true;
|
|
580
|
-
}
|
|
581
|
-
|
|
582
|
-
mc_EncryptedField_t *field;
|
|
583
|
-
|
|
584
|
-
for (field = ectx->efc.fields; field != NULL; field = field->next) {
|
|
585
|
-
if (field->supported_queries) {
|
|
586
|
-
if (!_mongocrypt_key_broker_request_id(&ctx->kb, &field->keyId)) {
|
|
587
|
-
_mongocrypt_key_broker_status(&ctx->kb, ctx->status);
|
|
588
|
-
_mongocrypt_ctx_fail(ctx);
|
|
589
|
-
return false;
|
|
590
|
-
}
|
|
591
|
-
}
|
|
592
|
-
}
|
|
593
|
-
return true;
|
|
92
|
+
return mc_schema_broker_has_any_qe_schemas(ectx->sb);
|
|
594
93
|
}
|
|
595
94
|
|
|
596
95
|
/* _fle2_collect_keys_for_compaction requests keys required to produce
|
|
@@ -616,15 +115,20 @@ static bool _fle2_collect_keys_for_compaction(mongocrypt_ctx_t *ctx) {
|
|
|
616
115
|
/* (compact/cleanup)StructuredEncryptionData must not be sent to mongocryptd. */
|
|
617
116
|
ectx->bypass_query_analysis = true;
|
|
618
117
|
|
|
619
|
-
|
|
118
|
+
const mc_EncryptedFieldConfig_t *efc =
|
|
119
|
+
mc_schema_broker_get_encryptedFields(ectx->sb, ectx->target_coll, ctx->status);
|
|
120
|
+
if (!efc) {
|
|
121
|
+
return _mongocrypt_ctx_fail(ctx);
|
|
122
|
+
}
|
|
620
123
|
|
|
621
|
-
for (field =
|
|
124
|
+
for (const mc_EncryptedField_t *field = efc->fields; field != NULL; field = field->next) {
|
|
622
125
|
if (!_mongocrypt_key_broker_request_id(&ctx->kb, &field->keyId)) {
|
|
623
126
|
_mongocrypt_key_broker_status(&ctx->kb, ctx->status);
|
|
624
127
|
_mongocrypt_ctx_fail(ctx);
|
|
625
128
|
return false;
|
|
626
129
|
}
|
|
627
130
|
}
|
|
131
|
+
|
|
628
132
|
return true;
|
|
629
133
|
}
|
|
630
134
|
|
|
@@ -641,15 +145,10 @@ static bool _mongo_feed_collinfo(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *in)
|
|
|
641
145
|
return _mongocrypt_ctx_fail_w_msg(ctx, "BSON malformed");
|
|
642
146
|
}
|
|
643
147
|
|
|
644
|
-
|
|
645
|
-
if (!_mongocrypt_cache_add_copy(&ctx->crypt->cache_collinfo, ectx->target_ns, &as_bson, ctx->status)) {
|
|
148
|
+
if (!mc_schema_broker_satisfy_from_collinfo(ectx->sb, &as_bson, &ctx->crypt->cache_collinfo, ctx->status)) {
|
|
646
149
|
return _mongocrypt_ctx_fail(ctx);
|
|
647
150
|
}
|
|
648
151
|
|
|
649
|
-
if (!_set_schema_from_collinfo(ctx, &as_bson)) {
|
|
650
|
-
return false;
|
|
651
|
-
}
|
|
652
|
-
|
|
653
152
|
return true;
|
|
654
153
|
}
|
|
655
154
|
|
|
@@ -661,23 +160,10 @@ static bool _mongo_done_collinfo(mongocrypt_ctx_t *ctx) {
|
|
|
661
160
|
BSON_ASSERT_PARAM(ctx);
|
|
662
161
|
|
|
663
162
|
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
|
664
|
-
if (_mongocrypt_buffer_empty(&ectx->schema)) {
|
|
665
|
-
bson_t empty_collinfo = BSON_INITIALIZER;
|
|
666
163
|
|
|
667
|
-
|
|
668
|
-
|
|
669
|
-
|
|
670
|
-
return false;
|
|
671
|
-
}
|
|
672
|
-
if (!_mongocrypt_cache_add_copy(&ctx->crypt->cache_collinfo, ectx->target_ns, &empty_collinfo, ctx->status)) {
|
|
673
|
-
bson_destroy(&empty_collinfo);
|
|
674
|
-
return _mongocrypt_ctx_fail(ctx);
|
|
675
|
-
}
|
|
676
|
-
bson_destroy(&empty_collinfo);
|
|
677
|
-
}
|
|
678
|
-
|
|
679
|
-
if (!_fle2_collect_keys_for_deleteTokens(ctx)) {
|
|
680
|
-
return false;
|
|
164
|
+
// If there are collections still needing schemas, assume no schema exists.
|
|
165
|
+
if (!mc_schema_broker_satisfy_remaining_with_empty_schemas(ectx->sb, &ctx->crypt->cache_collinfo, ctx->status)) {
|
|
166
|
+
return _mongocrypt_ctx_fail(ctx);
|
|
681
167
|
}
|
|
682
168
|
|
|
683
169
|
if (!_fle2_collect_keys_for_compaction(ctx)) {
|
|
@@ -685,7 +171,7 @@ static bool _mongo_done_collinfo(mongocrypt_ctx_t *ctx) {
|
|
|
685
171
|
}
|
|
686
172
|
|
|
687
173
|
if (ectx->bypass_query_analysis) {
|
|
688
|
-
/* Keys may have been requested for
|
|
174
|
+
/* Keys may have been requested for compactionTokens.
|
|
689
175
|
* Finish key requests. */
|
|
690
176
|
_mongocrypt_key_broker_requests_done(&ctx->kb);
|
|
691
177
|
return _mongocrypt_ctx_state_from_key_broker(ctx);
|
|
@@ -697,55 +183,14 @@ static bool _mongo_done_collinfo(mongocrypt_ctx_t *ctx) {
|
|
|
697
183
|
static const char *_mongo_db_collinfo(mongocrypt_ctx_t *ctx) {
|
|
698
184
|
_mongocrypt_ctx_encrypt_t *ectx;
|
|
699
185
|
|
|
700
|
-
BSON_ASSERT_PARAM(ctx);
|
|
701
|
-
|
|
702
|
-
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
|
703
|
-
if (!ectx->target_db) {
|
|
704
|
-
_mongocrypt_ctx_fail_w_msg(ctx, "Expected target database for `listCollections`, but none exists.");
|
|
705
|
-
return NULL;
|
|
706
|
-
}
|
|
707
|
-
return ectx->target_db;
|
|
708
|
-
}
|
|
709
|
-
|
|
710
|
-
static bool _fle2_mongo_op_markings(mongocrypt_ctx_t *ctx, bson_t *out) {
|
|
711
|
-
_mongocrypt_ctx_encrypt_t *ectx;
|
|
712
|
-
bson_t cmd_bson = BSON_INITIALIZER, encrypted_field_config_bson = BSON_INITIALIZER;
|
|
713
|
-
|
|
714
|
-
BSON_ASSERT_PARAM(ctx);
|
|
715
|
-
BSON_ASSERT_PARAM(out);
|
|
716
|
-
|
|
717
|
-
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
|
718
|
-
|
|
719
|
-
BSON_ASSERT(ctx->state == MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
|
|
720
|
-
BSON_ASSERT(context_uses_fle2(ctx));
|
|
721
|
-
|
|
722
|
-
if (!_mongocrypt_buffer_to_bson(&ectx->original_cmd, &cmd_bson)) {
|
|
723
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "unable to convert original_cmd to BSON");
|
|
724
|
-
}
|
|
725
|
-
|
|
726
|
-
if (!_mongocrypt_buffer_to_bson(&ectx->encrypted_field_config, &encrypted_field_config_bson)) {
|
|
727
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "unable to convert encrypted_field_config to BSON");
|
|
728
|
-
}
|
|
729
|
-
|
|
730
|
-
const char *cmd_name = ectx->cmd_name;
|
|
186
|
+
BSON_ASSERT_PARAM(ctx);
|
|
731
187
|
|
|
732
|
-
|
|
733
|
-
|
|
734
|
-
|
|
735
|
-
|
|
736
|
-
bson_copy_to_excluding_noinit(&cmd_bson, out, "$db", NULL);
|
|
737
|
-
if (!_fle2_insert_encryptionInformation(ctx,
|
|
738
|
-
cmd_name,
|
|
739
|
-
out,
|
|
740
|
-
ectx->target_ns,
|
|
741
|
-
&encrypted_field_config_bson,
|
|
742
|
-
NULL /* deleteTokens */,
|
|
743
|
-
ectx->target_coll,
|
|
744
|
-
ctx->crypt->csfle.okay ? MC_TO_CSFLE : MC_TO_MONGOCRYPTD,
|
|
745
|
-
ctx->status)) {
|
|
746
|
-
return _mongocrypt_ctx_fail(ctx);
|
|
188
|
+
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
|
189
|
+
if (!ectx->target_db) {
|
|
190
|
+
_mongocrypt_ctx_fail_w_msg(ctx, "Expected target database for `listCollections`, but none exists.");
|
|
191
|
+
return NULL;
|
|
747
192
|
}
|
|
748
|
-
return
|
|
193
|
+
return ectx->target_db;
|
|
749
194
|
}
|
|
750
195
|
|
|
751
196
|
/**
|
|
@@ -763,41 +208,23 @@ static bool _create_markings_cmd_bson(mongocrypt_ctx_t *ctx, bson_t *out) {
|
|
|
763
208
|
BSON_ASSERT_PARAM(ctx);
|
|
764
209
|
BSON_ASSERT_PARAM(out);
|
|
765
210
|
|
|
766
|
-
if (context_uses_fle2(ctx)) {
|
|
767
|
-
// Defer to FLE2 to generate the markings command
|
|
768
|
-
return _fle2_mongo_op_markings(ctx, out);
|
|
769
|
-
}
|
|
770
|
-
|
|
771
|
-
// For FLE1:
|
|
772
|
-
// Get the original command document
|
|
773
211
|
bson_t bson_view = BSON_INITIALIZER;
|
|
774
212
|
if (!_mongocrypt_buffer_to_bson(&ectx->original_cmd, &bson_view)) {
|
|
775
213
|
_mongocrypt_ctx_fail_w_msg(ctx, "invalid BSON cmd");
|
|
776
214
|
return false;
|
|
777
215
|
}
|
|
778
|
-
|
|
779
|
-
// Copy the command to the output
|
|
780
216
|
// If input command included $db, do not include it in the command to
|
|
781
217
|
// mongocryptd. Drivers are expected to append $db in the RunCommand helper
|
|
782
218
|
// used to send the command.
