mongo 2.22.0 → 2.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/mongo_console +0 -1
- data/lib/mongo/active_support.rb +1 -2
- data/lib/mongo/address/ipv4.rb +3 -6
- data/lib/mongo/address/ipv6.rb +6 -10
- data/lib/mongo/address/unix.rb +1 -4
- data/lib/mongo/address/validator.rb +16 -28
- data/lib/mongo/address.rb +30 -40
- data/lib/mongo/auth/aws/conversation.rb +6 -10
- data/lib/mongo/auth/aws/credentials.rb +0 -1
- data/lib/mongo/auth/aws/credentials_cache.rb +0 -1
- data/lib/mongo/auth/aws/credentials_retriever.rb +45 -59
- data/lib/mongo/auth/aws/request.rb +20 -35
- data/lib/mongo/auth/aws.rb +1 -2
- data/lib/mongo/auth/base.rb +20 -29
- data/lib/mongo/auth/conversation_base.rb +14 -18
- data/lib/mongo/auth/cr/conversation.rb +0 -3
- data/lib/mongo/auth/cr.rb +1 -4
- data/lib/mongo/auth/credential_cache.rb +0 -2
- data/lib/mongo/auth/gssapi/conversation.rb +3 -8
- data/lib/mongo/auth/gssapi.rb +1 -4
- data/lib/mongo/auth/ldap/conversation.rb +0 -3
- data/lib/mongo/auth/ldap.rb +1 -4
- data/lib/mongo/auth/roles.rb +16 -19
- data/lib/mongo/auth/sasl_conversation_base.rb +7 -11
- data/lib/mongo/auth/scram/conversation.rb +2 -5
- data/lib/mongo/auth/scram.rb +5 -10
- data/lib/mongo/auth/scram256/conversation.rb +2 -5
- data/lib/mongo/auth/scram256.rb +1 -3
- data/lib/mongo/auth/scram_conversation_base.rb +18 -24
- data/lib/mongo/auth/stringprep/profiles/sasl.rb +17 -18
- data/lib/mongo/auth/stringprep/tables.rb +2209 -2210
- data/lib/mongo/auth/stringprep/unicode_normalize/normalize.rb +36 -38
- data/lib/mongo/auth/stringprep/unicode_normalize/tables.rb +1142 -1150
- data/lib/mongo/auth/stringprep.rb +9 -12
- data/lib/mongo/auth/user/view.rb +3 -5
- data/lib/mongo/auth/user.rb +14 -24
- data/lib/mongo/auth/x509/conversation.rb +0 -3
- data/lib/mongo/auth/x509.rb +7 -9
- data/lib/mongo/auth.rb +18 -30
- data/lib/mongo/background_thread.rb +9 -17
- data/lib/mongo/bson.rb +0 -2
- data/lib/mongo/bulk_write/combineable.rb +0 -3
- data/lib/mongo/bulk_write/ordered_combiner.rb +1 -3
- data/lib/mongo/bulk_write/result.rb +11 -16
- data/lib/mongo/bulk_write/result_combiner.rb +9 -12
- data/lib/mongo/bulk_write/transformable.rb +16 -19
- data/lib/mongo/bulk_write/unordered_combiner.rb +1 -3
- data/lib/mongo/bulk_write/validatable.rb +11 -18
- data/lib/mongo/bulk_write.rb +76 -91
- data/lib/mongo/caching_cursor.rb +2 -7
- data/lib/mongo/client.rb +267 -276
- data/lib/mongo/client_encryption.rb +4 -5
- data/lib/mongo/cluster/periodic_executor.rb +2 -5
- data/lib/mongo/cluster/reapers/cursor_reaper.rb +21 -29
- data/lib/mongo/cluster/reapers/socket_reaper.rb +1 -6
- data/lib/mongo/cluster/sdam_flow.rb +136 -159
- data/lib/mongo/cluster/topology/base.rb +15 -18
- data/lib/mongo/cluster/topology/load_balanced.rb +24 -14
- data/lib/mongo/cluster/topology/no_replica_set_options.rb +3 -6
- data/lib/mongo/cluster/topology/replica_set_no_primary.rb +20 -23
- data/lib/mongo/cluster/topology/replica_set_with_primary.rb +0 -2
- data/lib/mongo/cluster/topology/sharded.rb +19 -9
- data/lib/mongo/cluster/topology/single.rb +24 -14
- data/lib/mongo/cluster/topology/unknown.rb +20 -10
- data/lib/mongo/cluster/topology.rb +29 -25
- data/lib/mongo/cluster.rb +152 -184
- data/lib/mongo/cluster_time.rb +14 -31
- data/lib/mongo/collection/helpers.rb +5 -8
- data/lib/mongo/collection/view/aggregation/behavior.rb +1 -1
- data/lib/mongo/collection/view/aggregation.rb +10 -12
- data/lib/mongo/collection/view/builder/aggregation.rb +6 -9
- data/lib/mongo/collection/view/builder/map_reduce.rb +18 -17
- data/lib/mongo/collection/view/builder.rb +0 -1
- data/lib/mongo/collection/view/change_stream/retryable.rb +3 -8
- data/lib/mongo/collection/view/change_stream.rb +59 -58
- data/lib/mongo/collection/view/explainable.rb +11 -20
- data/lib/mongo/collection/view/immutable.rb +1 -3
- data/lib/mongo/collection/view/iterable.rb +44 -35
- data/lib/mongo/collection/view/map_reduce.rb +20 -25
- data/lib/mongo/collection/view/readable.rb +96 -94
- data/lib/mongo/collection/view/writable.rb +104 -114
- data/lib/mongo/collection/view.rb +11 -8
- data/lib/mongo/collection.rb +103 -106
- data/lib/mongo/condition_variable.rb +4 -4
- data/lib/mongo/config/options.rb +0 -3
- data/lib/mongo/config/validators/option.rb +3 -5
- data/lib/mongo/config.rb +6 -4
- data/lib/mongo/crypt/auto_decryption_context.rb +9 -3
- data/lib/mongo/crypt/auto_encrypter.rb +34 -43
- data/lib/mongo/crypt/auto_encryption_context.rb +0 -3
- data/lib/mongo/crypt/binary.rb +5 -9
- data/lib/mongo/crypt/binding.rb +150 -156
- data/lib/mongo/crypt/context.rb +20 -17
- data/lib/mongo/crypt/data_key_context.rb +2 -7
- data/lib/mongo/crypt/encryption_io.rb +29 -39
- data/lib/mongo/crypt/explicit_decryption_context.rb +9 -3
- data/lib/mongo/crypt/explicit_encrypter.rb +1 -1
- data/lib/mongo/crypt/explicit_encryption_context.rb +19 -30
- data/lib/mongo/crypt/explicit_encryption_expression_context.rb +0 -2
- data/lib/mongo/crypt/handle.rb +42 -48
- data/lib/mongo/crypt/hooks.rb +12 -15
- data/lib/mongo/crypt/kms/aws/credentials.rb +12 -16
- data/lib/mongo/crypt/kms/aws/master_document.rb +6 -9
- data/lib/mongo/crypt/kms/aws.rb +0 -2
- data/lib/mongo/crypt/kms/azure/credentials_retriever.rb +2 -7
- data/lib/mongo/crypt/kms/azure/master_document.rb +15 -19
- data/lib/mongo/crypt/kms/azure.rb +0 -1
- data/lib/mongo/crypt/kms/credentials.rb +13 -27
- data/lib/mongo/crypt/kms/gcp/credentials.rb +12 -14
- data/lib/mongo/crypt/kms/gcp/credentials_retriever.rb +7 -9
- data/lib/mongo/crypt/kms/gcp/master_document.rb +12 -16
- data/lib/mongo/crypt/kms/gcp.rb +0 -2
- data/lib/mongo/crypt/kms/kmip/credentials.rb +7 -8
- data/lib/mongo/crypt/kms/kmip/master_document.rb +3 -5
- data/lib/mongo/crypt/kms/kmip.rb +0 -1
- data/lib/mongo/crypt/kms/local/credentials.rb +7 -8
