libmongocrypt-helper 1.8.0.0.1001 → 1.11.0.0.1001
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +33 -0
- data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +12 -1
- data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +1 -4
- data/ext/libmongocrypt/libmongocrypt/Earthfile +151 -3
- data/ext/libmongocrypt/libmongocrypt/README.md +36 -40
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/CMakeLists.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Driver.snk +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/AssemblyInfo.cs +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Binary.cs +16 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptClientFactory.cs +8 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Library.cs +10 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/LibraryLoader.cs +81 -44
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoDB.Libmongocrypt.csproj +2 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/MongoDB.Libmongocrypt.Test.csproj +2 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test32/MongoDB.Libmongocrypt.Test32.csproj +2 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/README.md +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.cake +21 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.config +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.sh +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/build.gradle.kts +28 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java +217 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/resources/keyDocument.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +21 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.jar +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.properties +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew +154 -108
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew.bat +7 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/settings.gradle.kts +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java +41 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPIHelper.java +5 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CipherCallback.java +27 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptImpl.java +34 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoExplicitEncryptOptions.java +6 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/jni-config.json +180 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/reflect-config.json +134 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +44 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/rangeopts.json +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/README.md +4 -900
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +60 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +41 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/python/RELEASE.rst +6 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/python/build-manylinux-wheel.sh +4 -13
- data/ext/libmongocrypt/libmongocrypt/bindings/python/hatch_build.py +36 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/__init__.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/auto_encrypter.py +61 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/credentials.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/explicit_encrypter.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py +149 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/auto_encrypter.py +2 -46
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binary.py +14 -17
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +107 -61
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/compat.py +6 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/credentials.py +2 -121
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/crypto.py +31 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/errors.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/explicit_encrypter.py +2 -233
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +168 -238
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/options.py +265 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/state_machine.py +2 -141
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/auto_encrypter.py +61 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/credentials.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/explicit_encrypter.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/state_machine.py +149 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pyproject.toml +118 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/release.sh +97 -61
- data/ext/libmongocrypt/libmongocrypt/bindings/python/{test-requirements.txt → requirements-test.txt} +4 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/requirements.txt +4 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +76 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/strip_header.py +6 -7
- data/ext/libmongocrypt/libmongocrypt/bindings/python/synchro.py +64 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/__init__.py +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/collection-info.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/command.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/compact/success/encrypted-payload.json +21 -21
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-command-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-field-config-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit-v2/int32/encrypted-payload.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit-v2/int32/rangeopts.json +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-rangePreview-explicit/int32/rangeopts.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-rangePreview-explicit/int32/value-to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document-azure.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document-gcp.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-filter.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/list-collections-filter.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/mongocryptd-command.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/schema-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/performance/keyDocument.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/performance/perf_test.py +165 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_binding.py +8 -12
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_crypto.py +9 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +988 -340
- data/ext/libmongocrypt/libmongocrypt/bindings/python/update-sbom.sh +14 -0
- data/ext/libmongocrypt/libmongocrypt/cmake/FetchMongoC.cmake +19 -1
- data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +23 -0
- data/ext/libmongocrypt/libmongocrypt/cmake/IntelDFP.cmake +19 -227
- data/ext/libmongocrypt/libmongocrypt/cmake/Patch.cmake +54 -0
- data/ext/libmongocrypt/libmongocrypt/doc/img/cli-icon.png +0 -0
- data/ext/libmongocrypt/libmongocrypt/doc/img/reference-targets.png +0 -0
- data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +153 -0
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version.py +61 -28
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version_selftest.sh +73 -0
- data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +108 -0
- data/ext/libmongocrypt/libmongocrypt/etc/format.sh +1 -1
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-pragma.patch +27 -0
- data/ext/libmongocrypt/libmongocrypt/etc/mongo-inteldfp-alpine-arm-fix.patch +17 -0
- data/ext/libmongocrypt/libmongocrypt/etc/packager.py +120 -91
- data/ext/libmongocrypt/libmongocrypt/etc/purls.txt +14 -0
- data/ext/libmongocrypt/libmongocrypt/etc/repo_config.yaml +56 -0
- data/ext/libmongocrypt/libmongocrypt/etc/silk-create-asset-group.sh +70 -0
- data/ext/libmongocrypt/libmongocrypt/etc/ssdlc_compliance_report.md +37 -0
- data/ext/libmongocrypt/libmongocrypt/etc/third_party_vulnerabilities.md +42 -0
- data/ext/libmongocrypt/libmongocrypt/integrating.md +18 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/CMakeLists.txt +11 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_gcp_request.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer.c +17 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer_private.h +6 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_request.c +211 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_response.c +163 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_tag_type_private.h +2 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_kmip_request.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_kmip_response.h +6 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_port.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +23 -2
- data/ext/libmongocrypt/libmongocrypt/src/crypto/libcrypto.c +13 -10
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +16 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +94 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +15 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +114 -53
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private-v2.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +21 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private.h +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-v2.c +38 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +20 -7
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private.h +8 -8
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +89 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev.c +1 -23
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds-private.h +4 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds.c +15 -12
- data/ext/libmongocrypt/libmongocrypt/src/mc-optional-private.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation-private.h +16 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +64 -22
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding-private.h +23 -4
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +359 -65
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +26 -14
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-private.h +17 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +31 -13
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +16 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +259 -63
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +40 -24
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +57 -13
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.test.cpp +5 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-binary-private.h +0 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +5 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-key.c +1 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth-private.h +16 -18
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth.c +105 -76
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto.c +9 -3
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +170 -89
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +505 -124
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +31 -6
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +81 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-dll-private.h +7 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek-private.h +5 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek.c +161 -103
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker-private.h +2 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +191 -69
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx-private.h +50 -15
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +365 -69
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +2 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +200 -107
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +50 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +591 -15