|
|
783
|
-
bson_init(out);
|
|
784
219
|
bson_copy_to_excluding_noinit(&bson_view, out, "$db", NULL);
|
|
785
|
-
|
|
786
|
-
|
|
787
|
-
|
|
788
|
-
|
|
789
|
-
|
|
790
|
-
|
|
791
|
-
}
|
|
792
|
-
// Append the jsonSchema to the output command
|
|
793
|
-
BSON_APPEND_DOCUMENT(out, "jsonSchema", &bson_view);
|
|
794
|
-
} else {
|
|
795
|
-
bson_t empty = BSON_INITIALIZER;
|
|
796
|
-
BSON_APPEND_DOCUMENT(out, "jsonSchema", &empty);
|
|
220
|
+
if (!mc_schema_broker_add_schemas_to_cmd(ectx->sb,
|
|
221
|
+
out,
|
|
222
|
+
ctx->crypt->csfle.okay ? MC_CMD_SCHEMAS_FOR_CRYPT_SHARED
|
|
223
|
+
: MC_CMD_SCHEMAS_FOR_MONGOCRYPTD,
|
|
224
|
+
ctx->status)) {
|
|
225
|
+
return _mongocrypt_ctx_fail(ctx);
|
|
797
226
|
}
|
|
798
227
|
|
|
799
|
-
// if a local schema was not set, set isRemoteSchema=true
|
|
800
|
-
BSON_APPEND_BOOL(out, "isRemoteSchema", !ectx->used_local_schema);
|
|
801
228
|
return true;
|
|
802
229
|
}
|
|
803
230
|
|
|
@@ -854,13 +281,13 @@ static bool _collect_key_from_marking(void *ctx, _mongocrypt_buffer_t *in, mongo
|
|
|
854
281
|
}
|
|
855
282
|
|
|
856
283
|
if (marking.type == MONGOCRYPT_MARKING_FLE1_BY_ID) {
|
|
857
|
-
res = _mongocrypt_key_broker_request_id(kb, &marking.key_id);
|
|
284
|
+
res = _mongocrypt_key_broker_request_id(kb, &marking.u.fle1.key_id);
|
|
858
285
|
} else if (marking.type == MONGOCRYPT_MARKING_FLE1_BY_ALTNAME) {
|
|
859
|
-
res = _mongocrypt_key_broker_request_name(kb, &marking.key_alt_name);
|
|
286
|
+
res = _mongocrypt_key_broker_request_name(kb, &marking.u.fle1.key_alt_name);
|
|
860
287
|
} else {
|
|
861
288
|
BSON_ASSERT(marking.type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
|
862
|
-
res = _mongocrypt_key_broker_request_id(kb, &marking.fle2.index_key_id)
|
|
863
|
-
&& _mongocrypt_key_broker_request_id(kb, &marking.fle2.user_key_id);
|
|
289
|
+
res = _mongocrypt_key_broker_request_id(kb, &marking.u.fle2.index_key_id)
|
|
290
|
+
&& _mongocrypt_key_broker_request_id(kb, &marking.u.fle2.user_key_id);
|
|
864
291
|
}
|
|
865
292
|
|
|
866
293
|
if (!res) {
|
|
@@ -904,23 +331,8 @@ static bool _mongo_feed_markings(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *in)
|
|
|
904
331
|
|
|
905
332
|
if (bson_iter_init_find(&iter, &as_bson, "schemaRequiresEncryption") && !bson_iter_as_bool(&iter)) {
|
|
906
333
|
/* TODO: update cache: this schema does not require encryption. */
|
|
907
|
-
|
|
908
|
-
/* If using a local schema, warn if there are no encrypted fields. */
|
|
909
|
-
if (ectx->used_local_schema) {
|
|
910
|
-
_mongocrypt_log(&ctx->crypt->log,
|
|
911
|
-
MONGOCRYPT_LOG_LEVEL_WARNING,
|
|
912
|
-
"local schema used but does not have encryption specifiers");
|
|
913
|
-
}
|
|
334
|
+
// Schema does not require encryption. Skip copying the `result`.
|
|
914
335
|
return true;
|
|
915
|
-
} else {
|
|
916
|
-
/* if the schema requires encryption, but has sibling validators, error.
|
|
917
|
-
*/
|
|
918
|
-
if (ectx->collinfo_has_siblings) {
|
|
919
|
-
return _mongocrypt_ctx_fail_w_msg(ctx,
|
|
920
|
-
"schema requires encryption, "
|
|
921
|
-
"but collection JSON schema "
|
|
922
|
-
"validator has siblings");
|
|
923
|
-
}
|
|
924
336
|
}
|
|
925
337
|
|
|
926
338
|
if (bson_iter_init_find(&iter, &as_bson, "hasEncryptedPlaceholders") && !bson_iter_as_bool(&iter)) {
|
|
@@ -1163,7 +575,8 @@ fail_create_cmd:
|
|
|
1163
575
|
static bool _mongocrypt_fle2_insert_update_find(mc_fle_blob_subtype_t subtype) {
|
|
1164
576
|
return (subtype == MC_SUBTYPE_FLE2InsertUpdatePayload) || (subtype == MC_SUBTYPE_FLE2InsertUpdatePayloadV2)
|
|
1165
577
|
|| (subtype == MC_SUBTYPE_FLE2FindEqualityPayload) || (subtype == MC_SUBTYPE_FLE2FindEqualityPayloadV2)
|
|
1166
|
-
|| (subtype == MC_SUBTYPE_FLE2FindRangePayload) || (subtype == MC_SUBTYPE_FLE2FindRangePayloadV2)
|
|
578
|
+
|| (subtype == MC_SUBTYPE_FLE2FindRangePayload) || (subtype == MC_SUBTYPE_FLE2FindRangePayloadV2)
|
|
579
|
+
|| (subtype == MC_SUBTYPE_FLE2FindTextPayload);
|
|
1167
580
|
}
|
|
1168
581
|
|
|
1169
582
|
static bool
|
|
@@ -1197,7 +610,7 @@ _marking_to_bson_value(void *ctx, _mongocrypt_marking_t *marking, bson_value_t *
|
|
|
1197
610
|
} else if (!_mongocrypt_serialize_ciphertext(&ciphertext, &serialized_ciphertext)) {
|
|
1198
611
|
CLIENT_ERR("malformed ciphertext");
|
|
1199
612
|
goto fail;
|
|
1200
|
-
}
|
|
613
|
+
}
|
|
1201
614
|
|
|
1202
615
|
/* ownership of serialized_ciphertext is transferred to caller. */
|
|
1203
616
|
out->value_type = BSON_TYPE_BINARY;
|
|
@@ -1230,116 +643,6 @@ _replace_marking_with_ciphertext(void *ctx, _mongocrypt_buffer_t *in, bson_value
|
|
|
1230
643
|
return ret;
|
|
1231
644
|
}
|
|
1232
645
|
|
|
1233
|
-
/* generate_delete_tokens generates the 'deleteTokens' document to be appended
|
|
1234
|
-
* to 'encryptionInformation'. */
|
|
1235
|
-
static bson_t *generate_delete_tokens(_mongocrypt_crypto_t *crypto,
|
|
1236
|
-
_mongocrypt_key_broker_t *kb,
|
|
1237
|
-
mc_EncryptedFieldConfig_t *efc,
|
|
1238
|
-
mongocrypt_status_t *status) {
|
|
1239
|
-
bool ret = false;
|
|
1240
|
-
bson_t *out = bson_new();
|
|
1241
|
-
mc_EncryptedField_t *ef;
|
|
1242
|
-
|
|
1243
|
-
BSON_ASSERT_PARAM(crypto);
|
|
1244
|
-
BSON_ASSERT_PARAM(kb);
|
|
1245
|
-
BSON_ASSERT_PARAM(efc);
|
|
1246
|
-
|
|
1247
|
-
for (ef = efc->fields; ef != NULL; ef = ef->next) {
|
|
1248
|
-
_mongocrypt_buffer_t IndexKey = {0};
|
|
1249
|
-
_mongocrypt_buffer_t TokenKey = {0};
|
|
1250
|
-
mc_ServerDataEncryptionLevel1Token_t *sdel1t = NULL;
|
|
1251
|
-
mc_CollectionsLevel1Token_t *cl1t = NULL;
|
|
1252
|
-
mc_ECOCToken_t *ecoc = NULL;
|
|
1253
|
-
bool loop_ok = false;
|
|
1254
|
-
/* deleteTokens are only necessary for indexed fields. */
|
|
1255
|
-
if (!ef->supported_queries) {
|
|
1256
|
-
goto loop_continue;
|
|
1257
|
-
}
|
|
1258
|
-
|
|
1259
|
-
if (!_mongocrypt_key_broker_decrypted_key_by_id(kb, &ef->keyId, &IndexKey)) {
|
|
1260
|
-
_mongocrypt_key_broker_status(kb, status);
|
|
1261
|
-
goto loop_fail;
|
|
1262
|
-
}
|
|
1263
|
-
|
|
1264
|
-
/* Get the TokenKey from the last 32 bytes of IndexKey */
|
|
1265
|
-
if (IndexKey.len < MONGOCRYPT_TOKEN_KEY_LEN) {
|
|
1266
|
-
CLIENT_ERR("IndexKey too short");
|
|
1267
|
-
goto loop_fail;
|
|
1268
|
-
}
|
|
1269
|
-
if (!_mongocrypt_buffer_from_subrange(&TokenKey,
|
|
1270
|
-
&IndexKey,
|
|
1271
|
-
IndexKey.len - MONGOCRYPT_TOKEN_KEY_LEN,
|
|
1272
|
-
MONGOCRYPT_TOKEN_KEY_LEN)) {
|
|
1273
|
-
CLIENT_ERR("generate_delete_tokens unable to parse TokenKey from IndexKey");
|
|
1274
|
-
goto loop_fail;
|
|
1275
|
-
}
|
|
1276
|
-
|
|
1277
|
-
sdel1t = mc_ServerDataEncryptionLevel1Token_new(crypto, &TokenKey, status);
|
|
1278
|
-
if (!sdel1t) {
|
|
1279
|
-
goto loop_fail;
|
|
1280
|
-
}
|
|
1281
|
-
|
|
1282
|
-
cl1t = mc_CollectionsLevel1Token_new(crypto, &TokenKey, status);
|
|
1283
|
-
if (!cl1t) {
|
|
1284
|
-
goto loop_fail;
|
|
1285
|
-
}
|
|
1286
|
-
|
|
1287
|
-
ecoc = mc_ECOCToken_new(crypto, cl1t, status);
|
|
1288
|
-
if (!ecoc) {
|
|
1289
|
-
goto loop_fail;
|
|
1290
|
-
}
|
|
1291
|
-
|
|
1292
|
-
bson_t field_bson;
|
|
1293
|
-
if (!BSON_APPEND_DOCUMENT_BEGIN(out, ef->path, &field_bson)) {
|
|
1294
|
-
CLIENT_ERR("failed to begin document for 'deleteTokens.%s'", ef->path);
|
|
1295
|
-
goto loop_fail;
|
|
1296
|
-
}
|
|
1297
|
-
|
|
1298
|
-
if (!BSON_APPEND_BINARY(&field_bson,
|
|
1299
|
-
"e",
|
|
1300
|
-
BSON_SUBTYPE_BINARY,
|
|
1301
|
-
mc_ServerDataEncryptionLevel1Token_get(sdel1t)->data,
|
|
1302
|
-
mc_ServerDataEncryptionLevel1Token_get(sdel1t)->len)) {
|
|
1303
|
-
CLIENT_ERR("failed to append ServerDataEncryptionLevel1Token for %s", ef->path);
|
|
1304
|
-
goto loop_fail;
|
|
1305
|
-
}
|
|
1306
|
-
|
|
1307
|
-
if (!BSON_APPEND_BINARY(&field_bson,
|
|
1308
|
-
"o",
|
|
1309
|
-
BSON_SUBTYPE_BINARY,
|
|
1310
|
-
mc_ECOCToken_get(ecoc)->data,
|
|
1311
|
-
mc_ECOCToken_get(ecoc)->len)) {
|
|
1312
|
-
CLIENT_ERR("failed to append ECOCToken for %s", ef->path);
|
|
1313
|
-
goto loop_fail;
|
|
1314
|
-
}
|
|
1315
|
-
|
|
1316
|
-
if (!bson_append_document_end(out, &field_bson)) {
|
|
1317
|
-
CLIENT_ERR("failed to end document for 'deleteTokens.%s'", ef->path);
|
|
1318
|
-
goto loop_fail;
|
|
1319
|
-
}
|
|
1320
|
-
|
|
1321
|
-
loop_continue:
|
|
1322
|
-
loop_ok = true;
|
|
1323
|
-
loop_fail:
|
|
1324
|
-
_mongocrypt_buffer_cleanup(&IndexKey);
|
|
1325
|
-
_mongocrypt_buffer_cleanup(&TokenKey);
|
|
1326
|
-
mc_ServerDataEncryptionLevel1Token_destroy(sdel1t);
|
|
1327
|
-
mc_CollectionsLevel1Token_destroy(cl1t);
|
|
1328
|
-
mc_ECOCToken_destroy(ecoc);
|
|
1329
|
-
if (!loop_ok) {
|
|
1330
|
-
goto fail;
|
|
1331
|
-
}
|
|
1332
|
-
}
|
|
1333
|
-
|
|
1334
|
-
ret = true;
|
|
1335
|
-
fail:
|
|
1336
|
-
if (!ret) {
|
|
1337
|
-
bson_destroy(out);
|
|
1338
|
-
return NULL;
|
|
1339
|
-
}
|
|
1340
|
-
return out;
|
|
1341
|
-
}
|
|
1342
|
-
|
|
1343
646
|
static bool
|
|
1344
647
|
_check_for_payload_requiring_encryptionInformation(void *ctx, _mongocrypt_buffer_t *in, mongocrypt_status_t *status) {
|
|
1345
648
|
bool *out = (bool *)ctx;
|
|
@@ -1370,7 +673,6 @@ typedef struct {
|
|
|
1370
673
|
// must omit the "encryptionInformation" field when sent to mongod / mongos.
