Class: Mongo::Crypt::Binding Private
- Inherits:
-
Object
- Object
- Mongo::Crypt::Binding
- Extended by:
- FFI::Library
- Defined in:
- lib/mongo/crypt/binding.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
A Ruby binding for the libmongocrypt C library
Constant Summary collapse
- MIN_LIBMONGOCRYPT_VERSION =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
Minimum version of libmongocrypt required by this version of the driver. An attempt to use the driver with any previous version of libmongocrypt will cause a ‘LoadError`.
Gem::Version.new("1.12.0")
Class Method Summary collapse
-
.check_ctx_status(context) ⇒ nil
private
Raise a Mongo::Error::CryptError based on the status of the underlying mongocrypt_ctx_t object.
-
.check_kms_ctx_status(kms_context) ⇒ Object
private
If the provided block returns false, raise a CryptError with the status information from the provided KmsContext object.
-
.check_status(handle) ⇒ nil
private
Raise a Mongo::Error::CryptError based on the status of the underlying mongocrypt_t object.
-
.crypt_shared_lib_version(handle) ⇒ Integer
private
Obtain a 64-bit constant encoding the version of the loaded crypt_shared library, if available.
-
.ctx_datakey_init(context) ⇒ Object
private
Initialize the Context to create a data key.
-
.ctx_decrypt_init(context, command) ⇒ Object
private
Initialize the Context for auto-decryption.
-
.ctx_encrypt_init(context, db_name, command) ⇒ Object
private
Initialize the Context for auto-encryption.
-
.ctx_explicit_decrypt_init(context, doc) ⇒ Object
private
Initialize the Context for explicit decryption.
-
.ctx_explicit_encrypt_expression_init(context, doc) ⇒ Object
private
Initialize the Context for explicit expression encryption.
-
.ctx_explicit_encrypt_init(context, doc) ⇒ Object
private
Initialize the Context for explicit encryption.
-
.ctx_finalize(context) ⇒ Object
private
Finalize the state machine represented by the Context.
-
.ctx_kms_done(context) ⇒ Object
private
Indicate to libmongocrypt that it will receive no more KMS replies.
-
.ctx_mongo_feed(context, doc) ⇒ Object
private
Feed a response from the driver back to libmongocrypt.
-
.ctx_mongo_op(context) ⇒ BSON::Document
private
Returns a BSON::Document representing an operation that the driver must perform on behalf of libmongocrypt to get the information it needs in order to continue with encryption/decryption (for example, a filter for a key vault query).
-
.ctx_next_kms_ctx(context) ⇒ Mongo::Crypt::KmsContext | nil
private
Return a new KmsContext object needed by a Context object.
-
.ctx_provide_kms_providers(context, kms_providers) ⇒ Object
private
Call in response to the MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS state to set per-context KMS provider settings.
-
.ctx_rewrap_many_datakey_init(context, filter) ⇒ Boolean
private
Initialize a context to rewrap datakeys.
-
.ctx_setopt_algorithm(context, name) ⇒ Object
private
Set the algorithm on the context.
-
.ctx_setopt_algorithm_range(context, opts) ⇒ Object
private
Set options for explicit encryption with the “range” algorithm.
-
.ctx_setopt_contention_factor(context, factor) ⇒ Object
private
Set the contention factor used for explicit encryption.
-
.ctx_setopt_key_alt_names(context, key_alt_names) ⇒ Object
private
Set multiple alternate key names on data key creation.
-
.ctx_setopt_key_encryption_key(context, key_document) ⇒ Object
private
Set key encryption key document for creating a data key.
-
.ctx_setopt_key_id(context, key_id) ⇒ Object
private
Sets the key id option on an explicit encryption context.
-
.ctx_setopt_key_material(context, key_material) ⇒ Object
private
Set set a custom key material to use for encrypting data.
-
.ctx_setopt_query_type(context, query_type) ⇒ Object
private
Set the query type to use for FLE 2 explicit encryption.
- .get_binary_data_direct(mongocrypt_binary_t) ⇒ Object private
- .get_binary_len_direct(mongocrypt_binary_t) ⇒ Object private
-
.init(handle) ⇒ Object
private
Initialize the Mongo::Crypt::Handle object.
-
.kms_ctx_bytes_needed(kms_context) ⇒ Integer
private
Get the number of bytes needed by the KmsContext.
-
.kms_ctx_endpoint(kms_context) ⇒ String | nil
private
Get the hostname with which to connect over TLS to get information about the AWS master key.
-
.kms_ctx_fail(kms_context) ⇒ true, false
private
Check whether the last failed request for the KMS context may be retried.
-
.kms_ctx_feed(kms_context, bytes) ⇒ Object
private
Feed replies from the KMS back to libmongocrypt.
-
.kms_ctx_get_kms_provider(kms_context) ⇒ Object
private
Get the KMS provider identifier associated with this KMS request.
-
.kms_ctx_message(kms_context) ⇒ String
private
Get the HTTP message needed to fetch the AWS KMS master key from a KmsContext object.
-
.kms_ctx_setopt_retry_kms(handle, value) ⇒ true, fale
private
Enable or disable KMS retry behavior.
-
.kms_ctx_usleep(kms_context) ⇒ Integer
private
Returns number of milliseconds to sleep before sending KMS request for the given KMS context.
-
.mongocrypt_binary_data(binary) ⇒ FFI::Pointer
private
Get the pointer to the underlying data for the mongocrypt_binary_t.
-
.mongocrypt_binary_destroy(binary) ⇒ nil
private
Destroy the mongocrypt_binary_t object.
-
.mongocrypt_binary_len(binary) ⇒ Integer
private
Get the length of the underlying data array.
-
.mongocrypt_binary_new ⇒ FFI::Pointer
private
Creates a new mongocrypt_binary_t object (a non-owning view of a byte array).
-
.mongocrypt_binary_new_from_data(data, len) ⇒ FFI::Pointer
private
Create a new mongocrypt_binary_t object that maintains a pointer to the specified byte array.
- .mongocrypt_crypt_shared_lib_version(crypt) ⇒ Object private
- .mongocrypt_ctx_datakey_init(ctx, filter) ⇒ Object private
-
.mongocrypt_ctx_decrypt_init(ctx, doc) ⇒ Boolean
private
Initializes the ctx for auto-decryption.
-
.mongocrypt_ctx_destroy(ctx) ⇒ nil
private
Destroy the reference to the mongocrypt_ctx_t object.
-
.mongocrypt_ctx_encrypt_init(ctx, db, db_len, cmd) ⇒ Boolean
private
Initializes the ctx for auto-encryption.
-
.mongocrypt_ctx_explicit_decrypt_init(ctx, msg) ⇒ Boolean
private
Initializes the ctx for explicit decryption.
-
.mongocrypt_ctx_explicit_encrypt_init(ctx, msg) ⇒ Boolean
private
Initializes the ctx for explicit expression encryption.
-
.mongocrypt_ctx_finalize(ctx, op_bson) ⇒ Boolean
private
Perform the final encryption or decryption and return a BSON document.
-
.mongocrypt_ctx_mongo_done(ctx) ⇒ Boolean
private
Indicate to libmongocrypt that the driver is done feeding replies.
-
.mongocrypt_ctx_mongo_feed(ctx, reply) ⇒ Boolean
private
Feed a BSON reply to libmongocrypt.
-
.mongocrypt_ctx_mongo_next_kms_ctx(ctx) ⇒ FFI::Pointer
private
Return a pointer to a mongocrypt_kms_ctx_t object or NULL.
-
.mongocrypt_ctx_mongo_op(ctx, op_bson) ⇒ Boolean
private
Get a BSON operation for the driver to run against the MongoDB collection, the key vault database, or mongocryptd.