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +6 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +47 -234
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +75 -24
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +18 -2
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_dll.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/bypassQueryAnalysis/payload.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd-to-mongocryptd.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/cmd-to-mongocryptd.json +50 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/collinfo.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/encrypted-field-map.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/encrypted-payload-pattern.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/mongocryptd-reply.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/cmd.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/mongocryptd-reply.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/payload.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/missing-key-id/collinfo.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/collinfo.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/encrypted-payload.json +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/collinfo.json +63 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-field-config-map.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload-range-v2.json +37 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/collinfo.json +64 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +105 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/collinfo.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-field-config-map.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/collinfo.json +15 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +10 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload-range-v2.json +104 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload.json +6 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/collinfo.json +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +3 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/decrypt-response.txt +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/encrypt-response.txt +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/oauth-response.txt +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/encrypted-payload.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/mongocryptd-reply.json +69 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/mongocryptd-reply.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_decimal128.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_double.cstruct +8637 -7958
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_int32.cstruct +5522 -1382
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_int64.cstruct +5042 -1262
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_decimal128.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_decimal128_precision.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_double.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_double_precision.cstruct +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_int32.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_int64.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/cmd.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/mongocryptd-reply.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/mongocryptd-reply.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32/expected.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32/to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32-defaults/expected.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32-defaults/to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-double/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-int32/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-int32-defaults/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/README.md +7 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +9 -5
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +9 -5
- data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-gcp-auth.c +8 -8
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-range-payload-v2.c +43 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +76 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +89 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +342 -76
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +94 -12
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +205 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +49 -23
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +16 -19
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.h +22 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache-oauth.c +94 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cleanup.c +374 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-compact.c +121 -42
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +134 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.c +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.h +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +11 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +8 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +922 -92
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-setopt.c +114 -12
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +14 -9
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-ctx.c +424 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-log.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +447 -28
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-opts.c +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-traverse-util.c +30 -26
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.c +7 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.h +3 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +66 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-named-kms-providers.c +2381 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/HELP.autogen +3 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/README.md +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/csfle.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/make_includes.py +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/util.c +38 -3
- data/lib/libmongocrypt_helper/version.rb +2 -2
- metadata +112 -106
- checksums.yaml.gz.sig +0 -0
- data/ext/libmongocrypt/libmongocrypt/VERSION_CURRENT +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/cs.sln +0 -79
- data/ext/libmongocrypt/libmongocrypt/bindings/node/CHANGELOG.md +0 -105
- data/ext/libmongocrypt/libmongocrypt/bindings/node/LICENSE +0 -201
- data/ext/libmongocrypt/libmongocrypt/bindings/node/binding.gyp +0 -79
- data/ext/libmongocrypt/libmongocrypt/bindings/node/etc/README.hbs +0 -44
- data/ext/libmongocrypt/libmongocrypt/bindings/node/etc/build-static.sh +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/node/index.d.ts +0 -641
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/autoEncrypter.js +0 -420
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/buffer_pool.js +0 -123
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/clientEncryption.js +0 -821
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/common.js +0 -98
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/cryptoCallbacks.js +0 -87
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/errors.js +0 -75
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/index.js +0 -73
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/mongocryptdManager.js +0 -66
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/aws.js +0 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/azure.js +0 -178
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/gcp.js +0 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/index.js +0 -54
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/utils.js +0 -39
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/stateMachine.js +0 -492
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package-lock.json +0 -15302
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package.json +0 -100
- data/ext/libmongocrypt/libmongocrypt/bindings/node/src/mongocrypt.cc +0 -956
- data/ext/libmongocrypt/libmongocrypt/bindings/node/src/mongocrypt.h +0 -114
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/autoEncrypter.test.js +0 -950
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/buffer_pool.test.js +0 -91
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/clientEncryption.test.js +0 -1093
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/common.test.js +0 -94
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/cryptoCallbacks.test.js +0 -240
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/README.md +0 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/collection-info.json +0 -37
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encrypted-document-nested.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encrypted-document.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encryptedFields.json +0 -30
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/key-document.json +0 -32
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/key1-document.json +0 -30
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/mongocryptd-reply.json +0 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/index.test.js +0 -45
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/mongocryptdManager.test.js +0 -48
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/providers/credentialsProvider.test.js +0 -551
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/release.test.js +0 -66
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/requirements.helper.js +0 -51
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/stateMachine.test.js +0 -331
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/tools/chai-addons.js +0 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/tools/mongodb_reporter.js +0 -325
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/types/index.test-d.ts +0 -63
- data/ext/libmongocrypt/libmongocrypt/bindings/python/setup.py +0 -89
- data/ext/libmongocrypt/libmongocrypt/debian/build_snapshot.sh +0 -79
- data/ext/libmongocrypt/libmongocrypt/debian/changelog +0 -105
- data/ext/libmongocrypt/libmongocrypt/debian/compat +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/control +0 -41
- data/ext/libmongocrypt/libmongocrypt/debian/copyright +0 -129
- data/ext/libmongocrypt/libmongocrypt/debian/gbp.conf +0 -23
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt-dev.dirs +0 -2
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt-dev.install +0 -5
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt0.dirs +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt0.install +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/rules +0 -46
- data/ext/libmongocrypt/libmongocrypt/debian/source/format +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/source/lintian-overrides +0 -3
- data/ext/libmongocrypt/libmongocrypt/debian/source/options +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/watch +0 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/mongocryptd-reply.json +0 -72
- data.tar.gz.sig +0 -1
- metadata.gz.sig +0 -0
- /data/ext/libmongocrypt/libmongocrypt/{bindings/node/test/data/kms-decrypt-reply.txt → test/data/kms-aws/decrypt-response.txt} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/{bindings/node/test/data/kms-encrypt-reply.txt → test/data/kms-aws/encrypt-response.txt} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/decrypt-response.txt +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/encrypt-response.txt +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/oauth-response.txt +0 -0
@@ -14,9 +14,87 @@
|
|
14
14
|
* limitations under the License.
