Class: Mongo::Crypt::ExplicitEncryptionContext Private

Inherits:
Context
  • Object
show all
Defined in:
lib/mongo/crypt/explicit_encryption_context.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

A Context object initialized for explicit encryption

API:

  • private

Instance Attribute Summary

Attributes inherited from Context

#ctx_p

Instance Method Summary collapse

Methods inherited from Context

#run_state_machine, #state

Constructor Details

#initialize(mongocrypt, io, doc, options = {}) ⇒ ExplicitEncryptionContext

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Create a new ExplicitEncryptionContext object

if encryption algorithm is set to “Indexed”. Query type should be set

only if encryption algorithm is set to "Indexed".  The only allowed
value is "equality".

Options Hash (options):

  • :key_id (BSON::Binary)

    A BSON::Binary object of type :uuid representing the UUID of the data key to use for encryption.

  • :key_alt_name (String)

    The alternate name of the data key that will be used to encrypt the value.

  • :algorithm (String)

    The algorithm used to encrypt the value. Valid algorithms are “AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic”, “AEAD_AES_256_CBC_HMAC_SHA_512-Random”, “Indexed”, “Unindexed”.

  • :contention_factor (Integer | nil)

    Contention factor to be applied if encryption algorithm is set to “Indexed”. If not provided, it defaults to a value of 0. Contention factor should be set only if encryption algorithm is set to “Indexed”.

  • query_type (String | nil)

    Query type to be applied

Raises:

  • If invalid options are provided

API:

  • private

Parameters:

  • a Handle that wraps a mongocrypt_t object used to create a new mongocrypt_ctx_t

  • A instance of the IO class that implements driver I/O methods required to run the state machine

  • A document to encrypt

  • (defaults to: {}) 


53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/mongo/crypt/explicit_encryption_context.rb', line 53

def initialize(mongocrypt, io, doc, options={})
  super(mongocrypt, io)

  if options[:key_id].nil? && options[:key_alt_name].nil?
    raise ArgumentError.new(
      'The :key_id and :key_alt_name options cannot both be nil. ' +
      'Specify a :key_id option or :key_alt_name option (but not both)'
    )
  end

  if options[:key_id] && options[:key_alt_name]
    raise ArgumentError.new(
      'The :key_id and :key_alt_name options cannot both be present. ' +
      'Identify the data key by specifying its id with the :key_id ' +
      'option or specifying its alternate name with the :key_alt_name option'
    )
  end

  # Set the key id or key alt name option on the mongocrypt_ctx_t object
  # and raise an exception if the key_id or key_alt_name is invalid.
  if options[:key_id]
    unless options[:key_id].is_a?(BSON::Binary) &&
      options[:key_id].type == :uuid
        raise ArgumentError.new(
          "Expected the :key_id option to be a BSON::Binary object with " +
          "type :uuid. #{options[:key_id]} is an invalid :key_id option"
        )
    end

    Binding.ctx_setopt_key_id(self, options[:key_id].data)
  elsif options[:key_alt_name]
    unless options[:key_alt_name].is_a?(String)
      raise ArgumentError.new(':key_alt_name option must be a String')
    end
    Binding.ctx_setopt_key_alt_names(self, [options[:key_alt_name]])
  end

  # Set the algorithm option on the mongocrypt_ctx_t object and raises
  # an exception if the algorithm is invalid.
  Binding.ctx_setopt_algorithm(self, options[:algorithm])
  if options[:algorithm] == 'Indexed'
    if options[:contention_factor]
      Binding.ctx_setopt_contention_factor(self, options[:contention_factor])
    end
    if options[:query_type]
      Binding.ctx_setopt_query_type(self, options[:query_type])
    end
  else
    if options[:contention_factor]
      raise ArgumentError.new(':contention_factor is allowed only for "Indexed" algorithm')
    end
    if options[:query_type]
      raise ArgumentError.new(':query_type is allowed only for "Indexed" algorithm')
    end
  end

  # Initializes the mongocrypt_ctx_t object for explicit encryption and
  # passes in the value to be encrypted.
  Binding.ctx_explicit_encrypt_init(self, doc)
end