-
.mongocrypt_ctx_new(crypt) ⇒ FFI::Pointer
private
Create a new mongocrypt_ctx_t object (a wrapper for the libmongocrypt state machine).
- .mongocrypt_ctx_provide_kms_providers(ctx, kms_providers) ⇒ Object private
-
.mongocrypt_ctx_setopt_algorithm(ctx, algorithm, len) ⇒ Boolean
private
Set the algorithm used for explicit encryption.
- .mongocrypt_ctx_setopt_algorithm_range(ctx, opts) ⇒ Object private
- .mongocrypt_ctx_setopt_contention_factor(ctx, contention_factor) ⇒ Object private
-
.mongocrypt_ctx_setopt_key_alt_name(ctx, binary) ⇒ Boolean
private
When creating a data key, set an alternate name on that key.
-
.mongocrypt_ctx_setopt_key_encryption_key(ctx) ⇒ Boolean
private
Set key encryption key document for creating a data key.
-
.mongocrypt_ctx_setopt_key_id(ctx, key_id) ⇒ Boolean
private
Set the key id used for explicit encryption.
-
.mongocrypt_ctx_setopt_key_material(ctx, binary) ⇒ Boolean
private
When creating a data key, set a custom key material to use for encrypting data.
- .mongocrypt_ctx_setopt_query_type(ctx, mongocrypt_query_type) ⇒ Object private
-
.mongocrypt_ctx_state(ctx) ⇒ Symbol
private
Get the current state of the ctx.
-
.mongocrypt_ctx_status(ctx, status) ⇒ Boolean
private
Set the status information from the mongocrypt_ctx_t object on the mongocrypt_status_t object.
-
.mongocrypt_destroy(crypt) ⇒ nil
private
Destroy the reference the mongocrypt_t object.
-
.mongocrypt_init(crypt) ⇒ Boolean
private
Initialize the mongocrypt_t object.
-
.mongocrypt_kms_ctx_bytes_needed(kms) ⇒ Integer
private
Get the number of bytes needed by the KMS context.
-
.mongocrypt_kms_ctx_done(ctx) ⇒ Boolean
private
Indicate to libmongocrypt that it will receive no more replies from mongocrypt_kms_ctx_t objects.
-
.mongocrypt_kms_ctx_endpoint(kms, endpoint) ⇒ Boolean
private
Get the hostname with which to connect over TLS to get information about the AWS master key.
- .mongocrypt_kms_ctx_fail(ctx) ⇒ Object private
-
.mongocrypt_kms_ctx_feed(kms, bytes) ⇒ Boolean
private
Feed replies from the KMS back to libmongocrypt.
- .mongocrypt_kms_ctx_get_kms_provider(crypt, kms_providers) ⇒ Object private
-
.mongocrypt_kms_ctx_message(kms, msg) ⇒ Boolean
private
Get the message needed to fetch the AWS KMS master key.
-
.mongocrypt_kms_ctx_status(kms, status) ⇒ Boolean
private
Write status information about the mongocrypt_kms_ctx_t object to the mongocrypt_status_t object.
-
.mongocrypt_kms_ctx_usleep(ctx) ⇒ int64
private
Indicates how long to sleep before sending KMS request.
-
.mongocrypt_setopt_aes_256_ctr(crypt, aes_256_ctr_encrypt, aes_256_ctr_decrypt, ctx) ⇒ Boolean
private
Set a crypto hook for the AES256-CTR operations.
- .mongocrypt_setopt_append_crypt_shared_lib_search_path(crypt, path) ⇒ Object private
- .mongocrypt_setopt_bypass_query_analysis(crypt) ⇒ Object private
-
.mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5(crypt, sign_rsaes_pkcs1_v1_5, ctx = nil) ⇒ Boolean
private
Set a crypto hook for the RSASSA-PKCS1-v1_5 algorithm with a SHA-256 hash.
-
.mongocrypt_setopt_crypto_hooks(crypt, aes_enc_fn, aes_dec_fn, random_fn, sha_512_fn, sha_256_fn, hash_fn, ctx = nil) ⇒ Boolean
private
Set crypto hooks on the provided mongocrypt object.
- .mongocrypt_setopt_encrypted_field_config_map(crypt, efc_map) ⇒ Object private
-
.mongocrypt_setopt_kms_providers(crypt, kms_providers) ⇒ Object
private
Configure KMS providers with a BSON document.
-
.mongocrypt_setopt_log_handler(crypt, log_fn, log_ctx = nil) ⇒ Boolean
private
Set the handler on the mongocrypt_t object to be called every time libmongocrypt logs a message.
- .mongocrypt_setopt_retry_kms(crypt, enable) ⇒ Object private
-
.mongocrypt_setopt_schema_map(crypt, schema_map) ⇒ Boolean
private
Sets a local schema map for encryption.
- .mongocrypt_setopt_set_crypt_shared_lib_path_override(crypt, path) ⇒ Object private
- .mongocrypt_setopt_use_need_kms_credentials_state(crypt) ⇒ Object private
-
.mongocrypt_status(crypt, status) ⇒ Boolean
private
Set the status information from the mongocrypt_t object on the mongocrypt_status_t object.
-
.mongocrypt_status_code(status) ⇒ Integer
private
Return the status error code.
-
.mongocrypt_status_destroy(status) ⇒ nil
private
Destroys the reference to the mongocrypt_status_t object.
-
.mongocrypt_status_message(status, len = nil) ⇒ String
private
Returns the status message.
-
.mongocrypt_status_new ⇒ FFI::Pointer
private
Create a new mongocrypt_status_t object.
-
.mongocrypt_status_ok(status) ⇒ Boolean
private
Returns whether the status is ok or an error.
-
.mongocrypt_status_set(status, type, code, message, len) ⇒ nil
private
Set a message, type, and code on an existing status.
-
.mongocrypt_status_type(status) ⇒ Symbol
private
Indicates the status type.
-
.mongocrypt_version(len) ⇒ String
private
Returns the version string of the libmongocrypt library.
-
.ongocrypt_new ⇒ FFI::Pointer
private
Creates a new mongocrypt_t object.
-
.parse_version(version) ⇒ Gem::Version
private
Given a string representing a version number, parses it into a Gem::Version object.
-
.setopt_aes_256_ctr(handle, aes_ctr_encrypt_cb, aes_ctr_decrypt_cb) ⇒ Object
private
Set a crypto hook for the AES256-CTR operations.
-
.setopt_append_crypt_shared_lib_search_path(handle, path) ⇒ Object
private
Append an additional search directory to the search path for loading the crypt_shared dynamic library.
-
.setopt_bypass_query_analysis(handle) ⇒ Object
private
Opt-into skipping query analysis.
-
.setopt_crypto_hook_sign_rsaes_pkcs1_v1_5(handle, rsaes_pkcs_signature_cb) ⇒ Object
private
Set a crypto hook for the RSASSA-PKCS1-v1_5 algorithm with a SHA-256 hash oh the Handle.
-
.setopt_crypto_hooks(handle, aes_encrypt_cb, aes_decrypt_cb, random_cb, hmac_sha_512_cb, hmac_sha_256_cb, hmac_hash_cb) ⇒ Object
private
Set crypto callbacks on the Handle.
-
.setopt_encrypted_field_config_map(handle, efc_map) ⇒ Object
private
Set a local EncryptedFieldConfigMap for encryption.
-
.setopt_kms_providers(handle, kms_providers) ⇒ Object
private
Set KMS providers options on the Mongo::Crypt::Handle object.
-
.setopt_log_handler(handle, log_callback) ⇒ Object
private
Set the logger callback function on the Mongo::Crypt::Handle object.
-
.setopt_schema_map(handle, schema_map_doc) ⇒ Object
private
Set schema map on the Mongo::Crypt::Handle object.
-
.setopt_set_crypt_shared_lib_path_override(handle, path) ⇒ Object
private
Set a single override path for loading the crypt shared library.
