mongodb
diff --git a/‎evergreen/evergreen.yml
Lines changed: 5 additions & 0 deletions b/‎evergreen/evergreen.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/MongoDB.Driver.Core/Core/Clusters/CryptClientCreator.cs
Lines changed: 19 additions & 16 deletions b/‎src/MongoDB.Driver.Core/Core/Clusters/CryptClientCreator.cs
Lines changed: 19 additions & 16 deletions
diff --git a/‎src/MongoDB.Driver.Core/MongoDB.Driver.Core.csproj
Lines changed: 1 addition & 1 deletion b/‎src/MongoDB.Driver.Core/MongoDB.Driver.Core.csproj
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/MongoDB.Driver/Encryption/ExplicitEncryptionLibMongoCryptController.cs
Lines changed: 5 additions & 12 deletions b/‎src/MongoDB.Driver/Encryption/ExplicitEncryptionLibMongoCryptController.cs
Lines changed: 5 additions & 12 deletions
diff --git a/‎src/MongoDB.Driver/Encryption/LibMongoCryptControllerBase.cs
Lines changed: 2 additions & 2 deletions b/‎src/MongoDB.Driver/Encryption/LibMongoCryptControllerBase.cs
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/MongoDB.Driver/MongoDB.Driver.csproj
Lines changed: 2 additions & 2 deletions b/‎src/MongoDB.Driver/MongoDB.Driver.csproj
Lines changed: 2 additions & 2 deletions
diff --git a/‎tests/MongoDB.Driver.Core.TestHelpers/CoreExceptionHelper.cs
Lines changed: 3 additions & 0 deletions b/‎tests/MongoDB.Driver.Core.TestHelpers/CoreExceptionHelper.cs
Lines changed: 3 additions & 0 deletions
diff --git a/‎tests/MongoDB.Driver.Tests/ClusterRegistryTests.cs
Lines changed: 1 addition & 1 deletion b/‎tests/MongoDB.Driver.Tests/ClusterRegistryTests.cs
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/MongoDB.Driver.Tests/Specifications/client-side-encryption/ClientSideEncryptionTestRunner.cs
Lines changed: 26 additions & 6 deletions b/‎tests/MongoDB.Driver.Tests/Specifications/client-side-encryption/ClientSideEncryptionTestRunner.cs
Lines changed: 26 additions & 6 deletions
@@ -251,6 +251,11 @@ functions:
           set +x
           export FLE_AWS_ACCESS_KEY_ID=${FLE_AWS_ACCESS_KEY_ID}
           export FLE_AWS_SECRET_ACCESS_KEY=${FLE_AWS_SECRET_ACCESS_KEY}
+          export FLE_AZURE_TENANT_ID=${FLE_AZURE_TENANT_ID}
+          export FLE_AZURE_CLIENT_ID=${FLE_AZURE_CLIENT_ID}
+          export FLE_AZURE_CLIENT_SECRET=${FLE_AZURE_CLIENT_SECRET}
+          export FLE_GCP_EMAIL=${FLE_GCP_EMAIL}
+          export FLE_GCP_PRIVATE_KEY=${FLE_GCP_PRIVATE_KEY}
           ${PREPARE_SHELL}
           SSL=${SSL} evergreen/add-certs-if-needed.sh
           AUTH=${AUTH} \
 
@@ -65,24 +65,16 @@ private CryptClient CreateCryptClient(CryptOptions options)
 
         private CryptOptions CreateCryptOptions()
         {
-            Dictionary<KmsType, IKmsCredentials> kmsProvidersMap = null;
+            List<KmsCredentials> kmsProviders = null;
             if (_kmsProviders != null && _kmsProviders.Count > 0)
             {
-                kmsProvidersMap = new Dictionary<KmsType, IKmsCredentials>();
-                if (_kmsProviders.TryGetValue("aws", out var awsProvider))
+                kmsProviders = new List<KmsCredentials>();
+                foreach (var kmsProvider in _kmsProviders)
                 {
-                    if (awsProvider.TryGetValue("accessKeyId", out var accessKeyId) &&
-                        awsProvider.TryGetValue("secretAccessKey", out var secretAccessKey))
-                    {
-                        kmsProvidersMap.Add(KmsType.Aws, new AwsKmsCredentials((string)secretAccessKey, (string)accessKeyId));
-                    }
-                }
-                if (_kmsProviders.TryGetValue("local", out var localProvider))
-                {
-                    if (localProvider.TryGetValue("key", out var keyObject) && keyObject is byte[] key)
-                    {
-                        kmsProvidersMap.Add(KmsType.Local, new LocalKmsCredentials(key));
-                    }
+                    var kmsTypeDocumentKey = kmsProvider.Key.ToLower();
+                    var kmsProviderDocument = CreateProviderDocument(kmsTypeDocumentKey, kmsProvider.Value);
+                    var kmsCredentials = new KmsCredentials(credentialsBytes: kmsProviderDocument.ToBson());
+                    kmsProviders.Add(kmsCredentials);
                 }
             }
             else
@@ -105,7 +97,18 @@ private CryptOptions CreateCryptOptions()
                 schemaBytes = schemaDocument.ToBson(writerSettings: writerSettings);
             }
 
