libmongocrypt-helper 1.8.0.0.1001 → 1.11.0.0.1001
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +33 -0
- data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +12 -1
- data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +1 -4
- data/ext/libmongocrypt/libmongocrypt/Earthfile +151 -3
- data/ext/libmongocrypt/libmongocrypt/README.md +36 -40
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/CMakeLists.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Driver.snk +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/AssemblyInfo.cs +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Binary.cs +16 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptClientFactory.cs +8 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Library.cs +10 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/LibraryLoader.cs +81 -44
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoDB.Libmongocrypt.csproj +2 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/MongoDB.Libmongocrypt.Test.csproj +2 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test32/MongoDB.Libmongocrypt.Test32.csproj +2 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/README.md +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.cake +21 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.config +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.sh +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/build.gradle.kts +28 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java +217 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/resources/keyDocument.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +21 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.jar +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.properties +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew +154 -108
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew.bat +7 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/settings.gradle.kts +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java +41 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPIHelper.java +5 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CipherCallback.java +27 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptImpl.java +34 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoExplicitEncryptOptions.java +6 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/jni-config.json +180 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/reflect-config.json +134 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +44 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/rangeopts.json +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/README.md +4 -900
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +60 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +41 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/python/RELEASE.rst +6 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/python/build-manylinux-wheel.sh +4 -13
- data/ext/libmongocrypt/libmongocrypt/bindings/python/hatch_build.py +36 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/__init__.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/auto_encrypter.py +61 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/credentials.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/explicit_encrypter.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py +149 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/auto_encrypter.py +2 -46
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binary.py +14 -17
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +107 -61
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/compat.py +6 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/credentials.py +2 -121
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/crypto.py +31 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/errors.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/explicit_encrypter.py +2 -233
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +168 -238
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/options.py +265 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/state_machine.py +2 -141
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/auto_encrypter.py +61 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/credentials.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/explicit_encrypter.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/state_machine.py +149 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pyproject.toml +118 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/release.sh +97 -61
- data/ext/libmongocrypt/libmongocrypt/bindings/python/{test-requirements.txt → requirements-test.txt} +4 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/requirements.txt +4 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +76 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/strip_header.py +6 -7
- data/ext/libmongocrypt/libmongocrypt/bindings/python/synchro.py +64 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/__init__.py +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/collection-info.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/command.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/compact/success/encrypted-payload.json +21 -21
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-command-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-field-config-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit-v2/int32/encrypted-payload.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit-v2/int32/rangeopts.json +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-rangePreview-explicit/int32/rangeopts.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-rangePreview-explicit/int32/value-to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document-azure.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document-gcp.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-filter.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/list-collections-filter.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/mongocryptd-command.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/schema-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/performance/keyDocument.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/performance/perf_test.py +165 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_binding.py +8 -12
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_crypto.py +9 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +988 -340
- data/ext/libmongocrypt/libmongocrypt/bindings/python/update-sbom.sh +14 -0
- data/ext/libmongocrypt/libmongocrypt/cmake/FetchMongoC.cmake +19 -1
- data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +23 -0
- data/ext/libmongocrypt/libmongocrypt/cmake/IntelDFP.cmake +19 -227
- data/ext/libmongocrypt/libmongocrypt/cmake/Patch.cmake +54 -0
- data/ext/libmongocrypt/libmongocrypt/doc/img/cli-icon.png +0 -0
- data/ext/libmongocrypt/libmongocrypt/doc/img/reference-targets.png +0 -0
- data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +153 -0
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version.py +61 -28
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version_selftest.sh +73 -0
- data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +108 -0
- data/ext/libmongocrypt/libmongocrypt/etc/format.sh +1 -1
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-pragma.patch +27 -0
- data/ext/libmongocrypt/libmongocrypt/etc/mongo-inteldfp-alpine-arm-fix.patch +17 -0
- data/ext/libmongocrypt/libmongocrypt/etc/packager.py +120 -91
- data/ext/libmongocrypt/libmongocrypt/etc/purls.txt +14 -0
- data/ext/libmongocrypt/libmongocrypt/etc/repo_config.yaml +56 -0
- data/ext/libmongocrypt/libmongocrypt/etc/silk-create-asset-group.sh +70 -0
- data/ext/libmongocrypt/libmongocrypt/etc/ssdlc_compliance_report.md +37 -0
- data/ext/libmongocrypt/libmongocrypt/etc/third_party_vulnerabilities.md +42 -0
- data/ext/libmongocrypt/libmongocrypt/integrating.md +18 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/CMakeLists.txt +11 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_gcp_request.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer.c +17 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer_private.h +6 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_request.c +211 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_response.c +163 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_tag_type_private.h +2 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_kmip_request.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_kmip_response.h +6 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_port.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +23 -2
- data/ext/libmongocrypt/libmongocrypt/src/crypto/libcrypto.c +13 -10
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +16 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +94 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +15 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +114 -53
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private-v2.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +21 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private.h +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-v2.c +38 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +20 -7
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private.h +8 -8
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +89 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev.c +1 -23
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds-private.h +4 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds.c +15 -12
- data/ext/libmongocrypt/libmongocrypt/src/mc-optional-private.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation-private.h +16 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +64 -22
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding-private.h +23 -4
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +359 -65
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +26 -14
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-private.h +17 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +31 -13
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +16 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +259 -63
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +40 -24
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +57 -13
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.test.cpp +5 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-binary-private.h +0 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +5 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-key.c +1 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth-private.h +16 -18
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth.c +105 -76
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto.c +9 -3
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +170 -89
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +505 -124
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +31 -6
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +81 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-dll-private.h +7 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek-private.h +5 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek.c +161 -103
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker-private.h +2 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +191 -69
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx-private.h +50 -15
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +365 -69
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +2 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +200 -107
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +50 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +591 -15
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +6 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +47 -234
