libmongocrypt-helper 1.8.0.0.1001 → 1.11.0.0.1001
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +33 -0
- data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +12 -1
- data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +1 -4
- data/ext/libmongocrypt/libmongocrypt/Earthfile +151 -3
- data/ext/libmongocrypt/libmongocrypt/README.md +36 -40
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/CMakeLists.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Driver.snk +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/AssemblyInfo.cs +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Binary.cs +16 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptClientFactory.cs +8 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Library.cs +10 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/LibraryLoader.cs +81 -44
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoDB.Libmongocrypt.csproj +2 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/MongoDB.Libmongocrypt.Test.csproj +2 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test32/MongoDB.Libmongocrypt.Test32.csproj +2 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/README.md +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.cake +21 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.config +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.sh +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/build.gradle.kts +28 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java +217 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/resources/keyDocument.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +21 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.jar +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.properties +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew +154 -108
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew.bat +7 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/settings.gradle.kts +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java +41 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPIHelper.java +5 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CipherCallback.java +27 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptImpl.java +34 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoExplicitEncryptOptions.java +6 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/jni-config.json +180 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/reflect-config.json +134 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +44 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/rangeopts.json +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/README.md +4 -900
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +60 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +41 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/python/RELEASE.rst +6 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/python/build-manylinux-wheel.sh +4 -13
- data/ext/libmongocrypt/libmongocrypt/bindings/python/hatch_build.py +36 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/__init__.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/auto_encrypter.py +61 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/credentials.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/explicit_encrypter.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py +149 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/auto_encrypter.py +2 -46
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binary.py +14 -17
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +107 -61
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/compat.py +6 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/credentials.py +2 -121
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/crypto.py +31 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/errors.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/explicit_encrypter.py +2 -233
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +168 -238
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/options.py +265 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/state_machine.py +2 -141
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/auto_encrypter.py +61 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/credentials.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/explicit_encrypter.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/state_machine.py +149 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pyproject.toml +118 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/release.sh +97 -61
- data/ext/libmongocrypt/libmongocrypt/bindings/python/{test-requirements.txt → requirements-test.txt} +4 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/requirements.txt +4 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +76 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/strip_header.py +6 -7
- data/ext/libmongocrypt/libmongocrypt/bindings/python/synchro.py +64 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/__init__.py +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/collection-info.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/command.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/compact/success/encrypted-payload.json +21 -21
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-command-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-field-config-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit-v2/int32/encrypted-payload.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit-v2/int32/rangeopts.json +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-rangePreview-explicit/int32/rangeopts.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-rangePreview-explicit/int32/value-to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document-azure.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document-gcp.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-filter.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/list-collections-filter.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/mongocryptd-command.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/schema-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/performance/keyDocument.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/performance/perf_test.py +165 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_binding.py +8 -12
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_crypto.py +9 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +988 -340
- data/ext/libmongocrypt/libmongocrypt/bindings/python/update-sbom.sh +14 -0
- data/ext/libmongocrypt/libmongocrypt/cmake/FetchMongoC.cmake +19 -1
- data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +23 -0
- data/ext/libmongocrypt/libmongocrypt/cmake/IntelDFP.cmake +19 -227
- data/ext/libmongocrypt/libmongocrypt/cmake/Patch.cmake +54 -0
- data/ext/libmongocrypt/libmongocrypt/doc/img/cli-icon.png +0 -0
- data/ext/libmongocrypt/libmongocrypt/doc/img/reference-targets.png +0 -0
- data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +153 -0
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version.py +61 -28
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version_selftest.sh +73 -0
- data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +108 -0
- data/ext/libmongocrypt/libmongocrypt/etc/format.sh +1 -1
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-pragma.patch +27 -0
- data/ext/libmongocrypt/libmongocrypt/etc/mongo-inteldfp-alpine-arm-fix.patch +17 -0
- data/ext/libmongocrypt/libmongocrypt/etc/packager.py +120 -91
- data/ext/libmongocrypt/libmongocrypt/etc/purls.txt +14 -0
- data/ext/libmongocrypt/libmongocrypt/etc/repo_config.yaml +56 -0
- data/ext/libmongocrypt/libmongocrypt/etc/silk-create-asset-group.sh +70 -0
- data/ext/libmongocrypt/libmongocrypt/etc/ssdlc_compliance_report.md +37 -0
- data/ext/libmongocrypt/libmongocrypt/etc/third_party_vulnerabilities.md +42 -0
- data/ext/libmongocrypt/libmongocrypt/integrating.md +18 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/CMakeLists.txt +11 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_gcp_request.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer.c +17 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer_private.h +6 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_request.c +211 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_response.c +163 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_tag_type_private.h +2 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_kmip_request.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_kmip_response.h +6 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_port.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +23 -2
- data/ext/libmongocrypt/libmongocrypt/src/crypto/libcrypto.c +13 -10
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +16 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +94 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +15 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +114 -53
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private-v2.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +21 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private.h +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-v2.c +38 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +20 -7
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private.h +8 -8
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +89 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev.c +1 -23
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds-private.h +4 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds.c +15 -12
- data/ext/libmongocrypt/libmongocrypt/src/mc-optional-private.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation-private.h +16 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +64 -22
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding-private.h +23 -4
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +359 -65
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +26 -14
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-private.h +17 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +31 -13
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +16 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +259 -63
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +40 -24
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +57 -13
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.test.cpp +5 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-binary-private.h +0 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +5 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-key.c +1 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth-private.h +16 -18
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth.c +105 -76
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto.c +9 -3
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +170 -89
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +505 -124
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +31 -6
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +81 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-dll-private.h +7 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek-private.h +5 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek.c +161 -103
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker-private.h +2 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +191 -69
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx-private.h +50 -15
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +365 -69
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +2 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +200 -107
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +50 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +591 -15
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +6 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +47 -234
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +75 -24
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +18 -2