-
.setopt_use_need_kms_credentials_state(handle) ⇒ Object
private
Opt-into handling the MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS state.
-
.validate_document(data) ⇒ Object
private
Checks that the specified data is a Hash before serializing it to BSON to prevent errors from libmongocrypt.
-
.validate_version(lmc_version) ⇒ Object
private
Validates if provided version of libmongocrypt is valid, i.e.
Instance Method Summary collapse
-
#mongocrypt_crypto_fn(ctx, key, iv, input, output, status) ⇒ Bool
private
A callback to a function that performs AES encryption or decryption.
-
#mongocrypt_hash_fn(ctx, input, output, status) ⇒ Bool
private
A callback to a SHA-256 hash function.
-
#mongocrypt_hmac_fn(ctx, key, input, output, status) ⇒ Bool
private
A callback to a function that performs HMAC SHA-512 or SHA-256.
-
#mongocrypt_log_fn_t(level, message, len, ctx) ⇒ nil
private
A callback to the mongocrypt log function.
-
#mongocrypt_random_fn(ctx, output, count, status) ⇒ Bool
private
A callback to a crypto secure random function.
Class Method Details
.check_ctx_status(context) ⇒ nil
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Raise a Mongo::Error::CryptError based on the status of the underlying mongocrypt_ctx_t object.
1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 |
# File 'lib/mongo/crypt/binding.rb', line 1821 def self.check_ctx_status(context) if block_given? do_raise = !yield else do_raise = true end if do_raise status = Status.new mongocrypt_ctx_status(context.ctx_p, status.ref) status.raise_crypt_error end end |
.check_kms_ctx_status(kms_context) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
If the provided block returns false, raise a CryptError with the status information from the provided KmsContext object.
1107 1108 1109 1110 1111 1112 1113 1114 |
# File 'lib/mongo/crypt/binding.rb', line 1107 def self.check_kms_ctx_status(kms_context) unless yield status = Status.new mongocrypt_kms_ctx_status(kms_context.kms_ctx_p, status.ref) status.raise_crypt_error(kms: true) end end |
.check_status(handle) ⇒ nil
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Raise a Mongo::Error::CryptError based on the status of the underlying mongocrypt_t object.
1808 1809 1810 1811 1812 1813 1814 1815 |
# File 'lib/mongo/crypt/binding.rb', line 1808 def self.check_status(handle) unless yield status = Status.new mongocrypt_status(handle.ref, status.ref) status.raise_crypt_error end end |
.crypt_shared_lib_version(handle) ⇒ Integer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Obtain a 64-bit constant encoding the version of the loaded crypt_shared library, if available.
The version is encoded as four 16-bit numbers, from high to low:
-
Major version
-
Minor version
-
Revision
-
Reserved
For example, version 6.2.1 would be encoded as: 0x0006’0002’0001’0000
1614 1615 1616 |
# File 'lib/mongo/crypt/binding.rb', line 1614 def self.crypt_shared_lib_version(handle) mongocrypt_crypt_shared_lib_version(handle.ref) end |
.ctx_datakey_init(context) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initialize the Context to create a data key
625 626 627 628 629 |
# File 'lib/mongo/crypt/binding.rb', line 625 def self.ctx_datakey_init(context) check_ctx_status(context) do mongocrypt_ctx_datakey_init(context.ctx_p) end end |
.ctx_decrypt_init(context, command) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initialize the Context for auto-decryption
786 787 788 789 790 791 792 793 794 |
# File 'lib/mongo/crypt/binding.rb', line 786 def self.ctx_decrypt_init(context, command) validate_document(command) data = command.to_bson.to_s Binary.wrap_string(data) do |data_p| check_ctx_status(context) do mongocrypt_ctx_decrypt_init(context.ctx_p, data_p) end end end |
.ctx_encrypt_init(context, db_name, command) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initialize the Context for auto-encryption
692 693 694 695 696 697 698 699 700 |
# File 'lib/mongo/crypt/binding.rb', line 692 def self.ctx_encrypt_init(context, db_name, command) validate_document(command) data = command.to_bson.to_s Binary.wrap_string(data) do |data_p| check_ctx_status(context) do mongocrypt_ctx_encrypt_init(context.ctx_p, db_name, -1, data_p) end end end |
.ctx_explicit_decrypt_init(context, doc) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initialize the Context for explicit decryption
816 817 818 819 820 821 822 823 824 |
# File 'lib/mongo/crypt/binding.rb', line 816 def self.ctx_explicit_decrypt_init(context, doc) validate_document(doc) data = doc.to_bson.to_s Binary.wrap_string(data) do |data_p| check_ctx_status(context) do mongocrypt_ctx_explicit_decrypt_init(context.ctx_p, data_p) end end end |
.ctx_explicit_encrypt_expression_init(context, doc) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initialize the Context for explicit expression encryption.
760 761 762 763 764 765 766 767 768 |
# File 'lib/mongo/crypt/binding.rb', line 760 def self.ctx_explicit_encrypt_expression_init(context, doc) validate_document(doc) data = doc.to_bson.to_s Binary.wrap_string(data) do |data_p| check_ctx_status(context) do mongocrypt_ctx_explicit_encrypt_expression_init(context.ctx_p, data_p) end end end |
.ctx_explicit_encrypt_init(context, doc) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initialize the Context for explicit encryption
726 727 728 729 730 731 732 733 734 |
# File 'lib/mongo/crypt/binding.rb', line 726 def self.ctx_explicit_encrypt_init(context, doc) validate_document(doc) data = doc.to_bson.to_s Binary.wrap_string(data) do |data_p| check_ctx_status(context) do mongocrypt_ctx_explicit_encrypt_init(context.ctx_p, data_p) end end end |
.ctx_finalize(context) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Finalize the state machine represented by the Context
1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 |
# File 'lib/mongo/crypt/binding.rb', line 1209 def self.ctx_finalize(context) binary = Binary.new check_ctx_status(context) do mongocrypt_ctx_finalize(context.ctx_p, binary.ref) end # TODO since the binary references a C pointer, and ByteBuffer is # written in C in MRI, we could omit a copy of the data by making # ByteBuffer reference the string that is owned by libmongocrypt. BSON::Document.from_bson(BSON::ByteBuffer.new(binary.to_s), mode: :bson) end |
.ctx_kms_done(context) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Indicate to libmongocrypt that it will receive no more KMS replies.
1186 1187 1188 1189 1190 |
# File 'lib/mongo/crypt/binding.rb', line 1186 def self.ctx_kms_done(context) check_ctx_status(context) do mongocrypt_ctx_kms_done(context.ctx_p) end end |
.ctx_mongo_feed(context, doc) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Feed a response from the driver back to libmongocrypt
897 898 899 900 901 902 903 904 905 |
# File 'lib/mongo/crypt/binding.rb', line 897 def self.ctx_mongo_feed(context, doc) validate_document(doc) data = doc.to_bson.to_s Binary.wrap_string(data) do |data_p| check_ctx_status(context) do mongocrypt_ctx_mongo_feed(context.ctx_p, data_p) end end end |
.ctx_mongo_op(context) ⇒ BSON::Document
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns a BSON::Document representing an operation that the driver must perform on behalf of libmongocrypt to get the information it needs in order to continue with encryption/decryption (for example, a filter for a key vault query).
868 869 870 871 872 873 874 875 876 877 878 879 |
# File 'lib/mongo/crypt/binding.rb', line 868 def self.ctx_mongo_op(context) binary = Binary.new check_ctx_status(context) do mongocrypt_ctx_mongo_op(context.ctx_p, binary.ref) end # TODO since the binary references a C pointer, and ByteBuffer is # written in C in MRI, we could omit a copy of the data by making # ByteBuffer reference the string that is owned by libmongocrypt. BSON::Document.from_bson(BSON::ByteBuffer.new(binary.to_s), mode: :bson) end |
.ctx_next_kms_ctx(context) ⇒ Mongo::Crypt::KmsContext | nil
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Return a new KmsContext object needed by a Context object.