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +75 -24
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +18 -2
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_dll.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/bypassQueryAnalysis/payload.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd-to-mongocryptd.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/cmd-to-mongocryptd.json +50 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/collinfo.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/encrypted-field-map.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/encrypted-payload-pattern.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/mongocryptd-reply.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/cmd.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/mongocryptd-reply.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/payload.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/missing-key-id/collinfo.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/collinfo.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/encrypted-payload.json +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/collinfo.json +63 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-field-config-map.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload-range-v2.json +37 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/collinfo.json +64 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +105 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/collinfo.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-field-config-map.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/collinfo.json +15 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +10 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload-range-v2.json +104 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload.json +6 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/collinfo.json +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +3 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/decrypt-response.txt +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/encrypt-response.txt +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/oauth-response.txt +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/encrypted-payload.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/mongocryptd-reply.json +69 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/mongocryptd-reply.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_decimal128.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_double.cstruct +8637 -7958
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_int32.cstruct +5522 -1382
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_int64.cstruct +5042 -1262
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_decimal128.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_decimal128_precision.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_double.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_double_precision.cstruct +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_int32.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_int64.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/cmd.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/mongocryptd-reply.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/mongocryptd-reply.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32/expected.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32/to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32-defaults/expected.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32-defaults/to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-double/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-int32/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-int32-defaults/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/README.md +7 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +9 -5
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +9 -5
- data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-gcp-auth.c +8 -8
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-range-payload-v2.c +43 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +76 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +89 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +342 -76
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +94 -12
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +205 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +49 -23
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +16 -19
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.h +22 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache-oauth.c +94 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cleanup.c +374 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-compact.c +121 -42
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +134 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.c +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.h +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +11 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +8 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +922 -92
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-setopt.c +114 -12
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +14 -9
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-ctx.c +424 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-log.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +447 -28
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-opts.c +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-traverse-util.c +30 -26
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.c +7 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.h +3 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +66 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-named-kms-providers.c +2381 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/HELP.autogen +3 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/README.md +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/csfle.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/make_includes.py +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/util.c +38 -3
- data/lib/libmongocrypt_helper/version.rb +2 -2
- metadata +112 -106
- checksums.yaml.gz.sig +0 -0
- data/ext/libmongocrypt/libmongocrypt/VERSION_CURRENT +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/cs.sln +0 -79
- data/ext/libmongocrypt/libmongocrypt/bindings/node/CHANGELOG.md +0 -105
- data/ext/libmongocrypt/libmongocrypt/bindings/node/LICENSE +0 -201
- data/ext/libmongocrypt/libmongocrypt/bindings/node/binding.gyp +0 -79
- data/ext/libmongocrypt/libmongocrypt/bindings/node/etc/README.hbs +0 -44
- data/ext/libmongocrypt/libmongocrypt/bindings/node/etc/build-static.sh +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/node/index.d.ts +0 -641
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/autoEncrypter.js +0 -420
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/buffer_pool.js +0 -123
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/clientEncryption.js +0 -821
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/common.js +0 -98
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/cryptoCallbacks.js +0 -87
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/errors.js +0 -75
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/index.js +0 -73
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/mongocryptdManager.js +0 -66
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/aws.js +0 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/azure.js +0 -178
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/gcp.js +0 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/index.js +0 -54
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/utils.js +0 -39
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/stateMachine.js +0 -492
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package-lock.json +0 -15302
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package.json +0 -100
- data/ext/libmongocrypt/libmongocrypt/bindings/node/src/mongocrypt.cc +0 -956
- data/ext/libmongocrypt/libmongocrypt/bindings/node/src/mongocrypt.h +0 -114
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/autoEncrypter.test.js +0 -950
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/buffer_pool.test.js +0 -91
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/clientEncryption.test.js +0 -1093
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/common.test.js +0 -94
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/cryptoCallbacks.test.js +0 -240
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/README.md +0 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/collection-info.json +0 -37
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encrypted-document-nested.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encrypted-document.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encryptedFields.json +0 -30
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/key-document.json +0 -32
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/key1-document.json +0 -30
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/mongocryptd-reply.json +0 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/index.test.js +0 -45
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/mongocryptdManager.test.js +0 -48
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/providers/credentialsProvider.test.js +0 -551
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/release.test.js +0 -66
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/requirements.helper.js +0 -51
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/stateMachine.test.js +0 -331
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/tools/chai-addons.js +0 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/tools/mongodb_reporter.js +0 -325
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/types/index.test-d.ts +0 -63
- data/ext/libmongocrypt/libmongocrypt/bindings/python/setup.py +0 -89
- data/ext/libmongocrypt/libmongocrypt/debian/build_snapshot.sh +0 -79
- data/ext/libmongocrypt/libmongocrypt/debian/changelog +0 -105
- data/ext/libmongocrypt/libmongocrypt/debian/compat +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/control +0 -41
- data/ext/libmongocrypt/libmongocrypt/debian/copyright +0 -129
- data/ext/libmongocrypt/libmongocrypt/debian/gbp.conf +0 -23
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt-dev.dirs +0 -2
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt-dev.install +0 -5
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt0.dirs +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt0.install +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/rules +0 -46
- data/ext/libmongocrypt/libmongocrypt/debian/source/format +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/source/lintian-overrides +0 -3
- data/ext/libmongocrypt/libmongocrypt/debian/source/options +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/watch +0 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/mongocryptd-reply.json +0 -72
- data.tar.gz.sig +0 -1
- metadata.gz.sig +0 -0
- /data/ext/libmongocrypt/libmongocrypt/{bindings/node/test/data/kms-decrypt-reply.txt → test/data/kms-aws/decrypt-response.txt} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/{bindings/node/test/data/kms-encrypt-reply.txt → test/data/kms-aws/encrypt-response.txt} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/decrypt-response.txt +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/encrypt-response.txt +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/oauth-response.txt +0 -0
@@ -1,98 +0,0 @@
|
|
1
|
-
'use strict';
|
2
|
-
|
3
|
-
/**
|
4
|
-
* @ignore
|
5
|
-
* Helper function for logging. Enabled by setting the environment flag MONGODB_CRYPT_DEBUG.
