RubyGems - libmongocrypt-helper - Versions diffs - 1.8.0.0.1001 → 1.11.0.0.1001 - Mend

libmongocrypt-helper 1.8.0.0.1001 → 1.11.0.0.1001

Files changed (385) hide show

data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/common.js DELETED Viewed

@@ -1,98 +0,0 @@
-'use strict';
-/**
- * @ignore
- * Helper function for logging. Enabled by setting the environment flag MONGODB_CRYPT_DEBUG.
- * @param {*} msg Anything you want to be logged.
- */
-function debug(msg) {
-  if (process.env.MONGODB_CRYPT_DEBUG) {
-    // eslint-disable-next-line no-console
-    console.error(msg);
-  }
-}
-/**
- * @ignore
- * Gets the database portion of a namespace string
- * @param {string} ns A string in the format of a namespace (database.collection)
- * @returns {string} The database portion of the namespace
- */
-function databaseNamespace(ns) {
-  return ns.split('.')[0];
-}
-/**
- * @ignore
- * Gets the collection portion of a namespace string
- * @param {string} ns A string in the format of a namespace (database.collection)
- * @returns {string} The collection portion of the namespace
- */
-function collectionNamespace(ns) {
-  return ns.split('.').slice(1).join('.');
-}
-function maybeCallback(promiseFn, callback) {
-  const promise = promiseFn();
-  if (callback == null) {
-    return promise;
-  }
-  promise.then(
-    result => process.nextTick(callback, undefined, result),
-    error => process.nextTick(callback, error)
-  );
-  return;
-}
-/**
- * @ignore
- * A helper function. Invokes a function that takes a callback as the final
- * parameter. If a callback is supplied, then it is passed to the function.
- * If not, a Promise is returned that resolves/rejects with the result of the
- * callback
- * @param {Function} [callback] an optional callback.
- * @param {Function} fn A function that takes a callback
- * @returns {Promise|void} Returns nothing if a callback is supplied, else returns a Promise.
- */
-function promiseOrCallback(callback, fn) {
-  if (typeof callback === 'function') {
-    fn(function (err) {
-      if (err != null) {
-        try {
-          callback(err);
-        } catch (error) {
-          return process.nextTick(() => {
-            throw error;
-          });
-        }
-        return;
-      }
-      callback.apply(this, arguments);
-    });
-    return;
-  }
-  return new Promise((resolve, reject) => {
-    fn(function (err, res) {
-      if (err != null) {
-        return reject(err);
-      }
-      if (arguments.length > 2) {
-        return resolve(Array.prototype.slice.call(arguments, 1));
-      }
-      resolve(res);
-    });
-  });
-}
-module.exports = {
-  debug,
-  databaseNamespace,
-  collectionNamespace,
-  promiseOrCallback,
-  maybeCallback
-};

data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/cryptoCallbacks.js DELETED Viewed

@@ -1,87 +0,0 @@
-'use strict';
-const crypto = require('crypto');
-function makeAES256Hook(method, mode) {
-  return function (key, iv, input, output) {
-    let result;
-    try {
-      let cipher = crypto[method](mode, key, iv);
-      cipher.setAutoPadding(false);
-      result = cipher.update(input);
-      const final = cipher.final();
-      if (final.length > 0) {
-        result = Buffer.concat([result, final]);
-      }
-    } catch (e) {
-      return e;
-    }
-    result.copy(output);
-    return result.length;
-  };
-}
-function randomHook(buffer, count) {
-  try {
-    crypto.randomFillSync(buffer, 0, count);
-  } catch (e) {
-    return e;
-  }
-  return count;
-}
-function sha256Hook(input, output) {
-  let result;
-  try {
-    result = crypto.createHash('sha256').update(input).digest();
-  } catch (e) {
-    return e;
-  }
-  result.copy(output);
-  return result.length;
-}
-function makeHmacHook(algorithm) {
-  return (key, input, output) => {
-    let result;
-    try {
-      result = crypto.createHmac(algorithm, key).update(input).digest();
-    } catch (e) {
-      return e;
-    }
-    result.copy(output);
-    return result.length;
-  };
-}
-function signRsaSha256Hook(key, input, output) {
-  let result;
-  try {
-    const signer = crypto.createSign('sha256WithRSAEncryption');
-    const privateKey = Buffer.from(
-      `-----BEGIN PRIVATE KEY-----\n${key.toString('base64')}\n-----END PRIVATE KEY-----\n`
-    );
-    result = signer.update(input).end().sign(privateKey);
-  } catch (e) {
-    return e;
-  }
-  result.copy(output);
-  return result.length;
-}
-module.exports = {
-  aes256CbcEncryptHook: makeAES256Hook('createCipheriv', 'aes-256-cbc'),
-  aes256CbcDecryptHook: makeAES256Hook('createDecipheriv', 'aes-256-cbc'),
-  aes256CtrEncryptHook: makeAES256Hook('createCipheriv', 'aes-256-ctr'),
-  aes256CtrDecryptHook: makeAES256Hook('createDecipheriv', 'aes-256-ctr'),
-  randomHook,
-  hmacSha512Hook: makeHmacHook('sha512'),
-  hmacSha256Hook: makeHmacHook('sha256'),
-  sha256Hook,
-  signRsaSha256Hook
-};