|
15
15
|
*/
|
16
16
|
|
17
|
+
#include "mc-array-private.h"
|
17
18
|
#include "mongocrypt-key-broker-private.h"
|
18
19
|
#include "mongocrypt-private.h"
|
19
20
|
|
21
|
+
typedef struct _auth_request_t {
|
22
|
+
mongocrypt_kms_ctx_t kms;
|
23
|
+
bool returned;
|
24
|
+
char *kmsid;
|
25
|
+
} auth_request_t;
|
26
|
+
|
27
|
+
auth_request_t *auth_request_new() {
|
28
|
+
return bson_malloc0(sizeof(auth_request_t));
|
29
|
+
}
|
30
|
+
|
31
|
+
void auth_request_destroy(auth_request_t *ar) {
|
32
|
+
if (!ar) {
|
33
|
+
return;
|
34
|
+
}
|
35
|
+
_mongocrypt_kms_ctx_cleanup(&ar->kms);
|
36
|
+
bson_free(ar->kmsid);
|
37
|
+
bson_free(ar);
|
38
|
+
}
|
39
|
+
|
40
|
+
struct _mc_mapof_kmsid_to_authrequest_t {
|
41
|
+
mc_array_t entries;
|
42
|
+
};
|
43
|
+
|
44
|
+
mc_mapof_kmsid_to_authrequest_t *mc_mapof_kmsid_to_authrequest_new(void) {
|
45
|
+
mc_mapof_kmsid_to_authrequest_t *k2a = bson_malloc0(sizeof(mc_mapof_kmsid_to_authrequest_t));
|
46
|
+
_mc_array_init(&k2a->entries, sizeof(auth_request_t *));
|
47
|
+
return k2a;
|
48
|
+
}
|
49
|
+
|
50
|
+
void mc_mapof_kmsid_to_authrequest_destroy(mc_mapof_kmsid_to_authrequest_t *k2a) {
|
51
|
+
if (!k2a) {
|
52
|
+
return;
|
53
|
+
}
|
54
|
+
for (size_t i = 0; i < k2a->entries.len; i++) {
|
55
|
+
auth_request_t *ar = _mc_array_index(&k2a->entries, auth_request_t *, i);
|
56
|
+
auth_request_destroy(ar);
|
57
|
+
}
|
58
|
+
_mc_array_destroy(&k2a->entries);
|
59
|
+
bson_free(k2a);
|
60
|
+
}
|
61
|
+
|
62
|
+
bool mc_mapof_kmsid_to_authrequest_has(const mc_mapof_kmsid_to_authrequest_t *k2a, const char *kmsid) {
|
63
|
+
BSON_ASSERT_PARAM(k2a);
|
64
|
+
BSON_ASSERT_PARAM(kmsid);
|
65
|
+
for (size_t i = 0; i < k2a->entries.len; i++) {
|
66
|
+
auth_request_t *ar = _mc_array_index(&k2a->entries, auth_request_t *, i);
|
67
|
+
if (0 == strcmp(ar->kmsid, kmsid)) {
|
68
|
+
return true;
|
69
|
+
}
|
70
|
+
}
|
71
|
+
return false;
|
72
|
+
}
|
73
|
+
|
74
|
+
size_t mc_mapof_kmsid_to_authrequest_len(const mc_mapof_kmsid_to_authrequest_t *k2a) {
|
75
|
+
BSON_ASSERT_PARAM(k2a);
|
76
|
+
return k2a->entries.len;
|
77
|
+
}
|
78
|
+
|
79
|
+
bool mc_mapof_kmsid_to_authrequest_empty(const mc_mapof_kmsid_to_authrequest_t *k2a) {
|
80
|
+
BSON_ASSERT_PARAM(k2a);
|
81
|
+
return k2a->entries.len == 0;
|
82
|
+
}
|
83
|
+
|
84
|
+
// `mc_mapof_kmsid_to_authrequest_put` moves `to_put` into the map and takes ownership of `to_put`.
|
85
|
+
// No checking is done to prohibit duplicate entries.
|
86
|
+
void mc_mapof_kmsid_to_authrequest_put(mc_mapof_kmsid_to_authrequest_t *k2a, auth_request_t *to_put) {
|
87
|
+
BSON_ASSERT_PARAM(k2a);
|
88
|
+
|
89
|
+
_mc_array_append_val(&k2a->entries, to_put);
|
90
|
+
}
|
91
|
+
|
92
|
+
auth_request_t *mc_mapof_kmsid_to_authrequest_at(mc_mapof_kmsid_to_authrequest_t *k2a, size_t i) {
|
93
|
+
BSON_ASSERT_PARAM(k2a);
|
94
|
+
|
95
|
+
return _mc_array_index(&k2a->entries, auth_request_t *, i);
|
96
|
+
}
|
97
|
+
|
20
98
|
void _mongocrypt_key_broker_init(_mongocrypt_key_broker_t *kb, mongocrypt_t *crypt) {
|
21
99
|
BSON_ASSERT_PARAM(kb);
|
22
100
|
BSON_ASSERT_PARAM(crypt);
|
@@ -25,6 +103,7 @@ void _mongocrypt_key_broker_init(_mongocrypt_key_broker_t *kb, mongocrypt_t *cry
|
|
25
103
|
kb->crypt = crypt;
|
26
104
|
kb->state = KB_REQUESTING;
|
27
105
|
kb->status = mongocrypt_status_new();
|
106
|
+
kb->auth_requests = mc_mapof_kmsid_to_authrequest_new();
|
28
107
|
}
|
29
108
|
|
30
109
|
/*
|
@@ -481,8 +560,12 @@ bool _mongocrypt_key_broker_add_doc(_mongocrypt_key_broker_t *kb,
|
|
481
560
|
|
482
561
|
/* Check that the returned key doc's provider matches. */
|
483
562
|
kek_provider = key_doc->kek.kms_provider;
|
484
|
-
|
485
|
-
|
563
|
+
|
564
|
+
mc_kms_creds_t kc;
|
565
|
+
if (!_mongocrypt_opts_kms_providers_lookup(kms_providers, key_doc->kek.kmsid, &kc)) {
|
566
|
+
mongocrypt_status_t *status = kb->status;
|
567
|
+
CLIENT_ERR("KMS provider `%s` is not configured", key_doc->kek.kmsid);
|
568
|
+
_key_broker_fail(kb);
|
486
569
|
goto done;
|
487
570
