libmongocrypt-helper 1.7.4.0.1001 → 1.8.0.0.1001
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/ext/libmongocrypt/extconf.rb +2 -2
- data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +9 -7
- data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +17 -23
- data/ext/libmongocrypt/libmongocrypt/Earthfile +374 -0
- data/ext/libmongocrypt/libmongocrypt/README.md +7 -7
- data/ext/libmongocrypt/libmongocrypt/VERSION_CURRENT +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptClient.cs +25 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Library.cs +25 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Example/MongoDB.Libmongocrypt.Example.csproj +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/BasicTests.cs +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.cake +3 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/cs.sln +79 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +6 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/CHANGELOG.md +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/README.md +134 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/node/etc/build-static.sh +3 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/node/index.d.ts +203 -77
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/autoEncrypter.js +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/clientEncryption.js +165 -43
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/common.js +12 -14
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/errors.js +75 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/index.js +34 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/aws.js +26 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/azure.js +178 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/gcp.js +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/index.js +54 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/utils.js +39 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/stateMachine.js +9 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package-lock.json +4440 -5189
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package.json +27 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/node/src/mongocrypt.cc +65 -38
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/autoEncrypter.test.js +4 -7
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/clientEncryption.test.js +434 -42
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/common.test.js +94 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/cryptoCallbacks.test.js +1 -45
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/index.test.js +45 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/mongocryptdManager.test.js +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/providers/credentialsProvider.test.js +551 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/release.test.js +10 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/requirements.helper.js +23 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/stateMachine.test.js +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/tools/chai-addons.js +8 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/types/index.test-d.ts +63 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +26 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/build-manylinux-wheel.sh +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +128 -238
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/compat.py +0 -27
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/explicit_encrypter.py +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +5 -21
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/release.sh +5 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/python/setup.py +14 -9
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/__init__.py +1 -10
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit-v2/int32/encrypted-payload.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +5 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test-requirements.txt +4 -12
- data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +8 -6
- data/ext/libmongocrypt/libmongocrypt/cmake/IntelDFP.cmake +2 -1
- data/ext/libmongocrypt/libmongocrypt/cmake/Platform.cmake +50 -0
- data/ext/libmongocrypt/libmongocrypt/cmake/mongocrypt-config.cmake +21 -0
- data/ext/libmongocrypt/libmongocrypt/debian/gbp.conf +2 -2
- data/ext/libmongocrypt/libmongocrypt/etc/c6-vault.repo +39 -0
- data/ext/libmongocrypt/libmongocrypt/etc/fle2_aead_generate_tests.py +15 -24
- data/ext/libmongocrypt/libmongocrypt/etc/fle2_crypto.py +66 -54
- data/ext/libmongocrypt/libmongocrypt/etc/fle2_generate_tests.py +14 -23
- data/ext/libmongocrypt/libmongocrypt/etc/fle2v2_aead_generate_tests.py +32 -0
- data/ext/libmongocrypt/libmongocrypt/etc/format-all.sh +12 -0
- data/ext/libmongocrypt/libmongocrypt/etc/format.sh +16 -0
- data/ext/libmongocrypt/libmongocrypt/etc/install-package.sh +48 -0
- data/ext/libmongocrypt/libmongocrypt/etc/mongo-inteldfp-libmongocrypt-pr-625.patch +13 -0
- data/ext/libmongocrypt/libmongocrypt/src/crypto/cng.c +381 -436
- data/ext/libmongocrypt/libmongocrypt/src/crypto/commoncrypto.c +162 -227
- data/ext/libmongocrypt/libmongocrypt/src/crypto/libcrypto.c +180 -248
- data/ext/libmongocrypt/libmongocrypt/src/crypto/none.c +33 -55
- data/ext/libmongocrypt/libmongocrypt/src/csfle-markup.cpp +175 -205
- data/ext/libmongocrypt/libmongocrypt/src/mc-array-private.h +10 -21
- data/ext/libmongocrypt/libmongocrypt/src/mc-array.c +44 -56
- data/ext/libmongocrypt/libmongocrypt/src/mc-check-conversions-private.h +4 -8
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.h +351 -463
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.test.cpp +59 -66
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +7 -11
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +80 -92
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle-blob-subtype-private.h +18 -10
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +59 -70
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +384 -439
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private-v2.h +41 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private.h +11 -18
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +135 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +109 -126
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +88 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private.h +24 -27
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-v2.c +137 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload.c +106 -125
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +117 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private.h +28 -36
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +294 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload.c +237 -278
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-private-v2.h +133 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-private.h +67 -56
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +437 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev.c +476 -325
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-uev-common-private.h +69 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-uev-common.c +182 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-uev-private.h +23 -31
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-uev-v2-private.h +85 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-uev-v2.c +142 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-uev.c +104 -231
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-range-operator-private.h +8 -7
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds-private.h +55 -56
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds.c +517 -580
- data/ext/libmongocrypt/libmongocrypt/src/mc-optional-private.h +36 -66
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation-private.h +57 -76
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +158 -189
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding-private.h +36 -42
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +515 -558
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +155 -191
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-private.h +43 -53
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +170 -240
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +29 -34
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +289 -338
- data/ext/libmongocrypt/libmongocrypt/src/mc-reader-private.h +36 -71
- data/ext/libmongocrypt/libmongocrypt/src/mc-reader.c +111 -164
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +55 -49
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +109 -125
- data/ext/libmongocrypt/libmongocrypt/src/mc-writer-private.h +66 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-writer.c +141 -0
- data/ext/libmongocrypt/libmongocrypt/src/mlib/check.hpp +37 -55
- data/ext/libmongocrypt/libmongocrypt/src/mlib/endian.h +11 -11
- data/ext/libmongocrypt/libmongocrypt/src/mlib/error.h +27 -32
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.h +444 -499
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.test.cpp +251 -334
- data/ext/libmongocrypt/libmongocrypt/src/mlib/macros.h +4 -5
- data/ext/libmongocrypt/libmongocrypt/src/mlib/path.h +196 -231
- data/ext/libmongocrypt/libmongocrypt/src/mlib/path.test.c +56 -79
- data/ext/libmongocrypt/libmongocrypt/src/mlib/str.h +411 -530
- data/ext/libmongocrypt/libmongocrypt/src/mlib/str.test.c +116 -131
- data/ext/libmongocrypt/libmongocrypt/src/mlib/thread.h +17 -26
- data/ext/libmongocrypt/libmongocrypt/src/mlib/user-check.h +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-binary-private.h +3 -6
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-binary.c +31 -48
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer-private.h +55 -131
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +444 -565
