libmongocrypt-helper 1.8.0.0.1001 → 1.11.0.0.1001
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +33 -0
- data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +12 -1
- data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +1 -4
- data/ext/libmongocrypt/libmongocrypt/Earthfile +151 -3
- data/ext/libmongocrypt/libmongocrypt/README.md +36 -40
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/CMakeLists.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Driver.snk +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/AssemblyInfo.cs +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Binary.cs +16 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptClientFactory.cs +8 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Library.cs +10 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/LibraryLoader.cs +81 -44
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoDB.Libmongocrypt.csproj +2 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/MongoDB.Libmongocrypt.Test.csproj +2 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test32/MongoDB.Libmongocrypt.Test32.csproj +2 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/README.md +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.cake +21 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.config +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.sh +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/build.gradle.kts +28 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java +217 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/resources/keyDocument.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +21 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.jar +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.properties +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew +154 -108
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew.bat +7 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/settings.gradle.kts +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java +41 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPIHelper.java +5 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CipherCallback.java +27 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptImpl.java +34 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoExplicitEncryptOptions.java +6 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/jni-config.json +180 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/reflect-config.json +134 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +44 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/rangeopts.json +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/README.md +4 -900
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +60 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +41 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/python/RELEASE.rst +6 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/python/build-manylinux-wheel.sh +4 -13
- data/ext/libmongocrypt/libmongocrypt/bindings/python/hatch_build.py +36 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/__init__.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/auto_encrypter.py +61 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/credentials.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/explicit_encrypter.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py +149 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/auto_encrypter.py +2 -46
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binary.py +14 -17
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +107 -61
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/compat.py +6 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/credentials.py +2 -121
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/crypto.py +31 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/errors.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/explicit_encrypter.py +2 -233
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +168 -238
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/options.py +265 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/state_machine.py +2 -141
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/auto_encrypter.py +61 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/credentials.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/explicit_encrypter.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/state_machine.py +149 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pyproject.toml +118 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/release.sh +97 -61
- data/ext/libmongocrypt/libmongocrypt/bindings/python/{test-requirements.txt → requirements-test.txt} +4 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/requirements.txt +4 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +76 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/strip_header.py +6 -7
- data/ext/libmongocrypt/libmongocrypt/bindings/python/synchro.py +64 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/__init__.py +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/collection-info.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/command.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/compact/success/encrypted-payload.json +21 -21
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-command-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-field-config-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit-v2/int32/encrypted-payload.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit-v2/int32/rangeopts.json +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-rangePreview-explicit/int32/rangeopts.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-rangePreview-explicit/int32/value-to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document-azure.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document-gcp.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-filter.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/list-collections-filter.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/mongocryptd-command.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/schema-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/performance/keyDocument.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/performance/perf_test.py +165 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_binding.py +8 -12
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_crypto.py +9 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +988 -340
- data/ext/libmongocrypt/libmongocrypt/bindings/python/update-sbom.sh +14 -0
- data/ext/libmongocrypt/libmongocrypt/cmake/FetchMongoC.cmake +19 -1
- data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +23 -0
- data/ext/libmongocrypt/libmongocrypt/cmake/IntelDFP.cmake +19 -227
- data/ext/libmongocrypt/libmongocrypt/cmake/Patch.cmake +54 -0
- data/ext/libmongocrypt/libmongocrypt/doc/img/cli-icon.png +0 -0
- data/ext/libmongocrypt/libmongocrypt/doc/img/reference-targets.png +0 -0
- data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +153 -0
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version.py +61 -28
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version_selftest.sh +73 -0
- data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +108 -0
- data/ext/libmongocrypt/libmongocrypt/etc/format.sh +1 -1
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-pragma.patch +27 -0
- data/ext/libmongocrypt/libmongocrypt/etc/mongo-inteldfp-alpine-arm-fix.patch +17 -0
- data/ext/libmongocrypt/libmongocrypt/etc/packager.py +120 -91
- data/ext/libmongocrypt/libmongocrypt/etc/purls.txt +14 -0
- data/ext/libmongocrypt/libmongocrypt/etc/repo_config.yaml +56 -0
- data/ext/libmongocrypt/libmongocrypt/etc/silk-create-asset-group.sh +70 -0
- data/ext/libmongocrypt/libmongocrypt/etc/ssdlc_compliance_report.md +37 -0
- data/ext/libmongocrypt/libmongocrypt/etc/third_party_vulnerabilities.md +42 -0
- data/ext/libmongocrypt/libmongocrypt/integrating.md +18 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/CMakeLists.txt +11 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_gcp_request.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer.c +17 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer_private.h +6 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_request.c +211 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_response.c +163 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_tag_type_private.h +2 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_kmip_request.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_kmip_response.h +6 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_port.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +23 -2
- data/ext/libmongocrypt/libmongocrypt/src/crypto/libcrypto.c +13 -10
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +16 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +94 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +15 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +114 -53
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private-v2.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +21 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private.h +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-v2.c +38 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +20 -7
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private.h +8 -8
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +89 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev.c +1 -23
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds-private.h +4 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds.c +15 -12
- data/ext/libmongocrypt/libmongocrypt/src/mc-optional-private.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation-private.h +16 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +64 -22
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding-private.h +23 -4
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +359 -65
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +26 -14
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-private.h +17 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +31 -13
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +16 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +259 -63
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +40 -24
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +57 -13
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.test.cpp +5 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-binary-private.h +0 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +5 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-key.c +1 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth-private.h +16 -18
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth.c +105 -76
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto.c +9 -3
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +170 -89
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +505 -124
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +31 -6
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +81 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-dll-private.h +7 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek-private.h +5 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek.c +161 -103
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker-private.h +2 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +191 -69
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx-private.h +50 -15
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +365 -69
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +2 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +200 -107
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +50 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +591 -15
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +6 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +47 -234
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +75 -24
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +18 -2