929 930 931 932 933 934 935 936 937 |
# File 'lib/mongo/crypt/binding.rb', line 929 def self.ctx_next_kms_ctx(context) kms_ctx_p = mongocrypt_ctx_next_kms_ctx(context.ctx_p) if kms_ctx_p.null? nil else KmsContext.new(kms_ctx_p) end end |
.ctx_provide_kms_providers(context, kms_providers) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Call in response to the MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS state to set per-context KMS provider settings. These follow the same format as ‘mongocrypt_setopt_kms_providers“. If no keys are present in the BSON input, the KMS provider settings configured for the mongocrypt_t at initialization are used.
1687 1688 1689 1690 1691 1692 1693 1694 1695 |
# File 'lib/mongo/crypt/binding.rb', line 1687 def self.ctx_provide_kms_providers(context, kms_providers) validate_document(kms_providers) data = kms_providers.to_bson.to_s Binary.wrap_string(data) do |data_p| check_ctx_status(context) do mongocrypt_ctx_provide_kms_providers(context.ctx_p, data_p) end end end |
.ctx_rewrap_many_datakey_init(context, filter) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initialize a context to rewrap datakeys.
656 657 658 659 660 661 662 663 |
# File 'lib/mongo/crypt/binding.rb', line 656 def self.ctx_rewrap_many_datakey_init(context, filter) filter_data = filter.to_bson.to_s Binary.wrap_string(filter_data) do |data_p| check_ctx_status(context) do mongocrypt_ctx_rewrap_many_datakey_init(context.ctx_p, data_p) end end end |
.ctx_setopt_algorithm(context, name) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set the algorithm on the context
569 570 571 572 573 |
# File 'lib/mongo/crypt/binding.rb', line 569 def self.ctx_setopt_algorithm(context, name) check_ctx_status(context) do mongocrypt_ctx_setopt_algorithm(context.ctx_p, name, -1) end end |
.ctx_setopt_algorithm_range(context, opts) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
The Range algorithm is experimental only. It is not intended for
Set options for explicit encryption with the “range” algorithm.
public use.
1794 1795 1796 1797 1798 1799 1800 1801 1802 |
# File 'lib/mongo/crypt/binding.rb', line 1794 def self.ctx_setopt_algorithm_range(context, opts) validate_document(opts) data = opts.to_bson.to_s Binary.wrap_string(data) do |data_p| check_ctx_status(context) do mongocrypt_ctx_setopt_algorithm_range(context.ctx_p, data_p) end end end |
.ctx_setopt_contention_factor(context, factor) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set the contention factor used for explicit encryption. The contention factor is only used for indexed FLE 2 encryption.
1757 1758 1759 1760 1761 |
# File 'lib/mongo/crypt/binding.rb', line 1757 def self.ctx_setopt_contention_factor(context, factor) check_ctx_status(context) do mongocrypt_ctx_setopt_contention_factor(context.ctx_p, factor) end end |
.ctx_setopt_key_alt_names(context, key_alt_names) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set multiple alternate key names on data key creation
500 501 502 503 504 505 506 507 508 509 510 |
# File 'lib/mongo/crypt/binding.rb', line 500 def self.ctx_setopt_key_alt_names(context, key_alt_names) key_alt_names.each do |key_alt_name| key_alt_name_bson = { :keyAltName => key_alt_name }.to_bson.to_s Binary.wrap_string(key_alt_name_bson) do |key_alt_name_p| check_ctx_status(context) do mongocrypt_ctx_setopt_key_alt_name(context.ctx_p, key_alt_name_p) end end end end |
.ctx_setopt_key_encryption_key(context, key_document) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set key encryption key document for creating a data key.
598 599 600 601 602 603 604 605 606 |
# File 'lib/mongo/crypt/binding.rb', line 598 def self.ctx_setopt_key_encryption_key(context, key_document) validate_document(key_document) data = key_document.to_bson.to_s Binary.wrap_string(data) do |data_p| check_ctx_status(context) do mongocrypt_ctx_setopt_key_encryption_key(context.ctx_p, data_p) end end end |
.ctx_setopt_key_id(context, key_id) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Sets the key id option on an explicit encryption context.
467 468 469 470 471 472 473 |
# File 'lib/mongo/crypt/binding.rb', line 467 def self.ctx_setopt_key_id(context, key_id) Binary.wrap_string(key_id) do |key_id_p| check_ctx_status(context) do mongocrypt_ctx_setopt_key_id(context.ctx_p, key_id_p) end end end |
.ctx_setopt_key_material(context, key_material) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set set a custom key material to use for
encrypting data.
535 536 537 538 539 540 541 542 |
# File 'lib/mongo/crypt/binding.rb', line 535 def self.ctx_setopt_key_material(context, key_material) data = {'keyMaterial' => key_material}.to_bson.to_s Binary.wrap_string(data) do |data_p| check_ctx_status(context) do mongocrypt_ctx_setopt_key_material(context.ctx_p, data_p) end end end |
.ctx_setopt_query_type(context, query_type) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set the query type to use for FLE 2 explicit encryption. The query type is only used for indexed FLE 2 encryption.
1725 1726 1727 1728 1729 |
# File 'lib/mongo/crypt/binding.rb', line 1725 def self.ctx_setopt_query_type(context, query_type) check_ctx_status(context) do mongocrypt_ctx_setopt_query_type(context.ctx_p, query_type, -1) end end |
.get_binary_data_direct(mongocrypt_binary_t) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
181 182 183 |
# File 'lib/mongo/crypt/binding.rb', line 181 def self.get_binary_data_direct(mongocrypt_binary_t) mongocrypt_binary_t.get_pointer(0) end |
.get_binary_len_direct(mongocrypt_binary_t) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
185 186 187 |
# File 'lib/mongo/crypt/binding.rb', line 185 def self.get_binary_len_direct(mongocrypt_binary_t) mongocrypt_binary_t.get_uint32(FFI::NativeType::POINTER.size) end |
.init(handle) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initialize the Mongo::Crypt::Handle object
407 408 409 410 411 |
# File 'lib/mongo/crypt/binding.rb', line 407 def self.init(handle) check_status(handle) do mongocrypt_init(handle.ref) end end |
.kms_ctx_bytes_needed(kms_context) ⇒ Integer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Get the number of bytes needed by the KmsContext.
1063 1064 1065 |
# File 'lib/mongo/crypt/binding.rb', line 1063 def self.kms_ctx_bytes_needed(kms_context) mongocrypt_kms_ctx_bytes_needed(kms_context.kms_ctx_p) end |
.kms_ctx_endpoint(kms_context) ⇒ String | nil
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Get the hostname with which to connect over TLS to get information about the AWS master key.
1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 |
# File 'lib/mongo/crypt/binding.rb', line 1039 def self.kms_ctx_endpoint(kms_context) ptr = FFI::MemoryPointer.new(:pointer, 1) check_kms_ctx_status(kms_context) do mongocrypt_kms_ctx_endpoint(kms_context.kms_ctx_p, ptr) end str_ptr = ptr.read_pointer str_ptr.null? ? nil : str_ptr.read_string.force_encoding('UTF-8') end |
.kms_ctx_fail(kms_context) ⇒ true, false
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Check whether the last failed request for the KMS context may be retried.
1148 1149 1150 |
# File 'lib/mongo/crypt/binding.rb', line 1148 def self.kms_ctx_fail(kms_context) mongocrypt_kms_ctx_fail(kms_context.kms_ctx_p) end |
.kms_ctx_feed(kms_context, bytes) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Feed replies from the KMS back to libmongocrypt.