data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/errors.js DELETED Viewed

@@ -1,75 +0,0 @@
-'use strict';
-/**
- * @class
- * An error indicating that something went wrong specifically with MongoDB Client Encryption
- */
-class MongoCryptError extends Error {
-  constructor(message, options = {}) {
-    super(message);
-    if (options.cause != null) {
-      this.cause = options.cause;
-    }
-  }
-  get name() {
-    return 'MongoCryptError';
-  }
-}
-/**
- * @experimental Public Technical Preview
- * @class
- * An error indicating that `ClientEncryption.createEncryptedCollection()` failed to create data keys
- */
-class MongoCryptCreateDataKeyError extends MongoCryptError {
-  constructor({ encryptedFields, cause }) {
-    super(`Unable to complete creating data keys: ${cause.message}`, { cause });
-    this.encryptedFields = encryptedFields;
-  }
-  get name() {
-    return 'MongoCryptCreateDataKeyError';
-  }
-}
-/**
- * @experimental Public Technical Preview
- * @class
- * An error indicating that `ClientEncryption.createEncryptedCollection()` failed to create a collection
- */
-class MongoCryptCreateEncryptedCollectionError extends MongoCryptError {
-  constructor({ encryptedFields, cause }) {
-    super(`Unable to create collection: ${cause.message}`, { cause });
-    this.encryptedFields = encryptedFields;
-  }
-  get name() {
-    return 'MongoCryptCreateEncryptedCollectionError';
-  }
-}
-/**
- * @class
- * An error indicating that mongodb-client-encryption failed to auto-refresh Azure KMS credentials.
- */
-class MongoCryptAzureKMSRequestError extends MongoCryptError {
-  /**
-   * @param {string} message
-   * @param {object | undefined} body
-   */
-  constructor(message, body) {
-    super(message);
-    this.body = body;
-  }
-}
-class MongoCryptKMSRequestNetworkTimeoutError extends MongoCryptError {}
-module.exports = {
-  MongoCryptError,
-  MongoCryptKMSRequestNetworkTimeoutError,
-  MongoCryptAzureKMSRequestError,
-  MongoCryptCreateDataKeyError,
-  MongoCryptCreateEncryptedCollectionError
-};

data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/index.js DELETED Viewed