- data/lib/mongo/crypt/kms/local/master_document.rb +2 -6
- data/lib/mongo/crypt/kms/local.rb +0 -1
- data/lib/mongo/crypt/kms/master_key_document.rb +11 -15
- data/lib/mongo/crypt/kms.rb +14 -16
- data/lib/mongo/crypt/kms_context.rb +0 -2
- data/lib/mongo/crypt/rewrap_many_data_key_context.rb +2 -7
- data/lib/mongo/crypt/rewrap_many_data_key_result.rb +2 -4
- data/lib/mongo/crypt/status.rb +12 -14
- data/lib/mongo/crypt.rb +0 -1
- data/lib/mongo/csot_timeout_holder.rb +3 -2
- data/lib/mongo/cursor/kill_spec.rb +7 -10
- data/lib/mongo/cursor.rb +74 -64
- data/lib/mongo/cursor_host.rb +8 -10
- data/lib/mongo/database/view.rb +23 -39
- data/lib/mongo/database.rb +68 -65
- data/lib/mongo/dbref.rb +0 -1
- data/lib/mongo/deprecations.rb +98 -0
- data/lib/mongo/distinguishing_semaphore.rb +0 -1
- data/lib/mongo/error/auth_error.rb +0 -2
- data/lib/mongo/error/bad_load_balancer_target.rb +0 -2
- data/lib/mongo/error/bulk_write_error.rb +7 -10
- data/lib/mongo/error/change_stream_resumable.rb +0 -2
- data/lib/mongo/error/client_closed.rb +0 -2
- data/lib/mongo/error/closed_stream.rb +1 -4
- data/lib/mongo/error/connection_check_out_timeout.rb +3 -6
- data/lib/mongo/error/connection_perished.rb +0 -2
- data/lib/mongo/error/connection_unavailable.rb +0 -2
- data/lib/mongo/error/credential_check_error.rb +0 -2
- data/lib/mongo/error/crypt_error.rb +0 -2
- data/lib/mongo/error/extra_file_chunk.rb +1 -4
- data/lib/mongo/error/failed_string_prep_validation.rb +5 -6
- data/lib/mongo/error/file_not_found.rb +0 -3
- data/lib/mongo/error/handshake_error.rb +0 -2
- data/lib/mongo/error/insufficient_iteration_count.rb +1 -4
- data/lib/mongo/error/internal_driver_error.rb +0 -2
- data/lib/mongo/error/invalid_address.rb +0 -2
- data/lib/mongo/error/invalid_application_name.rb +0 -3
- data/lib/mongo/error/invalid_bulk_operation.rb +1 -4
- data/lib/mongo/error/invalid_bulk_operation_type.rb +1 -4
- data/lib/mongo/error/invalid_collection_name.rb +1 -4
- data/lib/mongo/error/invalid_config_option.rb +0 -3
- data/lib/mongo/error/invalid_cursor_operation.rb +0 -2
- data/lib/mongo/error/invalid_database_name.rb +1 -4
- data/lib/mongo/error/invalid_document.rb +1 -4
- data/lib/mongo/error/invalid_file.rb +0 -3
- data/lib/mongo/error/invalid_file_revision.rb +0 -3
- data/lib/mongo/error/invalid_min_pool_size.rb +0 -3
- data/lib/mongo/error/invalid_nonce.rb +0 -3
- data/lib/mongo/error/invalid_read_concern.rb +2 -4
- data/lib/mongo/error/invalid_read_option.rb +0 -3
- data/lib/mongo/error/invalid_replacement_document.rb +2 -5
- data/lib/mongo/error/invalid_server_auth_host.rb +0 -2
- data/lib/mongo/error/invalid_server_auth_response.rb +0 -2
- data/lib/mongo/error/invalid_server_preference.rb +7 -16
- data/lib/mongo/error/invalid_session.rb +1 -4
- data/lib/mongo/error/invalid_signature.rb +0 -3
- data/lib/mongo/error/invalid_transaction_operation.rb +5 -8
- data/lib/mongo/error/invalid_txt_record.rb +0 -2
- data/lib/mongo/error/invalid_update_document.rb +2 -5
- data/lib/mongo/error/invalid_uri.rb +1 -4
- data/lib/mongo/error/invalid_write_concern.rb +2 -5
- data/lib/mongo/error/kms_error.rb +0 -2
- data/lib/mongo/error/labelable.rb +0 -3
- data/lib/mongo/error/lint_error.rb +0 -2
- data/lib/mongo/error/max_bson_size.rb +8 -11
- data/lib/mongo/error/max_message_size.rb +2 -5
- data/lib/mongo/error/mismatched_domain.rb +0 -2
- data/lib/mongo/error/missing_connection.rb +0 -2
- data/lib/mongo/error/missing_file_chunk.rb +0 -3
- data/lib/mongo/error/missing_password.rb +0 -2
- data/lib/mongo/error/missing_resume_token.rb +1 -4
- data/lib/mongo/error/missing_scram_server_signature.rb +2 -4
- data/lib/mongo/error/missing_service_id.rb +0 -2
- data/lib/mongo/error/mongocryptd_spawn_error.rb +0 -2
- data/lib/mongo/error/multi_index_drop.rb +0 -3
- data/lib/mongo/error/need_primary_server.rb +0 -2
- data/lib/mongo/error/no_server_available.rb +3 -8
- data/lib/mongo/error/no_service_connection_available.rb +1 -3
- data/lib/mongo/error/no_srv_records.rb +0 -2
- data/lib/mongo/error/notable.rb +8 -16
- data/lib/mongo/error/operation_failure.rb +22 -35
- data/lib/mongo/error/parser.rb +33 -75
- data/lib/mongo/error/pool_cleared_error.rb +1 -3
- data/lib/mongo/error/pool_closed_error.rb +0 -3
- data/lib/mongo/error/pool_error.rb +0 -3
- data/lib/mongo/error/pool_paused_error.rb +0 -2
- data/lib/mongo/error/raise_original_error.rb +1 -3
- data/lib/mongo/error/read_write_retryable.rb +14 -17
- data/lib/mongo/error/sdam_error_detection.rb +3 -5
- data/lib/mongo/error/server_api_conflict.rb +0 -2
- data/lib/mongo/error/server_certificate_revoked.rb +0 -2
- data/lib/mongo/error/server_not_usable.rb +0 -2
- data/lib/mongo/error/session_ended.rb +1 -3
- data/lib/mongo/error/session_not_materialized.rb +1 -3
- data/lib/mongo/error/sessions_not_supported.rb +1 -4
- data/lib/mongo/error/snapshot_session_invalid_server_version.rb +1 -4
- data/lib/mongo/error/snapshot_session_transaction_prohibited.rb +1 -4
- data/lib/mongo/error/socket_error.rb +0 -2
- data/lib/mongo/error/socket_timeout_error.rb +0 -2
- data/lib/mongo/error/transactions_not_supported.rb +3 -6
- data/lib/mongo/error/unchangeable_collection_option.rb +1 -4
- data/lib/mongo/error/unexpected_chunk_length.rb +0 -3
- data/lib/mongo/error/unexpected_response.rb +1 -4
- data/lib/mongo/error/unknown_payload_type.rb +0 -3
- data/lib/mongo/error/unmet_dependency.rb +0 -2
- data/lib/mongo/error/unsupported_array_filters.rb +3 -24
- data/lib/mongo/error/unsupported_collation.rb +3 -24
- data/lib/mongo/error/unsupported_features.rb +0 -2
- data/lib/mongo/error/unsupported_message_type.rb +0 -2
- data/lib/mongo/error/unsupported_option.rb +19 -21
- data/lib/mongo/error/write_retryable.rb +0 -2
- data/lib/mongo/error.rb +10 -24
- data/lib/mongo/event/base.rb +0 -2