|
6
|
-
* @param {*} msg Anything you want to be logged.
|
7
|
-
*/
|
8
|
-
function debug(msg) {
|
9
|
-
if (process.env.MONGODB_CRYPT_DEBUG) {
|
10
|
-
// eslint-disable-next-line no-console
|
11
|
-
console.error(msg);
|
12
|
-
}
|
13
|
-
}
|
14
|
-
|
15
|
-
/**
|
16
|
-
* @ignore
|
17
|
-
* Gets the database portion of a namespace string
|
18
|
-
* @param {string} ns A string in the format of a namespace (database.collection)
|
19
|
-
* @returns {string} The database portion of the namespace
|
20
|
-
*/
|
21
|
-
function databaseNamespace(ns) {
|
22
|
-
return ns.split('.')[0];
|
23
|
-
}
|
24
|
-
/**
|
25
|
-
* @ignore
|
26
|
-
* Gets the collection portion of a namespace string
|
27
|
-
* @param {string} ns A string in the format of a namespace (database.collection)
|
28
|
-
* @returns {string} The collection portion of the namespace
|
29
|
-
*/
|
30
|
-
function collectionNamespace(ns) {
|
31
|
-
return ns.split('.').slice(1).join('.');
|
32
|
-
}
|
33
|
-
|
34
|
-
function maybeCallback(promiseFn, callback) {
|
35
|
-
const promise = promiseFn();
|
36
|
-
if (callback == null) {
|
37
|
-
return promise;
|
38
|
-
}
|
39
|
-
|
40
|
-
promise.then(
|
41
|
-
result => process.nextTick(callback, undefined, result),
|
42
|
-
error => process.nextTick(callback, error)
|
43
|
-
);
|
44
|
-
return;
|
45
|
-
}
|
46
|
-
|
47
|
-
/**
|
48
|
-
* @ignore
|
49
|
-
* A helper function. Invokes a function that takes a callback as the final
|
50
|
-
* parameter. If a callback is supplied, then it is passed to the function.
|
51
|
-
* If not, a Promise is returned that resolves/rejects with the result of the
|
52
|
-
* callback
|
53
|
-
* @param {Function} [callback] an optional callback.
|
54
|
-
* @param {Function} fn A function that takes a callback
|
55
|
-
* @returns {Promise|void} Returns nothing if a callback is supplied, else returns a Promise.
|
56
|
-
*/
|
57
|
-
function promiseOrCallback(callback, fn) {
|
58
|
-
if (typeof callback === 'function') {
|
59
|
-
fn(function (err) {
|
60
|
-
if (err != null) {
|
61
|
-
try {
|
62
|
-
callback(err);
|
63
|
-
} catch (error) {
|
64
|
-
return process.nextTick(() => {
|
65
|
-
throw error;
|
66
|
-
});
|
67
|
-
}
|
68
|
-
return;
|
69
|
-
}
|
70
|
-
|
71
|
-
callback.apply(this, arguments);
|
72
|
-
});
|
73
|
-
|
74
|
-
return;
|
75
|
-
}
|
76
|
-
|
77
|
-
return new Promise((resolve, reject) => {
|
78
|
-
fn(function (err, res) {
|
79
|
-
if (err != null) {
|
80
|
-
return reject(err);
|
81
|
-
}
|
82
|
-
|
83
|
-
if (arguments.length > 2) {
|
84
|
-
return resolve(Array.prototype.slice.call(arguments, 1));
|
85
|
-
}
|
86
|
-
|
87
|
-
resolve(res);
|
88
|
-
});
|
89
|
-
});
|
90
|
-
}
|
91
|
-
|
92
|
-
module.exports = {
|
93
|
-
debug,
|
94
|
-
databaseNamespace,
|
95
|
-
collectionNamespace,
|
96
|
-
promiseOrCallback,
|
97
|
-
maybeCallback
|
98
|
-
};
|
@@ -1,87 +0,0 @@
|
|
1
|
-
'use strict';
|
2
|
-
const crypto = require('crypto');
|
3
|
-
|
4
|
-
function makeAES256Hook(method, mode) {
|
5
|
-
return function (key, iv, input, output) {
|
6
|
-
let result;
|
7
|
-
|
8
|
-
try {
|
9
|
-
let cipher = crypto[method](mode, key, iv);
|
10
|
-
cipher.setAutoPadding(false);
|
11
|
-
result = cipher.update(input);
|
12
|
-
const final = cipher.final();
|
13
|
-
if (final.length > 0) {
|
14
|
-
result = Buffer.concat([result, final]);
|
15
|
-
}
|
16
|
-
} catch (e) {
|
17
|
-
return e;
|
18
|
-
}
|
19
|
-
|
20
|
-
result.copy(output);
|
21
|
-
return result.length;
|
22
|
-
};
|
23
|
-
}
|
24
|
-
|
25
|
-
function randomHook(buffer, count) {
|
26
|
-
try {
|
27
|
-
crypto.randomFillSync(buffer, 0, count);