|
}
|
488
571
|
|
@@ -490,8 +573,9 @@ bool _mongocrypt_key_broker_add_doc(_mongocrypt_key_broker_t *kb,
|
|
490
573
|
* HTTP KMS request. */
|
491
574
|
BSON_ASSERT(kb->crypt);
|
492
575
|
if (kek_provider == MONGOCRYPT_KMS_PROVIDER_LOCAL) {
|
576
|
+
BSON_ASSERT(kc.type == MONGOCRYPT_KMS_PROVIDER_LOCAL);
|
493
577
|
if (!_mongocrypt_unwrap_key(kb->crypt->crypto,
|
494
|
-
&
|
578
|
+
&kc.value.local.key,
|
495
579
|
&key_returned->doc->key_material,
|
496
580
|
&key_returned->decrypted_key_material,
|
497
581
|
kb->status)) {
|
@@ -506,38 +590,45 @@ bool _mongocrypt_key_broker_add_doc(_mongocrypt_key_broker_t *kb,
|
|
506
590
|
if (!_mongocrypt_kms_ctx_init_aws_decrypt(&key_returned->kms,
|
507
591
|
kms_providers,
|
508
592
|
key_doc,
|
509
|
-
|
510
|
-
|
593
|
+
kb->crypt->crypto,
|
594
|
+
key_doc->kek.kmsid,
|
595
|
+
&kb->crypt->log)) {
|
511
596
|
mongocrypt_kms_ctx_status(&key_returned->kms, kb->status);
|
512
597
|
_key_broker_fail(kb);
|
513
598
|
goto done;
|
514
599
|
}
|
515
600
|
} else if (kek_provider == MONGOCRYPT_KMS_PROVIDER_AZURE) {
|
516
|
-
|
517
|
-
|
601
|
+
BSON_ASSERT(kc.type == MONGOCRYPT_KMS_PROVIDER_AZURE);
|
602
|
+
if (kc.value.azure.access_token) {
|
603
|
+
access_token = bson_strdup(kc.value.azure.access_token);
|
518
604
|
} else {
|
519
|
-
access_token =
|
605
|
+
access_token = mc_mapof_kmsid_to_token_get_token(kb->crypt->cache_oauth, key_doc->kek.kmsid);
|
520
606
|
}
|
521
607
|
if (!access_token) {
|
522
608
|
key_returned->needs_auth = true;
|
523
609
|
/* Create an oauth request if one does not exist. */
|
524
|
-
if (!kb->
|
525
|
-
|
526
|
-
|
527
|
-
|
610
|
+
if (!mc_mapof_kmsid_to_authrequest_has(kb->auth_requests, key_doc->kek.kmsid)) {
|
611
|
+
auth_request_t *ar = auth_request_new();
|
612
|
+
if (!_mongocrypt_kms_ctx_init_azure_auth(&ar->kms,
|
613
|
+
&kc,
|
528
614
|
/* The key vault endpoint is used to determine the scope. */
|
529
|
-
key_doc->kek.provider.azure.key_vault_endpoint
|
530
|
-
|
615
|
+
key_doc->kek.provider.azure.key_vault_endpoint,
|
616
|
+
key_doc->kek.kmsid,
|
617
|
+
&kb->crypt->log)) {
|
618
|
+
mongocrypt_kms_ctx_status(&ar->kms, kb->status);
|
531
619
|
_key_broker_fail(kb);
|
620
|
+
auth_request_destroy(ar);
|
532
621
|
goto done;
|
533
622
|
}
|
534
|
-
|
623
|
+
ar->kmsid = bson_strdup(key_doc->kek.kmsid);
|
624
|
+
mc_mapof_kmsid_to_authrequest_put(kb->auth_requests, ar);
|
535
625
|
}
|
536
626
|
} else {
|
537
627
|
if (!_mongocrypt_kms_ctx_init_azure_unwrapkey(&key_returned->kms,
|
538
628
|
kms_providers,
|
539
629
|
access_token,
|
540
630
|
key_doc,
|
631
|
+
key_returned->doc->kek.kmsid,
|
541
632
|
&kb->crypt->log)) {
|
542
633
|
mongocrypt_kms_ctx_status(&key_returned->kms, kb->status);
|
543
634
|
_key_broker_fail(kb);
|
@@ -545,31 +636,37 @@ bool _mongocrypt_key_broker_add_doc(_mongocrypt_key_broker_t *kb,
|
|
545
636
|
}
|
546
637
|
}
|
547
638
|
} else if (kek_provider == MONGOCRYPT_KMS_PROVIDER_GCP) {
|
548
|
-
|
549
|
-
|
639
|
+
BSON_ASSERT(kc.type == MONGOCRYPT_KMS_PROVIDER_GCP);
|
640
|
+
if (NULL != kc.value.gcp.access_token) {
|
641
|
+
access_token = bson_strdup(kc.value.gcp.access_token);
|
550
642
|
} else {
|
551
|
-
access_token =
|
643
|
+
access_token = mc_mapof_kmsid_to_token_get_token(kb->crypt->cache_oauth, key_doc->kek.kmsid);
|
552
644
|
}
|
553
645
|
if (!access_token) {
|
554
646
|
key_returned->needs_auth = true;
|
555
647
|
/* Create an oauth request if one does not exist. */
|
556
|
-
if (!kb->
|
557
|
-
|
558
|
-
|
648
|
+
if (!mc_mapof_kmsid_to_authrequest_has(kb->auth_requests, key_doc->kek.kmsid)) {
|
649
|
+
auth_request_t *ar = auth_request_new();
|
650
|
+
if (!_mongocrypt_kms_ctx_init_gcp_auth(&ar->kms,
|
559
651
|
&kb->crypt->opts,
|
560
|
-
|
561
|
-
key_doc->kek.provider.gcp.endpoint
|
562
|
-
|
652
|
+
&kc,
|
653
|
+
key_doc->kek.provider.gcp.endpoint,
|
654
|
+
key_doc->kek.kmsid,
|
655
|
+
&kb->crypt->log)) {
|
656
|
+
mongocrypt_kms_ctx_status(&ar->kms, kb->status);
|
563
657
|
_key_broker_fail(kb);
|
658
|
+