1083 1084 1085 1086 1087 1088 1089 |
# File 'lib/mongo/crypt/binding.rb', line 1083 def self.kms_ctx_feed(kms_context, bytes) check_kms_ctx_status(kms_context) do Binary.wrap_string(bytes) do |bytes_p| mongocrypt_kms_ctx_feed(kms_context.kms_ctx_p, bytes_p) end end end |
.kms_ctx_get_kms_provider(kms_context) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Get the KMS provider identifier associated with this KMS request.
This is used to conditionally configure TLS connections based on the KMS request. It is useful for KMIP, which authenticates with a client certificate.
970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 |
# File 'lib/mongo/crypt/binding.rb', line 970 def self.kms_ctx_get_kms_provider(kms_context) len_ptr = FFI::MemoryPointer.new(:uint32, 1) provider = mongocrypt_kms_ctx_get_kms_provider( kms_context.kms_ctx_p, len_ptr ) if len_ptr.nil? nil else len = if BSON::Environment.jruby? # JRuby FFI implementation does not have `read(type)` method, but it # has this `get_uint32`. len_ptr.get_uint32 else # For MRI we use a documented `read` method - https://www.rubydoc.info/github/ffi/ffi/FFI%2FPointer:read len_ptr.read(:uint32) end provider.read_string(len).to_sym end end |
.kms_ctx_message(kms_context) ⇒ String
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Get the HTTP message needed to fetch the AWS KMS master key from a KmsContext object.
1010 1011 1012 1013 1014 1015 1016 1017 1018 |
# File 'lib/mongo/crypt/binding.rb', line 1010 def self.(kms_context) binary = Binary.new check_kms_ctx_status(kms_context) do (kms_context.kms_ctx_p, binary.ref) end return binary.to_s end |
.kms_ctx_setopt_retry_kms(handle, value) ⇒ true, fale
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Enable or disable KMS retry behavior.
1167 1168 1169 |
# File 'lib/mongo/crypt/binding.rb', line 1167 def self.kms_ctx_setopt_retry_kms(handle, value) mongocrypt_setopt_retry_kms(handle.ref, value) end |
.kms_ctx_usleep(kms_context) ⇒ Integer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns number of milliseconds to sleep before sending KMS request for the given KMS context.
1131 1132 1133 |
# File 'lib/mongo/crypt/binding.rb', line 1131 def self.kms_ctx_usleep(kms_context) mongocrypt_kms_ctx_usleep(kms_context.kms_ctx_p) end |
.mongocrypt_binary_data(binary) ⇒ FFI::Pointer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Get the pointer to the underlying data for the mongocrypt_binary_t.
171 |
# File 'lib/mongo/crypt/binding.rb', line 171 attach_function :mongocrypt_binary_data, [:pointer], :pointer |
.mongocrypt_binary_destroy(binary) ⇒ nil
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Destroy the mongocrypt_binary_t object.
195 |
# File 'lib/mongo/crypt/binding.rb', line 195 attach_function :mongocrypt_binary_destroy, [:pointer], :void |
.mongocrypt_binary_len(binary) ⇒ Integer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Get the length of the underlying data array.
179 |
# File 'lib/mongo/crypt/binding.rb', line 179 attach_function :mongocrypt_binary_len, [:pointer], :int |
.mongocrypt_binary_new ⇒ FFI::Pointer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Creates a new mongocrypt_binary_t object (a non-owning view of a byte
array).
147 |
# File 'lib/mongo/crypt/binding.rb', line 147 attach_function :mongocrypt_binary_new, [], :pointer |
.mongocrypt_binary_new_from_data(data, len) ⇒ FFI::Pointer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Create a new mongocrypt_binary_t object that maintains a pointer to
the specified byte array.
159 160 161 162 163 |
# File 'lib/mongo/crypt/binding.rb', line 159 attach_function( :mongocrypt_binary_new_from_data, [:pointer, :int], :pointer ) |
.mongocrypt_crypt_shared_lib_version(crypt) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1592 1593 1594 1595 1596 |
# File 'lib/mongo/crypt/binding.rb', line 1592 attach_function( :mongocrypt_crypt_shared_lib_version, [ :pointer ], :uint64 ) |
.mongocrypt_ctx_datakey_init(ctx, filter) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
618 |
# File 'lib/mongo/crypt/binding.rb', line 618 attach_function :mongocrypt_ctx_datakey_init, [:pointer], :bool |
.mongocrypt_ctx_decrypt_init(ctx, doc) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initializes the ctx for auto-decryption.
778 |
# File 'lib/mongo/crypt/binding.rb', line 778 attach_function :mongocrypt_ctx_decrypt_init, [:pointer, :pointer], :bool |
.mongocrypt_ctx_destroy(ctx) ⇒ nil
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Destroy the reference to the mongocrypt_ctx_t object.
1228 |
# File 'lib/mongo/crypt/binding.rb', line 1228 attach_function :mongocrypt_ctx_destroy, [:pointer], :void |
.mongocrypt_ctx_encrypt_init(ctx, db, db_len, cmd) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
This method expects the passed-in BSON to be in the format: { “v”: BSON value to decrypt }.
Initializes the ctx for auto-encryption.
678 679 680 681 682 |
# File 'lib/mongo/crypt/binding.rb', line 678 attach_function( :mongocrypt_ctx_encrypt_init, [:pointer, :string, :int, :pointer], :bool ) |
.mongocrypt_ctx_explicit_decrypt_init(ctx, msg) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initializes the ctx for explicit decryption.
804 805 806 807 808 |
# File 'lib/mongo/crypt/binding.rb', line 804 attach_function( :mongocrypt_ctx_explicit_decrypt_init, [:pointer, :pointer], :bool ) |
.mongocrypt_ctx_explicit_encrypt_init(ctx, msg) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Before calling this method, set a key_id, key_alt_name (optional), and encryption algorithm using the following methods: mongocrypt_ctx_setopt_key_id, mongocrypt_ctx_setopt_key_alt_name, and mongocrypt_ctx_setopt_algorithm.
Initializes the ctx for explicit expression encryption.
714 715 716 717 718 |
# File 'lib/mongo/crypt/binding.rb', line 714 attach_function( :mongocrypt_ctx_explicit_encrypt_init, [:pointer, :pointer], :bool ) |
.mongocrypt_ctx_finalize(ctx, op_bson) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Perform the final encryption or decryption and return a BSON document.
1201 |
# File 'lib/mongo/crypt/binding.rb', line 1201 attach_function :mongocrypt_ctx_finalize, [:pointer, :pointer], :void |
.mongocrypt_ctx_mongo_done(ctx) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Indicate to libmongocrypt that the driver is done feeding replies.
913 |
# File 'lib/mongo/crypt/binding.rb', line 913 attach_function :mongocrypt_ctx_mongo_done, [:pointer], :bool |
.mongocrypt_ctx_mongo_feed(ctx, reply) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Feed a BSON reply to libmongocrypt.
889 |
# File 'lib/mongo/crypt/binding.rb', line 889 attach_function :mongocrypt_ctx_mongo_feed, [:pointer, :pointer], :bool |
.mongocrypt_ctx_mongo_next_kms_ctx(ctx) ⇒ FFI::Pointer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Return a pointer to a mongocrypt_kms_ctx_t object or NULL.
921 |
# File 'lib/mongo/crypt/binding.rb', line 921 attach_function :mongocrypt_ctx_next_kms_ctx, [:pointer], :pointer |
.mongocrypt_ctx_mongo_op(ctx, op_bson) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Get a BSON operation for the driver to run against the MongoDB
collection, the key vault database, or mongocryptd.