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_dll.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/bypassQueryAnalysis/payload.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd-to-mongocryptd.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/cmd-to-mongocryptd.json +50 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/collinfo.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/encrypted-field-map.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/encrypted-payload-pattern.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/mongocryptd-reply.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/cmd.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/mongocryptd-reply.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/payload.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/missing-key-id/collinfo.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/collinfo.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/encrypted-payload.json +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/collinfo.json +63 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-field-config-map.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload-range-v2.json +37 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/collinfo.json +64 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +105 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/collinfo.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-field-config-map.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/collinfo.json +15 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +10 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload-range-v2.json +104 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload.json +6 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/collinfo.json +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +3 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/decrypt-response.txt +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/encrypt-response.txt +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/oauth-response.txt +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/encrypted-payload.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/mongocryptd-reply.json +69 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/mongocryptd-reply.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_decimal128.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_double.cstruct +8637 -7958
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_int32.cstruct +5522 -1382
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_int64.cstruct +5042 -1262
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_decimal128.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_decimal128_precision.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_double.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_double_precision.cstruct +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_int32.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_int64.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/cmd.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/mongocryptd-reply.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/mongocryptd-reply.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32/expected.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32/to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32-defaults/expected.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32-defaults/to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-double/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-int32/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-int32-defaults/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/README.md +7 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +9 -5
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +9 -5
- data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-gcp-auth.c +8 -8
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-range-payload-v2.c +43 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +76 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +89 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +342 -76
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +94 -12
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +205 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +49 -23
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +16 -19
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.h +22 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache-oauth.c +94 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cleanup.c +374 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-compact.c +121 -42
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +134 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.c +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.h +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +11 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +8 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +922 -92
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-setopt.c +114 -12
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +14 -9
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-ctx.c +424 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-log.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +447 -28
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-opts.c +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-traverse-util.c +30 -26
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.c +7 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.h +3 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +66 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-named-kms-providers.c +2381 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/HELP.autogen +3 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/README.md +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/csfle.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/make_includes.py +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/util.c +38 -3
- data/lib/libmongocrypt_helper/version.rb +2 -2
- metadata +112 -106
- checksums.yaml.gz.sig +0 -0
- data/ext/libmongocrypt/libmongocrypt/VERSION_CURRENT +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/cs.sln +0 -79
- data/ext/libmongocrypt/libmongocrypt/bindings/node/CHANGELOG.md +0 -105
- data/ext/libmongocrypt/libmongocrypt/bindings/node/LICENSE +0 -201
- data/ext/libmongocrypt/libmongocrypt/bindings/node/binding.gyp +0 -79
- data/ext/libmongocrypt/libmongocrypt/bindings/node/etc/README.hbs +0 -44
- data/ext/libmongocrypt/libmongocrypt/bindings/node/etc/build-static.sh +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/node/index.d.ts +0 -641
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/autoEncrypter.js +0 -420
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/buffer_pool.js +0 -123
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/clientEncryption.js +0 -821
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/common.js +0 -98
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/cryptoCallbacks.js +0 -87
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/errors.js +0 -75
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/index.js +0 -73
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/mongocryptdManager.js +0 -66
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/aws.js +0 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/azure.js +0 -178
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/gcp.js +0 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/index.js +0 -54
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/utils.js +0 -39
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/stateMachine.js +0 -492
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package-lock.json +0 -15302
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package.json +0 -100
- data/ext/libmongocrypt/libmongocrypt/bindings/node/src/mongocrypt.cc +0 -956
- data/ext/libmongocrypt/libmongocrypt/bindings/node/src/mongocrypt.h +0 -114
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/autoEncrypter.test.js +0 -950
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/buffer_pool.test.js +0 -91
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/clientEncryption.test.js +0 -1093
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/common.test.js +0 -94
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/cryptoCallbacks.test.js +0 -240
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/README.md +0 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/collection-info.json +0 -37
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encrypted-document-nested.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encrypted-document.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encryptedFields.json +0 -30
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/key-document.json +0 -32
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/key1-document.json +0 -30
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/mongocryptd-reply.json +0 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/index.test.js +0 -45
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/mongocryptdManager.test.js +0 -48
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/providers/credentialsProvider.test.js +0 -551
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/release.test.js +0 -66
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/requirements.helper.js +0 -51
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/stateMachine.test.js +0 -331
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/tools/chai-addons.js +0 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/tools/mongodb_reporter.js +0 -325
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/types/index.test-d.ts +0 -63
- data/ext/libmongocrypt/libmongocrypt/bindings/python/setup.py +0 -89
- data/ext/libmongocrypt/libmongocrypt/debian/build_snapshot.sh +0 -79
- data/ext/libmongocrypt/libmongocrypt/debian/changelog +0 -105
- data/ext/libmongocrypt/libmongocrypt/debian/compat +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/control +0 -41
- data/ext/libmongocrypt/libmongocrypt/debian/copyright +0 -129
- data/ext/libmongocrypt/libmongocrypt/debian/gbp.conf +0 -23
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt-dev.dirs +0 -2
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt-dev.install +0 -5
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt0.dirs +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt0.install +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/rules +0 -46
- data/ext/libmongocrypt/libmongocrypt/debian/source/format +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/source/lintian-overrides +0 -3
- data/ext/libmongocrypt/libmongocrypt/debian/source/options +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/watch +0 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/mongocryptd-reply.json +0 -72
- data.tar.gz.sig +0 -1
- metadata.gz.sig +0 -0
- /data/ext/libmongocrypt/libmongocrypt/{bindings/node/test/data/kms-decrypt-reply.txt → test/data/kms-aws/decrypt-response.txt} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/{bindings/node/test/data/kms-encrypt-reply.txt → test/data/kms-aws/encrypt-response.txt} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/decrypt-response.txt +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/encrypt-response.txt +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/oauth-response.txt +0 -0
@@ -15,25 +15,23 @@
|
|
15
15
|
import os
|
16
16
|
import os.path
|
17
17
|
import sys
|
18
|
+
from pathlib import Path
|
18
19
|
|
19
20
|
import cffi
|
21
|
+
from packaging.version import Version
|
20
22
|
|
21
|
-
from pymongocrypt.compat import PY3
|
22
23
|
from pymongocrypt.version import _MIN_LIBMONGOCRYPT_VERSION
|
23
24
|
|
24
|
-
try:
|
25
|
-
from pkg_resources import parse_version as _parse_version
|
26
|
-
except ImportError:
|
27
|
-
from distutils.version import LooseVersion as _LooseVersion
|
28
25
|
|
29
|
-
|
30
|
-
|
26
|
+
def _parse_version(version):
|
27
|
+
return Version(version)
|
31
28
|
|
32
29
|
|
33
30
|
ffi = cffi.FFI()
|
34
31
|
|
35
32
|
# Generated with strip_header.py
|
36
|
-
ffi.cdef(
|
33
|
+
ffi.cdef(
|
34
|
+
"""/*
|
37
35
|
* Copyright 2019-present MongoDB, Inc.
|
38
36
|
*
|
39
37
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
@@ -67,6 +65,16 @@ ffi.cdef("""/*
|
|
67
65
|
*/
|
68
66
|
const char *mongocrypt_version(uint32_t *len);
|
69
67
|
|
68
|
+
/**
|
69
|
+
* Returns true if libmongocrypt was built with native crypto support.