- data/lib/mongo/event/listeners.rb +0 -3
- data/lib/mongo/event/publisher.rb +0 -3
- data/lib/mongo/event/subscriber.rb +0 -4
- data/lib/mongo/event.rb +4 -6
- data/lib/mongo/grid/file/chunk.rb +7 -10
- data/lib/mongo/grid/file/info.rb +20 -24
- data/lib/mongo/grid/file.rb +7 -8
- data/lib/mongo/grid/fs_bucket.rb +40 -48
- data/lib/mongo/grid/stream/read.rb +25 -35
- data/lib/mongo/grid/stream/write.rb +17 -22
- data/lib/mongo/grid/stream.rb +2 -4
- data/lib/mongo/grid.rb +0 -1
- data/lib/mongo/id.rb +0 -1
- data/lib/mongo/index/view.rb +68 -58
- data/lib/mongo/index.rb +7 -10
- data/lib/mongo/lint.rb +31 -37
- data/lib/mongo/loggable.rb +5 -8
- data/lib/mongo/logger.rb +1 -7
- data/lib/mongo/monitoring/cmap_log_subscriber.rb +0 -2
- data/lib/mongo/monitoring/command_log_subscriber.rb +25 -33
- data/lib/mongo/monitoring/event/cmap/base.rb +0 -2
- data/lib/mongo/monitoring/event/cmap/connection_check_out_failed.rb +1 -4
- data/lib/mongo/monitoring/event/cmap/connection_check_out_started.rb +0 -3
- data/lib/mongo/monitoring/event/cmap/connection_checked_in.rb +1 -4
- data/lib/mongo/monitoring/event/cmap/connection_checked_out.rb +2 -5
- data/lib/mongo/monitoring/event/cmap/connection_closed.rb +1 -4
- data/lib/mongo/monitoring/event/cmap/connection_created.rb +1 -4
- data/lib/mongo/monitoring/event/cmap/connection_ready.rb +1 -4
- data/lib/mongo/monitoring/event/cmap/pool_cleared.rb +0 -3
- data/lib/mongo/monitoring/event/cmap/pool_closed.rb +1 -4
- data/lib/mongo/monitoring/event/cmap/pool_created.rb +1 -4
- data/lib/mongo/monitoring/event/cmap/pool_ready.rb +1 -4
- data/lib/mongo/monitoring/event/cmap.rb +0 -1
- data/lib/mongo/monitoring/event/command_failed.rb +5 -9
- data/lib/mongo/monitoring/event/command_started.rb +8 -12
- data/lib/mongo/monitoring/event/command_succeeded.rb +7 -15
- data/lib/mongo/monitoring/event/secure.rb +15 -20
- data/lib/mongo/monitoring/event/server_closed.rb +1 -4
- data/lib/mongo/monitoring/event/server_description_changed.rb +4 -8
- data/lib/mongo/monitoring/event/server_heartbeat_failed.rb +5 -10
- data/lib/mongo/monitoring/event/server_heartbeat_started.rb +1 -4
- data/lib/mongo/monitoring/event/server_heartbeat_succeeded.rb +3 -8
- data/lib/mongo/monitoring/event/server_opening.rb +1 -4
- data/lib/mongo/monitoring/event/topology_changed.rb +2 -5
- data/lib/mongo/monitoring/event/topology_closed.rb +1 -4
- data/lib/mongo/monitoring/event/topology_opening.rb +1 -4
- data/lib/mongo/monitoring/event.rb +0 -1
- data/lib/mongo/monitoring/publishable.rb +20 -30
- data/lib/mongo/monitoring/sdam_log_subscriber.rb +0 -2
- data/lib/mongo/monitoring/server_closed_log_subscriber.rb +0 -3
- data/lib/mongo/monitoring/server_description_changed_log_subscriber.rb +0 -3
- data/lib/mongo/monitoring/server_opening_log_subscriber.rb +0 -3
- data/lib/mongo/monitoring/topology_changed_log_subscriber.rb +5 -8
- data/lib/mongo/monitoring/topology_closed_log_subscriber.rb +0 -3
- data/lib/mongo/monitoring/topology_opening_log_subscriber.rb +0 -3
- data/lib/mongo/monitoring/unified_sdam_log_subscriber.rb +1 -3
- data/lib/mongo/monitoring.rb +38 -39
- data/lib/mongo/operation/aggregate/op_msg.rb +0 -2
- data/lib/mongo/operation/aggregate/result.rb +3 -6
- data/lib/mongo/operation/aggregate.rb +0 -2
- data/lib/mongo/operation/collections_info/result.rb +0 -3
- data/lib/mongo/operation/collections_info.rb +0 -2
- data/lib/mongo/operation/command/op_msg.rb +1 -4
- data/lib/mongo/operation/command.rb +0 -2
- data/lib/mongo/operation/context.rb +13 -16
- data/lib/mongo/operation/count/op_msg.rb +2 -4
- data/lib/mongo/operation/count.rb +0 -2
- data/lib/mongo/operation/create/op_msg.rb +2 -5
- data/lib/mongo/operation/create.rb +4 -2
- data/lib/mongo/operation/create_index/op_msg.rb +3 -7
- data/lib/mongo/operation/create_index.rb +0 -2
- data/lib/mongo/operation/create_user/op_msg.rb +2 -4
- data/lib/mongo/operation/create_user.rb +0 -2
- data/lib/mongo/operation/delete/bulk_result.rb +2 -3
- data/lib/mongo/operation/delete/op_msg.rb +3 -10
- data/lib/mongo/operation/delete/result.rb +0 -3
- data/lib/mongo/operation/delete.rb +1 -5
- data/lib/mongo/operation/distinct/op_msg.rb +2 -5
- data/lib/mongo/operation/distinct.rb +0 -2
- data/lib/mongo/operation/drop/op_msg.rb +0 -2
- data/lib/mongo/operation/drop.rb +0 -2
- data/lib/mongo/operation/drop_database/op_msg.rb +0 -2
- data/lib/mongo/operation/drop_database.rb +0 -2
- data/lib/mongo/operation/drop_index/op_msg.rb +4 -6
- data/lib/mongo/operation/drop_index.rb +0 -2
- data/lib/mongo/operation/explain/op_msg.rb +0 -2
- data/lib/mongo/operation/explain/result.rb +0 -3
- data/lib/mongo/operation/explain.rb +0 -2
- data/lib/mongo/operation/find/builder/command.rb +4 -12
- data/lib/mongo/operation/find/builder/flags.rb +9 -15
- data/lib/mongo/operation/find/builder/modifiers.rb +1 -4
- data/lib/mongo/operation/find/builder.rb +0 -1
- data/lib/mongo/operation/find/op_msg.rb +4 -12
- data/lib/mongo/operation/find/result.rb +0 -3
- data/lib/mongo/operation/find.rb +0 -2
- data/lib/mongo/operation/get_more/command_builder.rb +1 -6
- data/lib/mongo/operation/get_more/op_msg.rb +10 -4
- data/lib/mongo/operation/get_more/result.rb +0 -3
- data/lib/mongo/operation/get_more.rb +0 -2
- data/lib/mongo/operation/indexes/op_msg.rb +0 -2
- data/lib/mongo/operation/indexes/result.rb +1 -5
- data/lib/mongo/operation/indexes.rb +0 -2
- data/lib/mongo/operation/insert/bulk_result.rb +2 -6
- data/lib/mongo/operation/insert/op_msg.rb +7 -6
- data/lib/mongo/operation/insert/result.rb +0 -3
- data/lib/mongo/operation/insert.rb +2 -5
- data/lib/mongo/operation/kill_cursors/command_builder.rb +0 -3
- data/lib/mongo/operation/kill_cursors/op_msg.rb +1 -3
- data/lib/mongo/operation/kill_cursors.rb +0 -2