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_dll.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/bypassQueryAnalysis/payload.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd-to-mongocryptd.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/cmd-to-mongocryptd.json +50 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/collinfo.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/encrypted-field-map.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/encrypted-payload-pattern.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/mongocryptd-reply.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/cmd.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/mongocryptd-reply.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/payload.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/missing-key-id/collinfo.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/collinfo.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/encrypted-payload.json +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/collinfo.json +63 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-field-config-map.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload-range-v2.json +37 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/collinfo.json +64 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +105 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/collinfo.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-field-config-map.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/collinfo.json +15 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +10 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload-range-v2.json +104 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload.json +6 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/collinfo.json +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +3 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/decrypt-response.txt +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/encrypt-response.txt +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/oauth-response.txt +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/encrypted-payload.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/mongocryptd-reply.json +69 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/mongocryptd-reply.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_decimal128.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_double.cstruct +8637 -7958
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_int32.cstruct +5522 -1382
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_int64.cstruct +5042 -1262
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_decimal128.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_decimal128_precision.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_double.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_double_precision.cstruct +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_int32.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_int64.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/cmd.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/mongocryptd-reply.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/mongocryptd-reply.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32/expected.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32/to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32-defaults/expected.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32-defaults/to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-double/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-int32/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-int32-defaults/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/README.md +7 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +9 -5
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +9 -5
- data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-gcp-auth.c +8 -8
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-range-payload-v2.c +43 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +76 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +89 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +342 -76
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +94 -12
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +205 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +49 -23
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +16 -19
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.h +22 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache-oauth.c +94 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cleanup.c +374 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-compact.c +121 -42
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +134 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.c +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.h +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +11 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +8 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +922 -92
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-setopt.c +114 -12
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +14 -9
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-ctx.c +424 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-log.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +447 -28
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-opts.c +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-traverse-util.c +30 -26
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.c +7 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.h +3 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +66 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-named-kms-providers.c +2381 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/HELP.autogen +3 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/README.md +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/csfle.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/make_includes.py +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/util.c +38 -3
- data/lib/libmongocrypt_helper/version.rb +2 -2
- metadata +112 -106
- checksums.yaml.gz.sig +0 -0
- data/ext/libmongocrypt/libmongocrypt/VERSION_CURRENT +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/cs.sln +0 -79
- data/ext/libmongocrypt/libmongocrypt/bindings/node/CHANGELOG.md +0 -105
- data/ext/libmongocrypt/libmongocrypt/bindings/node/LICENSE +0 -201
- data/ext/libmongocrypt/libmongocrypt/bindings/node/binding.gyp +0 -79
- data/ext/libmongocrypt/libmongocrypt/bindings/node/etc/README.hbs +0 -44
- data/ext/libmongocrypt/libmongocrypt/bindings/node/etc/build-static.sh +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/node/index.d.ts +0 -641
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/autoEncrypter.js +0 -420
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/buffer_pool.js +0 -123
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/clientEncryption.js +0 -821
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/common.js +0 -98
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/cryptoCallbacks.js +0 -87
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/errors.js +0 -75
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/index.js +0 -73
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/mongocryptdManager.js +0 -66
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/aws.js +0 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/azure.js +0 -178
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/gcp.js +0 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/index.js +0 -54
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/utils.js +0 -39
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/stateMachine.js +0 -492
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package-lock.json +0 -15302
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package.json +0 -100
- data/ext/libmongocrypt/libmongocrypt/bindings/node/src/mongocrypt.cc +0 -956
- data/ext/libmongocrypt/libmongocrypt/bindings/node/src/mongocrypt.h +0 -114
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/autoEncrypter.test.js +0 -950
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/buffer_pool.test.js +0 -91
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/clientEncryption.test.js +0 -1093
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/common.test.js +0 -94
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/cryptoCallbacks.test.js +0 -240
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/README.md +0 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/collection-info.json +0 -37
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encrypted-document-nested.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encrypted-document.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encryptedFields.json +0 -30
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/key-document.json +0 -32
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/key1-document.json +0 -30
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/mongocryptd-reply.json +0 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/index.test.js +0 -45
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/mongocryptdManager.test.js +0 -48
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/providers/credentialsProvider.test.js +0 -551
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/release.test.js +0 -66
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/requirements.helper.js +0 -51
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/stateMachine.test.js +0 -331
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/tools/chai-addons.js +0 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/tools/mongodb_reporter.js +0 -325
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/types/index.test-d.ts +0 -63
- data/ext/libmongocrypt/libmongocrypt/bindings/python/setup.py +0 -89
- data/ext/libmongocrypt/libmongocrypt/debian/build_snapshot.sh +0 -79
- data/ext/libmongocrypt/libmongocrypt/debian/changelog +0 -105
- data/ext/libmongocrypt/libmongocrypt/debian/compat +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/control +0 -41
- data/ext/libmongocrypt/libmongocrypt/debian/copyright +0 -129
- data/ext/libmongocrypt/libmongocrypt/debian/gbp.conf +0 -23
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt-dev.dirs +0 -2
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt-dev.install +0 -5
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt0.dirs +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt0.install +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/rules +0 -46
- data/ext/libmongocrypt/libmongocrypt/debian/source/format +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/source/lintian-overrides +0 -3
- data/ext/libmongocrypt/libmongocrypt/debian/source/options +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/watch +0 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/mongocryptd-reply.json +0 -72
- data.tar.gz.sig +0 -1
- metadata.gz.sig +0 -0
- /data/ext/libmongocrypt/libmongocrypt/{bindings/node/test/data/kms-decrypt-reply.txt → test/data/kms-aws/decrypt-response.txt} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/{bindings/node/test/data/kms-encrypt-reply.txt → test/data/kms-aws/encrypt-response.txt} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/decrypt-response.txt +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/encrypt-response.txt +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/oauth-response.txt +0 -0
@@ -39,12 +39,17 @@ typedef enum {
|
|
39
39
|
typedef enum {
|
40
40
|
MONGOCRYPT_INDEX_TYPE_NONE = 1,
|
41
41
|
MONGOCRYPT_INDEX_TYPE_EQUALITY = 2,
|
42
|
-
|
42
|
+
MONGOCRYPT_INDEX_TYPE_RANGE = 3,
|
43
|
+
MONGOCRYPT_INDEX_TYPE_RANGEPREVIEW_DEPRECATED = 4
|
43
44
|
} mongocrypt_index_type_t;
|
44
45
|
|
45
46
|
const char *_mongocrypt_index_type_to_string(mongocrypt_index_type_t val);
|
46
47
|
|
47
|
-
typedef enum {
|
48
|
+
typedef enum {
|
49
|
+
MONGOCRYPT_QUERY_TYPE_EQUALITY = 1,
|
50
|
+
MONGOCRYPT_QUERY_TYPE_RANGE = 2,
|
51
|
+
MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED = 3
|
52
|
+
} mongocrypt_query_type_t;
|
48
53
|
|
49
54
|
const char *_mongocrypt_query_type_to_string(mongocrypt_query_type_t val);
|
50
55
|
|
@@ -84,6 +89,7 @@ typedef struct __mongocrypt_ctx_opts_t {
|
|
84
89
|
|
85
90
|
/* All derived contexts may override these methods. */
|
86
91
|
typedef struct {
|
92
|
+
const char *(*mongo_db_collinfo)(mongocrypt_ctx_t *ctx);
|
87
93
|
bool (*mongo_op_collinfo)(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out);
|
88
94
|
bool (*mongo_feed_collinfo)(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *in);
|
89
95
|
bool (*mongo_done_collinfo)(mongocrypt_ctx_t *ctx);
|
@@ -129,9 +135,22 @@ bool _mongocrypt_ctx_fail_w_msg(mongocrypt_ctx_t *ctx, const char *msg);
|
|
129
135
|
typedef struct {
|
130
136
|
mongocrypt_ctx_t parent;
|
131
137
|
bool explicit;
|
132
|
-
|
133
|
-
|
134
|
-
char *
|
138
|
+
|
139
|
+
// `cmd_db` is the command database (appended as `$db`).