857 |
# File 'lib/mongo/crypt/binding.rb', line 857 attach_function :mongocrypt_ctx_mongo_op, [:pointer, :pointer], :bool |
.mongocrypt_ctx_new(crypt) ⇒ FFI::Pointer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Create a new mongocrypt_ctx_t object (a wrapper for the libmongocrypt
state machine).
438 |
# File 'lib/mongo/crypt/binding.rb', line 438 attach_function :mongocrypt_ctx_new, [:pointer], :pointer |
.mongocrypt_ctx_provide_kms_providers(ctx, kms_providers) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1670 1671 1672 1673 1674 |
# File 'lib/mongo/crypt/binding.rb', line 1670 attach_function( :mongocrypt_ctx_provide_kms_providers, [ :pointer, :pointer ], :bool ) |
.mongocrypt_ctx_setopt_algorithm(ctx, algorithm, len) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Do not initialize ctx before calling this method.
Set the algorithm used for explicit encryption.
555 556 557 558 559 |
# File 'lib/mongo/crypt/binding.rb', line 555 attach_function( :mongocrypt_ctx_setopt_algorithm, [:pointer, :string, :int], :bool ) |
.mongocrypt_ctx_setopt_algorithm_range(ctx, opts) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1776 1777 1778 1779 1780 1781 1782 1783 |
# File 'lib/mongo/crypt/binding.rb', line 1776 attach_function( :mongocrypt_ctx_setopt_algorithm_range, [ :pointer, :pointer ], :bool ) |
.mongocrypt_ctx_setopt_contention_factor(ctx, contention_factor) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1741 1742 1743 1744 1745 1746 1747 1748 |
# File 'lib/mongo/crypt/binding.rb', line 1741 attach_function( :mongocrypt_ctx_setopt_contention_factor, [ :pointer, :int64 ], :bool ) |
.mongocrypt_ctx_setopt_key_alt_name(ctx, binary) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Do not initialize ctx before calling this method.
When creating a data key, set an alternate name on that key. When
performing explicit encryption, specifying which data key to use for
encryption based on its keyAltName field.
487 488 489 490 491 |
# File 'lib/mongo/crypt/binding.rb', line 487 attach_function( :mongocrypt_ctx_setopt_key_alt_name, [:pointer, :pointer], :bool ) |
.mongocrypt_ctx_setopt_key_encryption_key(ctx) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Do not initialize ctx before calling this method.
Set key encryption key document for creating a data key.
585 586 587 588 589 |
# File 'lib/mongo/crypt/binding.rb', line 585 attach_function( :mongocrypt_ctx_setopt_key_encryption_key, [:pointer, :pointer], :bool ) |
.mongocrypt_ctx_setopt_key_id(ctx, key_id) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Do not initialize ctx before calling this method.
Set the key id used for explicit encryption.
459 |
# File 'lib/mongo/crypt/binding.rb', line 459 attach_function :mongocrypt_ctx_setopt_key_id, [:pointer, :pointer], :bool |
.mongocrypt_ctx_setopt_key_material(ctx, binary) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Do not initialize ctx before calling this method.
When creating a data key, set a custom key material to use for
encrypting data.
522 523 524 525 526 |
# File 'lib/mongo/crypt/binding.rb', line 522 attach_function( :mongocrypt_ctx_setopt_key_material, [:pointer, :pointer], :bool ) |
.mongocrypt_ctx_setopt_query_type(ctx, mongocrypt_query_type) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1708 1709 1710 1711 1712 1713 1714 1715 1716 |
# File 'lib/mongo/crypt/binding.rb', line 1708 attach_function( :mongocrypt_ctx_setopt_query_type, [ :pointer, :string, :int ], :bool ) |
.mongocrypt_ctx_state(ctx) ⇒ Symbol
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Get the current state of the ctx.
845 |
# File 'lib/mongo/crypt/binding.rb', line 845 attach_function :mongocrypt_ctx_state, [:pointer], :mongocrypt_ctx_state |
.mongocrypt_ctx_status(ctx, status) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set the status information from the mongocrypt_ctx_t object on the
mongocrypt_status_t object.
448 |
# File 'lib/mongo/crypt/binding.rb', line 448 attach_function :mongocrypt_ctx_status, [:pointer, :pointer], :bool |
.mongocrypt_destroy(crypt) ⇒ nil
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Destroy the reference the mongocrypt_t object.
429 |
# File 'lib/mongo/crypt/binding.rb', line 429 attach_function :mongocrypt_destroy, [:pointer], :void |
.mongocrypt_init(crypt) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initialize the mongocrypt_t object.
400 |
# File 'lib/mongo/crypt/binding.rb', line 400 attach_function :mongocrypt_init, [:pointer], :bool |
.mongocrypt_kms_ctx_bytes_needed(kms) ⇒ Integer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Get the number of bytes needed by the KMS context.
1056 |
# File 'lib/mongo/crypt/binding.rb', line 1056 attach_function :mongocrypt_kms_ctx_bytes_needed, [:pointer], :int |
.mongocrypt_kms_ctx_done(ctx) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Indicate to libmongocrypt that it will receive no more replies from
mongocrypt_kms_ctx_t objects.
1179 |
# File 'lib/mongo/crypt/binding.rb', line 1179 attach_function :mongocrypt_ctx_kms_done, [:pointer], :bool |
.mongocrypt_kms_ctx_endpoint(kms, endpoint) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Get the hostname with which to connect over TLS to get information about
the AWS master key.
1029 |
# File 'lib/mongo/crypt/binding.rb', line 1029 attach_function :mongocrypt_kms_ctx_endpoint, [:pointer, :pointer], :bool |
.mongocrypt_kms_ctx_fail(ctx) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1142 |
# File 'lib/mongo/crypt/binding.rb', line 1142 attach_function :mongocrypt_kms_ctx_fail, [:pointer], :bool |
.mongocrypt_kms_ctx_feed(kms, bytes) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Feed replies from the KMS back to libmongocrypt.
1075 |
# File 'lib/mongo/crypt/binding.rb', line 1075 attach_function :mongocrypt_kms_ctx_feed, [:pointer, :pointer], :bool |
.mongocrypt_kms_ctx_get_kms_provider(crypt, kms_providers) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
955 956 957 958 959 |
# File 'lib/mongo/crypt/binding.rb', line 955 attach_function( :mongocrypt_kms_ctx_get_kms_provider, [:pointer, :pointer], :pointer ) |
.mongocrypt_kms_ctx_message(kms, msg) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Get the message needed to fetch the AWS KMS master key.
1000 |
# File 'lib/mongo/crypt/binding.rb', line 1000 attach_function :mongocrypt_kms_ctx_message, [:pointer, :pointer], :bool |
.mongocrypt_kms_ctx_status(kms, status) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Write status information about the mongocrypt_kms_ctx_t object
to the mongocrypt_status_t object.
1099 |
# File 'lib/mongo/crypt/binding.rb', line 1099 attach_function :mongocrypt_kms_ctx_status, [:pointer, :pointer], :bool |
.mongocrypt_kms_ctx_usleep(ctx) ⇒ int64
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Indicates how long to sleep before sending KMS request.
1123 |
# File 'lib/mongo/crypt/binding.rb', line 1123 attach_function :mongocrypt_kms_ctx_usleep, [:pointer], :int64 |
.mongocrypt_setopt_aes_256_ctr(crypt, aes_256_ctr_encrypt, aes_256_ctr_decrypt, ctx) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set a crypto hook for the AES256-CTR operations.