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo-private.h +1 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo.c +28 -45
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-key-private.h +11 -17
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-key.c +103 -132
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth-private.h +8 -14
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth.c +78 -90
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-private.h +26 -45
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache.c +220 -273
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ciphertext-private.h +13 -25
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ciphertext.c +147 -166
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-compat.h +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto-private.h +110 -204
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto.c +1137 -1565
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +425 -472
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +817 -694
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +2394 -2697
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +166 -186
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-rewrap-many-datakey.c +308 -351
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +921 -1138
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-dll-private.h +16 -24
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-endian-private.h +44 -58
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-endpoint-private.h +21 -25
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-endpoint.c +167 -181
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek-private.h +37 -43
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek.c +215 -253
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker-private.h +73 -108
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +889 -1034
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-private.h +27 -44
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key.c +349 -402
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx-private.h +92 -120
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +1397 -1612
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-log-private.h +35 -67
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-log.c +49 -83
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +30 -36
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +1821 -1470
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-mutex-private.h +7 -12
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +80 -108
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +354 -424
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +101 -117
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-status-private.h +3 -8
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-status.c +92 -119
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-traverse-util-private.h +19 -29
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-traverse-util.c +136 -176
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util-private.h +11 -21
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +96 -135
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +1092 -1320
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +130 -295
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +66 -78
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_mutex.c +20 -28
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_dll.c +60 -73
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_mutex.c +8 -16
- data/ext/libmongocrypt/libmongocrypt/test/crypt_shared-stub.cpp +57 -87
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload-v2.json +60 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload-v2.json +67 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/find-indexed-contentionFactor1-v2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/find-indexed-v2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-contentionFactor1-v2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-same-user-and-index-key-v2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-v2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality-v2/cmd.json +6 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality-v2/encrypted-field-map.json +22 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality-v2/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality-v2/mongocryptd-reply.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/cmd.json +10 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/encrypted-field-map.json +27 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/encrypted-payload.json +41 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/mongocryptd-reply.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/cmd.json +6 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/encrypted-field-map.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json +50 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/mongocryptd-reply.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/cmd.json +6 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/encrypted-field-map.json +27 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json +41 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/mongocryptd-reply.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision-v2/cmd.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision-v2/encrypted-field-map.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision-v2/mongocryptd-reply.json +52 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/cmd.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/encrypted-field-map.json +27 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/encrypted-payload.json +41 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/mongocryptd-reply.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/cmd.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/encrypted-field-map.json +27 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/encrypted-payload.json +41 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/mongocryptd-reply.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/cmd.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/encrypted-field-map.json +27 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/encrypted-payload.json +41 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/mongocryptd-reply.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double/encrypted-payload-v2.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double-precision/encrypted-payload-v2.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32/encrypted-payload-v2.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-nominmax/encrypted-payload-v2.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-openinterval/encrypted-payload-v2.json +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert/cmd.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/RNG_DATA.h +65 -65
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/cmd.json +13 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/encrypted-field-map.json +27 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/encrypted-payload.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/mongocryptd-reply.json +52 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/RNG_DATA.h +132 -132
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/RNG_DATA.h +71 -71
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-field-map.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/mongocryptd-reply.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/encrypted-field-map.json +27 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/mongocryptd-reply.json +52 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/RNG_DATA.h +68 -68
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/RNG_DATA.h +19 -19
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision-v2/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision-v2/encrypted-field-map.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision-v2/mongocryptd-reply.json +55 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/encrypted-field-map.json +27 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/encrypted-payload.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/mongocryptd-reply.json +52 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/RNG_DATA.h +25 -25
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/encrypted-field-map.json +27 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/encrypted-payload.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/mongocryptd-reply.json +52 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/RNG_DATA.h +65 -65
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/encrypted-field-map.json +27 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/encrypted-payload.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/mongocryptd-reply.json +52 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/RNG_DATA.h +68 -68
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/encrypted-payload-v2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/RNG_DATA.h +19 -19
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/encrypted-payload-v2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32/RNG_DATA.h +25 -25
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32/encrypted-payload-v2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32-nominmax/encrypted-payload-v2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/RNG_DATA.h +15 -15