auth_request_destroy(ar);
|
564
659
|
goto done;
|
565
660
|
}
|
566
|
-
|
661
|
+
ar->kmsid = bson_strdup(key_doc->kek.kmsid);
|
662
|
+
mc_mapof_kmsid_to_authrequest_put(kb->auth_requests, ar);
|
567
663
|
}
|
568
664
|
} else {
|
569
665
|
if (!_mongocrypt_kms_ctx_init_gcp_decrypt(&key_returned->kms,
|
570
666
|
kms_providers,
|
571
667
|
access_token,
|
572
668
|
key_doc,
|
669
|
+
key_returned->doc->kek.kmsid,
|
573
670
|
&kb->crypt->log)) {
|
574
671
|
mongocrypt_kms_ctx_status(&key_returned->kms, kb->status);
|
575
672
|
_key_broker_fail(kb);
|
@@ -577,6 +674,7 @@ bool _mongocrypt_key_broker_add_doc(_mongocrypt_key_broker_t *kb,
|
|
577
674
|
}
|
578
675
|
}
|
579
676
|
} else if (kek_provider == MONGOCRYPT_KMS_PROVIDER_KMIP) {
|
677
|
+
BSON_ASSERT(kc.type == MONGOCRYPT_KMS_PROVIDER_KMIP);
|
580
678
|
char *unique_identifier;
|
581
679
|
_mongocrypt_endpoint_t *endpoint;
|
582
680
|
|
@@ -589,17 +687,33 @@ bool _mongocrypt_key_broker_add_doc(_mongocrypt_key_broker_t *kb,
|
|
589
687
|
|
590
688
|
if (key_returned->doc->kek.provider.kmip.endpoint) {
|
591
689
|
endpoint = key_returned->doc->kek.provider.kmip.endpoint;
|
592
|
-
} else if (
|
593
|
-
endpoint =
|
690
|
+
} else if (kc.value.kmip.endpoint) {
|
691
|
+
endpoint = kc.value.kmip.endpoint;
|
594
692
|
} else {
|
595
693
|
_key_broker_fail_w_msg(kb, "endpoint not set for KMIP request");
|
596
694
|
goto done;
|
597
695
|
}
|
598
696
|
|
599
|
-
if (
|
600
|
-
|
601
|
-
|
602
|
-
|
697
|
+
if (key_returned->doc->kek.provider.kmip.delegated) {
|
698
|
+
if (!_mongocrypt_kms_ctx_init_kmip_decrypt(&key_returned->kms,
|
699
|
+
endpoint,
|
700
|
+
key_doc->kek.kmsid,
|
701
|
+
key_doc,
|
702
|
+
&kb->crypt->log)) {
|
703
|
+
mongocrypt_kms_ctx_status(&key_returned->kms, kb->status);
|
704
|
+
_key_broker_fail(kb);
|
705
|
+
goto done;
|
706
|
+
}
|
707
|
+
} else {
|
708
|
+
if (!_mongocrypt_kms_ctx_init_kmip_get(&key_returned->kms,
|
709
|
+
endpoint,
|
710
|
+
unique_identifier,
|
711
|
+
key_doc->kek.kmsid,
|
712
|
+
&kb->crypt->log)) {
|
713
|
+
mongocrypt_kms_ctx_status(&key_returned->kms, kb->status);
|
714
|
+
_key_broker_fail(kb);
|
715
|
+
goto done;
|
716
|
+
}
|
603
717
|
}
|
604
718
|
} else {
|
605
719
|
_key_broker_fail_w_msg(kb, "unrecognized kms provider");
|
@@ -683,20 +797,21 @@ mongocrypt_kms_ctx_t *_mongocrypt_key_broker_next_kms(_mongocrypt_key_broker_t *
|
|
683
797
|
}
|
684
798
|
|
685
799
|
if (kb->state == KB_AUTHENTICATING) {
|
686
|
-
if (
|
800
|
+
if (mc_mapof_kmsid_to_authrequest_empty(kb->auth_requests)) {
|
687
801
|
_key_broker_fail_w_msg(kb,
|
688
802
|
"unexpected, attempting to authenticate but "
|
689
803
|
"KMS request not initialized");
|
690
804
|
return NULL;
|
691
805
|
}
|
692
|
-
if (kb->auth_request_azure.initialized && !kb->auth_request_azure.returned) {
|
693
|
-
kb->auth_request_azure.returned = true;
|
694
|
-
return &kb->auth_request_azure.kms;
|
695
|
-
}
|
696
806
|
|
697
|
-
|
698
|
-
|
699
|
-
|
807
|
+
// Return the first not-yet-returned auth request.
|
808
|
+
for (size_t i = 0; i < mc_mapof_kmsid_to_authrequest_len(kb->auth_requests); i++) {
|
809
|
+
auth_request_t *ar = mc_mapof_kmsid_to_authrequest_at(kb->auth_requests, i);
|
810
|
+
if (ar->returned) {
|
811
|
+
continue;
|
812
|
+
}
|
813
|
+
ar->returned = true;
|
814
|
+
return &ar->kms;
|
700
815
|
}
|
701
816
|
|
702
817
|
return NULL;
|
@@ -731,29 +846,19 @@ bool _mongocrypt_key_broker_kms_done(_mongocrypt_key_broker_t *kb, _mongocrypt_o
|
|
731
846
|
bson_t oauth_response;
|
732
847
|
_mongocrypt_buffer_t oauth_response_buf;
|
733
848
|
|
734
|
-
|
735
|
-
|
736
|
-
|
737
|
-
return _key_broker_fail(kb);
|
738
|
-
}
|
739
|
-
|
740
|
-
/* Cache returned tokens. */
|
741
|
-
BSON_ASSERT(_mongocrypt_buffer_to_bson(&oauth_response_buf, &oauth_response));
|
742
|
-
if (!_mongocrypt_cache_oauth_add(kb->crypt->cache_oauth_azure, &oauth_response, kb->status)) {
|
743
|
-
return false;
|
744
|
-
}
|
745
|
-
}
|
849
|
+
// Apply tokens from oauth responses to oauth token cache.