|
28
|
-
} catch (e) {
|
29
|
-
return e;
|
30
|
-
}
|
31
|
-
return count;
|
32
|
-
}
|
33
|
-
|
34
|
-
function sha256Hook(input, output) {
|
35
|
-
let result;
|
36
|
-
try {
|
37
|
-
result = crypto.createHash('sha256').update(input).digest();
|
38
|
-
} catch (e) {
|
39
|
-
return e;
|
40
|
-
}
|
41
|
-
|
42
|
-
result.copy(output);
|
43
|
-
return result.length;
|
44
|
-
}
|
45
|
-
|
46
|
-
function makeHmacHook(algorithm) {
|
47
|
-
return (key, input, output) => {
|
48
|
-
let result;
|
49
|
-
try {
|
50
|
-
result = crypto.createHmac(algorithm, key).update(input).digest();
|
51
|
-
} catch (e) {
|
52
|
-
return e;
|
53
|
-
}
|
54
|
-
|
55
|
-
result.copy(output);
|
56
|
-
return result.length;
|
57
|
-
};
|
58
|
-
}
|
59
|
-
|
60
|
-
function signRsaSha256Hook(key, input, output) {
|
61
|
-
let result;
|
62
|
-
try {
|
63
|
-
const signer = crypto.createSign('sha256WithRSAEncryption');
|
64
|
-
const privateKey = Buffer.from(
|
65
|
-
`-----BEGIN PRIVATE KEY-----\n${key.toString('base64')}\n-----END PRIVATE KEY-----\n`
|
66
|
-
);
|
67
|
-
|
68
|
-
result = signer.update(input).end().sign(privateKey);
|
69
|
-
} catch (e) {
|
70
|
-
return e;
|
71
|
-
}
|
72
|
-
|
73
|
-
result.copy(output);
|
74
|
-
return result.length;
|
75
|
-
}
|
76
|
-
|
77
|
-
module.exports = {
|
78
|
-
aes256CbcEncryptHook: makeAES256Hook('createCipheriv', 'aes-256-cbc'),
|
79
|
-
aes256CbcDecryptHook: makeAES256Hook('createDecipheriv', 'aes-256-cbc'),
|
80
|
-
aes256CtrEncryptHook: makeAES256Hook('createCipheriv', 'aes-256-ctr'),
|
81
|
-
aes256CtrDecryptHook: makeAES256Hook('createDecipheriv', 'aes-256-ctr'),
|
82
|
-
randomHook,
|
83
|
-
hmacSha512Hook: makeHmacHook('sha512'),
|
84
|
-
hmacSha256Hook: makeHmacHook('sha256'),
|
85
|
-
sha256Hook,
|
86
|
-
signRsaSha256Hook
|
87
|
-
};
|
@@ -1,75 +0,0 @@
|
|
1
|
-
'use strict';
|
2
|
-
|
3
|
-
/**
|
4
|
-
* @class
|
5
|
-
* An error indicating that something went wrong specifically with MongoDB Client Encryption
|
6
|
-
*/
|
7
|
-
class MongoCryptError extends Error {
|
8
|
-
constructor(message, options = {}) {
|
9
|
-
super(message);
|
10
|
-
if (options.cause != null) {
|
11
|
-
this.cause = options.cause;
|
12
|
-
}
|
13
|
-
}
|
14
|
-
|
15
|
-
get name() {
|
16
|
-
return 'MongoCryptError';
|
17
|
-
}
|
18
|
-
}
|
19
|
-
|
20
|
-
/**
|
21
|
-
* @experimental Public Technical Preview
|
22
|
-
* @class
|
23
|
-
* An error indicating that `ClientEncryption.createEncryptedCollection()` failed to create data keys
|
24
|
-
*/
|
25
|
-
class MongoCryptCreateDataKeyError extends MongoCryptError {
|
26
|
-
constructor({ encryptedFields, cause }) {
|
27
|
-
super(`Unable to complete creating data keys: ${cause.message}`, { cause });
|
28
|
-
this.encryptedFields = encryptedFields;
|
29
|
-
}
|
30
|
-
|
31
|
-
get name() {
|
32
|
-
return 'MongoCryptCreateDataKeyError';
|
33
|
-
}
|
34
|
-
}
|
35
|
-
|
36
|
-
/**
|
37
|
-
* @experimental Public Technical Preview
|
38
|
-
* @class
|
39
|
-
* An error indicating that `ClientEncryption.createEncryptedCollection()` failed to create a collection
|
40
|
-
*/
|
41
|
-
class MongoCryptCreateEncryptedCollectionError extends MongoCryptError {
|
42
|
-
constructor({ encryptedFields, cause }) {
|
43
|
-
super(`Unable to create collection: ${cause.message}`, { cause });
|
44
|
-
this.encryptedFields = encryptedFields;
|
45
|
-
}
|
46
|
-
|
47
|
-
get name() {
|
48
|
-
return 'MongoCryptCreateEncryptedCollectionError';
|
49
|
-
}
|
50
|
-
}
|
51
|
-
|
52
|
-
/**
|
53
|
-
* @class
|
54
|
-
* An error indicating that mongodb-client-encryption failed to auto-refresh Azure KMS credentials.