|
140
|
+
char *cmd_db;
|
141
|
+
|
142
|
+
// `target_ns` is the target namespace "<target_db>.<target_coll>" for the operation. May be associated with
|
143
|
+
// jsonSchema (CSFLE) or encryptedFields (QE). For `bulkWrite`, the target namespace database may differ from
|
144
|
+
// `cmd_db`.
|
145
|
+
char *target_ns;
|
146
|
+
|
147
|
+
// `target_db` is the target database for the operation. For `bulkWrite`, the target namespace database may differ
|
148
|
+
// from `cmd_db`. If `target_db` is NULL, the target namespace database is the same as `cmd_db`.
|
149
|
+
char *target_db;
|
150
|
+
|
151
|
+
// `target_coll` is the target namespace collection name.
|
152
|
+
char *target_coll;
|
153
|
+
|
135
154
|
_mongocrypt_buffer_t list_collections_filter;
|
136
155
|
_mongocrypt_buffer_t schema;
|
137
156
|
/* TODO CDRIVER-3150: audit + rename these buffers.
|
@@ -156,13 +175,19 @@ typedef struct {
|
|
156
175
|
* schema, and there were siblings. */
|
157
176
|
bool collinfo_has_siblings;
|
158
177
|
/* encrypted_field_config is set when:
|
159
|
-
* 1.
|
178
|
+
* 1. `target_ns` is present in an encrypted_field_config_map.
|
160
179
|
* 2. (TODO MONGOCRYPT-414) The collection has encryptedFields in the
|
161
180
|
* response to listCollections. encrypted_field_config is true if and only if
|
162
181
|
* encryption is using FLE 2.0.
|
182
|
+
* 3. The `bulkWrite` command is processed and needs an empty encryptedFields to be processed by query analysis.
|
183
|
+
* (`bulkWrite` does not support empty JSON schema).
|
163
184
|
*/
|
164
185
|
_mongocrypt_buffer_t encrypted_field_config;
|
165
186
|
mc_EncryptedFieldConfig_t efc;
|
187
|
+
// `used_empty_encryptedFields` is true if the collection has no JSON schema or encryptedFields,
|
188
|
+
// yet an empty encryptedFields was constructed to support query analysis.
|
189
|
+
// When true, an empty encryptedFields is sent to query analysis, but not appended to the final command.
|
190
|
+
bool used_empty_encryptedFields;
|
166
191
|
/* bypass_query_analysis is set to true to skip the
|
167
192
|
* MONGOCRYPT_CTX_NEED_MONGO_MARKINGS state. */
|
168
193
|
bool bypass_query_analysis;
|
@@ -258,8 +258,15 @@ bool mongocrypt_ctx_setopt_algorithm(mongocrypt_ctx_t *ctx, const char *algorith
|
|
258
258
|
} else if (mstr_eq_ignore_case(algo_str, mstrv_lit(MONGOCRYPT_ALGORITHM_UNINDEXED_STR))) {
|
259
259
|
ctx->opts.index_type.value = MONGOCRYPT_INDEX_TYPE_NONE;
|
260
260
|
ctx->opts.index_type.set = true;
|
261
|
-
} else if (mstr_eq_ignore_case(algo_str, mstrv_lit(
|
262
|
-
ctx->opts.index_type.value =
|
261
|
+
} else if (mstr_eq_ignore_case(algo_str, mstrv_lit(MONGOCRYPT_ALGORITHM_RANGE_STR))) {
|
262
|
+
ctx->opts.index_type.value = MONGOCRYPT_INDEX_TYPE_RANGE;
|
263
|
+
ctx->opts.index_type.set = true;
|
264
|
+
} else if (mstr_eq_ignore_case(algo_str, mstrv_lit(MONGOCRYPT_ALGORITHM_RANGEPREVIEW_DEPRECATED_STR))) {
|
265
|
+
if (ctx->crypt->opts.use_range_v2) {
|
266
|
+
_mongocrypt_ctx_fail_w_msg(ctx, "Algorithm 'rangePreview' is deprecated, please use 'range'");
|
267
|
+
return false;
|
268
|
+
}
|
269
|
+
ctx->opts.index_type.value = MONGOCRYPT_INDEX_TYPE_RANGEPREVIEW_DEPRECATED;
|
263
270
|
ctx->opts.index_type.set = true;
|
264
271
|
} else {
|
265
272
|
char *error = bson_strdup_printf("unsupported algorithm string \"%.*s\"",
|
@@ -379,6 +386,7 @@ bool mongocrypt_ctx_mongo_op(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
|
379
386
|
}
|
380
387
|
|
381
388
|
switch (ctx->state) {
|
389
|
+
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB:
|
382
390
|
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO: CHECK_AND_CALL(mongo_op_collinfo, ctx, out);
|
383
391
|
case MONGOCRYPT_CTX_NEED_MONGO_MARKINGS: CHECK_AND_CALL(mongo_op_markings, ctx, out);
|
384
392
|
case MONGOCRYPT_CTX_NEED_MONGO_KEYS: CHECK_AND_CALL(mongo_op_keys, ctx, out);
|
@@ -391,6 +399,38 @@ bool mongocrypt_ctx_mongo_op(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
|
391
399
|
}
|
392
400
|
}
|
393
401
|
|
402
|
+
const char *mongocrypt_ctx_mongo_db(mongocrypt_ctx_t *ctx) {
|
403
|
+
if (!ctx) {
|
404
|
+
return NULL;
|
405
|
+
}
|
406
|
+
if (!ctx->initialized) {
|
407
|
+
_mongocrypt_ctx_fail_w_msg(ctx, "ctx NULL or uninitialized");
|
408
|
+
return NULL;
|
409
|
+
}
|
410
|
+
|
411
|
+
switch (ctx->state) {
|
412
|
+
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB: {
|
413
|
+
if (!ctx->vtable.mongo_db_collinfo) {
|
414
|
+
_mongocrypt_ctx_fail_w_msg(ctx, "not applicable to context");
|
415
|
+
return NULL;
|
416
|
+
}
|
417
|
+
return ctx->vtable.mongo_db_collinfo(ctx);
|
418
|
+
}
|
419
|
+
case MONGOCRYPT_CTX_ERROR: return false;
|
420
|
+