|
850
|
+
for (size_t i = 0; i < mc_mapof_kmsid_to_authrequest_len(kb->auth_requests); i++) {
|
851
|
+
auth_request_t *ar = mc_mapof_kmsid_to_authrequest_at(kb->auth_requests, i);
|
746
852
|
|
747
|
-
|
748
|
-
|
749
|
-
mongocrypt_kms_ctx_status(&kb->auth_request_gcp.kms, kb->status);
|
853
|
+
if (!_mongocrypt_kms_ctx_result(&ar->kms, &oauth_response_buf)) {
|
854
|
+
mongocrypt_kms_ctx_status(&ar->kms, kb->status);
|
750
855
|
return _key_broker_fail(kb);
|
751
856
|
}
|
752
857
|
|
753
858
|
/* Cache returned tokens. */
|
754
859
|
BSON_ASSERT(_mongocrypt_buffer_to_bson(&oauth_response_buf, &oauth_response));
|
755
|
-
if (!
|
756
|
-
return
|
860
|
+
if (!mc_mapof_kmsid_to_token_add_response(kb->crypt->cache_oauth, ar->kmsid, &oauth_response, kb->status)) {
|
861
|
+
return _key_broker_fail(kb);
|
757
862
|
}
|
758
863
|
}
|
759
864
|
|
@@ -765,11 +870,20 @@ bool _mongocrypt_key_broker_kms_done(_mongocrypt_key_broker_t *kb, _mongocrypt_o
|
|
765
870
|
continue;
|
766
871
|
}
|
767
872
|
|
873
|
+
mc_kms_creds_t kc;
|
874
|
+
if (!_mongocrypt_opts_kms_providers_lookup(kms_providers, key_returned->doc->kek.kmsid, &kc)) {
|
875
|
+
mongocrypt_status_t *status = kb->status;
|
876
|
+
CLIENT_ERR("KMS provider `%s` is not configured", key_returned->doc->kek.kmsid);
|
877
|
+
return _key_broker_fail(kb);
|
878
|
+
}
|
879
|
+
|
768
880
|
if (key_returned->doc->kek.kms_provider == MONGOCRYPT_KMS_PROVIDER_AZURE) {
|
769
|
-
|
770
|
-
|
881
|
+
BSON_ASSERT(kc.type == MONGOCRYPT_KMS_PROVIDER_AZURE);
|
882
|
+
if (kc.value.azure.access_token) {
|
883
|
+
access_token = bson_strdup(kc.value.azure.access_token);
|
771
884
|
} else {
|
772
|
-
access_token =
|
885
|
+
access_token =
|
886
|
+
mc_mapof_kmsid_to_token_get_token(kb->crypt->cache_oauth, key_returned->doc->kek.kmsid);
|
773
887
|
}
|
774
888
|
|
775
889
|
if (!access_token) {
|
@@ -780,6 +894,7 @@ bool _mongocrypt_key_broker_kms_done(_mongocrypt_key_broker_t *kb, _mongocrypt_o
|
|
780
894
|
kms_providers,
|
781
895
|
access_token,
|
782
896
|
key_returned->doc,
|
897
|
+
key_returned->doc->kek.kmsid,
|
783
898
|
&kb->crypt->log)) {
|
784
899
|
mongocrypt_kms_ctx_status(&key_returned->kms, kb->status);
|
785
900
|
bson_free(access_token);
|
@@ -789,10 +904,12 @@ bool _mongocrypt_key_broker_kms_done(_mongocrypt_key_broker_t *kb, _mongocrypt_o
|
|
789
904
|
key_returned->needs_auth = false;
|
790
905
|
bson_free(access_token);
|
791
906
|
} else if (key_returned->doc->kek.kms_provider == MONGOCRYPT_KMS_PROVIDER_GCP) {
|
792
|
-
|
793
|
-
|
907
|
+
BSON_ASSERT(kc.type == MONGOCRYPT_KMS_PROVIDER_GCP);
|
908
|
+
if (kc.value.gcp.access_token) {
|
909
|
+
access_token = bson_strdup(kc.value.gcp.access_token);
|
794
910
|
} else {
|
795
|
-
access_token =
|
911
|
+
access_token =
|
912
|
+
mc_mapof_kmsid_to_token_get_token(kb->crypt->cache_oauth, key_returned->doc->kek.kmsid);
|
796
913
|
}
|
797
914
|
|
798
915
|
if (!access_token) {
|
@@ -803,6 +920,7 @@ bool _mongocrypt_key_broker_kms_done(_mongocrypt_key_broker_t *kb, _mongocrypt_o
|
|
803
920
|
kms_providers,
|
804
921
|
access_token,
|
805
922
|
key_returned->doc,
|
923
|
+
key_returned->doc->kek.kmsid,
|
806
924
|
&kb->crypt->log)) {
|
807
925
|
mongocrypt_kms_ctx_status(&key_returned->kms, kb->status);
|
808
926
|
bson_free(access_token);
|
@@ -850,11 +968,16 @@ bool _mongocrypt_key_broker_kms_done(_mongocrypt_key_broker_t *kb, _mongocrypt_o
|
|
850
968
|
return _key_broker_fail(kb);
|
851
969
|
}
|
852
970
|
|
853
|
-
if (
|
854
|
-
|
855
|
-
|
856
|
-
|
857
|
-
|
971
|
+
if (key_returned->doc->kek.provider.kmip.delegated) {
|
972
|
+
if (!_mongocrypt_kms_ctx_result(&key_returned->kms, &key_returned->decrypted_key_material)) {