1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 |
# File 'lib/mongo/crypt/binding.rb', line 1487 attach_function( :mongocrypt_setopt_aes_256_ctr, [ :pointer, :mongocrypt_crypto_fn, :mongocrypt_crypto_fn, :pointer ], :bool ) |
.mongocrypt_setopt_append_crypt_shared_lib_search_path(crypt, path) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1525 1526 1527 1528 1529 1530 1531 1532 |
# File 'lib/mongo/crypt/binding.rb', line 1525 attach_function( :mongocrypt_setopt_append_crypt_shared_lib_search_path, [ :pointer, :string, ], :void ) |
.mongocrypt_setopt_bypass_query_analysis(crypt) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1463 |
# File 'lib/mongo/crypt/binding.rb', line 1463 attach_function(:mongocrypt_setopt_bypass_query_analysis, [:pointer], :void) |
.mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5(crypt, sign_rsaes_pkcs1_v1_5, ctx = nil) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set a crypto hook for the RSASSA-PKCS1-v1_5 algorithm with a SHA-256 hash.
1380 1381 1382 1383 1384 1385 1386 1387 1388 |
# File 'lib/mongo/crypt/binding.rb', line 1380 attach_function( :mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5, [ :pointer, :mongocrypt_hmac_fn, :pointer ], :bool ) |
.mongocrypt_setopt_crypto_hooks(crypt, aes_enc_fn, aes_dec_fn, random_fn, sha_512_fn, sha_256_fn, hash_fn, ctx = nil) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set crypto hooks on the provided mongocrypt object.
1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 |
# File 'lib/mongo/crypt/binding.rb', line 1333 attach_function( :mongocrypt_setopt_crypto_hooks, [ :pointer, :mongocrypt_crypto_fn, :mongocrypt_crypto_fn, :mongocrypt_random_fn, :mongocrypt_hmac_fn, :mongocrypt_hmac_fn, :mongocrypt_hash_fn, :pointer ], :bool ) |
.mongocrypt_setopt_encrypted_field_config_map(crypt, efc_map) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1422 1423 1424 1425 1426 1427 1428 1429 |
# File 'lib/mongo/crypt/binding.rb', line 1422 attach_function( :mongocrypt_setopt_encrypted_field_config_map, [ :pointer, :pointer ], :bool ) |
.mongocrypt_setopt_kms_providers(crypt, kms_providers) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Do not initialize ctx before calling this method.
Configure KMS providers with a BSON document.
344 345 346 347 348 |
# File 'lib/mongo/crypt/binding.rb', line 344 attach_function( :mongocrypt_setopt_kms_providers, [:pointer, :pointer], :bool ) |
.mongocrypt_setopt_log_handler(crypt, log_fn, log_ctx = nil) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set the handler on the mongocrypt_t object to be called every time
libmongocrypt logs a message.
315 316 317 318 319 |
# File 'lib/mongo/crypt/binding.rb', line 315 attach_function( :mongocrypt_setopt_log_handler, [:pointer, :mongocrypt_log_fn_t, :pointer], :bool ) |
.mongocrypt_setopt_retry_kms(crypt, enable) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1160 |
# File 'lib/mongo/crypt/binding.rb', line 1160 attach_function :mongocrypt_setopt_retry_kms, [:pointer, :bool], :bool |
.mongocrypt_setopt_schema_map(crypt, schema_map) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Sets a local schema map for encryption.
375 |
# File 'lib/mongo/crypt/binding.rb', line 375 attach_function :mongocrypt_setopt_schema_map, [:pointer, :pointer], :bool |
.mongocrypt_setopt_set_crypt_shared_lib_path_override(crypt, path) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1554 1555 1556 1557 1558 1559 1560 1561 |
# File 'lib/mongo/crypt/binding.rb', line 1554 attach_function( :mongocrypt_setopt_set_crypt_shared_lib_path_override, [ :pointer, :string, ], :void ) |
.mongocrypt_setopt_use_need_kms_credentials_state(crypt) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1633 1634 1635 1636 1637 |
# File 'lib/mongo/crypt/binding.rb', line 1633 attach_function( :mongocrypt_setopt_use_need_kms_credentials_state, [ :pointer ], :void ) |
.mongocrypt_status(crypt, status) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set the status information from the mongocrypt_t object on the
mongocrypt_status_t object.
421 |
# File 'lib/mongo/crypt/binding.rb', line 421 attach_function :mongocrypt_status, [:pointer, :pointer], :bool |
.mongocrypt_status_code(status) ⇒ Integer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Return the status error code.
243 |
# File 'lib/mongo/crypt/binding.rb', line 243 attach_function :mongocrypt_status_code, [:pointer], :int |
.mongocrypt_status_destroy(status) ⇒ nil
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Destroys the reference to the mongocrypt_status_t object.
269 |
# File 'lib/mongo/crypt/binding.rb', line 269 attach_function :mongocrypt_status_destroy, [:pointer], :void |
.mongocrypt_status_message(status, len = nil) ⇒ String
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns the status message.
253 |
# File 'lib/mongo/crypt/binding.rb', line 253 attach_function :mongocrypt_status_message, [:pointer, :pointer], :string |
.mongocrypt_status_new ⇒ FFI::Pointer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Create a new mongocrypt_status_t object.
209 |
# File 'lib/mongo/crypt/binding.rb', line 209 attach_function :mongocrypt_status_new, [], :pointer |
.mongocrypt_status_ok(status) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns whether the status is ok or an error.
261 |
# File 'lib/mongo/crypt/binding.rb', line 261 attach_function :mongocrypt_status_ok, [:pointer], :bool |
.mongocrypt_status_set(status, type, code, message, len) ⇒ nil
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set a message, type, and code on an existing status.
223 224 225 226 227 |
# File 'lib/mongo/crypt/binding.rb', line 223 attach_function( :mongocrypt_status_set, [:pointer, :status_type, :int, :string, :int], :void ) |
.mongocrypt_status_type(status) ⇒ Symbol
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Indicates the status type.
235 |
# File 'lib/mongo/crypt/binding.rb', line 235 attach_function :mongocrypt_status_type, [:pointer], :status_type |
.mongocrypt_version(len) ⇒ String
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns the version string of the libmongocrypt library.
95 |
# File 'lib/mongo/crypt/binding.rb', line 95 attach_function :mongocrypt_version, [:pointer], :string |
.ongocrypt_new ⇒ FFI::Pointer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Creates a new mongocrypt_t object.
303 |
# File 'lib/mongo/crypt/binding.rb', line 303 attach_function :mongocrypt_new, [], :pointer |
.parse_version(version) ⇒ Gem::Version
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Given a string representing a version number, parses it into a Gem::Version object. This handles the case where the string is not in a format supported by Gem::Version by doing some custom parsing.
108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'lib/mongo/crypt/binding.rb', line 108 def self.parse_version(version) Gem::Version.new(version) rescue ArgumentError match = version.match(/\A(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)?(-[A-Za-z\+\d]+)?\z/) raise ArgumentError.new("Malformed version number string #{version}") if match.nil? Gem::Version.new( [ match[:major], match[:minor], match[:patch] ].join('.') ) end |
.setopt_aes_256_ctr(handle, aes_ctr_encrypt_cb, aes_ctr_decrypt_cb) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set a crypto hook for the AES256-CTR operations.
1505 1506 1507 1508 1509 1510 1511 |
# File 'lib/mongo/crypt/binding.rb', line 1505 def self.setopt_aes_256_ctr(handle, aes_ctr_encrypt_cb, aes_ctr_decrypt_cb) check_status(handle) do mongocrypt_setopt_aes_256_ctr(handle.ref, aes_ctr_encrypt_cb, aes_ctr_decrypt_cb, nil ) end end |
.setopt_append_crypt_shared_lib_search_path(handle, path) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Append an additional search directory to the search path for loading
the crypt_shared dynamic library.
1539 1540 1541 1542 1543 |
# File 'lib/mongo/crypt/binding.rb', line 1539 def self.setopt_append_crypt_shared_lib_search_path(handle, path) check_status(handle) do mongocrypt_setopt_append_crypt_shared_lib_search_path(handle.ref, path) end end |
.setopt_bypass_query_analysis(handle) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Opt-into skipping query analysis.