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/encrypted-payload-v2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed-v2/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed-v2/encrypted-field-map.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed-v2/encrypted-payload.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed-v2/mongocryptd-reply.json +41 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2/encrypted-field-map.json +22 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2/encrypted-payload.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2/mongocryptd-reply.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneRangeV2.json +10 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneV2.json +10 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/roundtrip/README.md +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/roundtrip/aes-ctr.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/roundtrip/fle2-fixed.json +10 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/roundtrip/fle2-generated.json +38 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/roundtrip/fle2aead-decrypt.json +35 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/roundtrip/fle2aead-fixed.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/roundtrip/fle2aead-generated.json +122 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/roundtrip/fle2v2-aead-fixed.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/roundtrip/fle2v2-aead-generated.json +122 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/roundtrip/mcgrew.json +12 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/roundtrip/nist.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/README.md +27 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/example-no-bson.c +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +278 -323
- data/ext/libmongocrypt/libmongocrypt/test/fuzz_kms.c +8 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-dll.cpp +6 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-gcp-auth.c +221 -283
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +58 -73
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-equality-payload-v2.c +78 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-range-payload-v2.c +89 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev-v2.c +248 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev.c +467 -414
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +172 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup.c +141 -159
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-uev-v2.c +338 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-uev.c +238 -176
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +373 -474
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +346 -388
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +708 -825
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +417 -481
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +110 -144
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-reader.c +124 -207
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +223 -213
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-writer.c +176 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +634 -807
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.h +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert.h +168 -189
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-buffer.c +187 -211
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache-oauth.c +34 -36
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache.c +210 -233
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ciphertext.c +185 -220
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-compact.c +331 -445
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +670 -814
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.c +102 -135
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.h +54 -71
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto.c +394 -846
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +159 -183
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +867 -1045
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +4349 -4713
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +750 -964
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-setopt.c +991 -1178
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +342 -419
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-dll.c +23 -30
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-endpoint.c +98 -111
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kek.c +49 -52
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-key-broker.c +770 -920
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-key-cache.c +354 -407
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-key.c +197 -245
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-ctx.c +286 -370
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-responses.c +147 -166
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-local-kms.c +50 -61
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-log.c +85 -100
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +656 -692
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-status.c +46 -58
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-traverse-util.c +377 -451
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.c +48 -67
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.h +4 -10
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +827 -918
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +111 -172
- data/ext/libmongocrypt/libmongocrypt/test/util/csfle.c +508 -559
- data/ext/libmongocrypt/libmongocrypt/test/util/util.c +735 -881
- data/ext/libmongocrypt/libmongocrypt/test/util/util.h +33 -55
- data/lib/libmongocrypt_helper/version.rb +2 -2
- data/lib/libmongocrypt_helper.rb +2 -2
- data.tar.gz.sig +0 -0
- metadata +154 -26
- metadata.gz.sig +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit/int32/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit/int32/key-document.json +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/credentialsProvider.js +0 -33
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/credentialsProvider.test.js +0 -163
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit/int32/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/aes-ctr.cstructs +0 -359
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-aead.cstructs +0 -109
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-nominmax/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-nominmax/rangeopts.json +0 -5
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-nominmax/value-to-encrypt.json +0 -20
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32-nominmax/RNG_DATA.h +0 -70
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32-nominmax/encrypted-payload.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32-nominmax/rangeopts.json +0 -5
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32-nominmax/value-to-encrypt.json +0 -5
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2.cstructs +0 -33
- /data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/{fle2-find-range-explicit → fle2-find-range-explicit-v2}/int32/key-filter.json +0 -0
- /data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/{fle2-find-range-explicit → fle2-find-range-explicit-v2}/int32/rangeopts.json +0 -0
- /data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/{fle2-find-range-explicit → fle2-find-range-explicit-v2}/int32/value-to-encrypt.json +0 -0
- /data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/{fle2-find-range-explicit → fle2-find-range-explicit-v2}/int32/rangeopts.json +0 -0
- /data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/{fle2-find-range-explicit → fle2-find-range-explicit-v2}/int32/value-to-encrypt.json +0 -0
@@ -1,5 +1,15 @@
|
|
1
|
-
import type {
|
2
|
-
|
1
|
+
import type {
|
2
|
+
MongoClient,
|
3
|
+
BulkWriteResult,
|
4
|
+
DeleteResult,
|
5
|
+
FindCursor,
|
6
|
+
Collection,
|
7
|
+
Db,
|
8
|
+
CreateCollectionOptions,
|
9
|
+
Document,
|
10
|
+
Binary,
|
11
|
+
Long
|
12
|
+
} from 'mongodb';
|
3
13
|
|
4
14
|
export type ClientEncryptionDataKeyProvider = 'aws' | 'azure' | 'gcp' | 'local' | 'kmip';
|
5
15
|
|
@@ -21,8 +31,47 @@ export interface DataKey {
|
|
21
31
|
* An error indicating that something went wrong specifically with MongoDB Client Encryption
|
22
32
|
*/
|
23
33
|
export class MongoCryptError extends Error {
|
34
|
+
cause?: Error;
|
24
35
|
}
|
25
36
|
|
37
|
+
/**
|
38
|
+
* @experimental Public Technical Preview
|
39
|
+
* An error indicating that `ClientEncryption.createEncryptedCollection()` failed to create a collection
|
40
|
+
*/
|
41
|
+
export class MongoCryptCreateEncryptedCollectionError extends MongoCryptError {
|
42
|
+
/**
|
43
|
+
* @experimental Public Technical Preview
|
44
|
+
* The entire `encryptedFields` that was completed while attempting createEncryptedCollection
|
45
|
+
*/
|
46
|
+
encryptedFields: Document;
|
47
|
+
/** The error rejected from db.createCollection() */
|
48
|
+
cause: Error;
|
49
|
+
}
|
50
|
+
|
51
|
+
/**
|
52
|
+
* @experimental Public Technical Preview
|
53
|
+
* An error indicating that `ClientEncryption.createEncryptedCollection()` failed to create data keys
|
54
|
+
*/
|
55
|
+
export class MongoCryptCreateDataKeyError extends MongoCryptError {
|
56
|
+
/**
|
57
|
+
* @experimental Public Technical Preview
|
58
|
+
* The partial `encryptedFields` that was completed while attempting createEncryptedCollection
|
59
|
+
*/
|
60
|
+
encryptedFields: Document;
|
61
|
+
/** The first error encountered when attempting to `createDataKey` */
|
62
|
+
cause: Error;
|
63
|
+
}
|
64
|
+
|
65
|
+
/**
|
66
|
+
* An error indicating that mongodb-client-encryption failed to auto-refresh Azure KMS credentials.
|
67
|
+
*/
|
68
|
+
export class MongoCryptAzureKMSRequestError extends MongoCryptError {
|
69
|
+
/* The body of the IMDS request that produced the error, if present. */
|
70
|
+
body?: Document ;
|
71
|
+
}
|
72
|
+
|
73
|
+
export class MongoCryptKMSRequestNetworkTimeoutError extends MongoCryptError {}
|
74
|
+
|
26
75
|
/**
|
27
76
|
* A set of options for specifying a Socks5 proxy.