|
55
|
-
*/
|
56
|
-
class MongoCryptAzureKMSRequestError extends MongoCryptError {
|
57
|
-
/**
|
58
|
-
* @param {string} message
|
59
|
-
* @param {object | undefined} body
|
60
|
-
*/
|
61
|
-
constructor(message, body) {
|
62
|
-
super(message);
|
63
|
-
this.body = body;
|
64
|
-
}
|
65
|
-
}
|
66
|
-
|
67
|
-
class MongoCryptKMSRequestNetworkTimeoutError extends MongoCryptError {}
|
68
|
-
|
69
|
-
module.exports = {
|
70
|
-
MongoCryptError,
|
71
|
-
MongoCryptKMSRequestNetworkTimeoutError,
|
72
|
-
MongoCryptAzureKMSRequestError,
|
73
|
-
MongoCryptCreateDataKeyError,
|
74
|
-
MongoCryptCreateEncryptedCollectionError
|
75
|
-
};
|
@@ -1,73 +0,0 @@
|
|
1
|
-
'use strict';
|
2
|
-
|
3
|
-
let defaultModule;
|
4
|
-
function loadDefaultModule() {
|
5
|
-
if (!defaultModule) {
|
6
|
-
defaultModule = extension(require('mongodb'));
|
7
|
-
}
|
8
|
-
|
9
|
-
return defaultModule;
|
10
|
-
}
|
11
|
-
|
12
|
-
const {
|
13
|
-
MongoCryptError,
|
14
|
-
MongoCryptCreateEncryptedCollectionError,
|
15
|
-
MongoCryptCreateDataKeyError,
|
16
|
-
MongoCryptAzureKMSRequestError,
|
17
|
-
MongoCryptKMSRequestNetworkTimeoutError
|
18
|
-
} = require('./errors');
|
19
|
-
|
20
|
-
const { fetchAzureKMSToken } = require('./providers/index');
|
21
|
-
|
22
|
-
function extension(mongodb) {
|
23
|
-
const modules = { mongodb };
|
24
|
-
|
25
|
-
modules.stateMachine = require('./stateMachine')(modules);
|
26
|
-
modules.autoEncrypter = require('./autoEncrypter')(modules);
|
27
|
-
modules.clientEncryption = require('./clientEncryption')(modules);
|
28
|
-
|
29
|
-
const exports = {
|
30
|
-
AutoEncrypter: modules.autoEncrypter.AutoEncrypter,
|
31
|
-
ClientEncryption: modules.clientEncryption.ClientEncryption,
|
32
|
-
MongoCryptError,
|
33
|
-
MongoCryptCreateEncryptedCollectionError,
|
34
|
-
MongoCryptCreateDataKeyError,
|
35
|
-
MongoCryptAzureKMSRequestError,
|
36
|
-
MongoCryptKMSRequestNetworkTimeoutError
|
37
|
-
};
|
38
|
-
|
39
|
-
Object.defineProperty(exports, '___azureKMSProseTestExports', {
|
40
|
-
enumerable: false,
|
41
|
-
configurable: false,
|
42
|
-
value: fetchAzureKMSToken
|
43
|
-
});
|
44
|
-
|
45
|
-
return exports;
|
46
|
-
}
|
47
|
-
|
48
|
-
module.exports = {
|
49
|
-
extension,
|
50
|
-
MongoCryptError,
|
51
|
-
MongoCryptCreateEncryptedCollectionError,
|
52
|
-
MongoCryptCreateDataKeyError,
|
53
|
-
MongoCryptAzureKMSRequestError,
|
54
|
-
MongoCryptKMSRequestNetworkTimeoutError,
|
55
|
-
get AutoEncrypter() {
|
56
|
-
const m = loadDefaultModule();
|
57
|
-
delete module.exports.AutoEncrypter;
|
58
|
-
module.exports.AutoEncrypter = m.AutoEncrypter;
|
59
|
-
return m.AutoEncrypter;
|
60
|
-
},
|
61
|
-
get ClientEncryption() {
|
62
|
-
const m = loadDefaultModule();
|
63
|
-
delete module.exports.ClientEncryption;
|
64
|
-
module.exports.ClientEncryption = m.ClientEncryption;
|
65
|
-
return m.ClientEncryption;
|
66
|
-
}
|
67
|
-
};
|
68
|
-
|
69
|
-
Object.defineProperty(module.exports, '___azureKMSProseTestExports', {
|
70
|
-
enumerable: false,
|
71
|
-
configurable: false,
|
72
|
-
value: fetchAzureKMSToken
|
73
|
-
});
|
@@ -1,66 +0,0 @@
|
|
1
|
-
'use strict';
|
2
|
-
|
3
|
-
const spawn = require('child_process').spawn;
|
4
|
-
|
5
|
-
/**
|
6
|
-
* @ignore
|
7
|
-
* An internal class that handles spawning a mongocryptd.