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO:
|
421
|
+
case MONGOCRYPT_CTX_NEED_MONGO_MARKINGS:
|
422
|
+
case MONGOCRYPT_CTX_NEED_MONGO_KEYS:
|
423
|
+
case MONGOCRYPT_CTX_DONE:
|
424
|
+
case MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS:
|
425
|
+
case MONGOCRYPT_CTX_NEED_KMS:
|
426
|
+
case MONGOCRYPT_CTX_READY:
|
427
|
+
default: {
|
428
|
+
_mongocrypt_ctx_fail_w_msg(ctx, "wrong state");
|
429
|
+
return NULL;
|
430
|
+
}
|
431
|
+
}
|
432
|
+
}
|
433
|
+
|
394
434
|
bool mongocrypt_ctx_mongo_feed(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *in) {
|
395
435
|
if (!ctx) {
|
396
436
|
return false;
|
@@ -412,6 +452,7 @@ bool mongocrypt_ctx_mongo_feed(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *in) {
|
|
412
452
|
}
|
413
453
|
|
414
454
|
switch (ctx->state) {
|
455
|
+
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB:
|
415
456
|
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO: CHECK_AND_CALL(mongo_feed_collinfo, ctx, in);
|
416
457
|
case MONGOCRYPT_CTX_NEED_MONGO_MARKINGS: CHECK_AND_CALL(mongo_feed_markings, ctx, in);
|
417
458
|
case MONGOCRYPT_CTX_NEED_MONGO_KEYS: CHECK_AND_CALL(mongo_feed_keys, ctx, in);
|
@@ -433,6 +474,7 @@ bool mongocrypt_ctx_mongo_done(mongocrypt_ctx_t *ctx) {
|
|
433
474
|
}
|
434
475
|
|
435
476
|
switch (ctx->state) {
|
477
|
+
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB:
|
436
478
|
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO: CHECK_AND_CALL(mongo_done_collinfo, ctx);
|
437
479
|
case MONGOCRYPT_CTX_NEED_MONGO_MARKINGS: CHECK_AND_CALL(mongo_done_markings, ctx);
|
438
480
|
case MONGOCRYPT_CTX_NEED_MONGO_KEYS: CHECK_AND_CALL(mongo_done_keys, ctx);
|
@@ -476,6 +518,7 @@ mongocrypt_kms_ctx_t *mongocrypt_ctx_next_kms_ctx(mongocrypt_ctx_t *ctx) {
|
|
476
518
|
case MONGOCRYPT_CTX_ERROR: return NULL;
|
477
519
|
case MONGOCRYPT_CTX_DONE:
|
478
520
|
case MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS:
|
521
|
+
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB:
|
479
522
|
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO:
|
480
523
|
case MONGOCRYPT_CTX_NEED_MONGO_KEYS:
|
481
524
|
case MONGOCRYPT_CTX_NEED_MONGO_MARKINGS:
|
@@ -504,6 +547,8 @@ bool mongocrypt_ctx_provide_kms_providers(mongocrypt_ctx_t *ctx, mongocrypt_bina
|
|
504
547
|
return false;
|
505
548
|
}
|
506
549
|
|
550
|
+
_mongocrypt_opts_kms_providers_init(&ctx->per_ctx_kms_providers);
|
551
|
+
|
507
552
|
if (!_mongocrypt_parse_kms_providers(kms_providers_definition,
|
508
553
|
&ctx->per_ctx_kms_providers,
|
509
554
|
ctx->status,
|
@@ -545,6 +590,7 @@ bool mongocrypt_ctx_kms_done(mongocrypt_ctx_t *ctx) {
|
|
545
590
|
case MONGOCRYPT_CTX_ERROR: return false;
|
546
591
|
case MONGOCRYPT_CTX_DONE:
|
547
592
|
case MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS:
|
593
|
+
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB:
|
548
594
|
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO:
|
549
595
|
case MONGOCRYPT_CTX_NEED_MONGO_KEYS:
|
550
596
|
case MONGOCRYPT_CTX_NEED_MONGO_MARKINGS:
|
@@ -575,6 +621,7 @@ bool mongocrypt_ctx_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
|
575
621
|
case MONGOCRYPT_CTX_DONE:
|
576
622
|
case MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS:
|
577
623
|
case MONGOCRYPT_CTX_NEED_KMS:
|
624
|
+
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB:
|
578
625
|
case MONGOCRYPT_CTX_NEED_MONGO_COLLINFO:
|
579
626
|
case MONGOCRYPT_CTX_NEED_MONGO_KEYS:
|
580
627
|
case MONGOCRYPT_CTX_NEED_MONGO_MARKINGS:
|
@@ -711,6 +758,7 @@ bool mongocrypt_ctx_setopt_masterkey_local(mongocrypt_ctx_t *ctx) {
|
|
711
758
|
}
|
712
759
|
|
713
760
|
ctx->opts.kek.kms_provider = MONGOCRYPT_KMS_PROVIDER_LOCAL;
|
761
|
+
ctx->opts.kek.kmsid = bson_strdup("local");
|
714
762
|
return true;
|
715
763
|
}
|
716
764
|
|
@@ -747,9 +795,13 @@ bool _mongocrypt_ctx_init(mongocrypt_ctx_t *ctx, _mongocrypt_ctx_opts_spec_t *op
|
|
747
795
|
if (!ctx->opts.kek.kms_provider) {
|
748
796
|
return _mongocrypt_ctx_fail_w_msg(ctx, "master key required");
|
749
797
|
}
|
750
|
-
|
751
|
-
|
752
|
-
|
798
|
+
mc_kms_creds_t unused;
|
799
|
+
bool is_configured =
|
800
|
+
_mongocrypt_opts_kms_providers_lookup(_mongocrypt_ctx_kms_providers(ctx), ctx->opts.kek.kmsid, &unused);
|
801
|
+
if (!ctx->crypt->opts.use_need_kms_credentials_state && !is_configured) {
|
802
|
+
mongocrypt_status_t *status = ctx->status;
|
803
|
+
CLIENT_ERR("requested kms provider not configured: `%s`", ctx->opts.kek.kmsid);
|
804
|
+
return _mongocrypt_ctx_fail(ctx);
|
753
805
|
}
|
754
806
|
}
|
755
807
|
|
@@ -759,9 +811,16 @@ bool _mongocrypt_ctx_init(mongocrypt_ctx_t *ctx, _mongocrypt_ctx_opts_spec_t *op
|
|
759
811
|
|
760
812
|