|
28
77
|
*/
|
@@ -64,23 +113,25 @@ export interface KMSProviders {
|
|
64
113
|
/**
|
65
114
|
* Configuration options for using 'aws' as your KMS provider
|
66
115
|
*/
|
67
|
-
aws?:
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
116
|
+
aws?:
|
117
|
+
| {
|
118
|
+
/**
|
119
|
+
* The access key used for the AWS KMS provider
|
120
|
+
*/
|
121
|
+
accessKeyId: string;
|
72
122
|
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
123
|
+
/**
|
124
|
+
* The secret access key used for the AWS KMS provider
|
125
|
+
*/
|
126
|
+
secretAccessKey: string;
|
77
127
|
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
128
|
+
/**
|
129
|
+
* An optional AWS session token that will be used as the
|
130
|
+
* X-Amz-Security-Token header for AWS requests.
|
131
|
+
*/
|
132
|
+
sessionToken?: string;
|
133
|
+
}
|
134
|
+
| Record<string, never>;
|
84
135
|
|
85
136
|
/**
|
86
137
|
* Configuration options for using 'local' as your KMS provider
|
@@ -108,51 +159,67 @@ export interface KMSProviders {
|
|
108
159
|
/**
|
109
160
|
* Configuration options for using 'azure' as your KMS provider
|
110
161
|
*/
|
111
|
-
azure?:
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
162
|
+
azure?:
|
163
|
+
| {
|
164
|
+
/**
|
165
|
+
* The tenant ID identifies the organization for the account
|
166
|
+
*/
|
167
|
+
tenantId: string;
|
168
|
+
|
169
|
+
/**
|
170
|
+
* The client ID to authenticate a registered application
|
171
|
+
*/
|
172
|
+
clientId: string;
|
173
|
+
|
174
|
+
/**
|
175
|
+
* The client secret to authenticate a registered application
|
176
|
+
*/
|
177
|
+
clientSecret: string;
|
178
|
+
|
179
|
+
/**
|
180
|
+
* If present, a host with optional port. E.g. "example.com" or "example.com:443".
|
181
|
+
* This is optional, and only needed if customer is using a non-commercial Azure instance
|
182
|
+
* (e.g. a government or China account, which use different URLs).
|
183
|
+
* Defaults to "login.microsoftonline.com"
|
184
|
+
*/
|
185
|
+
identityPlatformEndpoint?: string | undefined;
|
186
|
+
}
|
187
|
+
| {
|
188
|
+
/**
|
189
|
+
* If present, an access token to authenticate with Azure.
|
190
|
+
*/
|
191
|
+
accessToken: string;
|
192
|
+
}
|
193
|
+
| Record<string, never>;
|
135
194
|
|
136
195
|
/**
|
137
196
|
* Configuration options for using 'gcp' as your KMS provider
|
138
197
|
*/
|
139
|
-
gcp?:
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
198
|
+
gcp?:
|
199
|
+
| {
|
200
|
+
/**
|
201
|
+
* The service account email to authenticate
|
202
|
+
*/
|
203
|
+
email: string;
|
204
|
+
|
205
|
+
/**
|
206
|
+
* A PKCS#8 encrypted key. This can either be a base64 string or a binary representation
|
207
|
+
*/
|
208
|
+
privateKey: string | Buffer;
|
209
|
+
|
210
|
+
/**
|
211
|
+
* If present, a host with optional port. E.g. "example.com" or "example.com:443".
|
212
|
+
* Defaults to "oauth2.googleapis.com"
|
213
|
+
*/
|
214
|
+
endpoint?: string | undefined;
|
215
|
+
}
|
216
|
+
| {
|
217
|
+
/**
|
218
|
+
* If present, an access token to authenticate with GCP.
|
219
|
+
*/
|
220
|
+
accessToken: string;
|
221
|
+
}
|
222
|
+
| Record<string, never>;
|
156
223
|
}
|
157
224
|
|
158
225
|
/**
|
@@ -304,9 +371,13 @@ export interface AzureEncryptionKeyOptions {
|
|
304
371
|
*/
|
305
372
|
export interface ClientEncryptionCreateDataKeyProviderOptions {
|
306
373
|
/**
|
307
|
-
*
|
374
|
+
* Identifies a new KMS-specific key used to encrypt the new data key
|
308
375
|
*/
|
309
|
-
masterKey?:
|
376
|
+
masterKey?:
|
377
|
+
| AWSEncryptionKeyOptions
|
378
|
+
| AzureEncryptionKeyOptions
|
379
|
+
| GCPEncryptionKeyOptions
|
380
|
+
| undefined;
|
310
381
|
|
311
382
|
/**
|
312
383
|
* An optional list of string alternate names used to reference a key.
|
@@ -321,7 +392,11 @@ export interface ClientEncryptionCreateDataKeyProviderOptions {
|
|
321
392
|
/** @experimental */
|
322
393
|
export interface ClientEncryptionRewrapManyDataKeyProviderOptions {
|
323
394
|
provider: ClientEncryptionDataKeyProvider;
|
324
|
-
masterKey?:
|
395
|
+
masterKey?:
|
396
|
+
| AWSEncryptionKeyOptions
|
397
|
+
| AzureEncryptionKeyOptions
|
398
|
+
| GCPEncryptionKeyOptions
|
399
|
+
| undefined;
|
325
400
|
}
|
326
401
|
|
327
402
|
/** @experimental */
|
@@ -330,6 +405,18 @@ export interface ClientEncryptionRewrapManyDataKeyResult {
|
|
330
405
|
bulkWriteResult?: BulkWriteResult;
|
331
406
|
}
|
332
407
|
|
408
|
+
/**
|
409
|
+
* RangeOptions specifies index options for a Queryable Encryption field supporting "rangePreview" queries.
|
410
|
+
* min, max, sparsity, and range must match the values set in the encryptedFields of the destination collection.