|
|
1371
674
|
static moe_result must_omit_encryptionInformation(const char *command_name,
|
|
1372
675
|
const bson_t *command,
|
|
1373
|
-
bool use_range_v2,
|
|
1374
676
|
const mc_EncryptedFieldConfig_t *efc,
|
|
1375
677
|
mongocrypt_status_t *status) {
|
|
1376
678
|
// eligible_commands may omit encryptionInformation if the command does not
|
|
@@ -1384,20 +686,21 @@ static moe_result must_omit_encryptionInformation(const char *command_name,
|
|
|
1384
686
|
|
|
1385
687
|
BSON_ASSERT_PARAM(command_name);
|
|
1386
688
|
BSON_ASSERT_PARAM(command);
|
|
1387
|
-
BSON_ASSERT_PARAM(efc);
|
|
1388
689
|
|
|
1389
690
|
if (0 == strcmp("compactStructuredEncryptionData", command_name)) {
|
|
691
|
+
if (!efc) {
|
|
692
|
+
CLIENT_ERR("expected to have encryptedFields for compactStructuredEncryptionData command but have none");
|
|
693
|
+
return (moe_result){.ok = false};
|
|
694
|
+
}
|
|
1390
695
|
// `compactStructuredEncryptionData` is a special case:
|
|
1391
696
|
// - Server 7.0 prohibits `encryptionInformation`.
|
|
1392
697
|
// - Server 8.0 requires `encryptionInformation` if "range" fields are referenced. Otherwise ignores.
|
|
1393
698
|
// Only send `encryptionInformation` if "range" fields are present to support both server versions.
|
|
1394
699
|
bool uses_range_fields = false;
|
|
1395
|
-
|
|
1396
|
-
|
|
1397
|
-
|
|
1398
|
-
|
|
1399
|
-
break;
|
|
1400
|
-
}
|
|
700
|
+
for (const mc_EncryptedField_t *ef = efc->fields; ef != NULL; ef = ef->next) {
|
|
701
|
+
if (ef->supported_queries & SUPPORTS_RANGE_QUERIES) {
|
|
702
|
+
uses_range_fields = true;
|
|
703
|
+
break;
|
|
1401
704
|
}
|
|
1402
705
|
}
|
|
1403
706
|
return (moe_result){.ok = true, .must_omit = !uses_range_fields};
|
|
@@ -1445,7 +748,7 @@ static moe_result must_omit_encryptionInformation(const char *command_name,
|
|
|
1445
748
|
*/
|
|
1446
749
|
static bool _fle2_append_compactionTokens(mongocrypt_t *crypt,
|
|
1447
750
|
_mongocrypt_key_broker_t *kb,
|
|
1448
|
-
mc_EncryptedFieldConfig_t *efc,
|
|
751
|
+
const mc_EncryptedFieldConfig_t *efc,
|
|
1449
752
|
const char *command_name,
|
|
1450
753
|
bson_t *out,
|
|
1451
754
|
mongocrypt_status_t *status) {
|
|
@@ -1454,7 +757,6 @@ static bool _fle2_append_compactionTokens(mongocrypt_t *crypt,
|
|
|
1454
757
|
|
|
1455
758
|
BSON_ASSERT_PARAM(crypt);
|
|
1456
759
|
BSON_ASSERT_PARAM(kb);
|
|
1457
|
-
BSON_ASSERT_PARAM(efc);
|
|
1458
760
|
BSON_ASSERT_PARAM(command_name);
|
|
1459
761
|
BSON_ASSERT_PARAM(out);
|
|
1460
762
|
_mongocrypt_crypto_t *crypto = crypt->crypto;
|
|
@@ -1465,13 +767,18 @@ static bool _fle2_append_compactionTokens(mongocrypt_t *crypt,
|
|
|
1465
767
|
return true;
|
|
1466
768
|
}
|
|
1467
769
|
|
|
770
|
+
if (!efc) {
|
|
771
|
+
CLIENT_ERR("expected to have encryptedFields for %s command but have none", command_name);
|
|
772
|
+
return false;
|
|
773
|
+
}
|
|
774
|
+
|
|
1468
775
|
if (cleanup) {
|
|
1469
776
|
BSON_APPEND_DOCUMENT_BEGIN(out, "cleanupTokens", &result_compactionTokens);
|
|
1470
777
|
} else {
|
|
1471
778
|
BSON_APPEND_DOCUMENT_BEGIN(out, "compactionTokens", &result_compactionTokens);
|
|
1472
779
|
}
|
|
1473
780
|
|
|
1474
|
-
mc_EncryptedField_t *ptr;
|
|
781
|
+
const mc_EncryptedField_t *ptr;
|
|
1475
782
|
for (ptr = efc->fields; ptr != NULL; ptr = ptr->next) {
|
|
1476
783
|
/* Append tokens. */
|
|
1477
784
|
_mongocrypt_buffer_t key = {0};
|
|
@@ -1510,7 +817,7 @@ static bool _fle2_append_compactionTokens(mongocrypt_t *crypt,
|
|
|
1510
817
|
|
|
1511
818
|
const _mongocrypt_buffer_t *ecoct_buf = mc_ECOCToken_get(ecoct);
|
|
1512
819
|
|
|
1513
|
-
if (
|
|
820
|
+
if ((ptr->supported_queries & SUPPORTS_RANGE_QUERIES)) {
|
|
1514
821
|
// Append the document {ecoc: <ECOCToken>, anchorPaddingToken: <AnchorPaddingTokenRoot>}
|
|
1515
822
|
esct = mc_ESCToken_new(crypto, cl1t, status);
|
|
1516
823
|
if (!esct) {
|
|
@@ -1671,12 +978,108 @@ fail:
|
|
|
1671
978
|
return ok;
|
|
1672
979
|
}
|
|
1673
980
|
|
|
981
|
+
/*
|
|
982
|
+
* Checks the "encryptedFields.strEncodeVersion" field for "create" commands for validity, and sets it to the default if
|
|
983
|
+
* it does not exist.
|
|
984
|
+
*/
|
|
985
|
+
static bool _fle2_fixup_encryptedFields_strEncodeVersion(const char *cmd_name,
|
|
986
|
+
bson_t *cmd /* in and out */,
|
|
987
|
+
const mc_EncryptedFieldConfig_t *efc,
|
|
988
|
+
mongocrypt_status_t *status) {
|
|
989
|
+
BSON_ASSERT_PARAM(cmd_name);
|
|
990
|
+
BSON_ASSERT_PARAM(cmd);
|
|
991
|
+
|
|
992
|
+
if (0 == strcmp(cmd_name, "create")) {
|
|
993
|
+
if (!efc) {
|
|
994
|
+
CLIENT_ERR("expected to have encryptedFields for create command but have none");
|
|
995
|
+
return false;
|
|
996
|
+
}
|
|
997
|
+
bson_iter_t ef_iter;
|
|
998
|
+
if (!bson_iter_init_find(&ef_iter, cmd, "encryptedFields")) {
|
|
999
|
+
// No encryptedFields, nothing to check or fix
|
|
1000
|
+
return true;
|
|
1001
|
+
}
|
|
1002
|
+
if (!BSON_ITER_HOLDS_DOCUMENT(&ef_iter)) {
|
|
1003
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Expected encryptedFields to be type obj, got: %s",
|
|
1004
|
+
mc_bson_type_to_string(bson_iter_type(&ef_iter)));
|
|
1005
|
+
return false;
|
|
1006
|
+
}
|
|
1007
|
+
bson_iter_t sev_iter;
|
|
1008
|
+
if (!bson_iter_recurse(&ef_iter, &sev_iter)) {
|
|
1009
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to recurse bson_iter");
|
|
1010
|
+
return false;
|
|
1011
|
+
}
|
|
1012
|
+
if (!bson_iter_find(&sev_iter, "strEncodeVersion")) {
|
|
1013
|
+
if (efc->str_encode_version == 0) {
|
|
1014
|
+
// Unset StrEncodeVersion matches the EFC, nothing to fix.