/* Check that the kms provider required by the datakey is configured. */
|
761
813
|
if (ctx->opts.kek.kms_provider) {
|
762
|
-
|
763
|
-
|
764
|
-
|
814
|
+
mc_kms_creds_t unused;
|
815
|
+
bool is_configured =
|
816
|
+
_mongocrypt_opts_kms_providers_lookup(_mongocrypt_ctx_kms_providers(ctx), ctx->opts.kek.kmsid, &unused);
|
817
|
+
bool needs = _mongocrypt_needs_credentials_for_provider(ctx->crypt,
|
818
|
+
ctx->opts.kek.kms_provider,
|
819
|
+
ctx->opts.kek.kmsid_name);
|
820
|
+
if (!is_configured && !needs) {
|
821
|
+
mongocrypt_status_t *status = ctx->status;
|
822
|
+
CLIENT_ERR("requested kms provider required by datakey is not configured: `%s`", ctx->opts.kek.kmsid);
|
823
|
+
return _mongocrypt_ctx_fail(ctx);
|
765
824
|
}
|
766
825
|
}
|
767
826
|
|
@@ -1002,8 +1061,15 @@ bool mongocrypt_ctx_setopt_query_type(mongocrypt_ctx_t *ctx, const char *query_t
|
|
1002
1061
|
if (mstr_eq_ignore_case(qt_str, mstrv_lit(MONGOCRYPT_QUERY_TYPE_EQUALITY_STR))) {
|
1003
1062
|
ctx->opts.query_type.value = MONGOCRYPT_QUERY_TYPE_EQUALITY;
|
1004
1063
|
ctx->opts.query_type.set = true;
|
1005
|
-
} else if (mstr_eq_ignore_case(qt_str, mstrv_lit(
|
1006
|
-
ctx->opts.query_type.value =
|
1064
|
+
} else if (mstr_eq_ignore_case(qt_str, mstrv_lit(MONGOCRYPT_QUERY_TYPE_RANGE_STR))) {
|
1065
|
+
ctx->opts.query_type.value = MONGOCRYPT_QUERY_TYPE_RANGE;
|
1066
|
+
ctx->opts.query_type.set = true;
|
1067
|
+
} else if (mstr_eq_ignore_case(qt_str, mstrv_lit(MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED_STR))) {
|
1068
|
+
if (ctx->crypt->opts.use_range_v2) {
|
1069
|
+
_mongocrypt_ctx_fail_w_msg(ctx, "Query type 'rangePreview' is deprecated, please use 'range'");
|
1070
|
+
return false;
|
1071
|
+
}
|
1072
|
+
ctx->opts.query_type.value = MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED;
|
1007
1073
|
ctx->opts.query_type.set = true;
|
1008
1074
|
} else {
|
1009
1075
|
/* don't check if qt_str.len fits in int; we want the diagnostic output */
|
@@ -1021,7 +1087,8 @@ const char *_mongocrypt_index_type_to_string(mongocrypt_index_type_t val) {
|
|
1021
1087
|
switch (val) {
|
1022
1088
|
case MONGOCRYPT_INDEX_TYPE_NONE: return "None";
|
1023
1089
|
case MONGOCRYPT_INDEX_TYPE_EQUALITY: return "Equality";
|
1024
|
-
case
|
1090
|
+
case MONGOCRYPT_INDEX_TYPE_RANGE: return "Range";
|
1091
|
+
case MONGOCRYPT_INDEX_TYPE_RANGEPREVIEW_DEPRECATED: return "RangePreview";
|
1025
1092
|
default: return "Unknown";
|
1026
1093
|
}
|
1027
1094
|
}
|
@@ -1029,7 +1096,8 @@ const char *_mongocrypt_index_type_to_string(mongocrypt_index_type_t val) {
|
|
1029
1096
|
const char *_mongocrypt_query_type_to_string(mongocrypt_query_type_t val) {
|
1030
1097
|
switch (val) {
|
1031
1098
|
case MONGOCRYPT_QUERY_TYPE_EQUALITY: return "Equality";
|
1032
|
-
case
|
1099
|
+
case MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED: return "RangePreview";
|
1100
|
+
case MONGOCRYPT_QUERY_TYPE_RANGE: return "Range";
|
1033
1101
|
default: return "Unknown";
|
1034
1102
|
}
|
1035
1103
|
}
|
@@ -1057,7 +1125,7 @@ bool mongocrypt_ctx_setopt_algorithm_range(mongocrypt_ctx_t *ctx, mongocrypt_bin
|
|
1057
1125
|
return _mongocrypt_ctx_fail_w_msg(ctx, "invalid BSON");
|
1058
1126
|
}
|
1059
1127
|
|
1060
|
-
if (!mc_RangeOpts_parse(&ctx->opts.rangeopts.value, &as_bson, ctx->status)) {
|
1128
|
+
if (!mc_RangeOpts_parse(&ctx->opts.rangeopts.value, &as_bson, ctx->crypt->opts.use_range_v2, ctx->status)) {
|
1061
1129
|
return _mongocrypt_ctx_fail(ctx);
|
1062
1130
|
}
|
1063
1131
|
|
@@ -83,7 +83,14 @@ typedef struct mcr_dll_path_result {
|
|
83
83
|
* library, or an error string.
|
84
84
|
*
|
85
85
|
* @note Caller must free both `retval.path` and `retval.error_string`.
|
86
|
+
* @note Returns an error if not supported on this platform. Use
|
87
|
+
* `mcr_dll_path_supported` to check before calling.
|
86
88
|
*/
|
87
89
|
mcr_dll_path_result mcr_dll_path(mcr_dll dll);
|
88
90
|
|
91
|
+
/**
|
92
|
+
* @brief Return true if `mcr_dll_path` is supported on this platform.
|
93
|
+
*/
|
94
|
+
bool mcr_dll_path_supported(void);
|
95
|
+
|
89
96
|
#endif // MONGOCRYPT_DLL_PRIVATE_H
|
@@ -69,6 +69,7 @@ typedef struct {
|
|
69
69
|
typedef struct {
|
70
70
|
char *key_id; /* optional on parsing, required on appending. */
|
71
71
|
_mongocrypt_endpoint_t *endpoint; /* optional. */
|
72
|
+
bool delegated;
|
72
73
|
} _mongocrypt_kmip_kek_t;
|
73
74
|
|
74
75
|
typedef struct {
|
@@ -80,6 +81,9 @@ typedef struct {
|
|
80
81
|
_mongocrypt_aws_kek_t aws;
|
81
82
|
_mongocrypt_kmip_kek_t kmip;
|
82
83
|
} provider;
|
84
|
+
|
85
|
+
char *kmsid;
|
86
|
+
const char *kmsid_name;
|
83
87
|
} _mongocrypt_kek_t;
|
84
88
|
|
85
89
|
/* Parse a document describing a key encryption key.