|
411
|
+
* For double and decimal128, min/max/precision must all be set, or all be unset.
|
412
|
+
*/
|
413
|
+
interface RangeOptions {
|
414
|
+
min?: any;
|
415
|
+
max?: any;
|
416
|
+
sparsity: Long;
|
417
|
+
precision?: number;
|
418
|
+
}
|
419
|
+
|
333
420
|
/**
|
334
421
|
* Options to provide when encrypting data.
|
335
422
|
*/
|
@@ -337,7 +424,12 @@ export interface ClientEncryptionEncryptOptions {
|
|
337
424
|
/**
|
338
425
|
* The algorithm to use for encryption.
|
339
426
|
*/
|
340
|
-
algorithm:
|
427
|
+
algorithm:
|
428
|
+
| 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'
|
429
|
+
| 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'
|
430
|
+
| 'Indexed'
|
431
|
+
| 'Unindexed'
|
432
|
+
| 'RangePreview';
|
341
433
|
|
342
434
|
/**
|
343
435
|
* The id of the Binary dataKey to use for encryption
|
@@ -353,7 +445,10 @@ export interface ClientEncryptionEncryptOptions {
|
|
353
445
|
contentionFactor?: bigint | number;
|
354
446
|
|
355
447
|
/** @experimental Public Technical Preview: The query type supported */
|
356
|
-
queryType?: 'equality';
|
448
|
+
queryType?: 'equality' | 'rangePreview';
|
449
|
+
|
450
|
+
/** @experimental Public Technical Preview: The index options for a Queryable Encryption field supporting "rangePreview" queries.*/
|
451
|
+
rangeOptions?: RangeOptions;
|
357
452
|
}
|
358
453
|
|
359
454
|
/**
|
@@ -371,9 +466,7 @@ export class ClientEncryption {
|
|
371
466
|
* Creates a data key used for explicit encryption and inserts it into the key vault namespace
|
372
467
|
* @param provider The KMS provider used for this data key. Must be `'aws'`, `'azure'`, `'gcp'`, or `'local'`
|
373
468
|
*/
|
374
|
-
createDataKey(
|
375
|
-
provider: ClientEncryptionDataKeyProvider
|
376
|
-
): Promise<Binary>;
|
469
|
+
createDataKey(provider: ClientEncryptionDataKeyProvider): Promise<Binary>;
|
377
470
|
|
378
471
|
/**
|
379
472
|
* Creates a data key used for explicit encryption and inserts it into the key vault namespace
|
@@ -467,6 +560,30 @@ export class ClientEncryption {
|
|
467
560
|
*/
|
468
561
|
removeKeyAltName(id: Binary, keyAltName: string): Promise<DataKey | null>;
|
469
562
|
|
563
|
+
/**
|
564
|
+
* @experimental Public Technical Preview
|
565
|
+
* A convenience method for creating an encrypted collection.
|
566
|
+
* This method will create data keys for any encryptedFields that do not have a `keyId` defined
|
567
|
+
* and then create a new collection with the full set of encryptedFields.
|
568
|
+
*
|
569
|
+
* @param db - A Node.js driver Db object with which to create the collection
|
570
|
+
* @param name - The name of the new collection
|
571
|
+
* @param options - Options for createDataKey and for createCollection. A provider and partially created encryptedFields **must** be provided.
|
572
|
+
* @throws {MongoCryptCreateDataKeyForEncryptedCollectionError} - If part way through the process a createDataKey invocation fails, an error will be rejected that has the partial `encryptedFields` that were created.
|
573
|
+
* @throws {MongoCryptCreateEncryptedCollectionError} - If creating the collection fails, an error will be rejected that has the entire `encryptedFields` that were created.
|
574
|
+
*/
|
575
|
+
createEncryptedCollection<TSchema extends Document = Document>(
|
576
|
+
db: Db,
|
577
|
+
name: string,
|
578
|
+
options: {
|
579
|
+
provider: ClientEncryptionDataKeyProvider;
|
580
|
+
createCollectionOptions: Omit<CreateCollectionOptions, 'encryptedFields'> & {
|
581
|
+
encryptedFields: Document;
|
582
|
+
};
|
583
|
+
masterKey?: AWSEncryptionKeyOptions | AzureEncryptionKeyOptions | GCPEncryptionKeyOptions;
|
584
|
+
}
|
585
|
+
): Promise<{ collection: Collection<TSchema>; encryptedFields: Document }>;
|
586
|
+
|
470
587
|
/**
|
471
588
|
* Explicitly encrypt a provided value.
|
472
589
|
* Note that either options.keyId or options.keyAltName must be specified.
|
@@ -474,10 +591,7 @@ export class ClientEncryption {
|
|
474
591
|
* @param value The value that you wish to serialize. Must be of a type that can be serialized into BSON
|
475
592
|
* @param options
|
476
593
|
*/
|
477
|
-
encrypt(
|
478
|
-
value: any,
|
479
|
-
options: ClientEncryptionEncryptOptions
|
480
|
-
): Promise<Binary>;
|
594
|
+
encrypt(value: any, options: ClientEncryptionEncryptOptions): Promise<Binary>;
|
481
595
|
|
482
596
|
/**
|
483
597
|
* Explicitly encrypt a provided value.
|
@@ -493,23 +607,35 @@ export class ClientEncryption {
|
|
493
607
|
callback: ClientEncryptionEncryptCallback
|
494
608
|
): void;
|
495
609
|
|
610
|
+
/**
|
611
|
+
* Encrypts a Match Expression or Aggregate Expression to query a range index.
|
612
|
+
*
|
613
|
+
* Only supported when queryType is "rangePreview" and algorithm is "RangePreview".