|
|
1015
|
+
return true;
|
|
1016
|
+
}
|
|
1017
|
+
|
|
1018
|
+
// No strEncodeVersion and the EFC has a nonzero strEncodeVersion, add it.
|
|
1019
|
+
// Initialize the new cmd object from the old one, excluding encryptedFields.
|
|
1020
|
+
bson_t fixed = BSON_INITIALIZER;
|
|
1021
|
+
bson_copy_to_excluding_noinit(cmd, &fixed, "encryptedFields", NULL);
|
|
1022
|
+
|
|
1023
|
+
// Recurse the original encryptedFields and copy everything over.
|
|
1024
|
+
bson_iter_t copy_iter;
|
|
1025
|
+
if (!bson_iter_recurse(&ef_iter, ©_iter)) {
|
|
1026
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to recurse bson_iter");
|
|
1027
|
+
goto fail;
|
|
1028
|
+
}
|
|
1029
|
+
bson_t fixed_ef;
|
|
1030
|
+
if (!BSON_APPEND_DOCUMENT_BEGIN(&fixed, "encryptedFields", &fixed_ef)) {
|
|
1031
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to start appending encryptedFields");
|
|
1032
|
+
goto fail;
|
|
1033
|
+
}
|
|
1034
|
+
while (bson_iter_next(©_iter)) {
|
|
1035
|
+
if (!bson_append_iter(&fixed_ef, NULL, 0, ©_iter)) {
|
|
1036
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to copy element");
|
|
1037
|
+
goto fail;
|
|
1038
|
+
}
|
|
1039
|
+
}
|
|
1040
|
+
|
|
1041
|
+
// Add the EFC's strEncodeVersion to encryptedFields.
|
|
1042
|
+
if (!BSON_APPEND_INT32(&fixed_ef, "strEncodeVersion", efc->str_encode_version)) {
|
|
1043
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to append strEncodeVersion");
|
|
1044
|
+
goto fail;
|
|
1045
|
+
}
|
|
1046
|
+
if (!bson_append_document_end(&fixed, &fixed_ef)) {
|
|
1047
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to finish appending encryptedFields");
|
|
1048
|
+
goto fail;
|
|
1049
|
+
}
|
|
1050
|
+
|
|
1051
|
+
bson_destroy(cmd);
|
|
1052
|
+
if (!bson_steal(cmd, &fixed)) {
|
|
1053
|
+
CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to steal BSON");
|
|
1054
|
+
goto fail;
|
|
1055
|
+
}
|
|
1056
|
+
return true;
|
|
1057
|
+
fail:
|
|
1058
|
+
bson_destroy(&fixed);
|
|
1059
|
+
return false;
|
|
1060
|
+
} else {
|
|
1061
|
+
// Check strEncodeVersion for match against EFC
|
|
1062
|
+
if (!BSON_ITER_HOLDS_INT32(&sev_iter)) {
|
|
1063
|
+
CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", (int)bson_iter_type(&sev_iter));
|
|
1064
|
+
return false;
|
|
1065
|
+
}
|
|
1066
|
+
int32_t version = bson_iter_int32(&sev_iter);
|
|
1067
|
+
if (version != efc->str_encode_version) {
|
|
1068
|
+
CLIENT_ERR("'strEncodeVersion' of %d does not match efc->str_encode_version of %d",
|
|
1069
|
+
version,
|
|
1070
|
+
efc->str_encode_version);
|
|
1071
|
+
return false;
|
|
1072
|
+
}
|
|
1073
|
+
}
|
|
1074
|
+
}
|
|
1075
|
+
return true;
|
|
1076
|
+
}
|
|
1077
|
+
|
|
1674
1078
|
/* Process a call to mongocrypt_ctx_finalize when an encryptedFieldConfig is
|
|
1675
1079
|
* associated with the command. */
|
|
1676
1080
|
static bool _fle2_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
|
1677
1081
|
bson_t converted;
|
|
1678
1082
|
_mongocrypt_ctx_encrypt_t *ectx;
|
|
1679
|
-
bson_t encrypted_field_config_bson;
|
|
1680
1083
|
bson_t original_cmd_bson;
|
|
1681
1084
|
|
|
1682
1085
|
BSON_ASSERT_PARAM(ctx);
|
|
@@ -1691,10 +1094,6 @@ static bool _fle2_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
|
|
1691
1094
|
return _mongocrypt_ctx_fail_w_msg(ctx, "explicit encryption is not yet supported. See MONGOCRYPT-409.");
|
|
1692
1095
|
}
|
|
1693
1096
|
|
|
1694
|
-
if (!_mongocrypt_buffer_to_bson(&ectx->encrypted_field_config, &encrypted_field_config_bson)) {
|
|
1695
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "malformed bson in encrypted_field_config_bson");
|
|
1696
|
-
}
|
|
1697
|
-
|
|
1698
1097
|
if (!_mongocrypt_buffer_to_bson(&ectx->original_cmd, &original_cmd_bson)) {
|
|
1699
1098
|
return _mongocrypt_ctx_fail_w_msg(ctx, "malformed bson in original_cmd");
|
|
1700
1099
|
}
|
|
@@ -1733,45 +1132,34 @@ static bool _fle2_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
|
|
1733
1132
|
return _mongocrypt_ctx_fail(ctx);
|
|
1734
1133
|
}
|
|
1735
1134
|
|
|
1736
|
-
|
|
1737
|
-
|
|
1738
|
-
|
|
1739
|
-
|
|
1740
|
-
|
|
1741
|
-
return _mongocrypt_ctx_fail(ctx);
|
|
1742
|
-
}
|
|
1743
|
-
}
|
|
1135
|
+
// Defer error handling for potentially missing encryptedFields to command-specific routines below.
|
|
1136
|
+
// For create/cleanupStructuredEncryptionData/compactStructuredEncryptionData, get encryptedFields for the
|
|
1137
|
+
// single target collection. For other commands, encryptedFields may not be on the target collection.
|
|
1138
|
+
const mc_EncryptedFieldConfig_t *target_efc =
|
|
1139
|
+
mc_schema_broker_get_encryptedFields(ectx->sb, ectx->target_coll, NULL);
|
|
1744
1140
|
|
|
1745
|
-
moe_result result = must_omit_encryptionInformation(command_name,
|
|
1746
|
-
&converted,
|
|
1747
|
-
ctx->crypt->opts.use_range_v2,
|
|
1748
|
-
&ectx->efc,
|
|
1749
|
-
ctx->status);
|
|
1141
|
+
moe_result result = must_omit_encryptionInformation(command_name, &converted, target_efc, ctx->status);
|
|
1750
1142
|
if (!result.ok) {
|
|
1751
1143
|
bson_destroy(&converted);
|
|
1752
|
-
|
|
1144
|
+
return _mongocrypt_ctx_fail(ctx);
|
|
1145
|
+
}
|
|
1146
|
+
|
|
1147
|
+
/* If this is a create command, append the encryptedFields.strEncodeVersion field if it's necessary. If the field
|
|
1148
|
+
* already exists, check it against the EFC for correctness. */
|
|
1149
|
+
if (!_fle2_fixup_encryptedFields_strEncodeVersion(command_name, &converted, target_efc, ctx->status)) {
|
|
1150
|
+
bson_destroy(&converted);
|
|
1753
1151
|
return _mongocrypt_ctx_fail(ctx);
|
|
1754
1152
|
}
|
|
1755
1153
|
|
|
1756
1154
|
/* Append a new 'encryptionInformation'. */
|
|
1757
|
-
if (!result.must_omit
|
|
1758
|
-
if (!
|
|
1759
|
-
command_name,
|
|
1760
|
-
&converted,
|
|
1761
|
-
ectx->target_ns,
|
|
1762
|
-
&encrypted_field_config_bson,
|
|
1763
|
-
deleteTokens,
|
|
1764
|
-
ectx->target_coll,
|
|
1765
|
-
MC_TO_MONGOD,
|
|
1766
|
-
ctx->status)) {
|
|
1155
|
+
if (!result.must_omit) {
|
|
1156
|
+
if (!mc_schema_broker_add_schemas_to_cmd(ectx->sb, &converted, MC_CMD_SCHEMAS_FOR_SERVER, ctx->status)) {
|
|
1767
1157
|
bson_destroy(&converted);
|
|
1768
|
-
bson_destroy(deleteTokens);
|
|
1769
1158
|
return _mongocrypt_ctx_fail(ctx);
|
|
1770
1159
|
}
|
|
1771
1160
|
}
|
|
1772
|
-
bson_destroy(deleteTokens);
|
|
1773
1161
|
|
|
1774
|
-
if (!_fle2_append_compactionTokens(ctx->crypt, &ctx->kb,
|
|
1162
|
+
if (!_fle2_append_compactionTokens(ctx->crypt, &ctx->kb, target_efc, command_name, &converted, ctx->status)) {
|
|
1775
1163
|
bson_destroy(&converted);
|
|
1776
1164
|
return _mongocrypt_ctx_fail(ctx);
|
|
1777
1165
|
}
|
|
@@ -1918,29 +1306,25 @@ static bool _fle2_finalize_explicit(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *
|
|
|
1918
1306
|
if (ctx->opts.query_type.set) {
|
|
1919
1307
|
switch (ctx->opts.query_type.value) {
|
|
1920
1308
|
case MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED:
|
|
1921
|
-
|
|
1922
|
-
|
|
1923
|
-
goto fail;
|
|
1924
|
-
}
|
|
1309
|
+
_mongocrypt_ctx_fail_w_msg(ctx, "Cannot use rangePreview query type with Range V2");
|
|
1310
|
+
goto fail;
|
|
1925
1311
|
// fallthrough
|
|
1926
1312
|
case MONGOCRYPT_QUERY_TYPE_RANGE:
|
|
1927
|
-
case MONGOCRYPT_QUERY_TYPE_EQUALITY: marking.fle2.type = MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND; break;
|
|
1313
|
+
case MONGOCRYPT_QUERY_TYPE_EQUALITY: marking.u.fle2.type = MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND; break;
|
|
1928
1314
|
default: _mongocrypt_ctx_fail_w_msg(ctx, "Invalid value for EncryptOpts.queryType"); goto fail;
|
|
1929
1315
|
}
|
|
1930
1316
|
} else {
|
|
1931
|
-
marking.fle2.type = MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT;
|
|
1317
|
+
marking.u.fle2.type = MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT;
|
|
1932
1318
|
}
|
|
1933
1319
|
|
|
1934
1320
|
switch (ctx->opts.index_type.value) {
|
|
1935
|
-
case MONGOCRYPT_INDEX_TYPE_EQUALITY: marking.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_EQUALITY; break;
|
|
1936
|
-
case MONGOCRYPT_INDEX_TYPE_NONE: marking.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_UNINDEXED; break;
|
|
1321
|
+
case MONGOCRYPT_INDEX_TYPE_EQUALITY: marking.u.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_EQUALITY; break;
|
|
1322
|
+
case MONGOCRYPT_INDEX_TYPE_NONE: marking.u.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_UNINDEXED; break;
|
|
1937
1323
|
case MONGOCRYPT_INDEX_TYPE_RANGEPREVIEW_DEPRECATED:
|
|
1938
|
-
|
|
1939
|
-
|
|
1940
|
-
goto fail;
|
|
1941
|
-
}
|
|
1324
|
+
_mongocrypt_ctx_fail_w_msg(ctx, "Cannot use rangePreview index type with Range V2");
|
|
1325
|
+
goto fail;
|
|
1942
1326
|
// fallthrough
|
|
1943
|
-
case MONGOCRYPT_INDEX_TYPE_RANGE: marking.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_RANGE; break;
|
|
1327
|
+
case MONGOCRYPT_INDEX_TYPE_RANGE: marking.u.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_RANGE; break;
|
|
1944
1328
|
default:
|
|
1945
1329
|
// This might be unreachable because of other validation. Better safe than
|
|
1946
1330
|
// sorry.