|
@@ -100,4 +104,4 @@ void _mongocrypt_kek_copy_to(const _mongocrypt_kek_t *src, _mongocrypt_kek_t *ds
|
|
100
104
|
|
101
105
|
void _mongocrypt_kek_cleanup(_mongocrypt_kek_t *kek);
|
102
106
|
|
103
|
-
#endif /* MONGOCRYPT_KEK_PRIVATE_H */
|
107
|
+
#endif /* MONGOCRYPT_KEK_PRIVATE_H */
|
@@ -18,6 +18,126 @@
|
|
18
18
|
#include "mongocrypt-opts-private.h"
|
19
19
|
#include "mongocrypt-private.h"
|
20
20
|
|
21
|
+
static bool _mongocrypt_azure_kek_parse(_mongocrypt_azure_kek_t *azure,
|
22
|
+
const char *kmsid,
|
23
|
+
const bson_t *def,
|
24
|
+
mongocrypt_status_t *status) {
|
25
|
+
if (!_mongocrypt_parse_required_endpoint(def,
|
26
|
+
"keyVaultEndpoint",
|
27
|
+
&azure->key_vault_endpoint,
|
28
|
+
NULL /* opts */,
|
29
|
+
status)) {
|
30
|
+
return false;
|
31
|
+
}
|
32
|
+
|
33
|
+
if (!_mongocrypt_parse_required_utf8(def, "keyName", &azure->key_name, status)) {
|
34
|
+
return false;
|
35
|
+
}
|
36
|
+
|
37
|
+
if (!_mongocrypt_parse_optional_utf8(def, "keyVersion", &azure->key_version, status)) {
|
38
|
+
return false;
|
39
|
+
}
|
40
|
+
|
41
|
+
if (!_mongocrypt_check_allowed_fields(def,
|
42
|
+
NULL /* root */,
|
43
|
+
status,
|
44
|
+
"provider",
|
45
|
+
"keyVaultEndpoint",
|
46
|
+
"keyName",
|
47
|
+
"keyVersion")) {
|
48
|
+
return false;
|
49
|
+
}
|
50
|
+
return true;
|
51
|
+
}
|
52
|
+
|
53
|
+
static bool _mongocrypt_gcp_kek_parse(_mongocrypt_gcp_kek_t *gcp,
|
54
|
+
const char *kmsid,
|
55
|
+
const bson_t *def,
|
56
|
+
mongocrypt_status_t *status) {
|
57
|
+
if (!_mongocrypt_parse_optional_endpoint(def, "endpoint", &gcp->endpoint, NULL /* opts */, status)) {
|
58
|
+
return false;
|
59
|
+
}
|
60
|
+
|
61
|
+
if (!_mongocrypt_parse_required_utf8(def, "projectId", &gcp->project_id, status)) {
|
62
|
+
return false;
|
63
|
+
}
|
64
|
+
|
65
|
+
if (!_mongocrypt_parse_required_utf8(def, "location", &gcp->location, status)) {
|
66
|
+
return false;
|
67
|
+
}
|
68
|
+
|
69
|
+
if (!_mongocrypt_parse_required_utf8(def, "keyRing", &gcp->key_ring, status)) {
|
70
|
+
return false;
|
71
|
+
}
|
72
|
+
|
73
|
+
if (!_mongocrypt_parse_required_utf8(def, "keyName", &gcp->key_name, status)) {
|
74
|
+
return false;
|
75
|
+
}
|
76
|
+
|
77
|
+
if (!_mongocrypt_parse_optional_utf8(def, "keyVersion", &gcp->key_version, status)) {
|
78
|
+
return false;
|
79
|
+
}
|
80
|
+
if (!_mongocrypt_check_allowed_fields(def,
|
81
|
+
NULL,
|
82
|
+
status,
|
83
|
+
"provider",
|
84
|
+
"endpoint",
|
85
|
+
"projectId",
|
86
|
+
"location",
|
87
|
+
"keyRing",
|
88
|
+
"keyName",
|
89
|
+
"keyVersion")) {
|
90
|
+
return false;
|
91
|
+
}
|
92
|
+
return true;
|
93
|
+
}
|
94
|
+
|
95
|
+
static bool _mongocrypt_aws_kek_parse(_mongocrypt_aws_kek_t *aws,
|
96
|
+
const char *kmsid,
|
97
|
+
const bson_t *def,
|
98
|
+
mongocrypt_status_t *status) {
|
99
|
+
if (!_mongocrypt_parse_required_utf8(def, "key", &aws->cmk, status)) {
|
100
|
+
return false;
|
101
|
+
}
|
102
|
+
if (!_mongocrypt_parse_required_utf8(def, "region", &aws->region, status)) {
|
103
|
+
return false;
|
104
|
+
}
|
105
|
+
if (!_mongocrypt_parse_optional_endpoint(def, "endpoint", &aws->endpoint, NULL /* opts */, status)) {
|
106
|
+
return false;
|
107
|
+
}
|
108
|
+
if (!_mongocrypt_check_allowed_fields(def, NULL, status, "provider", "key", "region", "endpoint")) {
|
109
|
+
return false;
|
110
|
+
}
|
111
|
+
|
112
|
+
return true;
|
113
|
+
}
|
114
|
+
|
115
|
+
static bool _mongocrypt_kmip_kek_parse(_mongocrypt_kmip_kek_t *kmip,
|
116
|
+
const char *kmsid,
|
117
|
+
const bson_t *def,
|
118
|
+
mongocrypt_status_t *status) {
|
119
|
+
_mongocrypt_endpoint_parse_opts_t opts = {0};
|
120
|
+
|
121
|
+
opts.allow_empty_subdomain = true;
|
122
|
+
if (!_mongocrypt_parse_optional_endpoint(def, "endpoint", &kmip->endpoint, &opts, status)) {
|
123
|
+
return false;
|
124
|
+
}
|
125
|
+
|
126
|
+
if (!_mongocrypt_parse_optional_utf8(def, "keyId", &kmip->key_id, status)) {
|
127
|
+
return false;
|
128
|
+
}
|
129
|
+
|
130
|
+
kmip->delegated = false;
|
131
|
+
if (!_mongocrypt_parse_optional_bool(def, "delegated", &kmip->delegated, status)) {
|
132
|
+
return false;
|
133
|
+
}
|
134
|
+
|
135
|
+
if (!_mongocrypt_check_allowed_fields(def, NULL, status, "provider", "endpoint", "keyId", "delegated")) {
|
136
|
+
return false;
|
137
|
+
}
|
138
|
+
return true;
|
139
|
+
}
|
140
|
+
|
21
141
|
/* Possible documents to parse:
|
22
142
|
* AWS
|
23
143
|
* provider: "aws"
|
@@ -55,116 +175,50 @@ bool _mongocrypt_kek_parse_owned(const bson_t *bson, _mongocrypt_kek_t *kek, mon
|
|
55
175
|
goto done;
|
56
176
|
}
|
57
177
|
|
58
|
-
|
59
|
-
kek->kms_provider = MONGOCRYPT_KMS_PROVIDER_AWS;
|
60
|
-
if (!_mongocrypt_parse_required_utf8(bson, "key", &kek->provider.aws.cmk, status)) {
|
61
|
-
goto done;
|
62
|
-
}
|
63
|
-
if (!_mongocrypt_parse_required_utf8(bson, "region", &kek->provider.aws.region, status)) {
|
64
|
-
goto done;
|
65
|
-
}
|
66
|
-
if (!_mongocrypt_parse_optional_endpoint(bson,