|
614
|
+
*
|
615
|
+
* @experimental The Range algorithm is experimental only. It is not intended for production use. It is subject to breaking changes.The aggregation or match expression you wish to encrypt. The value must be in the form
|
616
|
+
*
|
617
|
+
* The expression to encrypt must be one of the following:
|
618
|
+
* 1. A Match Expression of this form:
|
619
|
+
* `{$and: [{<field>: {$gt: <value1>}}, {<field>: {$lt: <value2> }}]}`
|
620
|
+
* 2. An Aggregate Expression of this form:
|
621
|
+
* `{$and: [{$gt: [<fieldpath>, <value1>]}, {$lt: [<fieldpath>, <value2>]}]}`
|
622
|
+
*
|
623
|
+
* `$gt` may also be `$gte`. `$lt` may also be `$lte`.
|
624
|
+
*/
|
625
|
+
encryptExpression(value: Document, options: ClientEncryptionEncryptOptions): Promise<Document>;
|
626
|
+
|
496
627
|
/**
|
497
628
|
* Explicitly decrypt a provided encrypted value
|
498
629
|
* @param value An encrypted value
|
499
630
|
*/
|
500
|
-
decrypt(
|
501
|
-
value: Buffer | Binary
|
502
|
-
): Promise<any>;
|
631
|
+
decrypt(value: Buffer | Binary): Promise<any>;
|
503
632
|
|
504
633
|
/**
|
505
634
|
* Explicitly decrypt a provided encrypted value
|
506
635
|
* @param value An encrypted value
|
507
636
|
* @param callback Callback to invoke when value is decrypted
|
508
637
|
*/
|
509
|
-
decrypt(
|
510
|
-
value: Buffer | Binary,
|
511
|
-
callback: ClientEncryptionDecryptCallback
|
512
|
-
): void;
|
638
|
+
decrypt(value: Buffer | Binary, callback: ClientEncryptionDecryptCallback): void;
|
513
639
|
|
514
640
|
static readonly libmongocryptVersion: string;
|
515
641
|
}
|
@@ -9,7 +9,7 @@ module.exports = function (modules) {
|
|
9
9
|
const MongoClient = modules.mongodb.MongoClient;
|
10
10
|
const MongoError = modules.mongodb.MongoError;
|
11
11
|
const BSON = modules.mongodb.BSON;
|
12
|
-
const { loadCredentials } = require('./
|
12
|
+
const { loadCredentials } = require('./providers/index');
|
13
13
|
const cryptoCallbacks = require('./cryptoCallbacks');
|
14
14
|
|
15
15
|
/**
|
@@ -6,12 +6,20 @@ module.exports = function (modules) {
|
|
6
6
|
const databaseNamespace = common.databaseNamespace;
|
7
7
|
const collectionNamespace = common.collectionNamespace;
|
8
8
|
const promiseOrCallback = common.promiseOrCallback;
|
9
|
+
const maybeCallback = common.maybeCallback;
|
9
10
|
const StateMachine = modules.stateMachine.StateMachine;
|
10
11
|
const BSON = modules.mongodb.BSON;
|
11
|
-
const {
|
12
|
+
const {
|
13
|
+
MongoCryptCreateEncryptedCollectionError,
|
14
|
+
MongoCryptCreateDataKeyError
|
15
|
+
} = require('./errors');
|
16
|
+
const { loadCredentials } = require('./providers/index');
|
12
17
|
const cryptoCallbacks = require('./cryptoCallbacks');
|
13
18
|
const { promisify } = require('util');
|
14
19
|
|
20
|
+
/** @typedef {*} BSONValue - any serializable BSON value */
|
21
|
+
/** @typedef {BSON.Long} Long A 64 bit integer, represented by the js-bson Long type.*/
|
22
|
+
|
15
23
|
/**
|
16
24
|
* @typedef {object} KMSProviders Configuration options that are used by specific KMS providers during key generation, encryption, and decryption.
|
17
25
|
* @property {object} [aws] Configuration options for using 'aws' as your KMS provider
|
@@ -545,21 +553,99 @@ module.exports = function (modules) {
|
|
545
553
|
return value;
|
546
554
|
}
|
547
555
|
|
556
|
+
/**
|
557
|
+
* @experimental Public Technical Preview
|
558
|
+
*
|
559
|
+
* A convenience method for creating an encrypted collection.
|
560
|
+
* This method will create data keys for any encryptedFields that do not have a `keyId` defined
|
561
|
+
* and then create a new collection with the full set of encryptedFields.
|
562
|
+
*
|
563
|
+
* @template {TSchema} - Schema for the collection being created
|
564
|
+
* @param {Db} db - A Node.js driver Db object with which to create the collection
|
565
|
+
* @param {string} name - The name of the collection to be created
|
566
|
+
* @param {object} options - Options for createDataKey and for createCollection
|
567
|
+
* @param {string} options.provider - KMS provider name
|
568
|
+
* @param {AWSEncryptionKeyOptions | AzureEncryptionKeyOptions | GCPEncryptionKeyOptions} [options.masterKey] - masterKey to pass to createDataKey
|
569
|
+
* @param {CreateCollectionOptions} options.createCollectionOptions - options to pass to createCollection, must include `encryptedFields`
|
570
|
+
* @returns {Promise<{ collection: Collection<TSchema>, encryptedFields: Document }>} - created collection and generated encryptedFields
|
571
|
+
* @throws {MongoCryptCreateDataKeyError} - If part way through the process a createDataKey invocation fails, an error will be rejected that has the partial `encryptedFields` that were created.
|
572
|
+
* @throws {MongoCryptCreateEncryptedCollectionError} - If creating the collection fails, an error will be rejected that has the entire `encryptedFields` that were created.