|
70
|
+
*
|
71
|
+
* If libmongocrypt was not built with native crypto support, setting crypto
|
72
|
+
* hooks is required.
|
73
|
+
*
|
74
|
+
* @returns True if libmongocrypt was built with native crypto support.
|
75
|
+
*/
|
76
|
+
bool mongocrypt_is_crypto_available(void);
|
77
|
+
|
70
78
|
/**
|
71
79
|
* A non-owning view of a byte buffer.
|
72
80
|
*
|
@@ -88,8 +96,14 @@ const char *mongocrypt_version(uint32_t *len);
|
|
88
96
|
* mongocrypt_ctx_mongo_op guarantees that the viewed data of
|
89
97
|
* mongocrypt_binary_t is valid until the parent ctx is destroyed with @ref
|
90
98
|
* mongocrypt_ctx_destroy.
|
99
|
+
*
|
100
|
+
* The `mongocrypt_binary_t` struct definition is public.
|
101
|
+
* Consumers may rely on the struct layout.
|
91
102
|
*/
|
92
|
-
typedef struct _mongocrypt_binary_t
|
103
|
+
typedef struct _mongocrypt_binary_t {
|
104
|
+
void *data;
|
105
|
+
uint32_t len;
|
106
|
+
} mongocrypt_binary_t;
|
93
107
|
|
94
108
|
/**
|
95
109
|
* Create a new non-owning view of a buffer (data + length).
|
@@ -453,6 +467,17 @@ void mongocrypt_setopt_set_crypt_shared_lib_path_override(mongocrypt_t *crypt, c
|
|
453
467
|
*/
|
454
468
|
void mongocrypt_setopt_use_need_kms_credentials_state(mongocrypt_t *crypt);
|
455
469
|
|
470
|
+
/**
|
471
|
+
* @brief Opt-into handling the MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB state.
|
472
|
+
*
|
473
|
+
* A context enters the MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB state when
|
474
|
+
* processing a `bulkWrite` command. The target database of the `bulkWrite` may differ from the command database
|
475
|
+
* ("admin").
|
476
|
+
*
|
477
|
+
* @param[in] crypt The @ref mongocrypt_t object to update
|
478
|
+
*/
|
479
|
+
void mongocrypt_setopt_use_need_mongo_collinfo_with_db_state(mongocrypt_t *crypt);
|
480
|
+
|
456
481
|
/**
|
457
482
|
* Initialize new @ref mongocrypt_t object.
|
458
483
|
*
|
@@ -510,7 +535,7 @@ const char *mongocrypt_crypt_shared_lib_version_string(const mongocrypt_t *crypt
|
|
510
535
|
* @brief Obtain a 64-bit constant encoding the version of the loaded
|
511
536
|
* crypt_shared library, if available.
|
512
537
|
*
|
513
|
-
* @param[in] crypt The mongocrypt_t object after a
|
538
|
+
* @param[in] crypt The mongocrypt_t object after a successful call to
|
514
539
|
* mongocrypt_init.
|
515
540
|
*
|
516
541
|
* @return A 64-bit encoded version number, with the version encoded as four
|
@@ -639,9 +664,8 @@ bool mongocrypt_ctx_setopt_algorithm(mongocrypt_ctx_t *ctx, const char *algorith
|
|
639
664
|
/// String constant for setopt_algorithm "Random" encryption
|
640
665
|
/// String constant for setopt_algorithm "Indexed" explicit encryption
|
641
666
|
/// String constant for setopt_algorithm "Unindexed" explicit encryption
|
642
|
-
|
643
|
-
|
644
|
-
/// for public use.
|
667
|
+
// DEPRECATED: support "RangePreview" has been removed in favor of "range".
|
668
|
+
// NOTE: "Range" is currently unstable API and subject to backwards breaking changes.
|
645
669
|
|
646
670
|
/**
|
647
671
|
* Identify the AWS KMS master key to use for creating a data key.
|
@@ -823,9 +847,9 @@ bool mongocrypt_ctx_explicit_encrypt_init(mongocrypt_ctx_t *ctx, mongocrypt_bina
|
|
823
847
|
/**
|
824
848
|
* Explicit helper method to encrypt a Match Expression or Aggregate Expression.
|
825
849
|
* Contexts created for explicit encryption will not go through mongocryptd.
|
826
|
-
* Requires query_type to be "
|
827
|
-
*
|
828
|
-
*
|
850
|
+
* Requires query_type to be "range".
|
851
|
+
*
|
852
|
+
* NOTE: "range" is currently unstable API and subject to backwards breaking changes.
|
829
853
|
*
|
830
854
|
* This method expects the passed-in BSON to be of the form:
|
831
855
|
* { "v" : FLE2RangeFindDriverSpec }
|
@@ -918,9 +942,10 @@ bool mongocrypt_ctx_rewrap_many_datakey_init(mongocrypt_ctx_t *ctx, mongocrypt_b
|
|
918
942
|
*/
|
919
943
|
typedef enum {
|
920
944
|
MONGOCRYPT_CTX_ERROR = 0,
|
921
|
-
MONGOCRYPT_CTX_NEED_MONGO_COLLINFO = 1,
|
922
|
-
|
923
|
-
|
945
|
+
MONGOCRYPT_CTX_NEED_MONGO_COLLINFO = 1, /* run on main MongoClient */
|
946
|
+
MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB = 8, /* run on main MongoClient */
|
947
|
+
MONGOCRYPT_CTX_NEED_MONGO_MARKINGS = 2, /* run on mongocryptd. */
|
948
|
+
MONGOCRYPT_CTX_NEED_MONGO_KEYS = 3, /* run on key vault */
|
924
949
|
MONGOCRYPT_CTX_NEED_KMS = 4,
|
925
950
|
MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS = 7, /* fetch/renew KMS credentials */
|
926
951
|
MONGOCRYPT_CTX_READY = 5, /* ready for encryption/decryption */
|
@@ -940,7 +965,7 @@ mongocrypt_ctx_state_t mongocrypt_ctx_state(mongocrypt_ctx_t *ctx);
|
|
940
965
|
* is in MONGOCRYPT_CTX_NEED_MONGO_* states.
|
941
966
|
*
|
942
967
|
* @p op_bson is a BSON document to be used for the operation.
|
943
|
-
* - For MONGOCRYPT_CTX_NEED_MONGO_COLLINFO it is a listCollections filter.
|
968
|
+
* - For MONGOCRYPT_CTX_NEED_MONGO_COLLINFO(_WITH_DB) it is a listCollections filter.