|
67
|
-
"endpoint",
|
68
|
-
&kek->provider.aws.endpoint,
|
69
|
-
NULL /* opts */,
|
70
|
-
status)) {
|
71
|
-
goto done;
|
72
|
-
}
|
73
|
-
if (!_mongocrypt_check_allowed_fields(bson, NULL, status, "provider", "key", "region", "endpoint")) {
|
74
|
-
goto done;
|
75
|
-
}
|
76
|
-
} else if (0 == strcmp(kms_provider, "local")) {
|
77
|
-
kek->kms_provider = MONGOCRYPT_KMS_PROVIDER_LOCAL;
|
78
|
-
if (!_mongocrypt_check_allowed_fields(bson, NULL, status, "provider")) {
|
79
|
-
goto done;
|
80
|
-
}
|
81
|
-
} else if (0 == strcmp(kms_provider, "azure")) {
|
82
|
-
kek->kms_provider = MONGOCRYPT_KMS_PROVIDER_AZURE;
|
83
|
-
if (!_mongocrypt_parse_required_endpoint(bson,
|
84
|
-
"keyVaultEndpoint",
|
85
|
-
&kek->provider.azure.key_vault_endpoint,
|
86
|
-
NULL /* opts */,
|
87
|
-
status)) {
|
88
|
-
goto done;
|
89
|
-
}
|
90
|
-
|
91
|
-
if (!_mongocrypt_parse_required_utf8(bson, "keyName", &kek->provider.azure.key_name, status)) {
|
92
|
-
goto done;
|
93
|
-
}
|
94
|
-
|
95
|
-
if (!_mongocrypt_parse_optional_utf8(bson, "keyVersion", &kek->provider.azure.key_version, status)) {
|
96
|
-
goto done;
|
97
|
-
}
|
98
|
-
|
99
|
-
if (!_mongocrypt_check_allowed_fields(bson,
|
100
|
-
NULL,
|
101
|
-
status,
|
102
|
-
"provider",
|
103
|
-
"keyVaultEndpoint",
|
104
|
-
"keyName",
|
105
|
-
"keyVersion")) {
|
106
|
-
goto done;
|
107
|
-
}
|
108
|
-
} else if (0 == strcmp(kms_provider, "gcp")) {
|
109
|
-
kek->kms_provider = MONGOCRYPT_KMS_PROVIDER_GCP;
|
110
|
-
if (!_mongocrypt_parse_optional_endpoint(bson,
|
111
|
-
"endpoint",
|
112
|
-
&kek->provider.gcp.endpoint,
|
113
|
-
NULL /* opts */,
|
114
|
-
status)) {
|
115
|
-
goto done;
|
116
|
-
}
|
117
|
-
|
118
|
-
if (!_mongocrypt_parse_required_utf8(bson, "projectId", &kek->provider.gcp.project_id, status)) {
|
119
|
-
goto done;
|
120
|
-
}
|
121
|
-
|
122
|
-
if (!_mongocrypt_parse_required_utf8(bson, "location", &kek->provider.gcp.location, status)) {
|
123
|
-
goto done;
|
124
|
-
}
|
125
|
-
|
126
|
-
if (!_mongocrypt_parse_required_utf8(bson, "keyRing", &kek->provider.gcp.key_ring, status)) {
|
127
|
-
goto done;
|
128
|
-
}
|
178
|
+
kek->kmsid = bson_strdup(kms_provider);
|
129
179
|
|
130
|
-
|
131
|
-
|
132
|
-
|
180
|
+
_mongocrypt_kms_provider_t type;
|
181
|
+
if (!mc_kmsid_parse(kek->kmsid, &type, &kek->kmsid_name, status)) {
|
182
|
+
goto done;
|
183
|
+
}
|
133
184
|
|
134
|
-
|
185
|
+
kek->kms_provider = type;
|
186
|
+
switch (type) {
|
187
|
+
default:
|
188
|
+
case MONGOCRYPT_KMS_PROVIDER_NONE: {
|
189
|
+
CLIENT_ERR("Unexpected parsing KMS type: none");
|
190
|
+
goto done;
|
191
|
+
}
|
192
|
+
case MONGOCRYPT_KMS_PROVIDER_AWS: {
|
193
|
+
if (!_mongocrypt_aws_kek_parse(&kek->provider.aws, kek->kmsid, bson, status)) {
|
135
194
|
goto done;
|
136
195
|
}
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
"endpoint",
|
142
|
-
"projectId",
|
143
|
-
"location",
|
144
|
-
"keyRing",
|
145
|
-
"keyName",
|
146
|
-
"keyVersion")) {
|
196
|
+
break;
|
197
|
+
}
|
198
|
+
case MONGOCRYPT_KMS_PROVIDER_LOCAL: {
|
199
|
+
if (!_mongocrypt_check_allowed_fields(bson, NULL, status, "provider")) {
|
147
200
|
goto done;
|
148
201
|
}
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
opts.allow_empty_subdomain = true;
|
154
|
-
if (!_mongocrypt_parse_optional_endpoint(bson, "endpoint", &kek->provider.kmip.endpoint, &opts, status)) {
|
202
|
+
break;
|
203
|
+
}
|
204
|
+
case MONGOCRYPT_KMS_PROVIDER_AZURE: {
|
205
|
+
if (!_mongocrypt_azure_kek_parse(&kek->provider.azure, kek->kmsid, bson, status)) {
|
155
206
|
goto done;
|
156
207
|
}
|
157
|
-
|
158
|
-
|
208
|
+
break;
|
209
|
+
}
|
210
|
+
case MONGOCRYPT_KMS_PROVIDER_GCP: {
|
211
|
+
if (!_mongocrypt_gcp_kek_parse(&kek->provider.gcp, kek->kmsid, bson, status)) {
|
159
212
|
goto done;
|
160
213
|
}
|
161
|
-
|
162
|
-
|
214
|
+
break;
|
215
|
+
}
|
216
|
+
case MONGOCRYPT_KMS_PROVIDER_KMIP: {
|
217
|
+
if (!_mongocrypt_kmip_kek_parse(&kek->provider.kmip, kek->kmsid, bson, status)) {
|
163
218
|
goto done;
|
164
219
|
}
|
165
|
-
|
166
|
-
|
167
|
-
goto done;
|
220
|
+
break;
|
221
|
+
}
|
168
222
|
}
|
169
223
|
|
170
224
|
ret = true;
|
@@ -177,24 +231,22 @@ bool _mongocrypt_kek_append(const _mongocrypt_kek_t *kek, bson_t *bson, mongocry
|
|
177
231
|
BSON_ASSERT_PARAM(kek);
|
178
232
|
BSON_ASSERT_PARAM(bson);
|
179
233
|
|
234
|
+
BSON_APPEND_UTF8(bson, "provider", kek->kmsid);
|
180
235
|
if (kek->kms_provider == MONGOCRYPT_KMS_PROVIDER_AWS) {
|
181
|
-
BSON_APPEND_UTF8(bson, "provider", "aws");
|
182
236
|
BSON_APPEND_UTF8(bson, "region", kek->provider.aws.region);
|
183
237
|
BSON_APPEND_UTF8(bson, "key", kek->provider.aws.cmk);
|
184
238
|
if (kek->provider.aws.endpoint) {
|
185
239
|
BSON_APPEND_UTF8(bson, "endpoint", kek->provider.aws.endpoint->host_and_port);
|
186
240
|
}
|
187
241
|
} else if (kek->kms_provider == MONGOCRYPT_KMS_PROVIDER_LOCAL) {
|
188
|
-
|
242
|
+
// Only `provider` is needed.