|
8
|
-
*/
|
9
|
-
class MongocryptdManager {
|
10
|
-
/**
|
11
|
-
* @ignore
|
12
|
-
* Creates a new Mongocryptd Manager
|
13
|
-
* @param {AutoEncrypter~AutoEncryptionExtraOptions} [extraOptions] extra options that determine how/when to spawn a mongocryptd
|
14
|
-
*/
|
15
|
-
constructor(extraOptions) {
|
16
|
-
extraOptions = extraOptions || {};
|
17
|
-
|
18
|
-
this.uri =
|
19
|
-
typeof extraOptions.mongocryptdURI === 'string' && extraOptions.mongocryptdURI.length > 0
|
20
|
-
? extraOptions.mongocryptdURI
|
21
|
-
: MongocryptdManager.DEFAULT_MONGOCRYPTD_URI;
|
22
|
-
|
23
|
-
this.bypassSpawn = !!extraOptions.mongocryptdBypassSpawn;
|
24
|
-
|
25
|
-
this.spawnPath = extraOptions.mongocryptdSpawnPath || '';
|
26
|
-
this.spawnArgs = [];
|
27
|
-
if (Array.isArray(extraOptions.mongocryptdSpawnArgs)) {
|
28
|
-
this.spawnArgs = this.spawnArgs.concat(extraOptions.mongocryptdSpawnArgs);
|
29
|
-
}
|
30
|
-
if (
|
31
|
-
this.spawnArgs
|
32
|
-
.filter(arg => typeof arg === 'string')
|
33
|
-
.every(arg => arg.indexOf('--idleShutdownTimeoutSecs') < 0)
|
34
|
-
) {
|
35
|
-
this.spawnArgs.push('--idleShutdownTimeoutSecs', 60);
|
36
|
-
}
|
37
|
-
}
|
38
|
-
|
39
|
-
/**
|
40
|
-
* @ignore
|
41
|
-
* Will check to see if a mongocryptd is up. If it is not up, it will attempt
|
42
|
-
* to spawn a mongocryptd in a detached process, and then wait for it to be up.
|
43
|
-
* @param {Function} callback Invoked when we think a mongocryptd is up
|
44
|
-
*/
|
45
|
-
spawn(callback) {
|
46
|
-
const cmdName = this.spawnPath || 'mongocryptd';
|
47
|
-
|
48
|
-
// Spawned with stdio: ignore and detatched:true
|
49
|
-
// to ensure child can outlive parent.
|
50
|
-
this._child = spawn(cmdName, this.spawnArgs, {
|
51
|
-
stdio: 'ignore',
|
52
|
-
detached: true
|
53
|
-
});
|
54
|
-
|
55
|
-
this._child.on('error', () => {});
|
56
|
-
|
57
|
-
// unref child to remove handle from event loop
|
58
|
-
this._child.unref();
|
59
|
-
|
60
|
-
process.nextTick(callback);
|
61
|
-
}
|
62
|
-
}
|
63
|
-
|
64
|
-
MongocryptdManager.DEFAULT_MONGOCRYPTD_URI = 'mongodb://localhost:27020';
|
65
|
-
|
66
|
-
module.exports = { MongocryptdManager };
|
@@ -1,26 +0,0 @@
|
|
1
|
-
'use strict';
|
2
|
-
|
3
|
-
let awsCredentialProviders = null;
|
4
|
-
/** @ignore */
|
5
|
-
async function loadAWSCredentials(kmsProviders) {
|
6
|
-
if (awsCredentialProviders == null) {
|
7
|
-
try {
|
8
|
-
// Ensure you always wrap an optional require in the try block NODE-3199
|
9
|
-
awsCredentialProviders = require('@aws-sdk/credential-providers');
|
10
|
-
// eslint-disable-next-line no-empty
|
11
|
-
} catch {}
|
12
|
-
}
|
13
|
-
|
14
|
-
if (awsCredentialProviders != null) {
|
15
|
-
const { fromNodeProviderChain } = awsCredentialProviders;
|
16
|
-
const provider = fromNodeProviderChain();
|
17
|
-
// The state machine is the only place calling this so it will
|
18
|
-
// catch if there is a rejection here.