|
|
@@ -1961,21 +1345,17 @@ static bool _fle2_finalize_explicit(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *
|
|
|
1961
1345
|
|
|
1962
1346
|
// RangeOpts with query_type is handled above.
|
|
1963
1347
|
BSON_ASSERT(!ctx->opts.query_type.set);
|
|
1964
|
-
if (!mc_RangeOpts_to_FLE2RangeInsertSpec(&ctx->opts.rangeopts.value,
|
|
1965
|
-
&old_v,
|
|
1966
|
-
&new_v,
|
|
1967
|
-
ctx->crypt->opts.use_range_v2,
|
|
1968
|
-
ctx->status)) {
|
|
1348
|
+
if (!mc_RangeOpts_to_FLE2RangeInsertSpec(&ctx->opts.rangeopts.value, &old_v, &new_v, ctx->status)) {
|
|
1969
1349
|
_mongocrypt_ctx_fail(ctx);
|
|
1970
1350
|
goto fail;
|
|
1971
1351
|
}
|
|
1972
1352
|
|
|
1973
|
-
if (!bson_iter_init_find(&marking.v_iter, &new_v, "v")) {
|
|
1353
|
+
if (!bson_iter_init_find(&marking.u.fle1.v_iter, &new_v, "v")) {
|
|
1974
1354
|
_mongocrypt_ctx_fail_w_msg(ctx, "invalid input BSON, must contain 'v'");
|
|
1975
1355
|
goto fail;
|
|
1976
1356
|
}
|
|
1977
1357
|
|
|
1978
|
-
marking.fle2.sparsity = ctx->opts.rangeopts.value.sparsity;
|
|
1358
|
+
marking.u.fle2.sparsity = ctx->opts.rangeopts.value.sparsity;
|
|
1979
1359
|
|
|
1980
1360
|
} else {
|
|
1981
1361
|
bson_t as_bson;
|
|
@@ -1986,21 +1366,21 @@ static bool _fle2_finalize_explicit(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *
|
|
|
1986
1366
|
goto fail;
|
|
1987
1367
|
}
|
|
1988
1368
|
|
|
1989
|
-
if (!bson_iter_init_find(&marking.v_iter, &as_bson, "v")) {
|
|
1369
|
+
if (!bson_iter_init_find(&marking.u.fle1.v_iter, &as_bson, "v")) {
|
|
1990
1370
|
_mongocrypt_ctx_fail_w_msg(ctx, "invalid input BSON, must contain 'v'");
|
|
1991
1371
|
goto fail;
|
|
1992
1372
|
}
|
|
1993
1373
|
}
|
|
1994
1374
|
|
|
1995
|
-
_mongocrypt_buffer_copy_to(&ctx->opts.key_id, &marking.fle2.user_key_id);
|
|
1375
|
+
_mongocrypt_buffer_copy_to(&ctx->opts.key_id, &marking.u.fle2.user_key_id);
|
|
1996
1376
|
if (!_mongocrypt_buffer_empty(&ctx->opts.index_key_id)) {
|
|
1997
|
-
_mongocrypt_buffer_copy_to(&ctx->opts.index_key_id, &marking.fle2.index_key_id);
|
|
1377
|
+
_mongocrypt_buffer_copy_to(&ctx->opts.index_key_id, &marking.u.fle2.index_key_id);
|
|
1998
1378
|
} else {
|
|
1999
|
-
_mongocrypt_buffer_copy_to(&ctx->opts.key_id, &marking.fle2.index_key_id);
|
|
1379
|
+
_mongocrypt_buffer_copy_to(&ctx->opts.key_id, &marking.u.fle2.index_key_id);
|
|
2000
1380
|
}
|
|
2001
1381
|
|
|
2002
1382
|
if (ctx->opts.contention_factor.set) {
|
|
2003
|
-
marking.fle2.maxContentionFactor = ctx->opts.contention_factor.value;
|
|
1383
|
+
marking.u.fle2.maxContentionFactor = ctx->opts.contention_factor.value;
|
|
2004
1384
|
} else if (ctx->opts.index_type.value == MONGOCRYPT_INDEX_TYPE_EQUALITY) {
|
|
2005
1385
|
_mongocrypt_ctx_fail_w_msg(ctx, "contention factor required for indexed algorithm");
|
|
2006
1386
|
goto fail;
|
|
@@ -2101,11 +1481,11 @@ static bool _finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
|
|
2101
1481
|
return _mongocrypt_ctx_fail_w_msg(ctx, "invalid msg, must contain 'v'");
|
|
2102
1482
|
}
|
|
2103
1483
|
|
|
2104
|
-
memcpy(&marking.v_iter, &iter, sizeof(bson_iter_t));
|
|
2105
|
-
marking.algorithm = ctx->opts.algorithm;
|
|
2106
|
-
_mongocrypt_buffer_set_to(&ctx->opts.key_id, &marking.key_id);
|
|
1484
|
+
memcpy(&marking.u.fle1.v_iter, &iter, sizeof(bson_iter_t));
|
|
1485
|
+
marking.u.fle1.algorithm = ctx->opts.algorithm;
|
|
1486
|
+
_mongocrypt_buffer_set_to(&ctx->opts.key_id, &marking.u.fle1.key_id);
|
|
2107
1487
|
if (ctx->opts.key_alt_names) {
|
|
2108
|
-
bson_value_copy(&ctx->opts.key_alt_names->value, &marking.key_alt_name);
|
|
1488
|
+
bson_value_copy(&ctx->opts.key_alt_names->value, &marking.u.fle1.key_alt_name);
|
|
2109
1489
|
marking.type = MONGOCRYPT_MARKING_FLE1_BY_ALTNAME;
|
|
2110
1490
|
}
|
|
2111
1491
|
|
|
@@ -2139,26 +1519,23 @@ static void _cleanup(mongocrypt_ctx_t *ctx) {
|
|
|
2139
1519
|
}
|
|
2140
1520
|
|
|
2141
1521
|
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
|
1522
|
+
mc_schema_broker_destroy(ectx->sb);
|
|
2142
1523
|
bson_free(ectx->target_ns);
|
|
2143
1524
|
bson_free(ectx->cmd_db);
|
|
2144
1525
|
bson_free(ectx->target_db);
|
|
2145
1526
|
bson_free(ectx->target_coll);
|
|
2146
1527
|
_mongocrypt_buffer_cleanup(&ectx->list_collections_filter);
|
|
2147
|
-
_mongocrypt_buffer_cleanup(&ectx->schema);
|
|
2148
|
-
_mongocrypt_buffer_cleanup(&ectx->encrypted_field_config);
|
|
2149
1528
|
_mongocrypt_buffer_cleanup(&ectx->original_cmd);
|
|
2150
1529
|
_mongocrypt_buffer_cleanup(&ectx->mongocryptd_cmd);
|
|
2151
1530
|
_mongocrypt_buffer_cleanup(&ectx->marked_cmd);
|
|
2152
1531
|
_mongocrypt_buffer_cleanup(&ectx->encrypted_cmd);
|
|
2153
1532
|
_mongocrypt_buffer_cleanup(&ectx->ismaster.cmd);
|
|
2154
|
-
mc_EncryptedFieldConfig_cleanup(&ectx->efc);
|
|
2155
1533
|
}
|
|
2156
1534
|
|
|
2157
1535
|
static bool _try_schema_from_schema_map(mongocrypt_ctx_t *ctx) {
|
|
2158
1536
|
mongocrypt_t *crypt;
|
|
2159
1537
|
_mongocrypt_ctx_encrypt_t *ectx;
|
|
2160
1538
|
bson_t schema_map;
|
|
2161
|
-
bson_iter_t iter;
|
|
2162
1539
|
|
|
2163
1540
|
BSON_ASSERT_PARAM(ctx);
|
|
2164
1541
|
|
|
@@ -2174,15 +1551,13 @@ static bool _try_schema_from_schema_map(mongocrypt_ctx_t *ctx) {
|
|
|
2174
1551
|
return _mongocrypt_ctx_fail_w_msg(ctx, "malformed schema map");
|
|
2175
1552
|
}
|
|
2176
1553
|
|
|
2177
|
-
if (
|
|
2178
|
-
|
|
2179
|
-
|
|
2180
|
-
|
|
2181
|
-
|
|
1554
|
+
if (!mc_schema_broker_satisfy_from_schemaMap(ectx->sb, &schema_map, ctx->status)) {
|
|
1555
|
+
return _mongocrypt_ctx_fail(ctx);
|
|
1556
|
+
}
|
|
1557
|
+
if (!mc_schema_broker_need_more_schemas(ectx->sb)) {
|
|
1558
|
+
// Have all needed schemas. Proceed to next state.
|
|
2182
1559
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_MARKINGS;
|
|
2183
1560
|
}
|
|
2184
|
-
|
|
2185
|
-
/* No schema found in map. */
|
|
2186
1561
|
return true;
|
|
2187
1562
|
}
|
|
2188
1563
|
|
|
@@ -2194,7 +1569,6 @@ static bool _fle2_try_encrypted_field_config_from_map(mongocrypt_ctx_t *ctx) {
|
|
|
2194
1569
|
mongocrypt_t *crypt;
|
|
2195
1570
|
_mongocrypt_ctx_encrypt_t *ectx;
|
|
2196
1571
|
bson_t encrypted_field_config_map;
|
|
2197
|
-
bson_iter_t iter;
|
|
2198
1572
|
|
|
2199
1573
|
BSON_ASSERT_PARAM(ctx);
|
|
2200
1574
|
|
|
@@ -2210,51 +1584,31 @@ static bool _fle2_try_encrypted_field_config_from_map(mongocrypt_ctx_t *ctx) {
|
|
|
2210
1584
|
return _mongocrypt_ctx_fail_w_msg(ctx, "unable to convert encrypted_field_config_map to BSON");
|
|
2211
1585
|
}
|
|
2212
1586
|
|
|
2213
|
-
if (
|
|
2214
|
-
|
|
2215
|
-
|
|
2216
|
-
|
|
2217
|
-
|
|
2218
|
-
}
|
|
2219
|
-
bson_t efc_bson;
|
|
2220
|
-
if (!_mongocrypt_buffer_to_bson(&ectx->encrypted_field_config, &efc_bson)) {
|
|
2221
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "unable to create BSON from encrypted_field_config");
|
|
2222
|
-
}
|
|
2223
|
-
if (!mc_EncryptedFieldConfig_parse(&ectx->efc, &efc_bson, ctx->status, ctx->crypt->opts.use_range_v2)) {
|
|
2224
|
-
_mongocrypt_ctx_fail(ctx);
|
|
2225
|
-
return false;
|
|
2226
|
-
}
|
|
1587
|
+
if (!mc_schema_broker_satisfy_from_encryptedFieldsMap(ectx->sb, &encrypted_field_config_map, ctx->status)) {
|
|
1588
|
+
return _mongocrypt_ctx_fail(ctx);
|
|
1589
|
+
}
|
|
1590
|
+
if (!mc_schema_broker_need_more_schemas(ectx->sb)) {
|
|
1591
|
+
// Have all needed schemas. Proceed to next state.