- data/lib/mongo/operation/list_collections/op_msg.rb +4 -6
- data/lib/mongo/operation/list_collections/result.rb +1 -4
- data/lib/mongo/operation/list_collections.rb +0 -2
- data/lib/mongo/operation/map_reduce/op_msg.rb +0 -2
- data/lib/mongo/operation/map_reduce/result.rb +3 -6
- data/lib/mongo/operation/map_reduce.rb +0 -2
- data/lib/mongo/operation/op_msg_base.rb +0 -1
- data/lib/mongo/operation/parallel_scan/op_msg.rb +4 -5
- data/lib/mongo/operation/parallel_scan/result.rb +2 -5
- data/lib/mongo/operation/parallel_scan.rb +0 -2
- data/lib/mongo/operation/remove_user/op_msg.rb +2 -4
- data/lib/mongo/operation/remove_user.rb +0 -2
- data/lib/mongo/operation/result.rb +38 -48
- data/lib/mongo/operation/shared/bypass_document_validation.rb +3 -7
- data/lib/mongo/operation/shared/causal_consistency_supported.rb +0 -3
- data/lib/mongo/operation/shared/executable.rb +29 -31
- data/lib/mongo/operation/shared/executable_no_validate.rb +0 -3
- data/lib/mongo/operation/shared/executable_transaction_label.rb +0 -2
- data/lib/mongo/operation/shared/idable.rb +3 -6
- data/lib/mongo/operation/shared/limited.rb +0 -3
- data/lib/mongo/operation/shared/object_id_generator.rb +0 -3
- data/lib/mongo/operation/shared/op_msg_executable.rb +0 -2
- data/lib/mongo/operation/shared/polymorphic_lookup.rb +0 -2
- data/lib/mongo/operation/shared/polymorphic_result.rb +2 -4
- data/lib/mongo/operation/shared/read_preference_supported.rb +10 -15
- data/lib/mongo/operation/shared/response_handling.rb +13 -26
- data/lib/mongo/operation/shared/result/aggregatable.rb +12 -13
- data/lib/mongo/operation/shared/sessions_supported.rb +87 -99
- data/lib/mongo/operation/shared/specifiable.rb +37 -59
- data/lib/mongo/operation/shared/write.rb +12 -17
- data/lib/mongo/operation/shared/write_concern_supported.rb +4 -7
- data/lib/mongo/operation/update/bulk_result.rb +13 -17
- data/lib/mongo/operation/update/op_msg.rb +2 -5
- data/lib/mongo/operation/update/result.rb +5 -5
- data/lib/mongo/operation/update.rb +1 -5
- data/lib/mongo/operation/update_user/op_msg.rb +2 -4
- data/lib/mongo/operation/update_user.rb +0 -2
- data/lib/mongo/operation/users_info/op_msg.rb +2 -4
- data/lib/mongo/operation/users_info/result.rb +1 -4
- data/lib/mongo/operation/users_info.rb +0 -2
- data/lib/mongo/operation/write_command/op_msg.rb +2 -10
- data/lib/mongo/operation/write_command.rb +0 -2
- data/lib/mongo/operation.rb +9 -14
- data/lib/mongo/options/mapper.rb +8 -15
- data/lib/mongo/options/redacted.rb +7 -9
- data/lib/mongo/options.rb +0 -1
- data/lib/mongo/protocol/bit_vector.rb +3 -5
- data/lib/mongo/protocol/caching_hash.rb +2 -7
- data/lib/mongo/protocol/compressed.rb +5 -10
- data/lib/mongo/protocol/get_more.rb +2 -8
- data/lib/mongo/protocol/kill_cursors.rb +2 -8
- data/lib/mongo/protocol/message.rb +103 -105
- data/lib/mongo/protocol/msg.rb +48 -63
- data/lib/mongo/protocol/query.rb +32 -41
- data/lib/mongo/protocol/registry.rb +2 -5
- data/lib/mongo/protocol/reply.rb +10 -16
- data/lib/mongo/protocol/serializers.rb +41 -59
- data/lib/mongo/protocol.rb +0 -1
- data/lib/mongo/query_cache.rb +7 -15
- data/lib/mongo/retryable/backpressure.rb +31 -0
- data/lib/mongo/retryable/base_worker.rb +39 -13
- data/lib/mongo/retryable/read_worker.rb +77 -21
- data/lib/mongo/retryable/retry_policy.rb +59 -0
- data/lib/mongo/retryable/write_worker.rb +155 -56
- data/lib/mongo/retryable.rb +70 -9
- data/lib/mongo/search_index/view.rb +30 -10
- data/lib/mongo/semaphore.rb +0 -1
- data/lib/mongo/server/app_metadata/environment.rb +3 -3
- data/lib/mongo/server/app_metadata/platform.rb +17 -4
- data/lib/mongo/server/app_metadata.rb +4 -5
- data/lib/mongo/server/connection.rb +79 -61
- data/lib/mongo/server/connection_base.rb +43 -53
- data/lib/mongo/server/connection_common.rb +41 -64
- data/lib/mongo/server/connection_pool/generation_manager.rb +6 -11
- data/lib/mongo/server/connection_pool/populator.rb +1 -4
- data/lib/mongo/server/connection_pool.rb +195 -167
- data/lib/mongo/server/description/features.rb +51 -59
- data/lib/mongo/server/description/load_balancer.rb +0 -2
- data/lib/mongo/server/description.rb +117 -138
- data/lib/mongo/server/monitor/app_metadata.rb +3 -4
- data/lib/mongo/server/monitor/connection.rb +28 -35
- data/lib/mongo/server/monitor.rb +65 -60
- data/lib/mongo/server/pending_connection.rb +70 -71
- data/lib/mongo/server/push_monitor/connection.rb +0 -3
- data/lib/mongo/server/push_monitor.rb +21 -29
- data/lib/mongo/server/round_trip_time_calculator.rb +11 -17
- data/lib/mongo/server.rb +62 -94
- data/lib/mongo/server_selector/base.rb +133 -157
- data/lib/mongo/server_selector/nearest.rb +2 -5
- data/lib/mongo/server_selector/primary.rb +1 -5
- data/lib/mongo/server_selector/primary_preferred.rb +2 -6
- data/lib/mongo/server_selector/secondary.rb +2 -6
- data/lib/mongo/server_selector/secondary_preferred.rb +1 -5
- data/lib/mongo/server_selector.rb +3 -4
- data/lib/mongo/session/server_session.rb +6 -7
- data/lib/mongo/session/session_pool.rb +20 -34
- data/lib/mongo/session.rb +334 -199
- data/lib/mongo/socket/ocsp_cache.rb +8 -13
- data/lib/mongo/socket/ocsp_verifier.rb +69 -70
- data/lib/mongo/socket/ssl.rb +44 -43
- data/lib/mongo/socket/tcp.rb +5 -8
- data/lib/mongo/socket/unix.rb +0 -4
- data/lib/mongo/socket.rb +80 -102
- data/lib/mongo/srv/monitor.rb +10 -11
- data/lib/mongo/srv/resolver.rb +15 -24
- data/lib/mongo/srv/result.rb +25 -21
- data/lib/mongo/srv.rb +0 -1
- data/lib/mongo/timeout.rb +4 -11
- data/lib/mongo/topology_version.rb +8 -13
- data/lib/mongo/tracing/open_telemetry/command_tracer.rb +320 -0
- data/lib/mongo/tracing/open_telemetry/operation_tracer.rb +227 -0
- data/lib/mongo/tracing/open_telemetry/tracer.rb +236 -0
- data/lib/mongo/{error/server_api_not_supported.rb → tracing/open_telemetry.rb} +10 -10