|
19
|
-
const aws = await provider();
|
20
|
-
return { ...kmsProviders, aws };
|
21
|
-
}
|
22
|
-
|
23
|
-
return kmsProviders;
|
24
|
-
}
|
25
|
-
|
26
|
-
module.exports = { loadAWSCredentials };
|
@@ -1,178 +0,0 @@
|
|
1
|
-
'use strict';
|
2
|
-
|
3
|
-
const {
|
4
|
-
MongoCryptAzureKMSRequestError,
|
5
|
-
MongoCryptKMSRequestNetworkTimeoutError
|
6
|
-
} = require('../errors');
|
7
|
-
const utils = require('./utils');
|
8
|
-
|
9
|
-
const MINIMUM_TOKEN_REFRESH_IN_MILLISECONDS = 6000;
|
10
|
-
|
11
|
-
/**
|
12
|
-
* @class
|
13
|
-
* @ignore
|
14
|
-
*/
|
15
|
-
class AzureCredentialCache {
|
16
|
-
constructor() {
|
17
|
-
/**
|
18
|
-
* @type { { accessToken: string, expiresOnTimestamp: number } | null}
|
19
|
-
*/
|
20
|
-
this.cachedToken = null;
|
21
|
-
}
|
22
|
-
|
23
|
-
async getToken() {
|
24
|
-
if (this.needsRefresh(this.cachedToken)) {
|
25
|
-
this.cachedToken = await this._getToken();
|
26
|
-
}
|
27
|
-
|
28
|
-
return { accessToken: this.cachedToken.accessToken };
|
29
|
-
}
|
30
|
-
|
31
|
-
needsRefresh(token) {
|
32
|
-
if (token == null) {
|
33
|
-
return true;
|
34
|
-
}
|
35
|
-
const timeUntilExpirationMS = token.expiresOnTimestamp - Date.now();
|
36
|
-
return timeUntilExpirationMS <= MINIMUM_TOKEN_REFRESH_IN_MILLISECONDS;
|
37
|
-
}
|
38
|
-
|
39
|
-
/**
|
40
|
-
* exposed for testing
|
41
|
-
* @ignore
|
42
|
-
*/
|
43
|
-
resetCache() {
|
44
|
-
this.cachedToken = null;
|
45
|
-
}
|
46
|
-
|
47
|
-
/**
|
48
|
-
* exposed for testing
|
49
|
-
* @ignore
|
50
|
-
*/
|
51
|
-
_getToken() {
|
52
|
-
return fetchAzureKMSToken();
|
53
|
-
}
|
54
|
-
}
|
55
|
-
/**
|
56
|
-
* @type{ AzureCredentialCache }
|
57
|
-
* @ignore
|
58
|
-
*/
|
59
|
-
let tokenCache = new AzureCredentialCache();
|
60
|
-
|
61
|
-
/**
|
62
|
-
* @typedef {object} KmsRequestResponsePayload
|
63
|
-
* @property {string | undefined} access_token
|
64
|
-
* @property {string | undefined} expires_in
|
65
|
-
*
|
66
|
-
* @ignore
|
67
|
-
*/
|
68
|
-
|
69
|
-
/**
|
70
|
-
* @param { {body: string, status: number }} response
|
71
|
-
* @returns { Promise<{ accessToken: string, expiresOnTimestamp: number } >}
|
72
|
-
* @ignore
|
73
|
-
*/
|
74
|
-
async function parseResponse(response) {
|
75
|
-
const { status, body: rawBody } = response;
|
76
|
-
|
77
|
-
/**
|
78
|
-
* @type { KmsRequestResponsePayload }
|
79
|
-
*/
|
80
|
-
const body = (() => {
|
81
|
-
try {
|
82
|
-
return JSON.parse(rawBody);
|
83
|
-
} catch {
|
84
|
-
throw new MongoCryptAzureKMSRequestError('Malformed JSON body in GET request.');
|
85
|
-
}
|
86
|
-
})();
|
87
|
-
|
88
|
-
if (status !== 200) {
|
89
|
-
throw new MongoCryptAzureKMSRequestError('Unable to complete request.', body);
|
90
|
-
}
|
91
|
-
|
92
|
-
if (!body.access_token) {
|
93
|
-
throw new MongoCryptAzureKMSRequestError(
|
94
|
-
'Malformed response body - missing field `access_token`.'
|
95
|
-
);
|
96
|
-
}
|
97
|
-
|
98
|
-
if (!body.expires_in) {
|
99
|
-
throw new MongoCryptAzureKMSRequestError(
|
100
|
-
'Malformed response body - missing field `expires_in`.'
|
101
|
-
);
|
102
|
-
}
|
103
|
-
|
104
|
-
const expiresInMS = Number(body.expires_in) * 1000;
|
105
|
-
if (Number.isNaN(expiresInMS)) {
|
106
|
-
throw new MongoCryptAzureKMSRequestError(
|
107
|
-
'Malformed response body - unable to parse int from `expires_in` field.'
|
108
|
-
);
|
109
|
-
}
|
110
|
-
|
111
|
-
return {
|
112
|
-
accessToken: body.access_token,
|
113
|
-
expiresOnTimestamp: Date.now() + expiresInMS
|
114
|
-
};
|
115
|
-
}
|
116
|
-
|
117
|
-
/**
|
118
|
-
* @param {object} options
|
119
|
-
* @param {object | undefined} [options.headers]
|
120
|
-
* @param {URL | undefined} [options.url]
|
121
|
-
*
|
122
|
-
* @ignore
|
123
|
-
*/
|
124
|
-
function prepareRequest(options) {
|
125
|
-
const url =
|
126
|
-
options.url == null
|
127
|
-
? new URL('http://169.254.169.254/metadata/identity/oauth2/token')
|
128
|
-
: new URL(options.url);
|
129
|
-
|
130
|
-
url.searchParams.append('api-version', '2018-02-01');
|
131
|
-
url.searchParams.append('resource', 'https://vault.azure.net');
|
132
|
-
|
133
|
-
const headers = { ...options.headers, 'Content-Type': 'application/json', Metadata: true };
|
134
|
-
return { headers, url };
|
135
|
-
}
|
136
|
-
|
137
|
-
/**
|