|
973
|
+
mongocrypt_kms_ctx_status(&key_returned->kms, kb->status);
|
974
|
+
return _key_broker_fail(kb);
|
975
|
+
}
|
976
|
+
} else if (!_mongocrypt_unwrap_key(kb->crypt->crypto,
|
977
|
+
&kek,
|
978
|
+
&key_returned->doc->key_material,
|
979
|
+
&key_returned->decrypted_key_material,
|
980
|
+
kb->status)) {
|
858
981
|
_key_broker_fail(kb);
|
859
982
|
_mongocrypt_buffer_cleanup(&kek);
|
860
983
|
return false;
|
@@ -1008,8 +1131,7 @@ void _mongocrypt_key_broker_cleanup(_mongocrypt_key_broker_t *kb) {
|
|
1008
1131
|
_destroy_keys_returned(kb->keys_returned);
|
1009
1132
|
_destroy_keys_returned(kb->keys_cached);
|
1010
1133
|
_destroy_key_requests(kb->key_requests);
|
1011
|
-
|
1012
|
-
_mongocrypt_kms_ctx_cleanup(&kb->auth_request_gcp.kms);
|
1134
|
+
mc_mapof_kmsid_to_authrequest_destroy(kb->auth_requests);
|
1013
1135
|
}
|
1014
1136
|
|
1015
1137
|
void _mongocrypt_key_broker_add_test_key(_mongocrypt_key_broker_t *kb, const _mongocrypt_buffer_t *key_id) {
|
@@ -127,7 +127,7 @@ bool _mongocrypt_key_alt_name_from_iter(const bson_iter_t *iter_in,
|
|
127
127
|
|
128
128
|
/* Takes ownership of all fields. */
|
129
129
|
bool _mongocrypt_key_parse_owned(const bson_t *bson, _mongocrypt_key_doc_t *out, mongocrypt_status_t *status) {
|
130
|
-
bson_iter_t iter;
|
130
|
+
bson_iter_t iter = {0};
|
131
131
|
bool has_id = false, has_key_material = false, has_status = false, has_creation_date = false,
|
132
132
|
has_update_date = false, has_master_key = false;
|
133
133
|
|
@@ -23,6 +23,7 @@
|
|
23
23
|
#include "mongocrypt-compat.h"
|
24
24
|
#include "mongocrypt-crypto-private.h"
|
25
25
|
#include "mongocrypt-endpoint-private.h"
|
26
|
+
#include "mongocrypt-key-private.h"
|
26
27
|
#include "mongocrypt-opts-private.h"
|
27
28
|
#include "mongocrypt.h"
|
28
29
|
|
@@ -39,7 +40,10 @@ typedef enum {
|
|
39
40
|
MONGOCRYPT_KMS_GCP_DECRYPT,
|
40
41
|
MONGOCRYPT_KMS_KMIP_REGISTER,
|
41
42
|
MONGOCRYPT_KMS_KMIP_ACTIVATE,
|
42
|
-
MONGOCRYPT_KMS_KMIP_GET
|
43
|
+
MONGOCRYPT_KMS_KMIP_GET,
|
44
|
+
MONGOCRYPT_KMS_KMIP_CREATE,
|
45
|
+
MONGOCRYPT_KMS_KMIP_ENCRYPT,
|
46
|
+
MONGOCRYPT_KMS_KMIP_DECRYPT,
|
43
47
|
} _kms_request_type_t;
|
44
48
|
|
45
49
|
struct _mongocrypt_kms_ctx_t {
|
@@ -51,76 +55,107 @@ struct _mongocrypt_kms_ctx_t {
|
|
51
55
|
_mongocrypt_buffer_t result;
|
52
56
|
char *endpoint;
|
53
57
|
_mongocrypt_log_t *log;
|
58
|
+
char *kmsid;
|
54
59
|
};
|
55
60
|
|
56
61
|
bool _mongocrypt_kms_ctx_init_aws_decrypt(mongocrypt_kms_ctx_t *kms,
|
57
62
|
_mongocrypt_opts_kms_providers_t *kms_providers,
|
58
63
|
_mongocrypt_key_doc_t *key,
|
59
|
-
|
60
|
-
|
64
|
+
_mongocrypt_crypto_t *crypto,
|
65
|
+
const char *kmsid,
|
66
|
+
_mongocrypt_log_t *log) MONGOCRYPT_WARN_UNUSED_RESULT;
|
61
67
|
|
62
68
|
bool _mongocrypt_kms_ctx_init_aws_encrypt(mongocrypt_kms_ctx_t *kms,
|
63
69
|
_mongocrypt_opts_kms_providers_t *kms_providers,
|
64
70
|
struct __mongocrypt_ctx_opts_t *ctx_opts,
|
65
71
|
_mongocrypt_buffer_t *decrypted_key_material,
|
66
|
-
|
67
|
-
|
72
|
+
_mongocrypt_crypto_t *crypto,
|
73
|
+
const char *kmsid,
|
74
|
+
_mongocrypt_log_t *log) MONGOCRYPT_WARN_UNUSED_RESULT;
|
68
75
|
|
69
76
|
bool _mongocrypt_kms_ctx_result(mongocrypt_kms_ctx_t *kms, _mongocrypt_buffer_t *out) MONGOCRYPT_WARN_UNUSED_RESULT;
|
70
77
|
|
71
78
|
void _mongocrypt_kms_ctx_cleanup(mongocrypt_kms_ctx_t *kms);
|
72
79
|
|
73
80
|
bool _mongocrypt_kms_ctx_init_azure_auth(mongocrypt_kms_ctx_t *kms,
|
74
|
-
|
75
|
-
|
76
|
-
|
81
|
+
const mc_kms_creds_t *kc,
|
82
|
+
_mongocrypt_endpoint_t *key_vault_endpoint,
|
83
|
+
const char *kmsid,
|
84
|
+
_mongocrypt_log_t *log) MONGOCRYPT_WARN_UNUSED_RESULT;
|
77
85