- data/lib/mongo/tracing.rb +42 -0
- data/lib/mongo/uri/options_mapper.rb +135 -126
- data/lib/mongo/uri/srv_protocol.rb +34 -42
- data/lib/mongo/uri.rb +95 -139
- data/lib/mongo/utils.rb +5 -12
- data/lib/mongo/version.rb +1 -1
- data/lib/mongo/write_concern/acknowledged.rb +0 -2
- data/lib/mongo/write_concern/base.rb +6 -6
- data/lib/mongo/write_concern/unacknowledged.rb +0 -2
- data/lib/mongo/write_concern.rb +14 -15
- data/lib/mongo.rb +4 -3
- data/mongo.gemspec +17 -17
- metadata +11 -5
- data/lib/mongo/operation/shared/result/use_legacy_error_parser.rb +0 -32
- data/lib/mongo/operation/shared/validatable.rb +0 -87
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
-
# rubocop:todo all
|
|
3
2
|
|
|
4
3
|
# Copyright (C) 2020 MongoDB Inc.
|
|
5
4
|
#
|
|
@@ -17,11 +16,10 @@
|
|
|
17
16
|
|
|
18
17
|
module Mongo
|
|
19
18
|
class Socket
|
|
20
|
-
|
|
21
19
|
# This module caches OCSP responses for their indicated validity time.
|
|
22
20
|
#
|
|
23
21
|
# The key is the CertificateId used for the OCSP request.
|
|
24
|
-
# The value is
|
|
22
|
+
# The value is an OcspVerifier::Response.
|
|
25
23
|
#
|
|
26
24
|
# @api private
|
|
27
25
|
module OcspCache
|
|
@@ -45,16 +43,13 @@ module Mongo
|
|
|
45
43
|
resp = responses.detect do |resp|
|
|
46
44
|
resp.certid.cmp(cert_id)
|
|
47
45
|
end
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
responses.delete(resp)
|
|
56
|
-
resp = nil
|
|
57
|
-
end
|
|
46
|
+
# Only expire responses with good status.
|
|
47
|
+
# Once a certificate is revoked, it should stay revoked forever,
|
|
48
|
+
# hence we should be able to cache revoked responses indefinitely.
|
|
49
|
+
if resp && resp.cert_status == OpenSSL::OCSP::V_CERTSTATUS_GOOD &&
|
|
50
|
+
resp.next_update < Time.now
|
|
51
|
+
responses.delete(resp)
|
|
52
|
+
resp = nil
|
|
58
53
|
end
|
|
59
54
|
|
|
60
55
|
# If we have connected to a server and cached the OCSP response for it,
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
-
# rubocop:todo all
|
|
3
2
|
|
|
4
3
|
# Copyright (C) 2020 MongoDB Inc.
|
|
5
4
|
#
|
|
@@ -15,13 +14,14 @@
|
|
|
15
14
|
# See the License for the specific language governing permissions and
|
|
16
15
|
# limitations under the License.
|
|
17
16
|
|
|
17
|
+
require 'delegate'
|
|
18
|
+
|
|
18
19
|
module Net
|
|
19
20
|
autoload :HTTP, 'net/http'
|
|
20
21
|
end
|
|
21
22
|
|
|
22
23
|
module Mongo
|
|
23
24
|
class Socket
|
|
24
|
-
|
|
25
25
|
# OCSP endpoint verifier.
|
|
26
26
|
#
|
|
27
27
|
# After a TLS connection is established, this verifier inspects the
|
|
@@ -33,6 +33,19 @@ module Mongo
|
|
|
33
33
|
#
|
|
34
34
|
# @api private
|
|
35
35
|
class OcspVerifier
|
|
36
|
+
# Wraps OpenSSL::OCSP::SingleResponse with the responder URI that supplied it.
|
|
37
|
+
#
|
|
38
|
+
# @api private
|
|
39
|
+
class Response < SimpleDelegator
|
|
40
|
+
attr_reader :uri, :original_uri
|
|
41
|
+
|
|
42
|
+
def initialize(single_response, uri, original_uri)
|
|
43
|
+
super(single_response)
|
|
44
|
+
@uri = uri
|
|
45
|
+
@original_uri = original_uri
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
36
49
|
include Loggable
|
|
37
50
|
|
|
38
51
|
# @param [ String ] host_name The host name being verified, for
|
|
@@ -56,11 +69,7 @@ module Mongo
|
|
|
56
69
|
@options = opts
|
|
57
70
|
end
|
|
58
71
|
|
|
59
|
-
attr_reader :host_name
|
|
60
|
-
attr_reader :cert
|
|
61
|
-
attr_reader :ca_cert
|
|
62
|
-
attr_reader :cert_store
|
|
63
|
-
attr_reader :options
|
|
72
|
+
attr_reader :host_name, :cert, :ca_cert, :cert_store, :options
|
|
64
73
|
|
|
65
74
|
def timeout
|
|
66
75
|
options[:timeout] || 5
|
|
@@ -92,7 +101,7 @@ module Mongo
|
|
|
92
101
|
@cert_id ||= OpenSSL::OCSP::CertificateId.new(
|
|
93
102
|
cert,
|
|
94
103
|
ca_cert,
|
|
95
|
-
OpenSSL::Digest
|
|
104
|
+
OpenSSL::Digest.new('SHA1')
|
|
96
105
|
)
|
|
97
106
|
end
|
|
98
107
|
|
|
@@ -101,15 +110,11 @@ module Mongo
|
|
|
101
110
|
return false if ocsp_uris.empty?
|
|
102
111
|
|
|
103
112
|
resp = OcspCache.get(cert_id)
|
|
104
|
-
if resp
|
|
105
|
-
return return_ocsp_response(resp)
|
|
106
|
-
end
|
|
113
|
+
return return_ocsp_response(resp) if resp
|
|
107
114
|
|
|
108
115
|
resp, errors = do_verify
|
|
109
116
|
|
|
110
|
-
if resp
|
|
111
|
-
OcspCache.set(cert_id, resp)
|
|
112
|
-
end
|
|
117
|
+
OcspCache.set(cert_id, resp) if resp
|
|
113
118
|
|
|
114
119
|
return_ocsp_response(resp, errors)
|
|
115
120
|
end
|
|
@@ -169,7 +174,7 @@ module Mongo
|
|
|
169
174
|
threads.map(&:kill)
|
|
170
175
|
threads.map(&:join)
|
|
171
176
|
|
|
172
|
-
[resp, @resp_errors]
|
|
177
|
+
[ resp, @resp_errors ]
|
|
173
178
|
end
|
|
174
179
|
|
|
175
180
|
def verify_one_responder(uri)
|
|
@@ -177,15 +182,13 @@ module Mongo
|
|
|
177
182
|
redirect_count = 0
|
|
178
183
|
http_response = nil
|
|
179
184
|
loop do
|
|
180
|
-
|
|
185
|
+
begin
|
|
181
186
|
uri = URI(uri)
|
|
182
|
-
Net::HTTP.start(uri.hostname, uri.port) do |http|
|
|
187
|
+
http_response = Net::HTTP.start(uri.hostname, uri.port) do |http|
|
|
183
188
|
path = uri.path
|
|
184
|
-
if path.empty?