|
189
243
|
} else if (kek->kms_provider == MONGOCRYPT_KMS_PROVIDER_AZURE) {
|
190
|
-
BSON_APPEND_UTF8(bson, "provider", "azure");
|
191
244
|
BSON_APPEND_UTF8(bson, "keyVaultEndpoint", kek->provider.azure.key_vault_endpoint->host_and_port);
|
192
245
|
BSON_APPEND_UTF8(bson, "keyName", kek->provider.azure.key_name);
|
193
246
|
if (kek->provider.azure.key_version) {
|
194
247
|
BSON_APPEND_UTF8(bson, "keyVersion", kek->provider.azure.key_version);
|
195
248
|
}
|
196
249
|
} else if (kek->kms_provider == MONGOCRYPT_KMS_PROVIDER_GCP) {
|
197
|
-
BSON_APPEND_UTF8(bson, "provider", "gcp");
|
198
250
|
BSON_APPEND_UTF8(bson, "projectId", kek->provider.gcp.project_id);
|
199
251
|
BSON_APPEND_UTF8(bson, "location", kek->provider.gcp.location);
|
200
252
|
BSON_APPEND_UTF8(bson, "keyRing", kek->provider.gcp.key_ring);
|
@@ -206,11 +258,14 @@ bool _mongocrypt_kek_append(const _mongocrypt_kek_t *kek, bson_t *bson, mongocry
|
|
206
258
|
BSON_APPEND_UTF8(bson, "endpoint", kek->provider.gcp.endpoint->host_and_port);
|
207
259
|
}
|
208
260
|
} else if (kek->kms_provider == MONGOCRYPT_KMS_PROVIDER_KMIP) {
|
209
|
-
BSON_APPEND_UTF8(bson, "provider", "kmip");
|
210
261
|
if (kek->provider.kmip.endpoint) {
|
211
262
|
BSON_APPEND_UTF8(bson, "endpoint", kek->provider.kmip.endpoint->host_and_port);
|
212
263
|
}
|
213
264
|
|
265
|
+
if (kek->provider.kmip.delegated) {
|
266
|
+
BSON_APPEND_BOOL(bson, "delegated", kek->provider.kmip.delegated);
|
267
|
+
}
|
268
|
+
|
214
269
|
/* "keyId" is required in the final data key document for the "kmip" KMS
|
215
270
|
* provider. It may be set from the "kmip.keyId" in the BSON document set
|
216
271
|
* in mongocrypt_ctx_setopt_key_encryption_key, Otherwise, libmongocrypt
|
@@ -249,11 +304,13 @@ void _mongocrypt_kek_copy_to(const _mongocrypt_kek_t *src, _mongocrypt_kek_t *ds
|
|
249
304
|
} else if (src->kms_provider == MONGOCRYPT_KMS_PROVIDER_KMIP) {
|
250
305
|
dst->provider.kmip.endpoint = _mongocrypt_endpoint_copy(src->provider.kmip.endpoint);
|
251
306
|
dst->provider.kmip.key_id = bson_strdup(src->provider.kmip.key_id);
|
307
|
+
dst->provider.kmip.delegated = src->provider.kmip.delegated;
|
252
308
|
} else {
|
253
309
|
BSON_ASSERT(src->kms_provider == MONGOCRYPT_KMS_PROVIDER_NONE
|
254
310
|
|| src->kms_provider == MONGOCRYPT_KMS_PROVIDER_LOCAL);
|
255
311
|
}
|
256
312
|
dst->kms_provider = src->kms_provider;
|
313
|
+
dst->kmsid = bson_strdup(src->kmsid);
|
257
314
|
}
|
258
315
|
|
259
316
|
void _mongocrypt_kek_cleanup(_mongocrypt_kek_t *kek) {
|
@@ -283,5 +340,6 @@ void _mongocrypt_kek_cleanup(_mongocrypt_kek_t *kek) {
|
|
283
340
|
BSON_ASSERT(kek->kms_provider == MONGOCRYPT_KMS_PROVIDER_NONE
|
284
341
|
|| kek->kms_provider == MONGOCRYPT_KMS_PROVIDER_LOCAL);
|
285
342
|
}
|
343
|
+
bson_free(kek->kmsid);
|
286
344
|
return;
|
287
345
|
}
|
@@ -87,11 +87,7 @@ typedef struct _key_returned_t {
|
|
87
87
|
struct _key_returned_t *next;
|
88
88
|
} key_returned_t;
|
89
89
|
|
90
|
-
typedef struct
|
91
|
-
mongocrypt_kms_ctx_t kms;
|
92
|
-
bool returned;
|
93
|
-
bool initialized;
|
94
|
-
} auth_request_t;
|
90
|
+
typedef struct _mc_mapof_kmsid_to_authrequest_t mc_mapof_kmsid_to_authrequest_t;
|
95
91
|
|
96
92
|
typedef struct {
|
97
93
|
key_broker_state_t state;
|
@@ -109,8 +105,7 @@ typedef struct {
|
|
109
105
|
mongocrypt_t *crypt;
|
110
106
|
|
111
107
|
key_returned_t *decryptor_iter;
|
112
|
-
|
113
|
-
auth_request_t auth_request_gcp;
|
108
|
+
mc_mapof_kmsid_to_authrequest_t *auth_requests;
|
114
109
|
} _mongocrypt_key_broker_t;
|
115
110
|
|
116
111
|
void _mongocrypt_key_broker_init(_mongocrypt_key_broker_t *kb, mongocrypt_t *crypt);
|