-            return new CryptOptions(kmsProvidersMap, schemaBytes);
+            return new CryptOptions(kmsProviders, schemaBytes);
+        }
+
+        private BsonDocument CreateProviderDocument(string kmsType, IReadOnlyDictionary<string, object> data)
+        {
+            var providerContent = new BsonDocument();
+            foreach (var record in data)
+            {
+                providerContent.Add(new BsonElement(record.Key, BsonValue.Create(record.Value)));
+            }
+            var providerDocument = new BsonDocument(kmsType, providerContent);
+            return providerDocument;
         }
     }
 }
@@ -128,7 +128,7 @@
   <ItemGroup>
     <PackageReference Include="DnsClient" Version="1.3.1" />
     <PackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="2.6.2" PrivateAssets="All" />
-    <PackageReference Include="MongoDB.Libmongocrypt" Version="1.0.0" />
+    <PackageReference Include="MongoDB.Libmongocrypt" Version="1.1.0-beta02" />
     <PackageReference Include="SharpCompress" Version="0.23.0" />
     <PackageReference Include="System.Buffers" Version="4.4.0" />
   </ItemGroup>
 
@@ -20,7 +20,6 @@
 using System.Threading.Tasks;
 using MongoDB.Bson;
 using MongoDB.Bson.IO;
-using MongoDB.Bson.Serialization.Serializers;
 using MongoDB.Driver.Core.Misc;
 using MongoDB.Libmongocrypt;
 
@@ -219,26 +218,20 @@ public async Task<BsonBinaryData> EncryptFieldAsync(
         }
 
         // private methods
-        private IKmsKeyId GetKmsKeyId(string kmsProvider, IReadOnlyList<string> alternateKeyNames, BsonDocument masterKey)
+        private KmsKeyId GetKmsKeyId(string kmsProvider, IReadOnlyList<string> alternateKeyNames, BsonDocument masterKey)
         {
             IEnumerable<byte[]> wrappedAlternateKeyNamesBytes = null;
             if (alternateKeyNames != null)
             {
                 wrappedAlternateKeyNamesBytes = alternateKeyNames.Select(GetWrappedAlternateKeyNameBytes);
             }
 
-            switch (kmsProvider)
+            var dataKeyDocument = new BsonDocument("provider", kmsProvider.ToLower());
+            if (masterKey != null)
             {
-                case "aws":
-                    var customerMasterKey = masterKey["key"].ToString();
-                    var endpoint = masterKey.GetValue("endpoint", null)?.ToString();
-                    var region = masterKey["region"].ToString();
-                    return new AwsKeyId(customerMasterKey, region, wrappedAlternateKeyNamesBytes, endpoint);
-                case "local":
-                    return wrappedAlternateKeyNamesBytes != null ? new LocalKeyId(wrappedAlternateKeyNamesBytes) : new LocalKeyId();
-                default:
-                    throw new ArgumentException($"Invalid kmsProvider {kmsProvider}.");
+                dataKeyDocument.AddRange(masterKey.Elements);
             }
+            return new KmsKeyId(dataKeyDocument.ToBson(), wrappedAlternateKeyNamesBytes);
         }
 
         private byte[] GetWrappedAlternateKeyNameBytes(string value)
 
@@ -235,9 +235,9 @@ private void SendKmsRequest(KmsRequest request, CancellationToken cancellation)
                 var requestBytes = request.Message.ToArray();
                 sslStream.Write(requestBytes);
 