|
|
185
|
-
path = '/'
|
|
186
|
-
end
|
|
189
|
+
path = '/' if path.empty?
|
|
187
190
|
http.post(path, @serialized_req,
|
|
188
|
-
|
|
191
|
+
'content-type' => 'application/ocsp-request')
|
|
189
192
|
end
|
|
190
193
|
rescue IOError, SystemCallError => e
|
|
191
194
|
@resp_errors << "OCSP request to #{report_uri(original_uri, uri)} failed: #{e.class}: #{e}"
|
|
@@ -205,14 +208,16 @@ module Mongo
|
|
|
205
208
|
end
|
|
206
209
|
|
|
207
210
|
if code >= 400
|
|
208
|
-
@resp_errors << "OCSP request to #{report_uri(original_uri,
|
|
211
|
+
@resp_errors << ("OCSP request to #{report_uri(original_uri,
|
|
212
|
+
uri)} failed with HTTP status code #{http_response.code}" + report_response_body(http_response.body))
|
|
209
213
|
return false
|
|
210
214
|
end
|
|
211
215
|
|
|
212
216
|
if code != 200
|
|
213
217
|
# There must be a body provided with the response, if one isn't
|
|
214
218
|
# provided the response cannot be verified.
|
|
215
|
-
@resp_errors << "OCSP request to #{report_uri(original_uri,
|
|
219
|
+
@resp_errors << ("OCSP request to #{report_uri(original_uri,
|
|
220
|
+
uri)} failed with unexpected HTTP status code #{http_response.code}" + report_response_body(http_response.body))
|
|
216
221
|
return false
|
|
217
222
|
end
|
|
218
223
|
|
|
@@ -225,10 +230,11 @@ module Mongo
|
|
|
225
230
|
return false
|
|
226
231
|
end
|
|
227
232
|
resp = resp.basic
|
|
228
|
-
unless resp.verify([ca_cert], cert_store)
|
|
233
|
+
unless resp.verify([ ca_cert ], cert_store)
|
|
229
234
|
# Ruby's OpenSSL binding discards error information - see
|
|
230
235
|
# https://github.com/ruby/openssl/issues/395
|
|
231
|
-
@resp_errors << "OCSP response from #{report_uri(original_uri,
|
|
236
|
+
@resp_errors << "OCSP response from #{report_uri(original_uri,
|
|
237
|
+
uri)} failed signature verification; set `OpenSSL.debug = true` to see why"
|
|
232
238
|
return false
|
|
233
239
|
end
|
|
234
240
|
|
|
@@ -237,20 +243,17 @@ module Mongo
|
|
|
237
243
|
return false
|
|
238
244
|
end
|
|
239
245
|
|
|
240
|
-
|
|
241
|
-
unless
|
|
242
|
-
@resp_errors << "OCSP response from #{report_uri(original_uri,
|
|
246
|
+
single_response = resp.find_response(cert_id)
|
|
247
|
+
unless single_response
|
|
248
|
+
@resp_errors << "OCSP response from #{report_uri(original_uri,
|
|
249
|
+
uri)} did not include information about the requested certificate"
|
|
243
250
|
return false
|
|
244
251
|
end
|
|
245
|
-
|
|
246
|
-
resp.instance_variable_set('@uri', uri)
|
|
247
|
-
resp.instance_variable_set('@original_uri', original_uri)
|
|
248
|
-
class << resp
|
|
249
|
-
attr_reader :uri, :original_uri
|
|
250
|
-
end
|
|
252
|
+
resp = Response.new(single_response, uri, original_uri)
|
|
251
253
|
|
|
252
254
|
unless resp.check_validity
|
|
253
|
-
@resp_errors << "OCSP response from #{report_uri(original_uri,
|
|
255
|
+
@resp_errors << "OCSP response from #{report_uri(original_uri,
|
|
256
|
+
uri)} was invalid: this_update was in the future or next_update time has passed"
|
|
254
257
|
return false
|
|
255
258
|
end
|
|
256
259
|
|
|
@@ -258,70 +261,66 @@ module Mongo
|
|
|
258
261
|
OpenSSL::OCSP::V_CERTSTATUS_GOOD,
|
|
259
262
|
OpenSSL::OCSP::V_CERTSTATUS_REVOKED,
|
|
260
263
|
].include?(resp.cert_status)
|
|
261
|
-
@resp_errors << "OCSP response from #{report_uri(original_uri,
|
|
264
|
+
@resp_errors << "OCSP response from #{report_uri(original_uri,
|
|
265
|
+
uri)} had a non-definitive status: #{resp.cert_status}"
|
|
262
266
|
return false
|
|
263
267
|
end
|
|
264
268
|
|
|
265
269
|
# Note this returns the redirected URI
|
|
266
270
|
@resp_queue << resp
|
|
267
|
-
rescue =>
|
|
268
|
-
Utils.warn_bg_exception("Error performing OCSP verification for '#{host_name}' via '#{uri}'",
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
)
|
|
271
|
+
rescue StandardError => e
|
|
272
|
+
Utils.warn_bg_exception("Error performing OCSP verification for '#{host_name}' via '#{uri}'", e,
|
|
273
|
+
logger: options[:logger],
|
|
274
|
+
log_prefix: options[:log_prefix],
|
|
275
|
+
bg_error_backtrace: options[:bg_error_backtrace])
|
|
273
276
|
false
|
|
274
277
|
ensure
|
|
275
278
|
@outstanding_requests_lock.synchronize do
|
|
276
279
|
@outstanding_requests -= 1
|
|
277
|
-
if @outstanding_requests == 0
|
|
278
|
-
@resp_queue << nil
|
|
279
|
-
end
|
|
280
|
+
@resp_queue << nil if @outstanding_requests == 0
|
|
280
281
|
end
|
|
281
282
|
end
|
|
282
283
|
|
|
283
284
|
def return_ocsp_response(resp, errors = nil)
|
|
284
285
|
if resp
|
|
285
|
-
if resp.cert_status == OpenSSL::OCSP::V_CERTSTATUS_REVOKED
|
|
286
|
-
raise_revoked_error(resp)
|
|
287
|
-
end
|
|
286
|
+
raise_revoked_error(resp) if resp.cert_status == OpenSSL::OCSP::V_CERTSTATUS_REVOKED
|
|
288
287
|
true
|
|
289
288
|
else
|
|
290
289
|
reasons = []
|
|
291
290
|
errors.length.times do
|
|
292
291
|
reasons << errors.shift
|
|
293
292
|
end
|
|
294
|
-
if reasons.empty?