|
944
969
|
* - For MONGOCRYPT_CTX_NEED_MONGO_KEYS it is a find filter.
|
945
970
|
* - For MONGOCRYPT_CTX_NEED_MONGO_MARKINGS it is a command to send to
|
946
971
|
* mongocryptd.
|
@@ -957,13 +982,28 @@ mongocrypt_ctx_state_t mongocrypt_ctx_state(mongocrypt_ctx_t *ctx);
|
|
957
982
|
*/
|
958
983
|
bool mongocrypt_ctx_mongo_op(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *op_bson);
|
959
984
|
|
985
|
+
/**
|
986
|
+
* Get the database to run the mongo operation.
|
987
|
+
*
|
988
|
+
* Only applies when mongocrypt_ctx_t is in the state:
|
989
|
+
* MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB.
|
990
|
+
*
|
991
|
+
* The lifetime of the returned string is tied to the lifetime of @p ctx. It is
|
992
|
+
* valid until @ref mongocrypt_ctx_destroy is called.
|
993
|
+
*
|
994
|
+
* @param[in] ctx The @ref mongocrypt_ctx_t object.
|
995
|
+
* @returns A string or NULL. If NULL, an error status is set. Retrieve it with
|
996
|
+
* @ref mongocrypt_ctx_status
|
997
|
+
*/
|
998
|
+
const char *mongocrypt_ctx_mongo_db(mongocrypt_ctx_t *ctx);
|
999
|
+
|
960
1000
|
/**
|
961
1001
|
* Feed a BSON reply or result when mongocrypt_ctx_t is in
|
962
1002
|
* MONGOCRYPT_CTX_NEED_MONGO_* states. This may be called multiple times
|
963
1003
|
* depending on the operation.
|
964
1004
|
*
|
965
1005
|
* reply is a BSON document result being fed back for this operation.
|
966
|
-
* - For MONGOCRYPT_CTX_NEED_MONGO_COLLINFO it is a doc from a listCollections
|
1006
|
+
* - For MONGOCRYPT_CTX_NEED_MONGO_COLLINFO(_WITH_DB) it is a doc from a listCollections
|
967
1007
|
* cursor. (Note, if listCollections returned no result, do not call this
|
968
1008
|
* function.)
|
969
1009
|
* - For MONGOCRYPT_CTX_NEED_MONGO_KEYS it is a doc from a find cursor.
|
@@ -1176,7 +1216,7 @@ void mongocrypt_ctx_destroy(mongocrypt_ctx_t *ctx);
|
|
1176
1216
|
* @param[out] status An optional status to pass error messages. See @ref
|
1177
1217
|
* mongocrypt_status_set.
|
1178
1218
|
* @returns A boolean indicating success. If returning false, set @p status
|
1179
|
-
* with a message
|
1219
|
+
* with a message indicating the error using @ref mongocrypt_status_set.
|
1180
1220
|
*/
|
1181
1221
|
typedef bool (*mongocrypt_crypto_fn)(void *ctx,
|
1182
1222
|
mongocrypt_binary_t *key,
|
@@ -1201,7 +1241,7 @@ typedef bool (*mongocrypt_crypto_fn)(void *ctx,
|
|
1201
1241
|
* @param[out] status An optional status to pass error messages. See @ref
|
1202
1242
|
* mongocrypt_status_set.
|
1203
1243
|
* @returns A boolean indicating success. If returning false, set @p status
|
1204
|
-
* with a message
|
1244
|
+
* with a message indicating the error using @ref mongocrypt_status_set.
|
1205
1245
|
*/
|
1206
1246
|
typedef bool (*mongocrypt_hmac_fn)(void *ctx,
|
1207
1247
|
mongocrypt_binary_t *key,
|
@@ -1220,7 +1260,7 @@ typedef bool (*mongocrypt_hmac_fn)(void *ctx,
|
|
1220
1260
|
* @param[out] status An optional status to pass error messages. See @ref
|
1221
1261
|
* mongocrypt_status_set.
|
1222
1262
|
* @returns A boolean indicating success. If returning false, set @p status
|
1223
|
-
* with a message
|
1263
|
+
* with a message indicating the error using @ref mongocrypt_status_set.
|
1224
1264
|
*/
|
1225
1265
|
typedef bool (*mongocrypt_hash_fn)(void *ctx,
|
1226
1266
|
mongocrypt_binary_t *in,
|
@@ -1238,7 +1278,7 @@ typedef bool (*mongocrypt_hash_fn)(void *ctx,
|
|
1238
1278
|
* @param[out] status An optional status to pass error messages. See @ref
|
1239
1279
|
* mongocrypt_status_set.
|
1240
1280
|
* @returns A boolean indicating success. If returning false, set @p status
|
1241
|
-
* with a message
|
1281
|
+
* with a message indicating the error using @ref mongocrypt_status_set.
|
1242
1282
|
*/
|
1243
1283
|
typedef bool (*mongocrypt_random_fn)(void *ctx, mongocrypt_binary_t *out, uint32_t count, mongocrypt_status_t *status);
|
1244
1284
|
|
@@ -1259,8 +1299,7 @@ bool mongocrypt_setopt_crypto_hooks(mongocrypt_t *crypt,
|
|
1259
1299
|
* operation.
|
1260
1300
|
* @param[in] aes_256_ctr_decrypt The crypto callback function for decrypt
|
1261
1301
|
* operation.
|
1262
|
-
* @param[in] ctx
|
1263
|
-
* every invocation.
|
1302
|
+
* @param[in] ctx Unused.
|
1264
1303
|
* @pre @ref mongocrypt_init has not been called on @p crypt.
|
1265
1304
|
* @returns A boolean indicating success. If false, an error status is set.
|
1266
1305
|
* Retrieve it with @ref mongocrypt_status
|
@@ -1279,8 +1318,7 @@ bool mongocrypt_setopt_aes_256_ctr(mongocrypt_t *crypt,
|
|
1279
1318
|
* @param[in] crypt The @ref mongocrypt_t object.
|
1280
1319
|
* @param[in] aes_256_ecb_encrypt The crypto callback function for encrypt
|
1281
1320
|
* operation.
|
1282
|
-
* @param[in] ctx
|
1283
|
-
* every invocation.
|
1321
|
+
* @param[in] ctx Unused.
|
1284
1322
|
* @pre @ref mongocrypt_init has not been called on @p crypt.
|
1285
1323
|
* @returns A boolean indicating success. If false, an error status is set.