@@ -1,73 +0,0 @@
-'use strict';
-let defaultModule;
-function loadDefaultModule() {
-  if (!defaultModule) {
-    defaultModule = extension(require('mongodb'));
-  }
-  return defaultModule;
-}
-const {
-  MongoCryptError,
-  MongoCryptCreateEncryptedCollectionError,
-  MongoCryptCreateDataKeyError,
-  MongoCryptAzureKMSRequestError,
-  MongoCryptKMSRequestNetworkTimeoutError
-} = require('./errors');
-const { fetchAzureKMSToken } = require('./providers/index');
-function extension(mongodb) {
-  const modules = { mongodb };
-  modules.stateMachine = require('./stateMachine')(modules);
-  modules.autoEncrypter = require('./autoEncrypter')(modules);
-  modules.clientEncryption = require('./clientEncryption')(modules);
-  const exports = {
-    AutoEncrypter: modules.autoEncrypter.AutoEncrypter,
-    ClientEncryption: modules.clientEncryption.ClientEncryption,
-    MongoCryptError,
-    MongoCryptCreateEncryptedCollectionError,
-    MongoCryptCreateDataKeyError,
-    MongoCryptAzureKMSRequestError,
-    MongoCryptKMSRequestNetworkTimeoutError
-  };
-  Object.defineProperty(exports, '___azureKMSProseTestExports', {
-    enumerable: false,
-    configurable: false,
-    value: fetchAzureKMSToken
-  });
-  return exports;
-}
-module.exports = {
-  extension,
-  MongoCryptError,
-  MongoCryptCreateEncryptedCollectionError,
-  MongoCryptCreateDataKeyError,
-  MongoCryptAzureKMSRequestError,
-  MongoCryptKMSRequestNetworkTimeoutError,
-  get AutoEncrypter() {
-    const m = loadDefaultModule();
-    delete module.exports.AutoEncrypter;
-    module.exports.AutoEncrypter = m.AutoEncrypter;
-    return m.AutoEncrypter;
-  },
-  get ClientEncryption() {
-    const m = loadDefaultModule();
-    delete module.exports.ClientEncryption;
-    module.exports.ClientEncryption = m.ClientEncryption;
-    return m.ClientEncryption;
-  }
-};
-Object.defineProperty(module.exports, '___azureKMSProseTestExports', {
-  enumerable: false,
-  configurable: false,
-  value: fetchAzureKMSToken
-});

data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/mongocryptdManager.js DELETED Viewed

@@ -1,66 +0,0 @@
-'use strict';
-const spawn = require('child_process').spawn;
-/**
- * @ignore
- * An internal class that handles spawning a mongocryptd.
- */
-class MongocryptdManager {
-  /**
-   * @ignore
-   * Creates a new Mongocryptd Manager
-   * @param {AutoEncrypter~AutoEncryptionExtraOptions} [extraOptions] extra options that determine how/when to spawn a mongocryptd
-   */
-  constructor(extraOptions) {
-    extraOptions = extraOptions || {};
-    this.uri =
-      typeof extraOptions.mongocryptdURI === 'string' && extraOptions.mongocryptdURI.length > 0
-        ? extraOptions.mongocryptdURI
-        : MongocryptdManager.DEFAULT_MONGOCRYPTD_URI;
-    this.bypassSpawn = !!extraOptions.mongocryptdBypassSpawn;
-    this.spawnPath = extraOptions.mongocryptdSpawnPath || '';
-    this.spawnArgs = [];
-    if (Array.isArray(extraOptions.mongocryptdSpawnArgs)) {
-      this.spawnArgs = this.spawnArgs.concat(extraOptions.mongocryptdSpawnArgs);
-    }
-    if (
-      this.spawnArgs
-        .filter(arg => typeof arg === 'string')
-        .every(arg => arg.indexOf('--idleShutdownTimeoutSecs') < 0)
-    ) {
-      this.spawnArgs.push('--idleShutdownTimeoutSecs', 60);
-    }
-  }
-  /**
-   * @ignore
-   * Will check to see if a mongocryptd is up. If it is not up, it will attempt
-   * to spawn a mongocryptd in a detached process, and then wait for it to be up.
-   * @param {Function} callback Invoked when we think a mongocryptd is up
-   */
-  spawn(callback) {
-    const cmdName = this.spawnPath || 'mongocryptd';
-    // Spawned with stdio: ignore and detatched:true
-    // to ensure child can outlive parent.
-    this._child = spawn(cmdName, this.spawnArgs, {
-      stdio: 'ignore',
-      detached: true
-    });
-    this._child.on('error', () => {});
-    // unref child to remove handle from event loop
-    this._child.unref();
-    process.nextTick(callback);
-  }
-}
-MongocryptdManager.DEFAULT_MONGOCRYPTD_URI = 'mongodb://localhost:27020';
-module.exports = { MongocryptdManager };