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
293
|
+
msg = if reasons.empty?
|
|
294
|
+
"No responses from responders: #{ocsp_uris.join(', ')} within #{timeout} seconds"
|
|
295
|
+
else
|
|
296
|
+
"For responders #{ocsp_uris.join(', ')} with a timeout of #{timeout} seconds: #{reasons.join(', ')}"
|
|
297
|
+
end
|
|
299
298
|
log_warn("TLS certificate of '#{host_name}' could not be definitively verified via OCSP: #{msg}")
|
|
300
299
|
false
|
|
301
300
|
end
|
|
302
301
|
end
|
|
303
302
|
|
|
304
303
|
def handle_exceptions
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
end
|
|
304
|
+
yield
|
|
305
|
+
rescue Error::ServerCertificateRevoked
|
|
306
|
+
raise
|
|
307
|
+
rescue StandardError => e
|
|
308
|
+
Utils.warn_bg_exception(
|
|
309
|
+
"Error performing OCSP verification for '#{host_name}'",
|
|
310
|
+
e,
|
|
311
|
+
**options
|
|
312
|
+
)
|
|
313
|
+
false
|
|
316
314
|
end
|
|
317
315
|
|
|
318
316
|
def raise_revoked_error(resp)
|
|
319
|
-
if resp.uri == resp.original_uri
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
raise Error::ServerCertificateRevoked,
|
|
317
|
+
redirect = if resp.uri == resp.original_uri
|
|
318
|
+
''
|
|
319
|
+
else
|
|
320
|
+
" (redirected from #{resp.original_uri})"
|
|
321
|
+
end
|
|
322
|
+
raise Error::ServerCertificateRevoked,
|
|
323
|
+
"TLS certificate of '#{host_name}' has been revoked according to '#{resp.uri}'#{redirect} for reason '#{resp.revocation_reason}' at '#{resp.revocation_time}'"
|
|
325
324
|
end
|
|
326
325
|
|
|
327
326
|
def report_uri(original_uri, uri)
|
data/lib/mongo/socket/ssl.rb
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
-
# rubocop:todo all
|
|
3
2
|
|
|
4
3
|
# Copyright (C) 2014-2020 MongoDB Inc.
|
|
5
4
|
#
|
|
@@ -17,7 +16,6 @@
|
|
|
17
16
|
|
|
18
17
|
module Mongo
|
|
19
18
|
class Socket
|
|
20
|
-
|
|
21
19
|
# Wrapper for TLS sockets.
|
|
22
20
|
#
|
|
23
21
|
# @since 2.0.0
|
|
@@ -113,7 +111,7 @@ module Mongo
|
|
|
113
111
|
run_tls_context_hooks
|
|
114
112
|
|
|
115
113
|
connect!
|
|
116
|
-
rescue
|
|
114
|
+
rescue StandardError
|
|
117
115
|
@tcp_socket.close
|
|
118
116
|
raise
|
|
119
117
|
end
|
|
@@ -154,7 +152,8 @@ module Mongo
|
|
|
154
152
|
# solution, even though it is known to be not very reliable.
|
|
155
153
|
raise Error::SocketTimeoutError, 'connect_timeout expired' if connect_timeout < 0
|
|
156
154
|
|
|
157
|
-
Timeout.timeout(connect_timeout, Error::SocketTimeoutError,
|
|
155
|
+
Timeout.timeout(connect_timeout, Error::SocketTimeoutError,
|
|
156
|
+
"The socket took over #{options[:connect_timeout]} seconds to connect") do
|
|
158
157
|
connect_without_timeout(sockaddr)
|
|
159
158
|
end
|
|
160
159
|
else
|
|
@@ -170,7 +169,7 @@ module Mongo
|
|
|
170
169
|
end
|
|
171
170
|
end
|
|
172
171
|
self
|
|
173
|
-
rescue
|
|
172
|
+
rescue StandardError
|
|
174
173
|
@socket&.close
|
|
175
174
|
@socket = nil
|
|
176
175
|
raise
|
|
@@ -223,11 +222,12 @@ module Mongo
|
|
|
223
222
|
if deadline <= Utils.monotonic_time
|
|
224
223
|
raise Error::SocketTimeoutError, "The socket took over #{connect_timeout} seconds to connect"
|
|
225
224
|
end
|
|
225
|
+
|
|
226
226
|
begin
|
|
227
227
|
@tcp_socket.connect_nonblock(sockaddr)
|
|
228
228
|
rescue IO::WaitWritable
|
|
229
229
|
with_select_timeout(deadline, connect_timeout) do |select_timeout|
|
|
230
|
-
IO.select(nil, [@tcp_socket], nil, select_timeout)
|
|
230
|
+
IO.select(nil, [ @tcp_socket ], nil, select_timeout)
|
|
231
231
|
end
|
|
232
232
|
retry
|
|
233
233
|
rescue Errno::EISCONN
|
|
@@ -239,6 +239,7 @@ module Mongo
|
|
|
239
239
|
if deadline <= Utils.monotonic_time
|
|
240
240
|
raise Error::SocketTimeoutError, "The socket took over #{connect_timeout} seconds to connect"
|
|
241
241
|
end
|
|
242
|
+
|
|
242
243
|
@socket = OpenSSL::SSL::SSLSocket.new(@tcp_socket, context)
|
|
243
244
|
@socket.hostname = @host_name
|
|
244
245
|
@socket.sync_close = true
|
|
@@ -248,12 +249,12 @@ module Mongo
|
|
|
248
249
|
@socket.connect_nonblock
|
|
249
250
|
rescue IO::WaitReadable, OpenSSL::SSL::SSLErrorWaitReadable
|
|
250
251
|
with_select_timeout(deadline, connect_timeout) do |select_timeout|
|
|
251
|
-
IO.select([@socket], nil, nil, select_timeout)
|
|
252
|
+
IO.select([ @socket ], nil, nil, select_timeout)
|
|
252
253
|
end
|
|
253
254
|
retry
|
|
254
255
|
rescue IO::WaitWritable, OpenSSL::SSL::SSLErrorWaitWritable
|
|
255
256
|
with_select_timeout(deadline, connect_timeout) do |select_timeout|
|
|
256
|
-
IO.select(nil, [@socket], nil, select_timeout)
|
|
257
|
+
IO.select(nil, [ @socket ], nil, select_timeout)
|
|
257
258
|
end
|
|
258
259
|
retry
|
|
259
260
|
rescue Errno::EISCONN
|
|
@@ -264,15 +265,16 @@ module Mongo
|
|
|
264
265
|
# Raises +Error::SocketTimeoutError+ exception if deadline reached or the
|
|
265
266
|
# block returns nil. The block should call +IO.select+ with the
|
|
266
267
|
# +connect_timeout+ value. It returns nil if the +connect_timeout+ expires.
|
|
267
|
-
def with_select_timeout(deadline, connect_timeout
|
|
268
|
+
def with_select_timeout(deadline, connect_timeout)
|
|
268
269
|
select_timeout = deadline - Utils.monotonic_time
|
|
269
270
|
if select_timeout <= 0
|
|
270
271
|
raise Error::SocketTimeoutError, "The socket took over #{connect_timeout} seconds to connect"
|
|
271
272
|
end
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
273
|
+
|
|
274
|
+
rv = yield(select_timeout)
|
|
275
|
+
return unless rv.nil?
|
|
276
|
+
|
|
277
|
+
raise Error::SocketTimeoutError, "The socket took over #{connect_timeout} seconds to connect"
|
|
276
278
|
end
|
|
277
279
|
|
|
278
280
|
def verify_certificate?
|
|
@@ -319,15 +321,14 @@ module Mongo
|
|
|
319
321
|
# In JRuby we must allow one call as this callback is invoked for
|
|
320
322
|
# the initial connection also, not just for renegotiations -
|
|
321
323
|
# https://github.com/jruby/jruby-openssl/issues/180
|
|
322
|
-
if BSON::Environment.jruby?