|
1286
1324
|
* Retrieve it with @ref mongocrypt_status
|
@@ -1320,6 +1358,17 @@ bool mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5(mongocrypt_t *crypt,
|
|
1320
1358
|
*/
|
1321
1359
|
void mongocrypt_setopt_bypass_query_analysis(mongocrypt_t *crypt);
|
1322
1360
|
|
1361
|
+
/**
|
1362
|
+
* DEPRECATED: Use of `mongocrypt_setopt_use_range_v2` is deprecated. Range V2 is always enabled.
|
1363
|
+
* NOTE: "range" is currently unstable API and subject to backwards breaking changes.
|
1364
|
+
*
|
1365
|
+
* @param[in] crypt The @ref mongocrypt_t object.
|
1366
|
+
*
|
1367
|
+
* @returns A boolean indicating success. If false, an error status is set.
|
1368
|
+
* Retrieve it with @ref mongocrypt_status
|
1369
|
+
*/
|
1370
|
+
bool mongocrypt_setopt_use_range_v2(mongocrypt_t *crypt);
|
1371
|
+
|
1323
1372
|
/**
|
1324
1373
|
* Set the contention factor used for explicit encryption.
|
1325
1374
|
* The contention factor is only used for indexed Queryable Encryption.
|
@@ -1362,16 +1411,16 @@ bool mongocrypt_ctx_setopt_index_key_id(mongocrypt_ctx_t *ctx, mongocrypt_binary
|
|
1362
1411
|
bool mongocrypt_ctx_setopt_query_type(mongocrypt_ctx_t *ctx, const char *query_type, int len);
|
1363
1412
|
|
1364
1413
|
/**
|
1365
|
-
* Set options for explicit encryption with the "
|
1366
|
-
* NOTE:
|
1367
|
-
* public use.
|
1414
|
+
* Set options for explicit encryption with the "range" algorithm.
|
1415
|
+
* NOTE: "range" is currently unstable API and subject to backwards breaking changes.
|
1368
1416
|
*
|
1369
1417
|
* @p opts is a BSON document of the form:
|
1370
1418
|
* {
|
1371
1419
|
* "min": Optional<BSON value>,
|
1372
1420
|
* "max": Optional<BSON value>,
|
1373
1421
|
* "sparsity": Int64,
|
1374
|
-
* "precision": Optional<Int32
|
1422
|
+
* "precision": Optional<Int32>,
|
1423
|
+
* "trimFactor": Optional<Int32>
|
1375
1424
|
* }
|
1376
1425
|
*
|
1377
1426
|
* @param[in] ctx The @ref mongocrypt_ctx_t object.
|
@@ -1383,18 +1432,15 @@ bool mongocrypt_ctx_setopt_query_type(mongocrypt_ctx_t *ctx, const char *query_t
|
|
1383
1432
|
bool mongocrypt_ctx_setopt_algorithm_range(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *opts);
|
1384
1433
|
|
1385
1434
|
/// String constants for setopt_query_type
|
1386
|
-
//
|
1387
|
-
|
1388
|
-
"""
|
1389
|
-
|
1390
|
-
|
1391
|
-
|
1392
|
-
|
1393
|
-
|
1394
|
-
|
1395
|
-
def _to_string(cdata):
|
1396
|
-
"""Decode a cdata c-string to a Python str."""
|
1397
|
-
return ffi.string(cdata)
|
1435
|
+
// DEPRECATED: Support "rangePreview" has been removed in favor of "range".
|
1436
|
+
/// NOTE: "range" is currently unstable API and subject to backwards breaking changes.
|
1437
|
+
"""
|
1438
|
+
)
|
1439
|
+
|
1440
|
+
|
1441
|
+
def _to_string(cdata):
|
1442
|
+
"""Decode a cdata c-string to a Python str."""
|
1443
|
+
return ffi.string(cdata).decode()
|
1398
1444
|
|
1399
1445
|
|
1400
1446
|
def libmongocrypt_version():
|
@@ -1408,18 +1454,19 @@ def libmongocrypt_version():
|
|
1408
1454
|
# export PYMONGOCRYPT_LIB='/path/to/libmongocrypt.so'
|
1409
1455
|
# If the PYMONGOCRYPT_LIB is not set then load the embedded library and
|
1410
1456
|
# fallback to the relying on a system installed library.
|
1411
|
-
_base =
|
1412
|
-
if sys.platform ==
|
1413
|
-
_path =
|
1414
|
-
elif sys.platform ==
|
1415
|
-
_path =
|
1457
|
+
_base = Path(os.path.realpath(__file__)).parent
|
1458
|
+
if sys.platform == "win32":
|
1459
|
+
_path = Path(_base) / "mongocrypt.dll"
|
1460
|
+
elif sys.platform == "darwin":
|
1461
|
+
_path = Path(_base) / "libmongocrypt.dylib"
|
1416
1462
|
else:
|
1417
|
-
_path =
|
1463
|
+
_path = Path(_base) / "libmongocrypt.so"
|
1418
1464
|
|
1419
1465
|
|
1420
|
-
class _Library
|
1466
|
+
class _Library:
|
1421
1467
|
"""Helper class for delaying errors that would usually be raised at
|
1422
1468
|
import time until the library is actually used."""
|
1469
|
+
|
1423
1470
|
def __init__(self, error):
|
1424
1471
|
self._error = error
|
1425
1472
|
|
@@ -1427,25 +1474,24 @@ class _Library(object):
|
|
1427
1474
|
raise self._error
|
1428
1475
|
|
1429
1476
|
|
1430
|
-
_PYMONGOCRYPT_LIB = os.environ.get(
|
1477
|
+
_PYMONGOCRYPT_LIB = os.environ.get("PYMONGOCRYPT_LIB")
|
1431
1478
|
try:
|
1432
1479
|
if _PYMONGOCRYPT_LIB:
|
1433
1480
|
lib = ffi.dlopen(_PYMONGOCRYPT_LIB)
|
1434
1481
|
else:
|
1435
1482
|
try:
|
1436
|
-
lib = ffi.dlopen(_path)
|
1437
|
-
except OSError
|
1483
|
+
lib = ffi.dlopen(str(_path))
|
1484
|
+
except OSError:
|
1438
1485
|
# Fallback to libmongocrypt installed on the system.
|
1439
|
-
lib = ffi.dlopen(
|
1486
|
+
lib = ffi.dlopen("mongocrypt")
|
1440
1487
|
except OSError as exc:
|
1441
1488
|
# dlopen raises OSError when the library cannot be found.
|
1442
1489
|
# Delay the error until the library is actually used.
|
1443
1490
|
lib = _Library(exc)
|
1444
1491
|
else:
|
1445
|
-
|
1446
|
-
_limongocrypt_version
|
1447
|
-
if _limongocrypt_version < _parse_version(_MIN_LIBMONGOCRYPT_VERSION):
|
1492
|
+
_limongocrypt_version = Version(libmongocrypt_version())
|
1493
|
+
if _limongocrypt_version < Version(_MIN_LIBMONGOCRYPT_VERSION):
|
1448
1494
|
exc = RuntimeError(
|
1449
|
-
"Expected libmongocrypt version %s or greater, found
|
1450
|
-
|
1495
|
+
f"Expected libmongocrypt version %s or greater, found {_MIN_LIBMONGOCRYPT_VERSION, libmongocrypt_version()}"
|
1496
|
+
)
|
1451
1497
|
lib = _Library(exc)
|
@@ -16,19 +16,21 @@
|
|
16
16
|
|
17
17
|
import sys
|
18
18
|
|
19
|
-
PY3 = sys.version_info[0]
|
19
|
+
PY3 = sys.version_info[0] >= 3
|
20
20
|
|
21
21
|
if PY3:
|
22
22
|
from abc import ABC
|
23
|
+
|
23
24
|
unicode_type = str
|
24
25
|
else:
|
25
26
|
from abc import ABCMeta as _ABCMeta
|
26
|
-
|
27
|
-
|
27
|
+
|
28
|
+
ABC = _ABCMeta("ABC", (object,), {})
|
29
|
+
unicode_type = "unicode"
|
28
30
|
|
29
31
|
|
30
32
|
def str_to_bytes(string):
|
31
33
|
"""Convert a str (or unicode) to bytes."""
|
32
34
|
if isinstance(string, bytes):
|
33
35
|
return string
|
34
|
-
return string.encode(
|
36
|
+
return string.encode("utf-8")
|
@@ -11,126 +11,7 @@
|
|
11
11
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
12
|
# See the License for the specific language governing permissions and
|
13
13
|
# limitations under the License.
|
14
|
-
import os
|
15
|
-
from collections import namedtuple
|
16
|
-
from datetime import datetime, timedelta
|
17
14
|
|
18
|
-
|
19
|
-
from pymongo_auth_aws.auth import aws_temp_credentials
|
20
|
-
_HAVE_AUTH_AWS = True
|
21
|
-
except ImportError:
|
22
|
-
_HAVE_AUTH_AWS = False
|
15
|
+
# Alias file for import compatibility
|
23
16
|
|
24
|
-
from pymongocrypt.
|
25
|
-
|
26
|
-
import requests
|
27
|
-
|
28
|
-
|
29
|
-
_azure_creds = namedtuple("_azure_creds", ["access_token", "expires_in"])
|
30
|
-
_azure_creds_cache = None
|
31
|
-
|
32
|
-
|
33
|
-
def _get_gcp_credentials():
|
34
|
-
"""Get on-demand GCP credentials"""
|
35
|
-
metadata_host = os.getenv("GCE_METADATA_HOST") or "metadata.google.internal"
|
36
|
-
url = "http://%s/computeMetadata/v1/instance/service-accounts/default/token" % metadata_host
|
37
|
-
|
38
|
-
headers = {"Metadata-Flavor": "Google"}
|
39
|
-
try:
|
40
|
-
response = requests.get(url, headers=headers)
|
41
|
-
except Exception as e:
|
42
|
-
msg = "unable to retrieve GCP credentials: %s" % e
|
43
|
-
raise MongoCryptError(msg)
|
44
|
-
|
45
|
-
if response.status_code != 200:
|
46
|
-
msg = "Unable to retrieve GCP credentials: expected StatusCode 200, got StatusCode: %s. Response body:\n%s" % (response.status_code, response.content)
|
47
|
-
raise MongoCryptError(msg)
|
48
|
-
try:
|
49
|
-
data = response.json()
|
50
|
-
except Exception:
|
51
|
-
raise MongoCryptError("unable to retrieve GCP credentials: error reading response body\n%s" % response.content)
|
52
|
-
|
53
|
-
if not data.get("access_token"):
|
54
|
-
msg = "unable to retrieve GCP credentials: got unexpected empty accessToken from GCP Metadata Server. Response body: %s" % response.content
|
55
|
-
raise MongoCryptError(msg)
|
56
|
-
|
57
|
-
return {'accessToken': data['access_token']}
|
58
|
-
|
59
|
-
|
60
|
-
def _get_azure_credentials():
|
61
|
-
"""Get on-demand Azure credentials"""
|
62
|
-
global _azure_creds_cache
|
63
|
-
# Credentials are considered expired when: Expiration - now < 1 mins.
|
64
|
-
creds = _azure_creds_cache
|
65
|
-
if creds:
|
66
|
-
if creds.expires_in - datetime.utcnow() < timedelta(seconds=60):
|
67
|
-
_azure_creds_cache = None
|
68
|
-
else:
|
69
|
-
return { 'accessToken': creds.access_token }
|
70
|
-
|
71
|
-
url = "http://169.254.169.254/metadata/identity/oauth2/token"
|
72
|
-
url += "?api-version=2018-02-01"
|
73
|
-
url += "&resource=https://vault.azure.net"
|
74
|
-
headers = { "Metadata": "true", "Accept": "application/json" }
|
75
|
-
try:
|
76
|
-
response = requests.get(url, headers=headers)
|
77
|
-
except Exception as e:
|
78
|
-
msg = "Failed to acquire IMDS access token: %s" % e
|
79
|
-
raise MongoCryptError(msg)
|
80
|
-
|
81
|
-
if response.status_code != 200:
|
82
|
-
msg = "Failed to acquire IMDS access token."
|
83
|
-
raise MongoCryptError(msg)
|
84
|
-
try:
|
85
|
-
data = response.json()
|
86
|
-
except Exception:
|
87
|
-
raise MongoCryptError("Azure IMDS response must be in JSON format.")
|
88
|
-
|
89
|
-
for key in ["access_token", "expires_in"]:
|
90
|
-
if not data.get(key):
|
91
|
-
msg = "Azure IMDS response must contain %s, but was %s."