|
573
|
+
*/
|
574
|
+
async createEncryptedCollection(db, name, options) {
|
575
|
+
const {
|
576
|
+
provider,
|
577
|
+
masterKey,
|
578
|
+
createCollectionOptions: {
|
579
|
+
encryptedFields: { ...encryptedFields },
|
580
|
+
...createCollectionOptions
|
581
|
+
}
|
582
|
+
} = options;
|
583
|
+
|
584
|
+
if (Array.isArray(encryptedFields.fields)) {
|
585
|
+
const createDataKeyPromises = encryptedFields.fields.map(async field =>
|
586
|
+
field == null || typeof field !== 'object' || field.keyId != null
|
587
|
+
? field
|
588
|
+
: {
|
589
|
+
...field,
|
590
|
+
keyId: await this.createDataKey(provider, { masterKey })
|
591
|
+
}
|
592
|
+
);
|
593
|
+
|
594
|
+
const createDataKeyResolutions = await Promise.allSettled(createDataKeyPromises);
|
595
|
+
|
596
|
+
encryptedFields.fields = createDataKeyResolutions.map((resolution, index) =>
|
597
|
+
resolution.status === 'fulfilled' ? resolution.value : encryptedFields.fields[index]
|
598
|
+
);
|
599
|
+
|
600
|
+
const rejection = createDataKeyResolutions.find(({ status }) => status === 'rejected');
|
601
|
+
if (rejection != null) {
|
602
|
+
throw new MongoCryptCreateDataKeyError({ encryptedFields, cause: rejection.reason });
|
603
|
+
}
|
604
|
+
}
|
605
|
+
|
606
|
+
try {
|
607
|
+
const collection = await db.createCollection(name, {
|
608
|
+
...createCollectionOptions,
|
609
|
+
encryptedFields
|
610
|
+
});
|
611
|
+
return { collection, encryptedFields };
|
612
|
+
} catch (cause) {
|
613
|
+
throw new MongoCryptCreateEncryptedCollectionError({ encryptedFields, cause });
|
614
|
+
}
|
615
|
+
}
|
616
|
+
|
548
617
|
/**
|
549
618
|
* @callback ClientEncryptionEncryptCallback
|
550
619
|
* @param {Error} [err] If present, indicates an error that occurred in the process of encryption
|
551
620
|
* @param {Buffer} [result] If present, is the encrypted result
|
552
621
|
*/
|
553
622
|
|
623
|
+
/**
|
624
|
+
* @typedef {object} RangeOptions
|
625
|
+
* min, max, sparsity, and range must match the values set in the encryptedFields of the destination collection.
|
626
|
+
* For double and decimal128, min/max/precision must all be set, or all be unset.
|
627
|
+
* @property {BSONValue} min is required if precision is set.
|
628
|
+
* @property {BSONValue} max is required if precision is set.
|
629
|
+
* @property {BSON.Long} sparsity
|
630
|
+
* @property {number | undefined} precision (may only be set for double or decimal128).
|
631
|
+
*/
|
632
|
+
|
633
|
+
/**
|
634
|
+
* @typedef {object} EncryptOptions Options to provide when encrypting data.
|
635
|
+
* @property {ClientEncryptionDataKeyId} [keyId] The id of the Binary dataKey to use for encryption.
|
636
|
+
* @property {string} [keyAltName] A unique string name corresponding to an already existing dataKey.
|
637
|
+
* @property {string} [algorithm] The algorithm to use for encryption. Must be either `'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'`, `'AEAD_AES_256_CBC_HMAC_SHA_512-Random'`, `'Indexed'` or `'Unindexed'`
|
638
|
+
* @property {bigint | number} [contentionFactor] (experimental) - the contention factor.
|
639
|
+
* @property {'equality' | 'rangePreview'} queryType (experimental) - the query type supported.
|
640
|
+
* @property {RangeOptions} [rangeOptions] (experimental) The index options for a Queryable Encryption field supporting "rangePreview" queries.
|
641
|
+
*/
|
642
|
+
|
554
643
|
/**
|
555
644
|
* Explicitly encrypt a provided value. Note that either `options.keyId` or `options.keyAltName` must
|
556
645
|
* be specified. Specifying both `options.keyId` and `options.keyAltName` is considered an error.
|
557
646
|
*
|
558
647
|
* @param {*} value The value that you wish to serialize. Must be of a type that can be serialized into BSON
|
559
|
-
* @param {
|
560
|
-
* @param {ClientEncryptionDataKeyId} [options.keyId] The id of the Binary dataKey to use for encryption
|
561
|
-
* @param {string} [options.keyAltName] A unique string name corresponding to an already existing dataKey.
|
562
|
-
* @param {} [options.algorithm] The algorithm to use for encryption. Must be either `'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'`, `'AEAD_AES_256_CBC_HMAC_SHA_512-Random'`, `'Indexed'` or `'Unindexed'`
|
648
|
+
* @param {EncryptOptions} options
|
563
649
|
* @param {ClientEncryptionEncryptCallback} [callback] Optional callback to invoke when value is encrypted
|
564
650
|
* @returns {Promise|void} If no callback is provided, returns a Promise that either resolves with the encrypted value, or rejects with an error. If a callback is provided, returns nothing.
|
565
651
|
*
|
@@ -589,44 +675,29 @@ module.exports = function (modules) {
|
|
589
675
|
* }
|
590
676
|
*/
|
591
677
|
encrypt(value, options, callback) {
|
592
|
-
|
593
|
-
|
594
|
-
const contextOptions = Object.assign({}, options);
|
595
|
-
if (options.keyId) {
|
596
|
-
contextOptions.keyId = options.keyId.buffer;
|
597
|
-
}
|
598
|
-
if (options.keyAltName) {
|
599
|
-
const keyAltName = options.keyAltName;
|
600
|
-
if (options.keyId) {
|
601
|
-
throw new TypeError(`"options" cannot contain both "keyId" and "keyAltName"`);
|
602
|
-
}
|
603
|
-
const keyAltNameType = typeof keyAltName;
|
604
|
-
if (keyAltNameType !== 'string') {
|
605
|
-
throw new TypeError(
|
606
|
-
`"options.keyAltName" must be of type string, but was of type ${keyAltNameType}`
|
607
|
-
);
|
608
|
-
}
|
609
|
-
|
610
|
-
contextOptions.keyAltName = bson.serialize({ keyAltName });
|
611
|
-
}
|
612
|
-
|
613
|
-
const stateMachine = new StateMachine({
|
614
|
-
bson,
|
615
|
-
proxyOptions: this._proxyOptions,
|
616
|
-
tlsOptions: this._tlsOptions
|
617
|
-
});
|
618
|
-
const context = this._mongoCrypt.makeExplicitEncryptionContext(valueBuffer, contextOptions);
|
619
|
-
|
620
|
-
return promiseOrCallback(callback, cb => {
|
621
|
-
stateMachine.execute(this, context, (err, result) => {
|
622
|
-
if (err) {
|
623
|
-
cb(err, null);
|
624
|
-
return;
|
625
|
-
}
|
678
|
+
return maybeCallback(() => this._encrypt(value, false, options), callback);
|
679
|
+
}
|
626
680
|
|
627
|
-
|
628
|
-
|
629
|
-
|
681
|
+
/**
|
682
|
+
* Encrypts a Match Expression or Aggregate Expression to query a range index.