-                var buffer = new byte[4096];
                 while (request.BytesNeeded > 0)
                 {
+                    var buffer = new byte[request.BytesNeeded]; // BytesNeeded is the maximum number of bytes that libmongocrypt wants to receive.
                     var count = sslStream.Read(buffer, 0, buffer.Length);
                     var responseBytes = new byte[count];
                     Buffer.BlockCopy(buffer, 0, responseBytes, 0, count);
@@ -264,9 +264,9 @@ private async Task SendKmsRequestAsync(KmsRequest request, CancellationToken can
                 var requestBytes = request.Message.ToArray();
                 await sslStream.WriteAsync(requestBytes, 0, requestBytes.Length).ConfigureAwait(false);
 
-                var buffer = new byte[4096];
                 while (request.BytesNeeded > 0)
                 {
+                    var buffer = new byte[request.BytesNeeded]; // BytesNeeded is the maximum number of bytes that libmongocrypt wants to receive.
                     var count = await sslStream.ReadAsync(buffer, 0, buffer.Length).ConfigureAwait(false);
                     var responseBytes = new byte[count];
                     Buffer.BlockCopy(buffer, 0, responseBytes, 0, count);
 
@@ -42,7 +42,7 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="2.6.2" PrivateAssets="All" />
-    <PackageReference Include="MongoDB.Libmongocrypt" Version="1.0.0" />
+    <PackageReference Include="MongoDB.Libmongocrypt" Version="1.1.0-beta02" />
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'netstandard1.5'">
@@ -63,7 +63,7 @@
 
   <ItemGroup>
     <None Include="..\..\License.txt" Pack="true" PackagePath="$(PackageLicenseFile)" />
-    <None Include="..\..\packageIcon.png" Pack="true" PackagePath=""/>
+    <None Include="..\..\packageIcon.png" Pack="true" PackagePath="" />
   </ItemGroup>
 
 </Project>
@@ -100,6 +100,9 @@ public static Exception CreateException(string errorType)
                 case "TimedOutSocketException":
                     return new SocketException((int)SocketError.TimedOut);
 
+                case "ConnectionRefusedSocketException":
+                    return new SocketException((int)SocketError.ConnectionRefused);
+
                 default:
                     throw new ArgumentException("Unknown error type.");
             }
 
@@ -54,7 +54,7 @@ public void GetOrCreateCluster_should_return_a_cluster_with_the_correct_settings
             };
             var kmsProviders = new Dictionary<string, IReadOnlyDictionary<string, object>>()
             {
-                { "local", new Dictionary<string, object>() { { "key" , "test" } } }
+                { "local", new Dictionary<string, object>() { { "key" , new byte[96] } } }
             };
             var schemaMap = new Dictionary<string, BsonDocument>()
             {
 
@@ -207,6 +207,11 @@ private AutoEncryptionOptions ConfigureAutoEncryptionOptions(BsonDocument autoEn
             return autoEncryptionOptions;
         }
 