data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/aws.js DELETED Viewed

@@ -1,26 +0,0 @@
-'use strict';
-let awsCredentialProviders = null;
-/** @ignore */
-async function loadAWSCredentials(kmsProviders) {
-  if (awsCredentialProviders == null) {
-    try {
-      // Ensure you always wrap an optional require in the try block NODE-3199
-      awsCredentialProviders = require('@aws-sdk/credential-providers');
-      // eslint-disable-next-line no-empty
-    } catch {}
-  }
-  if (awsCredentialProviders != null) {
-    const { fromNodeProviderChain } = awsCredentialProviders;
-    const provider = fromNodeProviderChain();
-    // The state machine is the only place calling this so it will
-    // catch if there is a rejection here.
-    const aws = await provider();
-    return { ...kmsProviders, aws };
-  }
-  return kmsProviders;
-}
-module.exports = { loadAWSCredentials };

data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/azure.js DELETED Viewed

@@ -1,178 +0,0 @@
-'use strict';
-const {
-  MongoCryptAzureKMSRequestError,
-  MongoCryptKMSRequestNetworkTimeoutError
-} = require('../errors');
-const utils = require('./utils');
-const MINIMUM_TOKEN_REFRESH_IN_MILLISECONDS = 6000;
-/**
- * @class
- * @ignore
- */
-class AzureCredentialCache {
-  constructor() {
-    /**
-     * @type { { accessToken: string, expiresOnTimestamp: number } | null}
-     */
-    this.cachedToken = null;
-  }
-  async getToken() {
-    if (this.needsRefresh(this.cachedToken)) {
-      this.cachedToken = await this._getToken();
-    }
-    return { accessToken: this.cachedToken.accessToken };
-  }
-  needsRefresh(token) {
-    if (token == null) {
-      return true;
-    }
-    const timeUntilExpirationMS = token.expiresOnTimestamp - Date.now();
-    return timeUntilExpirationMS <= MINIMUM_TOKEN_REFRESH_IN_MILLISECONDS;
-  }
-  /**
-   * exposed for testing
-   * @ignore
-   */
-  resetCache() {
-    this.cachedToken = null;
-  }
-  /**
-   * exposed for testing
-   * @ignore
-   */
-  _getToken() {
-    return fetchAzureKMSToken();
-  }
-}
-/**
- * @type{ AzureCredentialCache }
- * @ignore
- */
-let tokenCache = new AzureCredentialCache();
-/**
- * @typedef {object} KmsRequestResponsePayload
- * @property {string | undefined} access_token
- * @property {string | undefined} expires_in
- *
- * @ignore
- */
-/**
- * @param { {body: string, status: number }} response
- * @returns { Promise<{ accessToken: string, expiresOnTimestamp: number } >}
- * @ignore
- */
-async function parseResponse(response) {
-  const { status, body: rawBody } = response;
-  /**
-   * @type { KmsRequestResponsePayload }
-   */
-  const body = (() => {
-    try {
-      return JSON.parse(rawBody);
-    } catch {
-      throw new MongoCryptAzureKMSRequestError('Malformed JSON body in GET request.');
-    }
-  })();
-  if (status !== 200) {
-    throw new MongoCryptAzureKMSRequestError('Unable to complete request.', body);
-  }
-  if (!body.access_token) {
-    throw new MongoCryptAzureKMSRequestError(
-      'Malformed response body - missing field `access_token`.'
-    );
-  }
-  if (!body.expires_in) {
-    throw new MongoCryptAzureKMSRequestError(
-      'Malformed response body - missing field `expires_in`.'
-    );
-  }
-  const expiresInMS = Number(body.expires_in) * 1000;
-  if (Number.isNaN(expiresInMS)) {
-    throw new MongoCryptAzureKMSRequestError(
-      'Malformed response body - unable to parse int from `expires_in` field.'
-    );
-  }
-  return {
-    accessToken: body.access_token,
-    expiresOnTimestamp: Date.now() + expiresInMS
-  };
-}
-/**
- * @param {object} options
- * @param {object | undefined} [options.headers]
- * @param {URL | undefined} [options.url]
- *
- * @ignore
- */
-function prepareRequest(options) {
-  const url =
-    options.url == null
-      ? new URL('http://169.254.169.254/metadata/identity/oauth2/token')
-      : new URL(options.url);
-  url.searchParams.append('api-version', '2018-02-01');
-  url.searchParams.append('resource', 'https://vault.azure.net');
-  const headers = { ...options.headers, 'Content-Type': 'application/json', Metadata: true };
-  return { headers, url };
-}
-/**
- * @typedef {object} AzureKMSRequestOptions
- * @property {object | undefined} headers
- * @property {URL | undefined} url
- * @ignore
- */
-/**
- * @typedef {object} AzureKMSRequestResponse
- * @property {string} accessToken
- * @property {number} expiresOnTimestamp
- * @ignore
- */
-/**
- * exported only for testing purposes in the driver
- *
- * @param {AzureKMSRequestOptions} options
- * @returns {Promise<AzureKMSRequestResponse>}
- *
- * @ignore
- */
-async function fetchAzureKMSToken(options = {}) {
-  const { headers, url } = prepareRequest(options);
-  const response = await utils.get(url, { headers }).catch(error => {
-    if (error instanceof MongoCryptKMSRequestNetworkTimeoutError) {
-      throw new MongoCryptAzureKMSRequestError(`[Azure KMS] ${error.message}`);
-    }
-    throw error;
-  });
-  return parseResponse(response);
-}
-/**
- * @ignore
- */
-async function loadAzureCredentials(kmsProviders) {
-  const azure = await tokenCache.getToken();
-  return { ...kmsProviders, azure };
-}
-module.exports = { loadAzureCredentials, AzureCredentialCache, fetchAzureKMSToken, tokenCache };