|
|
2227
1592
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_MARKINGS;
|
|
2228
1593
|
}
|
|
2229
|
-
|
|
2230
|
-
/* No encrypted_field_config found in map. */
|
|
2231
1594
|
return true;
|
|
2232
1595
|
}
|
|
2233
1596
|
|
|
2234
1597
|
static bool _try_schema_from_cache(mongocrypt_ctx_t *ctx) {
|
|
2235
1598
|
_mongocrypt_ctx_encrypt_t *ectx;
|
|
2236
|
-
bson_t *collinfo = NULL;
|
|
2237
1599
|
|
|
2238
1600
|
BSON_ASSERT_PARAM(ctx);
|
|
2239
1601
|
|
|
2240
1602
|
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
|
2241
1603
|
|
|
2242
|
-
|
|
2243
|
-
|
|
2244
|
-
if (!_mongocrypt_cache_get(&ctx->crypt->cache_collinfo,
|
|
2245
|
-
ectx->target_ns /* null terminated */,
|
|
2246
|
-
(void **)&collinfo)) {
|
|
2247
|
-
return _mongocrypt_ctx_fail_w_msg(ctx, "failed to retrieve from cache");
|
|
1604
|
+
if (!mc_schema_broker_satisfy_from_cache(ectx->sb, &ctx->crypt->cache_collinfo, ctx->status)) {
|
|
1605
|
+
return _mongocrypt_ctx_fail(ctx);
|
|
2248
1606
|
}
|
|
2249
|
-
|
|
2250
|
-
|
|
2251
|
-
if (!_set_schema_from_collinfo(ctx, collinfo)) {
|
|
2252
|
-
bson_destroy(collinfo);
|
|
2253
|
-
return _mongocrypt_ctx_fail(ctx);
|
|
2254
|
-
}
|
|
1607
|
+
if (!mc_schema_broker_need_more_schemas(ectx->sb)) {
|
|
1608
|
+
// Have all needed schemas. Proceed to next state.
|
|
2255
1609
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_MARKINGS;
|
|
2256
1610
|
} else {
|
|
2257
|
-
|
|
1611
|
+
// Request a listCollections command to check for remote schemas.
|
|
2258
1612
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_COLLINFO;
|
|
2259
1613
|
if (ectx->target_db) {
|
|
2260
1614
|
if (!ctx->crypt->opts.use_need_mongo_collinfo_with_db_state) {
|
|
@@ -2264,12 +1618,10 @@ static bool _try_schema_from_cache(mongocrypt_ctx_t *ctx) {
|
|
|
2264
1618
|
"upgrading driver, or specify a local schemaMap or encryptedFieldsMap.");
|
|
2265
1619
|
return false;
|
|
2266
1620
|
}
|
|
2267
|
-
// Target database
|
|
1621
|
+
// Target database differs from command database. Request collection info from target database.
|
|
2268
1622
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB;
|
|
2269
1623
|
}
|
|
2270
1624
|
}
|
|
2271
|
-
|
|
2272
|
-
bson_destroy(collinfo);
|
|
2273
1625
|
return true;
|
|
2274
1626
|
}
|
|
2275
1627
|
|
|
@@ -2289,8 +1641,12 @@ static bool _try_empty_schema_for_create(mongocrypt_ctx_t *ctx) {
|
|
|
2289
1641
|
return true;
|
|
2290
1642
|
}
|
|
2291
1643
|
|
|
2292
|
-
|
|
2293
|
-
|
|
1644
|
+
// Satisfy with an empty schema. Do not cache the entry.
|
|
1645
|
+
if (!mc_schema_broker_satisfy_remaining_with_empty_schemas(ectx->sb, NULL /* cache */, ctx->status)) {
|
|
1646
|
+
return _mongocrypt_ctx_fail(ctx);
|
|
1647
|
+
}
|
|
1648
|
+
BSON_ASSERT(!mc_schema_broker_need_more_schemas(ectx->sb));
|
|
1649
|
+
// Have all needed schemas. Proceed to next state.
|
|
2294
1650
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_MARKINGS;
|
|
2295
1651
|
return true;
|
|
2296
1652
|
}
|
|
@@ -2331,7 +1687,6 @@ static bool _try_schema_from_create_or_collMod_cmd(mongocrypt_ctx_t *ctx) {
|
|
|
2331
1687
|
}
|
|
2332
1688
|
|
|
2333
1689
|
bson_t cmd_bson;
|
|
2334
|
-
bson_iter_t iter;
|
|
2335
1690
|
|
|
2336
1691
|
if (!_mongocrypt_buffer_to_bson(&ectx->original_cmd, &cmd_bson)) {
|
|
2337
1692
|
CLIENT_ERR("unable to convert command buffer to BSON");
|
|
@@ -2339,22 +1694,13 @@ static bool _try_schema_from_create_or_collMod_cmd(mongocrypt_ctx_t *ctx) {
|
|
|
2339
1694
|
return false;
|
|
2340
1695
|
}
|
|
2341
1696
|
|
|
2342
|
-
if (!
|
|
2343
|
-
|
|
2344
|
-
_mongocrypt_ctx_fail(ctx);
|
|
2345
|
-
return false;
|
|
1697
|
+
if (!mc_schema_broker_satisfy_from_create_or_collMod(ectx->sb, &cmd_bson, ctx->status)) {
|
|
1698
|
+
return _mongocrypt_ctx_fail(ctx);
|
|
2346
1699
|
}
|
|
2347
|
-
|
|
2348
|
-
|
|
2349
|
-
if (!_mongocrypt_buffer_copy_from_document_iter(&ectx->schema, &iter)) {
|
|
2350
|
-
CLIENT_ERR("failed to parse BSON document from create validator.$jsonSchema");
|
|
2351
|
-
_mongocrypt_ctx_fail(ctx);
|
|
2352
|
-
return false;
|
|
2353
|
-
}
|
|
1700
|
+
if (!mc_schema_broker_need_more_schemas(ectx->sb)) {
|
|
1701
|
+
// Have all needed schemas. Proceed to next state.
|
|
2354
1702
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_MARKINGS;
|
|
2355
|
-
return true;
|
|
2356
1703
|
}
|
|
2357
|
-
|
|
2358
1704
|
return true;
|
|
2359
1705
|
}
|
|
2360
1706
|
|
|
@@ -2542,7 +1888,7 @@ static bool explicit_encrypt_init(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *ms
|
|
|
2542
1888
|
matches = (ctx->opts.index_type.value == MONGOCRYPT_INDEX_TYPE_EQUALITY);
|
|
2543
1889
|
break;
|
|
2544
1890
|
default:
|
|
2545
|
-
CLIENT_ERR("unsupported value for query_type: %d", ctx->opts.query_type.value);
|
|
1891
|
+
CLIENT_ERR("unsupported value for query_type: %d", (int)ctx->opts.query_type.value);
|
|
2546
1892
|
return _mongocrypt_ctx_fail(ctx);
|
|
2547
1893
|
}
|
|
2548
1894
|
|
|
@@ -2557,6 +1903,7 @@ static bool explicit_encrypt_init(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *ms
|
|
|
2557
1903
|
ectx = (_mongocrypt_ctx_encrypt_t *)ctx;
|
|
2558
1904
|
ctx->type = _MONGOCRYPT_TYPE_ENCRYPT;
|
|
2559
1905
|
ectx->explicit = true;
|
|
1906
|
+
ectx->sb = mc_schema_broker_new();
|
|
2560
1907
|
ctx->vtable.finalize = _finalize;
|
|
2561
1908
|
ctx->vtable.cleanup = _cleanup;
|
|
2562
1909
|
|
|
@@ -2859,9 +2206,167 @@ static bool needs_ismaster_check(mongocrypt_ctx_t *ctx) {
|
|
|
2859
2206
|
BSON_ASSERT_PARAM(ctx);
|
|
2860
2207
|
|
|
2861
2208
|
bool using_mongocryptd = !ectx->bypass_query_analysis && !ctx->crypt->csfle.okay;
|
|
2862
|
-
|
|
2863
|
-
|
|
2864
|
-
|
|
2209
|
+
|
|
2210
|
+
if (!using_mongocryptd) {
|
|
2211
|
+
return false;
|
|
2212
|
+
}
|
|
2213
|
+
|
|
2214
|
+
if (mc_schema_broker_has_multiple_requests(ectx->sb)) {
|
|
2215
|
+
// Only mongocryptd 8.1 (wire version 26) supports multiple schemas with csfleEncryptionSchemas.
|
|
2216
|
+
return true;
|
|
2217
|
+
}
|
|
2218
|
+
// MONGOCRYPT-429: The "create" and "createIndexes" command are only supported on mongocrypt 6.0 (wire version 17).
|
|
2219
|
+
if (0 == strcmp(ectx->cmd_name, "create") || 0 == strcmp(ectx->cmd_name, "createIndexes")) {
|
|
2220
|
+
return true;
|
|
2221
|
+
}
|
|
2222
|
+
|
|
2223
|
+
return false;
|
|
2224
|
+
}
|
|
2225
|
+
|
|
2226
|
+
// `find_collections_in_pipeline` finds other collection names in an aggregate pipeline that may need schemas.
|
|
2227
|
+
static bool find_collections_in_pipeline(mc_schema_broker_t *sb,
|
|
2228
|
+
bson_iter_t *pipeline_iter_ptr,
|
|
2229
|
+
const char *db,
|
|
2230
|
+
mstr_view path,
|
|
2231
|
+
mongocrypt_status_t *status) {
|
|
2232
|
+
BSON_ASSERT_PARAM(sb);
|
|
2233
|
+
BSON_ASSERT_PARAM(pipeline_iter_ptr);
|
|
2234
|
+
BSON_ASSERT_PARAM(db);
|
|
2235
|
+
|
|
2236
|
+
bson_iter_t pipeline_iter = *pipeline_iter_ptr; // Operate on a copy.