138
|
-
* @typedef {object} AzureKMSRequestOptions
|
139
|
-
* @property {object | undefined} headers
|
140
|
-
* @property {URL | undefined} url
|
141
|
-
* @ignore
|
142
|
-
*/
|
143
|
-
|
144
|
-
/**
|
145
|
-
* @typedef {object} AzureKMSRequestResponse
|
146
|
-
* @property {string} accessToken
|
147
|
-
* @property {number} expiresOnTimestamp
|
148
|
-
* @ignore
|
149
|
-
*/
|
150
|
-
|
151
|
-
/**
|
152
|
-
* exported only for testing purposes in the driver
|
153
|
-
*
|
154
|
-
* @param {AzureKMSRequestOptions} options
|
155
|
-
* @returns {Promise<AzureKMSRequestResponse>}
|
156
|
-
*
|
157
|
-
* @ignore
|
158
|
-
*/
|
159
|
-
async function fetchAzureKMSToken(options = {}) {
|
160
|
-
const { headers, url } = prepareRequest(options);
|
161
|
-
const response = await utils.get(url, { headers }).catch(error => {
|
162
|
-
if (error instanceof MongoCryptKMSRequestNetworkTimeoutError) {
|
163
|
-
throw new MongoCryptAzureKMSRequestError(`[Azure KMS] ${error.message}`);
|
164
|
-
}
|
165
|
-
throw error;
|
166
|
-
});
|
167
|
-
return parseResponse(response);
|
168
|
-
}
|
169
|
-
|
170
|
-
/**
|
171
|
-
* @ignore
|
172
|
-
*/
|
173
|
-
async function loadAzureCredentials(kmsProviders) {
|
174
|
-
const azure = await tokenCache.getToken();
|
175
|
-
return { ...kmsProviders, azure };
|
176
|
-
}
|
177
|
-
|
178
|
-
module.exports = { loadAzureCredentials, AzureCredentialCache, fetchAzureKMSToken, tokenCache };
|
@@ -1,24 +0,0 @@
|
|
1
|
-
'use strict';
|
2
|
-
|
3
|
-
let gcpMetadata = null;
|
4
|
-
/** @ignore */
|
5
|
-
async function loadGCPCredentials(kmsProviders) {
|
6
|
-
if (gcpMetadata == null) {
|
7
|
-
try {
|
8
|
-
// Ensure you always wrap an optional require in the try block NODE-3199
|
9
|
-
gcpMetadata = require('gcp-metadata');
|
10
|
-
// eslint-disable-next-line no-empty
|
11
|
-
} catch {}
|
12
|
-
}
|
13
|
-
|
14
|
-
if (gcpMetadata != null) {
|
15
|
-
const { access_token: accessToken } = await gcpMetadata.instance({
|
16
|
-
property: 'service-accounts/default/token'
|
17
|
-
});
|
18
|
-
return { ...kmsProviders, gcp: { accessToken } };
|
19
|
-
}
|
20
|
-
|
21
|
-
return kmsProviders;
|
22
|
-
}
|
23
|
-
|
24
|
-
module.exports = { loadGCPCredentials };
|
@@ -1,54 +0,0 @@
|
|
1
|
-
'use strict';
|
2
|
-
|
3
|
-
const { loadAWSCredentials } = require('./aws');
|
4
|
-
const { loadAzureCredentials, fetchAzureKMSToken } = require('./azure');
|
5
|
-
const { loadGCPCredentials } = require('./gcp');
|
6
|
-
|
7
|
-
/**
|
8
|
-
* Auto credential fetching should only occur when the provider is defined on the kmsProviders map
|
9
|
-
* and the settings are an empty object.
|
10
|
-
*
|
11
|
-
* This is distinct from a nullish provider key.
|
12
|
-
*
|
13
|
-
* @param {'aws' | 'gcp' | 'azure'} provider
|
14
|
-
* @param {object} kmsProviders
|
15
|
-
*
|
16
|
-
* @ignore
|
17
|
-
*/
|
18
|
-
function isEmptyCredentials(provider, kmsProviders) {
|
19
|
-
return (
|
20
|
-
provider in kmsProviders &&
|
21
|
-
kmsProviders[provider] != null &&
|
22
|
-
typeof kmsProviders[provider] === 'object' &&
|
23
|
-
Object.keys(kmsProviders[provider]).length === 0
|
24
|
-
);
|
25
|
-
}
|
26
|
-
|
27
|
-
/**
|
28
|
-
* Load cloud provider credentials for the user provided KMS providers.
|
29
|
-
* Credentials will only attempt to get loaded if they do not exist
|
30
|
-
* and no existing credentials will get overwritten.
|
31
|
-
*
|
32
|
-
* @param {object} kmsProviders - The user provided KMS providers.
|
33
|
-
* @returns {object} The new kms providers.
|
34
|
-
*
|
35
|
-
* @ignore
|
36
|
-
*/
|
37
|
-
async function loadCredentials(kmsProviders) {
|
38
|
-
let finalKMSProviders = kmsProviders;
|
39
|
-
|
40
|
-
if (isEmptyCredentials('aws', kmsProviders)) {
|
41
|
-
finalKMSProviders = await loadAWSCredentials(finalKMSProviders);
|
42
|
-
}
|
43
|
-
|
44
|
-
if (isEmptyCredentials('gcp', kmsProviders)) {
|
45
|
-
finalKMSProviders = await loadGCPCredentials(finalKMSProviders);
|
46
|
-
}
|
47
|
-
|
48
|
-
if (isEmptyCredentials('azure', kmsProviders)) {
|
49
|
-
finalKMSProviders = await loadAzureCredentials(finalKMSProviders);
|
50
|
-
}
|
51
|
-
return finalKMSProviders;
|
52
|
-
}
|
53
|
-
|
54
|
-
module.exports = { loadCredentials, isEmptyCredentials, fetchAzureKMSToken };
|