data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/gcp.js DELETED Viewed

@@ -1,24 +0,0 @@
-'use strict';
-let gcpMetadata = null;
-/** @ignore */
-async function loadGCPCredentials(kmsProviders) {
-  if (gcpMetadata == null) {
-    try {
-      // Ensure you always wrap an optional require in the try block NODE-3199
-      gcpMetadata = require('gcp-metadata');
-      // eslint-disable-next-line no-empty
-    } catch {}
-  }
-  if (gcpMetadata != null) {
-    const { access_token: accessToken } = await gcpMetadata.instance({
-      property: 'service-accounts/default/token'
-    });
-    return { ...kmsProviders, gcp: { accessToken } };
-  }
-  return kmsProviders;
-}
-module.exports = { loadGCPCredentials };

data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/index.js DELETED Viewed

@@ -1,54 +0,0 @@
-'use strict';
-const { loadAWSCredentials } = require('./aws');
-const { loadAzureCredentials, fetchAzureKMSToken } = require('./azure');
-const { loadGCPCredentials } = require('./gcp');
-/**
- * Auto credential fetching should only occur when the provider is defined on the kmsProviders map
- * and the settings are an empty object.
- *
- * This is distinct from a nullish provider key.
- *
- * @param {'aws' | 'gcp' | 'azure'} provider
- * @param {object} kmsProviders
- *
- * @ignore
- */
-function isEmptyCredentials(provider, kmsProviders) {
-  return (
-    provider in kmsProviders &&
-    kmsProviders[provider] != null &&
-    typeof kmsProviders[provider] === 'object' &&
-    Object.keys(kmsProviders[provider]).length === 0
-  );
-}
-/**
- * Load cloud provider credentials for the user provided KMS providers.
- * Credentials will only attempt to get loaded if they do not exist
- * and no existing credentials will get overwritten.
- *
- * @param {object} kmsProviders - The user provided KMS providers.
- * @returns {object} The new kms providers.
- *
- * @ignore
- */
-async function loadCredentials(kmsProviders) {
-  let finalKMSProviders = kmsProviders;
-  if (isEmptyCredentials('aws', kmsProviders)) {
-    finalKMSProviders = await loadAWSCredentials(finalKMSProviders);
-  }
-  if (isEmptyCredentials('gcp', kmsProviders)) {
-    finalKMSProviders = await loadGCPCredentials(finalKMSProviders);
-  }
-  if (isEmptyCredentials('azure', kmsProviders)) {
-    finalKMSProviders = await loadAzureCredentials(finalKMSProviders);
-  }
-  return finalKMSProviders;
-}
-module.exports = { loadCredentials, isEmptyCredentials, fetchAzureKMSToken };