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
context.renegotiation_cb = lambda do |
|
|
328
|
-
if allowed_calls <= 0
|
|
329
|
-
|
|
330
|
-
end
|
|
324
|
+
allowed_calls = if BSON::Environment.jruby?
|
|
325
|
+
1
|
|
326
|
+
else
|
|
327
|
+
0
|
|
328
|
+
end
|
|
329
|
+
context.renegotiation_cb = lambda do |_ssl|
|
|
330
|
+
raise 'Client renegotiation disabled' if allowed_calls <= 0
|
|
331
|
+
|
|
331
332
|
allowed_calls -= 1
|
|
332
333
|
end
|
|
333
334
|
end
|
|
@@ -412,19 +413,17 @@ module Mongo
|
|
|
412
413
|
|
|
413
414
|
def load_private_key(text, passphrase)
|
|
414
415
|
args = if passphrase
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
416
|
+
[ text, passphrase ]
|
|
417
|
+
else
|
|
418
|
+
[ text ]
|
|
419
|
+
end
|
|
419
420
|
# On JRuby, PKey.read does not grok cert+key bundles.
|
|
420
421
|
# https://github.com/jruby/jruby-openssl/issues/176
|
|
421
422
|
if BSON::Environment.jruby?
|
|
422
|
-
[OpenSSL::PKey::RSA, OpenSSL::PKey::DSA].each do |cls|
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
# ignore
|
|
427
|
-
end
|
|
423
|
+
[ OpenSSL::PKey::RSA, OpenSSL::PKey::DSA ].each do |cls|
|
|
424
|
+
return cls.send(:new, *args)
|
|
425
|
+
rescue OpenSSL::PKey::PKeyError
|
|
426
|
+
# ignore
|
|
428
427
|
end
|
|
429
428
|
# Neither RSA nor DSA worked, fall through to trying PKey
|
|
430
429
|
end
|
|
@@ -439,8 +438,11 @@ module Mongo
|
|
|
439
438
|
elsif options[:ssl_ca_cert_string]
|
|
440
439
|
cert_store.add_cert(OpenSSL::X509::Certificate.new(options[:ssl_ca_cert_string]))
|
|
441
440
|
elsif options[:ssl_ca_cert_object]
|
|
442
|
-
|
|
443
|
-
|
|
441
|
+
unless options[:ssl_ca_cert_object].is_a? Array
|
|
442
|
+
raise TypeError('Option :ssl_ca_cert_object should be an array of OpenSSL::X509:Certificate objects')
|
|
443
|
+
end
|
|
444
|
+
|
|
445
|
+
options[:ssl_ca_cert_object].each { |cert| cert_store.add_cert(cert) }
|
|
444
446
|
else
|
|
445
447
|
cert_store.set_default_paths
|
|
446
448
|
end
|
|
@@ -448,11 +450,10 @@ module Mongo
|
|
|
448
450
|
end
|
|
449
451
|
|
|
450
452
|
def verify_certificate!(socket)
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
end
|
|
453
|
+
return unless verify_hostname?
|
|
454
|
+
return if OpenSSL::SSL.verify_certificate_identity(socket.peer_cert, host_name)
|
|
455
|
+
|
|
456
|
+
raise Error::SocketError, 'TLS handshake failed due to a hostname mismatch.'
|
|
456
457
|
end
|
|
457
458
|
|
|
458
459
|
def verify_ocsp_endpoint!(socket, timeout = nil)
|
|
@@ -467,14 +468,14 @@ module Mongo
|
|
|
467
468
|
end
|
|
468
469
|
|
|
469
470
|
verifier = OcspVerifier.new(@host_name, cert, ca_cert, context.cert_store,
|
|
470
|
-
|
|
471
|
+
**Utils.shallow_symbolize_keys(options), timeout: timeout)
|
|
471
472
|
verifier.verify_with_cache
|
|
472
473
|
end
|
|
473
474
|
|
|
474
475
|
def read_buffer_size
|
|
475
476
|
# Buffer size for TLS reads.
|
|
476
477
|
# Capped at 16k due to https://linux.die.net/man/3/ssl_read
|
|
477
|
-
|
|
478
|
+
16_384
|
|
478
479
|
end
|
|
479
480
|
|
|
480
481
|
def human_address
|
|
@@ -487,8 +488,8 @@ module Mongo
|
|
|
487
488
|
end
|
|
488
489
|
end
|
|
489
490
|
|
|
490
|
-
BEGIN_CERT =
|
|
491
|
-
END_CERT =
|
|
491
|
+
BEGIN_CERT = '-----BEGIN CERTIFICATE-----'
|
|
492
|
+
END_CERT = '-----END CERTIFICATE-----'
|
|
492
493
|
|
|
493
494
|
# This was originally a scan + regex, but the regex was particularly
|
|
494
495
|
# inefficient and was flagged as a concern by static analysis.
|
data/lib/mongo/socket/tcp.rb
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
-
# rubocop:todo all
|
|
3
2
|
|
|
4
3
|
# Copyright (C) 2014-2020 MongoDB Inc.
|
|
5
4
|
#
|
|
@@ -17,12 +16,10 @@
|
|
|
17
16
|
|
|
18
17
|
module Mongo
|
|
19
18
|
class Socket
|
|
20
|
-
|
|
21
19
|
# Wrapper for TCP sockets.
|
|
22
20
|
#
|
|
23
21
|
# @since 2.0.0
|
|
24
22
|
class TCP < Socket
|
|
25
|
-
|
|
26
23
|
# Initializes a new TCP socket.
|
|
27
24
|
#
|
|
28
25
|
# @example Create the TCP socket.
|
|
@@ -46,9 +43,8 @@ module Mongo
|
|
|
46
43
|
# @since 2.0.0
|
|
47
44
|
# @api private
|
|
48
45
|
def initialize(host, port, timeout, family, options = {})
|
|
49
|
-
if family.nil?
|
|
50
|
-
|
|
51
|
-
end
|
|
46
|
+
raise ArgumentError, 'family must be specified' if family.nil?
|
|
47
|
+
|
|
52
48
|
super(timeout, options)
|
|
53
49
|
@host, @port = host, port
|
|
54
50
|
@family = family
|
|
@@ -56,7 +52,7 @@ module Mongo
|
|
|
56
52
|
begin
|
|
57
53
|
set_socket_options(@socket)
|
|
58
54
|
connect!
|
|
59
|
-
rescue
|
|
55
|
+
rescue StandardError
|
|
60
56
|
@socket.close
|
|
61
57
|
raise
|
|
62
58
|
end
|
|
@@ -113,7 +109,8 @@ module Mongo
|
|
|
113
109
|
if select_timeout <= 0
|
|
114
110
|
raise Error::SocketTimeoutError, "The socket took over #{connect_timeout} seconds to connect"
|
|
115
111
|
end
|
|
116
|
-
|
|
112
|
+
|
|
113
|
+
if IO.select(nil, [ socket ], nil, select_timeout)
|
|
117
114
|
retry
|
|
118
115
|
else
|
|
119
116
|
socket.close
|
data/lib/mongo/socket/unix.rb
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
-
# rubocop:todo all
|
|
3
2
|
|
|
4
3
|
# Copyright (C) 2014-2020 MongoDB Inc.
|
|
5
4
|
#
|
|
@@ -17,12 +16,10 @@
|
|
|
17
16
|
|
|
18
17
|
module Mongo
|
|
19
18
|
class Socket
|
|
20
|
-
|
|
21
19
|
# Wrapper for Unix sockets.
|
|
22
20
|
#
|
|
23
21
|
# @since 2.0.0
|
|
24
22
|
class Unix < Socket
|
|
25
|
-
|
|
26
23
|
# Initializes a new Unix socket.
|
|
27
24
|
#
|
|
28
25
|
# @example Create the Unix socket.
|
|
@@ -60,4 +57,3 @@ module Mongo
|
|
|
60
57
|
end
|
|
61
58
|
end
|
|
62
59
|
end
|
|
63
|
-
|