|
92
|
-
msg = msg % (key, response.content)
|
93
|
-
raise MongoCryptError(msg)
|
94
|
-
|
95
|
-
try:
|
96
|
-
expires_in = int(data["expires_in"])
|
97
|
-
except ValueError:
|
98
|
-
raise MongoCryptError('Azure IMDS response must contain "expires_in" integer, but was %s.' % response.content)
|
99
|
-
|
100
|
-
expiration_time = datetime.utcnow() + timedelta(seconds=expires_in)
|
101
|
-
_azure_creds_cache = _azure_creds(data['access_token'], expiration_time)
|
102
|
-
return { 'accessToken': data['access_token'] }
|
103
|
-
|
104
|
-
|
105
|
-
def _ask_for_kms_credentials(kms_providers):
|
106
|
-
"""Get on-demand kms credentials.
|
107
|
-
|
108
|
-
This is a separate function so it can be overridden in unit tests."""
|
109
|
-
global _azure_creds_cache
|
110
|
-
on_demand_aws = 'aws' in kms_providers and not len(kms_providers['aws'])
|
111
|
-
on_demand_gcp = 'gcp' in kms_providers and not len(kms_providers['gcp'])
|
112
|
-
on_demand_azure = 'azure' in kms_providers and not len(kms_providers['azure'])
|
113
|
-
|
114
|
-
if not any([on_demand_aws, on_demand_gcp, on_demand_azure]):
|
115
|
-
return {}
|
116
|
-
creds = {}
|
117
|
-
if on_demand_aws:
|
118
|
-
if not _HAVE_AUTH_AWS:
|
119
|
-
raise RuntimeError(
|
120
|
-
"On-demand AWS credentials require pymongo-auth-aws: "
|
121
|
-
"install with: python -m pip install 'pymongo[aws]'"
|
122
|
-
)
|
123
|
-
aws_creds = aws_temp_credentials()
|
124
|
-
creds_dict = {"accessKeyId": aws_creds.username, "secretAccessKey": aws_creds.password}
|
125
|
-
if aws_creds.token:
|
126
|
-
creds_dict["sessionToken"] = aws_creds.token
|
127
|
-
creds['aws'] = creds_dict
|
128
|
-
if on_demand_gcp:
|
129
|
-
creds['gcp'] = _get_gcp_credentials()
|
130
|
-
if on_demand_azure:
|
131
|
-
try:
|
132
|
-
creds['azure'] = _get_azure_credentials()
|
133
|
-
except Exception:
|
134
|
-
_azure_creds_cache = None
|
135
|
-
raise
|
136
|
-
return creds
|
17
|
+
from pymongocrypt.synchronous.credentials import *
|
@@ -20,7 +20,7 @@ import traceback
|
|
20
20
|
from cryptography.hazmat.backends import default_backend
|
21
21
|
from cryptography.hazmat.primitives.asymmetric import padding
|
22
22
|
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
|
23
|
-
from cryptography.hazmat.primitives.hashes import
|
23
|
+
from cryptography.hazmat.primitives.hashes import SHA256, SHA512, Hash
|
24
24
|
from cryptography.hazmat.primitives.hmac import HMAC
|
25
25
|
from cryptography.hazmat.primitives.serialization import load_der_private_key
|
26
26
|
|
@@ -35,18 +35,19 @@ def _callback_error_handler(exception, exc_value, tb):
|
|
35
35
|
# if the whole function ran successfully but there was an error converting
|
36
36
|
# the value returned: this occurs after the call)."
|
37
37
|
if tb is not None:
|
38
|
-
status = tb.tb_frame.f_locals[
|
39
|
-
msg = str_to_bytes(
|
40
|
-
exception, exc_value, tb))
|
38
|
+
status = tb.tb_frame.f_locals["status"]
|
39
|
+
msg = str_to_bytes(
|
40
|
+
"".join(traceback.format_exception(exception, exc_value, tb))
|
41
|
+
)
|
41
42
|
lib.mongocrypt_status_set(
|
42
|
-
status, lib.MONGOCRYPT_STATUS_ERROR_CLIENT, 1, msg, -1
|
43
|
+
status, lib.MONGOCRYPT_STATUS_ERROR_CLIENT, 1, msg, -1
|
44
|
+
)
|
43
45
|
|
44
46
|
return False
|
45
47
|
|
46
48
|
|
47
49
|
def _aes_256_encrypt(key, mode, input, output, bytes_written):
|
48
|
-
cipher = Cipher(algorithms.AES(_to_bytes(key)), mode,
|
49
|
-
backend=default_backend())
|
50
|
+
cipher = Cipher(algorithms.AES(_to_bytes(key)), mode, backend=default_backend())
|
50
51
|
encryptor = cipher.encryptor()
|
51
52
|
data = encryptor.update(_to_bytes(input)) + encryptor.finalize()
|
52
53
|
_write_bytes(output, data)
|
@@ -54,8 +55,7 @@ def _aes_256_encrypt(key, mode, input, output, bytes_written):
|
|
54
55
|
|
55
56
|
|
56
57
|
def _aes_256_decrypt(key, mode, input, output, bytes_written):
|
57
|
-
cipher = Cipher(algorithms.AES(_to_bytes(key)), mode,
|
58
|
-
backend=default_backend())
|
58
|
+
cipher = Cipher(algorithms.AES(_to_bytes(key)), mode, backend=default_backend())
|
59
59
|
decryptor = cipher.decryptor()
|
60
60
|
data = decryptor.update(_to_bytes(input)) + decryptor.finalize()
|
61
61
|
_write_bytes(output, data)
|
@@ -66,7 +66,8 @@ def _aes_256_decrypt(key, mode, input, output, bytes_written):
|
|
66
66
|
"bool(void *, mongocrypt_binary_t *, mongocrypt_binary_t *,"
|
67
67
|
" mongocrypt_binary_t *, mongocrypt_binary_t *, uint32_t *,"
|
68
68
|
" mongocrypt_status_t *)",
|
69
|
-
onerror=_callback_error_handler
|
69
|
+
onerror=_callback_error_handler,
|
70
|
+
)
|
70
71
|
def aes_256_cbc_encrypt(ctx, key, iv, input, output, bytes_written, status):
|
71
72
|
# Note that libmongocrypt pads the input before calling this method.
|
72
73
|
_aes_256_encrypt(key, modes.CBC(_to_bytes(iv)), input, output, bytes_written)
|
@@ -77,7 +78,8 @@ def aes_256_cbc_encrypt(ctx, key, iv, input, output, bytes_written, status):
|
|
77
78
|
"bool(void *, mongocrypt_binary_t *, mongocrypt_binary_t *,"
|
78
79
|
" mongocrypt_binary_t *, mongocrypt_binary_t *, uint32_t *,"
|
79
80
|
" mongocrypt_status_t *)",
|
80
|
-
onerror=_callback_error_handler
|
81
|
+
onerror=_callback_error_handler,
|
82
|
+
)
|
81
83
|
def aes_256_cbc_decrypt(ctx, key, iv, input, output, bytes_written, status):