|
|
2237
|
+
|
|
2238
|
+
bson_iter_t array_iter;
|
|
2239
|
+
if (!BSON_ITER_HOLDS_ARRAY(&pipeline_iter) || !bson_iter_recurse(&pipeline_iter, &array_iter)) {
|
|
2240
|
+
CLIENT_ERR("failed to recurse pipeline at path: %s", path.data);
|
|
2241
|
+
return false;
|
|
2242
|
+
}
|
|
2243
|
+
|
|
2244
|
+
while (bson_iter_next(&array_iter)) {
|
|
2245
|
+
bson_iter_t stage_iter;
|
|
2246
|
+
const char *stage_key = bson_iter_key(&array_iter);
|
|
2247
|
+
|
|
2248
|
+
if (!BSON_ITER_HOLDS_DOCUMENT(&array_iter) || !bson_iter_recurse(&array_iter, &stage_iter)
|
|
2249
|
+
|| !bson_iter_next(&stage_iter)) {
|
|
2250
|
+
CLIENT_ERR("failed to recurse stage at path: %s.%s", path.data, stage_key);
|
|
2251
|
+
return false;
|
|
2252
|
+
}
|
|
2253
|
+
|
|
2254
|
+
const char *stage = bson_iter_key(&stage_iter);
|
|
2255
|
+
// Check for $lookup.
|
|
2256
|
+
if (0 == strcmp(stage, "$lookup")) {
|
|
2257
|
+
bson_iter_t lookup_iter;
|
|
2258
|
+
if (!BSON_ITER_HOLDS_DOCUMENT(&stage_iter) || !bson_iter_recurse(&stage_iter, &lookup_iter)) {
|
|
2259
|
+
CLIENT_ERR("failed to recurse $lookup at path: %s.%s", path.data, stage_key);
|
|
2260
|
+
return false;
|
|
2261
|
+
}
|
|
2262
|
+
|
|
2263
|
+
while (bson_iter_next(&lookup_iter)) {
|
|
2264
|
+
const char *field = bson_iter_key(&lookup_iter);
|
|
2265
|
+
if (0 == strcmp(field, "from")) {
|
|
2266
|
+
if (!BSON_ITER_HOLDS_UTF8(&lookup_iter)) {
|
|
2267
|
+
CLIENT_ERR("expected string, but '%s' for 'from' field at path: %s.%s",
|
|
2268
|
+
mc_bson_type_to_string(bson_iter_type(&lookup_iter)),
|
|
2269
|
+
path.data,
|
|
2270
|
+
stage_key);
|
|
2271
|
+
return false;
|
|
2272
|
+
}
|
|
2273
|
+
const char *from = bson_iter_utf8(&lookup_iter, NULL);
|
|
2274
|
+
if (!mc_schema_broker_request(sb, db, from, status)) {
|
|
2275
|
+
return false;
|
|
2276
|
+
}
|
|
2277
|
+
}
|
|
2278
|
+
|
|
2279
|
+
if (0 == strcmp(field, "pipeline")) {
|
|
2280
|
+
mstr subpath = mstr_append(path, mstrv_lit("."));
|
|
2281
|
+
mstr_inplace_append(&subpath, mstrv_view_cstr(stage_key));
|
|
2282
|
+
mstr_inplace_append(&subpath, mstrv_lit(".$lookup.pipeline"));
|
|
2283
|
+
if (!find_collections_in_pipeline(sb, &lookup_iter, db, subpath.view, status)) {
|
|
2284
|
+
mstr_free(subpath);
|
|
2285
|
+
return false;
|
|
2286
|
+
}
|
|
2287
|
+
mstr_free(subpath);
|
|
2288
|
+
}
|
|
2289
|
+
}
|
|
2290
|
+
}
|
|
2291
|
+
|
|
2292
|
+
// Check for $facet.
|
|
2293
|
+
if (0 == strcmp(stage, "$facet")) {
|
|
2294
|
+
bson_iter_t facet_iter;
|
|
2295
|
+
if (!BSON_ITER_HOLDS_DOCUMENT(&stage_iter) || !bson_iter_recurse(&stage_iter, &facet_iter)) {
|
|
2296
|
+
CLIENT_ERR("failed to recurse $facet at path: %s.%s", path.data, stage_key);
|
|
2297
|
+
return false;
|
|
2298
|
+
}
|
|
2299
|
+
|
|
2300
|
+
while (bson_iter_next(&facet_iter)) {
|
|
2301
|
+
const char *field = bson_iter_key(&facet_iter);
|
|
2302
|
+
mstr subpath = mstr_append(path, mstrv_lit("."));
|
|
2303
|
+
mstr_inplace_append(&subpath, mstrv_view_cstr(stage_key));
|
|
2304
|
+
mstr_inplace_append(&subpath, mstrv_lit(".$facet."));
|
|
2305
|
+
mstr_inplace_append(&subpath, mstrv_view_cstr(field));
|
|
2306
|
+
if (!find_collections_in_pipeline(sb, &facet_iter, db, subpath.view, status)) {
|
|
2307
|
+
mstr_free(subpath);
|
|
2308
|
+
return false;
|
|
2309
|
+
}
|
|
2310
|
+
mstr_free(subpath);
|
|
2311
|
+
}
|
|
2312
|
+
}
|
|
2313
|
+
|
|
2314
|
+
// Check for $unionWith.
|
|
2315
|
+
if (0 == strcmp(stage, "$unionWith")) {
|
|
2316
|
+
bson_iter_t unionWith_iter;
|
|
2317
|
+
if (!BSON_ITER_HOLDS_DOCUMENT(&stage_iter) || !bson_iter_recurse(&stage_iter, &unionWith_iter)) {
|
|
2318
|
+
CLIENT_ERR("failed to recurse $unionWith at path: %s.%s", path.data, stage_key);
|
|
2319
|
+
return false;
|
|
2320
|
+
}
|
|
2321
|
+
|
|
2322
|
+
while (bson_iter_next(&unionWith_iter)) {
|
|
2323
|
+
const char *field = bson_iter_key(&unionWith_iter);
|
|
2324
|
+
if (0 == strcmp(field, "coll")) {
|
|
2325
|
+
if (!BSON_ITER_HOLDS_UTF8(&unionWith_iter)) {
|
|
2326
|
+
CLIENT_ERR("expected string, but got '%s' for 'coll' field at path: %s.%s",
|
|
2327
|
+
mc_bson_type_to_string(bson_iter_type(&unionWith_iter)),
|
|
2328
|
+
path.data,
|
|
2329
|
+
stage_key);
|
|
2330
|
+
return false;
|
|
2331
|
+
}
|
|
2332
|
+
const char *coll = bson_iter_utf8(&unionWith_iter, NULL);
|
|
2333
|
+
if (!mc_schema_broker_request(sb, db, coll, status)) {
|
|
2334
|
+
return false;
|
|
2335
|
+
}
|
|
2336
|
+
}
|
|
2337
|
+
|
|
2338
|
+
if (0 == strcmp(field, "pipeline")) {
|
|
2339
|
+
mstr subpath = mstr_append(path, mstrv_lit("."));
|
|
2340
|
+
mstr_inplace_append(&subpath, mstrv_view_cstr(stage_key));
|
|
2341
|
+
mstr_inplace_append(&subpath, mstrv_lit(".$unionWith.pipeline"));
|
|
2342
|
+
if (!find_collections_in_pipeline(sb, &unionWith_iter, db, subpath.view, status)) {
|
|
2343
|
+
mstr_free(subpath);
|
|
2344
|
+
return false;
|
|
2345
|
+
}
|
|
2346
|
+
mstr_free(subpath);
|
|
2347
|
+
}
|
|
2348
|
+
}
|
|
2349
|
+
}
|
|
2350
|
+
}
|
|
2351
|
+
|
|
2352
|
+
return true;
|
|
2353
|
+
}
|
|
2354
|
+
|
|
2355
|
+
static bool
|
|
2356
|
+
find_collections_in_agg(mongocrypt_binary_t *cmd, mc_schema_broker_t *sb, const char *db, mongocrypt_status_t *status) {
|
|
2357
|
+
bson_t cmd_bson;
|
|
2358
|
+
if (!_mongocrypt_binary_to_bson(cmd, &cmd_bson)) {
|
|
2359
|
+
CLIENT_ERR("failed to convert command to BSON");
|
|
2360
|
+
return false;
|
|
2361
|
+
}
|
|
2362
|
+
|
|
2363
|
+
bson_iter_t iter;
|
|
2364
|
+
if (!bson_iter_init_find(&iter, &cmd_bson, "pipeline")) {
|
|
2365
|
+
// Command may be malformed. Let server error.
|
|
2366
|
+
return true;
|
|
2367
|
+
}
|
|
2368
|
+
|
|
2369
|
+
return find_collections_in_pipeline(sb, &iter, db, mstrv_lit("aggregate.pipeline"), status);
|
|
2865
2370
|
}
|
|
2866
2371
|
|
|
2867
2372
|
bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t db_len, mongocrypt_binary_t *cmd) {
|
|
@@ -2896,6 +2401,7 @@ bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t
|
|
|
2896
2401
|
ctx->vtable.finalize = _finalize;
|
|
2897
2402
|
ctx->vtable.cleanup = _cleanup;
|
|
2898
2403
|
ectx->bypass_query_analysis = ctx->crypt->opts.bypass_query_analysis;
|
|
2404
|
+
ectx->sb = mc_schema_broker_new();
|
|
2899
2405
|
|
|
2900
2406
|
if (!cmd || !cmd->data) {
|
|
2901
2407
|
return _mongocrypt_ctx_fail_w_msg(ctx, "invalid command");
|
|
@@ -2921,6 +2427,10 @@ bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t
|
|
|
2921
2427
|
}
|
|
2922
2428
|
|
|
2923
2429
|
ectx->target_ns = bson_strdup_printf("%s.%s", ectx->target_db, ectx->target_coll);
|
|
2430
|
+
|
|
2431
|
+
if (!mc_schema_broker_request(ectx->sb, ectx->target_db, ectx->target_coll, ctx->status)) {
|
|
2432
|
+
return _mongocrypt_ctx_fail(ctx);
|
|
2433
|
+
}
|
|
2924
2434
|
} else {
|
|
2925
2435
|
bool bypass;
|
|
2926
2436
|
if (!_check_cmd_for_auto_encrypt(cmd, &bypass, &ectx->target_coll, ctx->status)) {
|
|
@@ -2939,6 +2449,25 @@ bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t
|
|
|
2939
2449
|
return _mongocrypt_ctx_fail_w_msg(ctx, "unexpected error: did not bypass or error but no collection name");
|
|
2940
2450
|
}
|
|
2941
2451
|
ectx->target_ns = bson_strdup_printf("%s.%s", ectx->cmd_db, ectx->target_coll);
|
|
2452
|
+
if (!mc_schema_broker_request(ectx->sb, ectx->cmd_db, ectx->target_coll, ctx->status)) {
|
|
2453
|
+
return _mongocrypt_ctx_fail(ctx);
|
|
2454
|
+
}
|
|
2455
|
+
}
|
|
2456
|
+
|
|
2457
|
+
if (0 == strcmp(ectx->cmd_name, "aggregate")) {
|
|
2458
|
+
if (!find_collections_in_agg(cmd, ectx->sb, ectx->cmd_db, ctx->status)) {
|
|
2459
|
+
_mongocrypt_ctx_fail(ctx);
|
|
2460
|
+
return false;
|
|
2461
|
+
}
|
|
2462
|
+
|
|
2463
|
+
if (mc_schema_broker_has_multiple_requests(ectx->sb)) {
|
|
2464
|
+
if (!ctx->crypt->multiple_collinfo_enabled) {
|
|
2465
|
+
return _mongocrypt_ctx_fail_w_msg(ctx,
|
|
2466
|
+
"aggregate includes a $lookup stage, but libmongocrypt is not "
|
|
2467
|
+
"configured to support encrypting a "
|
|
2468
|
+
"command with multiple collections");
|
|
2469
|
+
}
|
|
2470
|
+
}
|
|
2942
2471
|
}
|
|
2943
2472
|
|
|
2944
2473
|
if (ctx->opts.kek.provider.aws.region || ctx->opts.kek.provider.aws.cmk) {
|
|
@@ -2969,11 +2498,8 @@ bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t
|
|
|
2969
2498
|
bson_free(cmd_val);
|
|
2970
2499
|
}
|
|
2971
2500
|
|
|
2972
|
-
|
|
2973
|
-
* request to mongocryptd. */
|
|
2501
|
+
// Check if an isMaster request to mongocryptd is needed to detect feature support:
|
|
2974
2502
|
if (needs_ismaster_check(ctx)) {
|
|
2975
|
-
/* We are using mongocryptd. We need to ensure that mongocryptd
|
|
2976
|
-
* maxWireVersion >= 17. */
|
|
2977
2503
|
ectx->ismaster.needed = true;
|
|
2978
2504
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_MARKINGS;
|
|
2979
2505
|
return true;
|
|
@@ -2983,6 +2509,10 @@ bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t
|
|
|
2983
2509
|
}
|
|
2984
2510
|
|
|
2985
2511
|
#define WIRE_VERSION_SERVER_6 17
|
|
2512
|
+
#define WIRE_VERSION_SERVER_8_1 26
|
|
2513
|
+
// The crypt_shared version format is defined in mongo_crypt-v1.h.