|
683
|
+
*
|
684
|
+
* Only supported when queryType is "rangePreview" and algorithm is "RangePreview".
|
685
|
+
*
|
686
|
+
* @experimental The Range algorithm is experimental only. It is not intended for production use. It is subject to breaking changes.
|
687
|
+
*
|
688
|
+
* @param {object} expression a BSON document of one of the following forms:
|
689
|
+
* 1. A Match Expression of this form:
|
690
|
+
* `{$and: [{<field>: {$gt: <value1>}}, {<field>: {$lt: <value2> }}]}`
|
691
|
+
* 2. An Aggregate Expression of this form:
|
692
|
+
* `{$and: [{$gt: [<fieldpath>, <value1>]}, {$lt: [<fieldpath>, <value2>]}]}`
|
693
|
+
*
|
694
|
+
* `$gt` may also be `$gte`. `$lt` may also be `$lte`.
|
695
|
+
*
|
696
|
+
* @param {EncryptOptions} options
|
697
|
+
* @returns {Promise<object>} Returns a Promise that either resolves with the encrypted value or rejects with an error.
|
698
|
+
*/
|
699
|
+
async encryptExpression(expression, options) {
|
700
|
+
return this._encrypt(expression, true, options);
|
630
701
|
}
|
631
702
|
|
632
703
|
/**
|
@@ -640,7 +711,7 @@ module.exports = function (modules) {
|
|
640
711
|
*
|
641
712
|
* @param {Buffer | Binary} value An encrypted value
|
642
713
|
* @param {ClientEncryption~decryptCallback} callback Optional callback to invoke when value is decrypted
|
643
|
-
* @returns {Promise|void} If no callback is provided, returns a Promise that either resolves with the
|
714
|
+
* @returns {Promise|void} If no callback is provided, returns a Promise that either resolves with the decrypted value, or rejects with an error. If a callback is provided, returns nothing.
|
644
715
|
*
|
645
716
|
* @example
|
646
717
|
* // Decrypting value with callback API
|
@@ -693,6 +764,57 @@ module.exports = function (modules) {
|
|
693
764
|
static get libmongocryptVersion() {
|
694
765
|
return mc.MongoCrypt.libmongocryptVersion;
|
695
766
|
}
|
767
|
+
|
768
|
+
/**
|
769
|
+
* A helper that perform explicit encryption of values and expressions.
|
770
|
+
* Explicitly encrypt a provided value. Note that either `options.keyId` or `options.keyAltName` must
|
771
|
+
* be specified. Specifying both `options.keyId` and `options.keyAltName` is considered an error.
|
772
|
+
*
|
773
|
+
* @param {*} value The value that you wish to encrypt. Must be of a type that can be serialized into BSON
|
774
|
+
* @param {boolean} expressionMode - a boolean that indicates whether or not to encrypt the value as an expression
|
775
|
+
* @param {EncryptOptions} options
|
776
|
+
* @returns the raw result of the call to stateMachine.execute(). When expressionMode is set to true, the return
|
777
|
+
* value will be a bson document. When false, the value will be a BSON Binary.
|
778
|
+
*
|
779
|
+
* @ignore
|
780
|
+
*
|
781
|
+
*/
|
782
|
+
async _encrypt(value, expressionMode, options) {
|
783
|
+
const bson = this._bson;
|
784
|
+
const valueBuffer = bson.serialize({ v: value });
|
785
|
+
const contextOptions = Object.assign({}, options, { expressionMode });
|
786
|
+
if (options.keyId) {
|
787
|
+
contextOptions.keyId = options.keyId.buffer;
|
788
|
+
}
|
789
|
+
if (options.keyAltName) {
|
790
|
+
const keyAltName = options.keyAltName;
|
791
|
+
if (options.keyId) {
|
792
|
+
throw new TypeError(`"options" cannot contain both "keyId" and "keyAltName"`);
|
793
|
+
}
|
794
|
+
const keyAltNameType = typeof keyAltName;
|
795
|
+
if (keyAltNameType !== 'string') {
|
796
|
+
throw new TypeError(
|
797
|
+
`"options.keyAltName" must be of type string, but was of type ${keyAltNameType}`
|
798
|
+
);
|
799
|
+
}
|
800
|
+
|
801
|
+
contextOptions.keyAltName = bson.serialize({ keyAltName });
|
802
|
+
}
|
803
|
+
|
804
|
+
if ('rangeOptions' in options) {
|
805
|
+
contextOptions.rangeOptions = bson.serialize(options.rangeOptions);
|
806
|
+
}
|
807
|
+
|
808
|
+
const stateMachine = new StateMachine({
|
809
|
+
bson,
|
810
|
+
proxyOptions: this._proxyOptions,
|
811
|
+
tlsOptions: this._tlsOptions
|
812
|
+
});
|
813
|
+
const context = this._mongoCrypt.makeExplicitEncryptionContext(valueBuffer, contextOptions);
|
814
|
+
|
815
|
+
const result = await stateMachine.executeAsync(this, context);
|
816
|
+
return result.v;
|
817
|
+
}
|
696
818
|
}
|
697
819
|
|
698
820
|
return { ClientEncryption };
|