|
82
84
|
# Note that libmongocrypt pads the input before calling this method.
|
83
85
|
_aes_256_decrypt(key, modes.CBC(_to_bytes(iv)), input, output, bytes_written)
|
@@ -88,7 +90,8 @@ def aes_256_cbc_decrypt(ctx, key, iv, input, output, bytes_written, status):
|
|
88
90
|
"bool(void *, mongocrypt_binary_t *, mongocrypt_binary_t *,"
|
89
91
|
" mongocrypt_binary_t *, mongocrypt_binary_t *, uint32_t *,"
|
90
92
|
" mongocrypt_status_t *)",
|
91
|
-
onerror=_callback_error_handler
|
93
|
+
onerror=_callback_error_handler,
|
94
|
+
)
|
92
95
|
def aes_256_ctr_encrypt(ctx, key, iv, input, output, bytes_written, status):
|
93
96
|
_aes_256_encrypt(key, modes.CTR(_to_bytes(iv)), input, output, bytes_written)
|
94
97
|
return True
|
@@ -98,7 +101,8 @@ def aes_256_ctr_encrypt(ctx, key, iv, input, output, bytes_written, status):
|
|
98
101
|
"bool(void *, mongocrypt_binary_t *, mongocrypt_binary_t *,"
|
99
102
|
" mongocrypt_binary_t *, mongocrypt_binary_t *, uint32_t *,"
|
100
103
|
" mongocrypt_status_t *)",
|
101
|
-
onerror=_callback_error_handler
|
104
|
+
onerror=_callback_error_handler,
|
105
|
+
)
|
102
106
|
def aes_256_ctr_decrypt(ctx, key, iv, input, output, bytes_written, status):
|
103
107
|
_aes_256_decrypt(key, modes.CTR(_to_bytes(iv)), input, output, bytes_written)
|
104
108
|
return True
|
@@ -107,7 +111,8 @@ def aes_256_ctr_decrypt(ctx, key, iv, input, output, bytes_written, status):
|
|
107
111
|
@ffi.callback(
|
108
112
|
"bool(void *, mongocrypt_binary_t *, mongocrypt_binary_t *, "
|
109
113
|
" mongocrypt_binary_t *, mongocrypt_status_t *)",
|
110
|
-
onerror=_callback_error_handler
|
114
|
+
onerror=_callback_error_handler,
|
115
|
+
)
|
111
116
|
def hmac_sha_256(ctx, key, input, output, status):
|
112
117
|
h = HMAC(_to_bytes(key), SHA256(), backend=default_backend())
|
113
118
|
h.update(_to_bytes(input))
|
@@ -119,7 +124,8 @@ def hmac_sha_256(ctx, key, input, output, status):
|
|
119
124
|
@ffi.callback(
|
120
125
|
"bool(void *, mongocrypt_binary_t *, mongocrypt_binary_t *, "
|
121
126
|
" mongocrypt_binary_t *, mongocrypt_status_t *)",
|
122
|
-
onerror=_callback_error_handler
|
127
|
+
onerror=_callback_error_handler,
|
128
|
+
)
|
123
129
|
def hmac_sha_512(ctx, key, input, output, status):
|
124
130
|
h = HMAC(_to_bytes(key), SHA512(), backend=default_backend())
|
125
131
|
h.update(_to_bytes(input))
|
@@ -131,7 +137,8 @@ def hmac_sha_512(ctx, key, input, output, status):
|
|
131
137
|
@ffi.callback(
|
132
138
|
"bool(void *, mongocrypt_binary_t *, mongocrypt_binary_t *, "
|
133
139
|
" mongocrypt_status_t *)",
|
134
|
-
onerror=_callback_error_handler
|
140
|
+
onerror=_callback_error_handler,
|
141
|
+
)
|
135
142
|
def sha_256(ctx, input, output, status):
|
136
143
|
digest = Hash(SHA256(), backend=default_backend())
|
137
144
|
digest.update(_to_bytes(input))
|
@@ -142,7 +149,8 @@ def sha_256(ctx, input, output, status):
|
|
142
149
|
|
143
150
|
@ffi.callback(
|
144
151
|
"bool(void *, mongocrypt_binary_t *, uint32_t, mongocrypt_status_t *)",
|
145
|
-
onerror=_callback_error_handler
|
152
|
+
onerror=_callback_error_handler,
|
153
|
+
)
|
146
154
|
def secure_random(ctx, output, count, status):
|
147
155
|
data = os.urandom(int(count))
|
148
156
|
_write_bytes(output, data)
|
@@ -152,11 +160,14 @@ def secure_random(ctx, output, count, status):
|
|
152
160
|
@ffi.callback(
|
153
161
|
"bool(void *, mongocrypt_binary_t *, mongocrypt_binary_t *, "
|
154
162
|
" mongocrypt_binary_t *, mongocrypt_status_t *)",
|
155
|
-
onerror=_callback_error_handler
|
163
|
+
onerror=_callback_error_handler,
|
164
|
+
)
|
156
165
|
def sign_rsaes_pkcs1_v1_5(ctx, key, input, output, status):
|
157
166
|
rsa_private_key = load_der_private_key(
|
158
|
-
_to_bytes(key), password=None, backend=default_backend()
|
167
|
+
_to_bytes(key), password=None, backend=default_backend()
|
168
|
+
)
|
159
169
|
signature = rsa_private_key.sign(
|
160
|
-
_to_bytes(input), padding=padding.PKCS1v15(), algorithm=SHA256()
|
170
|
+
_to_bytes(input), padding=padding.PKCS1v15(), algorithm=SHA256()
|
171
|
+
)
|
161
172
|
_write_bytes(output, signature)
|
162
173
|
return True
|
@@ -12,7 +12,7 @@
|
|
12
12
|
# See the License for the specific language governing permissions and
|
13
13
|
# limitations under the License.
|
14
14
|
|
15
|
-
from pymongocrypt.binding import ffi, lib
|
15
|
+
from pymongocrypt.binding import _to_string, ffi, lib
|
16
16
|
|
17
17
|
|
18
18
|
class MongoCryptError(Exception):
|
@@ -23,7 +23,7 @@ class MongoCryptError(Exception):
|
|
23
23
|
- `msg`: An error message.
|
24
24
|
- `code`: The mongocrypt_status_t code.
|
25
25
|
"""
|
26
|
-
super(
|
26
|
+
super().__init__(msg)
|
27
27
|
self.code = code
|
28
28
|
|
29
29
|
@classmethod
|