|
|
2514
|
+
// Example: server 6.2.1 is encoded as 0x0006000200010000
|
|
2515
|
+
#define CRYPT_SHARED_8_1 0x0008000100000000ull
|
|
2986
2516
|
|
|
2987
2517
|
/* mongocrypt_ctx_encrypt_ismaster_done is called when:
|
|
2988
2518
|
* 1. The max wire version of mongocryptd is known.
|
|
@@ -2995,36 +2525,72 @@ static bool mongocrypt_ctx_encrypt_ismaster_done(mongocrypt_ctx_t *ctx) {
|
|
|
2995
2525
|
|
|
2996
2526
|
ectx->ismaster.needed = false;
|
|
2997
2527
|
|
|
2998
|
-
/* The "create" and "createIndexes" command require bypassing on mongocryptd
|
|
2999
|
-
* older than version 6.0. */
|
|
3000
2528
|
if (needs_ismaster_check(ctx)) {
|
|
3001
|
-
|
|
3002
|
-
|
|
3003
|
-
|
|
3004
|
-
|
|
3005
|
-
|
|
2529
|
+
// MONGOCRYPT-429: "create" and "createIndexes" require bypassing on mongocryptd older than version 6.0.
|
|
2530
|
+
if (0 == strcmp(ectx->cmd_name, "create") || 0 == strcmp(ectx->cmd_name, "createIndexes")) {
|
|
2531
|
+
if (ectx->ismaster.maxwireversion < WIRE_VERSION_SERVER_6) {
|
|
2532
|
+
// Bypass auto encryption.
|
|
2533
|
+
// Satisfy schema request with an empty schema.
|
|
2534
|
+
if (!mc_schema_broker_satisfy_remaining_with_empty_schemas(ectx->sb,
|
|
2535
|
+
NULL /* do not cache */,
|
|
2536
|
+
ctx->status)) {
|
|
2537
|
+
return _mongocrypt_ctx_fail(ctx);
|
|
2538
|
+
}
|
|
2539
|
+
ctx->nothing_to_do = true;
|
|
2540
|
+
ctx->state = MONGOCRYPT_CTX_READY;
|
|
2541
|
+
return true;
|
|
2542
|
+
}
|
|
2543
|
+
}
|
|
2544
|
+
|
|
2545
|
+
if (mc_schema_broker_has_multiple_requests(ectx->sb)) {
|
|
2546
|
+
// Ensure mongocryptd supports multiple schemas.
|
|
2547
|
+
if (ectx->ismaster.maxwireversion < WIRE_VERSION_SERVER_8_1) {
|
|
2548
|
+
mongocrypt_status_t *status = ctx->status;
|
|
2549
|
+
CLIENT_ERR("Encrypting '%s' requires multiple schemas. Detected mongocryptd with wire version %" PRId32
|
|
2550
|
+
", but need %" PRId32 ". Upgrade mongocryptd to 8.1 or newer.",
|
|
2551
|
+
ectx->cmd_name,
|
|
2552
|
+
ectx->ismaster.maxwireversion,
|
|
2553
|
+
WIRE_VERSION_SERVER_8_1);
|
|
2554
|
+
_mongocrypt_ctx_fail(ctx);
|
|
2555
|
+
return false;
|
|
2556
|
+
}
|
|
2557
|
+
}
|
|
2558
|
+
}
|
|
2559
|
+
|
|
2560
|
+
if (ctx->crypt->csfle.okay) {
|
|
2561
|
+
if (mc_schema_broker_has_multiple_requests(ectx->sb)) {
|
|
2562
|
+
// Ensure crypt_shared supports multiple schemas.
|
|
2563
|
+
uint64_t version = ctx->crypt->csfle.get_version();
|
|
2564
|
+
const char *version_str = ctx->crypt->csfle.get_version_str();
|
|
2565
|
+
if (version < CRYPT_SHARED_8_1) {
|
|
2566
|
+
mongocrypt_status_t *status = ctx->status;
|
|
2567
|
+
CLIENT_ERR("Encrypting '%s' requires multiple schemas. Detected crypt_shared with version %s, but "
|
|
2568
|
+
"need 8.1. Upgrade crypt_shared to 8.1 or newer.",
|
|
2569
|
+
ectx->cmd_name,
|
|
2570
|
+
version_str);
|
|
2571
|
+
_mongocrypt_ctx_fail(ctx);
|
|
2572
|
+
return false;
|
|
2573
|
+
}
|
|
3006
2574
|
}
|
|
3007
2575
|
}
|
|
3008
2576
|
|
|
3009
|
-
/* Check if there is an encrypted field config in encrypted_field_config_map
|
|
3010
|
-
*/
|
|
3011
2577
|
if (!_fle2_try_encrypted_field_config_from_map(ctx)) {
|
|
3012
2578
|
return false;
|
|
3013
2579
|
}
|
|
3014
|
-
if (
|
|
2580
|
+
if (mc_schema_broker_need_more_schemas(ectx->sb)) {
|
|
3015
2581
|
if (!_try_schema_from_create_or_collMod_cmd(ctx)) {
|
|
3016
2582
|
return false;
|
|
3017
2583
|
}
|
|
3018
2584
|
|
|
3019
2585
|
/* Check if we have a local schema from schema_map */
|
|
3020
|
-
if (
|
|
2586
|
+
if (mc_schema_broker_need_more_schemas(ectx->sb)) {
|
|
3021
2587
|
if (!_try_schema_from_schema_map(ctx)) {
|
|
3022
2588
|
return false;
|
|
3023
2589
|
}
|
|
3024
2590
|
}
|
|
3025
2591
|
|
|
3026
2592
|
/* If we didn't have a local schema, try the cache. */
|
|
3027
|
-
if (
|
|
2593
|
+
if (mc_schema_broker_need_more_schemas(ectx->sb)) {
|
|
3028
2594
|
if (!_try_schema_from_cache(ctx)) {
|
|
3029
2595
|
return false;
|
|
3030
2596
|
}
|
|
@@ -3033,12 +2599,12 @@ static bool mongocrypt_ctx_encrypt_ismaster_done(mongocrypt_ctx_t *ctx) {
|
|
|
3033
2599
|
/* If we did not have a local or cached schema, check if this is a
|
|
3034
2600
|
* "create" command. If it is a "create" command, do not run
|
|
3035
2601
|
* "listCollections" to get a server-side schema. */
|
|
3036
|
-
if (
|
|
2602
|
+
if (mc_schema_broker_need_more_schemas(ectx->sb) && !_try_empty_schema_for_create(ctx)) {
|
|
3037
2603
|
return false;
|
|
3038
2604
|
}
|
|
3039
2605
|
|
|
3040
2606
|
/* Otherwise, we need the the driver to fetch the schema. */
|
|
3041
|
-
if (
|
|
2607
|
+
if (mc_schema_broker_need_more_schemas(ectx->sb)) {
|
|
3042
2608
|
ctx->state = MONGOCRYPT_CTX_NEED_MONGO_COLLINFO;
|
|
3043
2609
|
if (ectx->target_db) {
|
|
3044
2610
|
if (!ctx->crypt->opts.use_need_mongo_collinfo_with_db_state) {
|
|
@@ -3055,18 +2621,15 @@ static bool mongocrypt_ctx_encrypt_ismaster_done(mongocrypt_ctx_t *ctx) {
|
|
|
3055
2621
|
}
|
|
3056
2622
|
|
|
3057
2623
|
/* If an encrypted_field_config was set, check if keys are required for
|
|
3058
|
-
*
|
|
3059
|
-
if (!_fle2_collect_keys_for_deleteTokens(ctx)) {
|
|
3060
|
-
return false;
|
|
3061
|
-
}
|
|
2624
|
+
* compactionTokens. */
|
|
3062
2625
|
|
|
3063
|
-
if (!_fle2_collect_keys_for_compaction(ctx)) {
|
|
2626
|
+
if (!mc_schema_broker_need_more_schemas(ectx->sb) && !_fle2_collect_keys_for_compaction(ctx)) {
|
|
3064
2627
|
return false;
|
|
3065
2628
|
}
|
|
3066
2629
|
|
|
3067
2630
|
if (ctx->state == MONGOCRYPT_CTX_NEED_MONGO_MARKINGS) {
|
|
3068
2631
|
if (ectx->bypass_query_analysis) {
|
|
3069
|
-
/* Keys may have been requested for
|
|
2632
|
+
/* Keys may have been requested for compactionTokens.
|
|
3070
2633
|
* Finish key requests.
|
|
3071
2634
|
*/
|
|
3072
2635
|
_mongocrypt_key_broker_requests_done(&ctx->kb);
|