If opted in:
-
The csfle shared library will not attempt to be loaded.
-
A mongocrypt_ctx_t will never enter the MONGOCRYPT_CTX_NEED_MARKINGS state.
1472 1473 1474 |
# File 'lib/mongo/crypt/binding.rb', line 1472 def self.setopt_bypass_query_analysis(handle) mongocrypt_setopt_bypass_query_analysis(handle.ref) end |
.setopt_crypto_hook_sign_rsaes_pkcs1_v1_5(handle, rsaes_pkcs_signature_cb) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set a crypto hook for the RSASSA-PKCS1-v1_5 algorithm with
a SHA-256 hash oh the Handle.
1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 |
# File 'lib/mongo/crypt/binding.rb', line 1397 def self.setopt_crypto_hook_sign_rsaes_pkcs1_v1_5( handle, rsaes_pkcs_signature_cb ) check_status(handle) do mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5( handle.ref, rsaes_pkcs_signature_cb, nil ) end end |
.setopt_crypto_hooks(handle, aes_encrypt_cb, aes_decrypt_cb, random_cb, hmac_sha_512_cb, hmac_sha_256_cb, hmac_hash_cb) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set crypto callbacks on the Handle
1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 |
# File 'lib/mongo/crypt/binding.rb', line 1359 def self.setopt_crypto_hooks(handle, aes_encrypt_cb, aes_decrypt_cb, random_cb, hmac_sha_512_cb, hmac_sha_256_cb, hmac_hash_cb ) check_status(handle) do mongocrypt_setopt_crypto_hooks(handle.ref, aes_encrypt_cb, aes_decrypt_cb, random_cb, hmac_sha_512_cb, hmac_sha_256_cb, hmac_hash_cb, nil ) end end |
.setopt_encrypted_field_config_map(handle, efc_map) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set a local EncryptedFieldConfigMap for encryption.
1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 |
# File 'lib/mongo/crypt/binding.rb', line 1440 def self.setopt_encrypted_field_config_map(handle, efc_map) validate_document(efc_map) data = efc_map.to_bson.to_s Binary.wrap_string(data) do |data_p| check_status(handle) do mongocrypt_setopt_encrypted_field_config_map( handle.ref, data_p ) end end end |
.setopt_kms_providers(handle, kms_providers) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set KMS providers options on the Mongo::Crypt::Handle object
357 358 359 360 361 362 363 364 365 |
# File 'lib/mongo/crypt/binding.rb', line 357 def self.setopt_kms_providers(handle, kms_providers) validate_document(kms_providers) data = kms_providers.to_bson.to_s Binary.wrap_string(data) do |data_p| check_status(handle) do mongocrypt_setopt_kms_providers(handle.ref, data_p) end end end |
.setopt_log_handler(handle, log_callback) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set the logger callback function on the Mongo::Crypt::Handle object
327 328 329 330 331 |
# File 'lib/mongo/crypt/binding.rb', line 327 def self.setopt_log_handler(handle, log_callback) check_status(handle) do mongocrypt_setopt_log_handler(handle, log_callback, nil) end end |
.setopt_schema_map(handle, schema_map_doc) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set schema map on the Mongo::Crypt::Handle object
384 385 386 387 388 389 390 391 392 |
# File 'lib/mongo/crypt/binding.rb', line 384 def self.setopt_schema_map(handle, schema_map_doc) validate_document(schema_map_doc) data = schema_map_doc.to_bson.to_s Binary.wrap_string(data) do |data_p| check_status(handle) do mongocrypt_setopt_schema_map(handle.ref, data_p) end end end |
.setopt_set_crypt_shared_lib_path_override(handle, path) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Set a single override path for loading the crypt shared library.
1567 1568 1569 1570 1571 |
# File 'lib/mongo/crypt/binding.rb', line 1567 def self.setopt_set_crypt_shared_lib_path_override(handle, path) check_status(handle) do mongocrypt_setopt_set_crypt_shared_lib_path_override(handle.ref, path) end end |
.setopt_use_need_kms_credentials_state(handle) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Opt-into handling the MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS state.
If set, before entering the MONGOCRYPT_CTX_NEED_KMS state, contexts may enter the MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS state and then wait for credentials to be supplied through ‘mongocrypt_ctx_provide_kms_providers`.
A context will only enter MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS if an empty document was set for a KMS provider in ‘mongocrypt_setopt_kms_providers`.
1651 1652 1653 |
# File 'lib/mongo/crypt/binding.rb', line 1651 def self.setopt_use_need_kms_credentials_state(handle) mongocrypt_setopt_use_need_kms_credentials_state(handle.ref) end |
.validate_document(data) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
All BSON::Document instances are also Hash instances
Checks that the specified data is a Hash before serializing it to BSON to prevent errors from libmongocrypt
1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 |
# File 'lib/mongo/crypt/binding.rb', line 1844 def self.validate_document(data) return if data.is_a?(Hash) if data.nil? = "Attempted to pass nil data to libmongocrypt. " + "Data must be a Hash" else = "Attempted to pass invalid data to libmongocrypt: #{data} " + "Data must be a Hash" end raise Error::CryptError.new() end |
.validate_version(lmc_version) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Validates if provided version of libmongocrypt is valid, i.e. equal or greater than minimum required version. Raises a LoadError if not.
131 132 133 134 135 136 |
# File 'lib/mongo/crypt/binding.rb', line 131 def self.validate_version(lmc_version) if (actual_version = parse_version(lmc_version)) < MIN_LIBMONGOCRYPT_VERSION raise LoadError, "libmongocrypt version #{MIN_LIBMONGOCRYPT_VERSION} or above is required, " + "but version #{actual_version} was found." end end |
Instance Method Details
#mongocrypt_crypto_fn(ctx, key, iv, input, output, status) ⇒ Bool
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
This defines a method signature for an FFI callback; it is not an instance method on the Binding class.
A callback to a function that performs AES encryption or decryption.
1251 1252 1253 1254 1255 |
# File 'lib/mongo/crypt/binding.rb', line 1251 callback( :mongocrypt_crypto_fn, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :bool ) |
#mongocrypt_hash_fn(ctx, input, output, status) ⇒ Bool
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
This defines a method signature for an FFI callback; it is not an instance method on the Binding class.
A callback to a SHA-256 hash function.
1299 |
# File 'lib/mongo/crypt/binding.rb', line 1299 callback :mongocrypt_hash_fn, [:pointer, :pointer, :pointer, :pointer], :bool |
#mongocrypt_hmac_fn(ctx, key, input, output, status) ⇒ Bool
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
This defines a method signature for an FFI callback; it is not an instance method on the Binding class.
A callback to a function that performs HMAC SHA-512 or SHA-256.
1276 1277 1278 1279 1280 |
# File 'lib/mongo/crypt/binding.rb', line 1276 callback( :mongocrypt_hmac_fn, [:pointer, :pointer, :pointer, :pointer, :pointer], :bool ) |
#mongocrypt_log_fn_t(level, message, len, ctx) ⇒ nil
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
This defines a method signature for an FFI callback; it is not an instance method on the Binding class.
A callback to the mongocrypt log function. Set a custom log callback
with the mongocrypt_setopt_log_handler method
296 |
# File 'lib/mongo/crypt/binding.rb', line 296 callback :mongocrypt_log_fn_t, [:log_level, :string, :int, :pointer], :void |
#mongocrypt_random_fn(ctx, output, count, status) ⇒ Bool
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
This defines a method signature for an FFI callback; it is not an instance method on the Binding class.
A callback to a crypto secure random function.
1317 |
# File 'lib/mongo/crypt/binding.rb', line 1317 callback :mongocrypt_random_fn, [:pointer, :pointer, :int, :pointer], :bool |