|
|
78
86
|
bool _mongocrypt_kms_ctx_init_azure_wrapkey(mongocrypt_kms_ctx_t *kms,
|
79
|
-
_mongocrypt_log_t *log,
|
80
87
|
_mongocrypt_opts_kms_providers_t *kms_providers,
|
81
88
|
struct __mongocrypt_ctx_opts_t *ctx_opts,
|
82
89
|
const char *access_token,
|
83
|
-
_mongocrypt_buffer_t *plaintext_key_material
|
90
|
+
_mongocrypt_buffer_t *plaintext_key_material,
|
91
|
+
const char *kmsid,
|
92
|
+
_mongocrypt_log_t *log) MONGOCRYPT_WARN_UNUSED_RESULT;
|
84
93
|
|
85
94
|
bool _mongocrypt_kms_ctx_init_azure_unwrapkey(mongocrypt_kms_ctx_t *kms,
|
86
95
|
_mongocrypt_opts_kms_providers_t *kms_providers,
|
87
96
|
const char *access_token,
|
88
97
|
_mongocrypt_key_doc_t *key,
|
98
|
+
const char *kmsid,
|
89
99
|
_mongocrypt_log_t *log) MONGOCRYPT_WARN_UNUSED_RESULT;
|
90
100
|
|
91
101
|
bool _mongocrypt_kms_ctx_init_gcp_auth(mongocrypt_kms_ctx_t *kms,
|
92
|
-
_mongocrypt_log_t *log,
|
93
102
|
_mongocrypt_opts_t *crypt_opts,
|
94
|
-
|
95
|
-
_mongocrypt_endpoint_t *kms_endpoint
|
103
|
+
const mc_kms_creds_t *kc,
|
104
|
+
_mongocrypt_endpoint_t *kms_endpoint,
|
105
|
+
const char *kmsid,
|
106
|
+
_mongocrypt_log_t *log) MONGOCRYPT_WARN_UNUSED_RESULT;
|
96
107
|
|
97
108
|
bool _mongocrypt_kms_ctx_init_gcp_encrypt(mongocrypt_kms_ctx_t *kms,
|
98
|
-
_mongocrypt_log_t *log,
|
99
109
|
_mongocrypt_opts_kms_providers_t *kms_providers,
|
100
110
|
struct __mongocrypt_ctx_opts_t *ctx_opts,
|
101
111
|
const char *access_token,
|
102
|
-
_mongocrypt_buffer_t *plaintext_key_material
|
112
|
+
_mongocrypt_buffer_t *plaintext_key_material,
|
113
|
+
const char *kmsid,
|
114
|
+
_mongocrypt_log_t *log) MONGOCRYPT_WARN_UNUSED_RESULT;
|
103
115
|
|
104
116
|
bool _mongocrypt_kms_ctx_init_gcp_decrypt(mongocrypt_kms_ctx_t *kms,
|
105
117
|
_mongocrypt_opts_kms_providers_t *kms_providers,
|
106
118
|
const char *access_token,
|
107
119
|
_mongocrypt_key_doc_t *key,
|
120
|
+
const char *kmsid,
|
108
121
|
_mongocrypt_log_t *log) MONGOCRYPT_WARN_UNUSED_RESULT;
|
109
122
|
|
110
123
|
bool _mongocrypt_kms_ctx_init_kmip_register(mongocrypt_kms_ctx_t *kms,
|
111
124
|
const _mongocrypt_endpoint_t *endpoint,
|
112
125
|
const uint8_t *secretdata,
|
113
126
|
uint32_t secretdata_len,
|
127
|
+
|
128
|
+
const char *kmsid,
|
114
129
|
_mongocrypt_log_t *log) MONGOCRYPT_WARN_UNUSED_RESULT;
|
115
130
|
|
116
131
|
bool _mongocrypt_kms_ctx_init_kmip_activate(mongocrypt_kms_ctx_t *kms,
|
117
132
|
const _mongocrypt_endpoint_t *endpoint,
|
118
133
|
const char *unique_identifier,
|
134
|
+
const char *kmsid,
|
119
135
|
_mongocrypt_log_t *log) MONGOCRYPT_WARN_UNUSED_RESULT;
|
120
136
|
|
121
137
|
bool _mongocrypt_kms_ctx_init_kmip_get(mongocrypt_kms_ctx_t *kms,
|
122
138
|
const _mongocrypt_endpoint_t *endpoint,
|
123
139
|
const char *unique_identifier,
|
140
|
+
const char *kmsid,
|
124
141
|
_mongocrypt_log_t *log) MONGOCRYPT_WARN_UNUSED_RESULT;
|
125
142
|
|
143
|
+
bool _mongocrypt_kms_ctx_init_kmip_create(mongocrypt_kms_ctx_t *kms,
|
144
|
+
const _mongocrypt_endpoint_t *endpoint,
|
145
|
+
const char *kmsid,
|
146
|
+
_mongocrypt_log_t *log);
|
147
|
+
|
148
|
+
bool _mongocrypt_kms_ctx_init_kmip_encrypt(mongocrypt_kms_ctx_t *kms,
|
149
|
+
const _mongocrypt_endpoint_t *endpoint,
|
150
|
+
const char *unique_identifier,
|
151
|
+
const char *kmsid,
|
152
|
+
_mongocrypt_buffer_t *plaintext,
|
153
|
+
_mongocrypt_log_t *log);
|
154
|
+
|
155
|
+
bool _mongocrypt_kms_ctx_init_kmip_decrypt(mongocrypt_kms_ctx_t *kms,
|
156
|
+
const _mongocrypt_endpoint_t *endpoint,
|
157
|
+
const char *kmsid,
|
158
|
+
_mongocrypt_key_doc_t *key,
|
159
|
+
_mongocrypt_log_t *log);
|
160
|
+
|
126
161
|
#endif /* MONGOCRYPT_KMX_CTX_PRIVATE_H */
|