+        private string GetEnvironmentVariableOrDefaultOrThrowIfNothing(string variableName, string defaultValue = null) =>
+            Environment.GetEnvironmentVariable(variableName) ??
+            defaultValue ??
+            throw new Exception($"{variableName} environment variable must be configured on the machine.");
+
         private ReadOnlyDictionary<string, IReadOnlyDictionary<string, object>> ParseKmsProviders(BsonDocument kmsProviders)
         {
             var providers = new Dictionary<string, IReadOnlyDictionary<string, object>>();
@@ -217,26 +222,41 @@ private ReadOnlyDictionary<string, IReadOnlyDictionary<string, object>> ParseKms
                 {
                     case "aws":
                         {
-                            var awsRegion = Environment.GetEnvironmentVariable("FLE_AWS_REGION") ?? "us-east-1";
-                            var awsAccessKey = Environment.GetEnvironmentVariable("FLE_AWS_ACCESS_KEY_ID") ?? throw new Exception("The FLE_AWS_ACCESS_KEY_ID system variable should be configured on the machine.");
-                            var awsSecretAccessKey = Environment.GetEnvironmentVariable("FLE_AWS_SECRET_ACCESS_KEY") ?? throw new Exception("The FLE_AWS_SECRET_ACCESS_KEY system variable should be configured on the machine.");
-                            kmsOptions.Add("region", awsRegion);
+                            var awsAccessKey = GetEnvironmentVariableOrDefaultOrThrowIfNothing("FLE_AWS_ACCESS_KEY_ID");
+                            var awsSecretAccessKey = GetEnvironmentVariableOrDefaultOrThrowIfNothing("FLE_AWS_SECRET_ACCESS_KEY");
                             kmsOptions.Add("accessKeyId", awsAccessKey);
                             kmsOptions.Add("secretAccessKey", awsSecretAccessKey);
                         }
-                        providers.Add(kmsProvider.Name, kmsOptions);
                         break;
                     case "local":
                         if (kmsProvider.Value.AsBsonDocument.TryGetElement("key", out var key))
                         {
                             var binary = key.Value.AsBsonBinaryData;
                             kmsOptions.Add(key.Name, binary.Bytes);
                         }
-                        providers.Add(kmsProvider.Name, kmsOptions);
+                        break;
+                    case "azure":
+                        {
+                            var azureTenantId = GetEnvironmentVariableOrDefaultOrThrowIfNothing("FLE_AZURE_TENANT_ID");
+                            var azureClientId = GetEnvironmentVariableOrDefaultOrThrowIfNothing("FLE_AZURE_CLIENT_ID");
+                            var azureClientSecret = GetEnvironmentVariableOrDefaultOrThrowIfNothing("FLE_AZURE_CLIENT_SECRET");
+                            kmsOptions.Add("tenantId", azureTenantId);
+                            kmsOptions.Add("clientId", azureClientId);
+                            kmsOptions.Add("clientSecret", azureClientSecret);
+                        }
+                        break;
+                    case "gcp":
+                        {
+                            var gcpEmail = GetEnvironmentVariableOrDefaultOrThrowIfNothing("FLE_GCP_EMAIL");
+                            var gcpPrivateKey = GetEnvironmentVariableOrDefaultOrThrowIfNothing("FLE_GCP_PRIVATE_KEY");
+                            kmsOptions.Add("email", gcpEmail);
+                            kmsOptions.Add("privateKey", gcpPrivateKey);
+                        }
                         break;
                     default:
                         throw new Exception($"Unexpected kms provider type {kmsProvider.Name}.");
                 }
+                providers.Add(kmsProvider.Name, kmsOptions);
             }
 
             return new ReadOnlyDictionary<string, IReadOnlyDictionary<string, object>>(providers);
Original file line number	Diff line number	Diff line change
`@@ -65,24 +65,16 @@ private CryptClient CreateCryptClient(CryptOptions options)`
`65`	`65`
`66`	`66`	`private CryptOptions CreateCryptOptions()`
`67`	`67`	`{`
`68`		`- Dictionary<KmsType, IKmsCredentials> kmsProvidersMap = null;`
	`68`	`+ List<KmsCredentials> kmsProviders = null;`
`69`	`69`	`if (_kmsProviders != null && _kmsProviders.Count > 0)`
`70`	`70`	`{`
`71`		`- kmsProvidersMap = new Dictionary<KmsType, IKmsCredentials>();`
`72`		`- if (_kmsProviders.TryGetValue("aws", out var awsProvider))`
	`71`	`+ kmsProviders = new List<KmsCredentials>();`
	`72`	`+ foreach (var kmsProvider in _kmsProviders)`
`73`	`73`	`{`
`74`		`- if (awsProvider.TryGetValue("accessKeyId", out var accessKeyId) &&`
`75`		`- awsProvider.TryGetValue("secretAccessKey", out var secretAccessKey))`
`76`		`- {`
`77`		`- kmsProvidersMap.Add(KmsType.Aws, new AwsKmsCredentials((string)secretAccessKey, (string)accessKeyId));`
`78`		`- }`
`79`		`- }`
`80`		`- if (_kmsProviders.TryGetValue("local", out var localProvider))`
`81`		`- {`
`82`		`- if (localProvider.TryGetValue("key", out var keyObject) && keyObject is byte[] key)`
`83`		`- {`
`84`		`- kmsProvidersMap.Add(KmsType.Local, new LocalKmsCredentials(key));`
`85`		`- }`
	`74`	`+ var kmsTypeDocumentKey = kmsProvider.Key.ToLower();`
	`75`	`+ var kmsProviderDocument = CreateProviderDocument(kmsTypeDocumentKey, kmsProvider.Value);`
	`76`	`+ var kmsCredentials = new KmsCredentials(credentialsBytes: kmsProviderDocument.ToBson());`
	`77`	`+ kmsProviders.Add(kmsCredentials);`
`86`	`78`	`}`
`87`	`79`	`}`
`88`	`80`	`else`
`@@ -105,7 +97,18 @@ private CryptOptions CreateCryptOptions()`
`105`	`97`	`schemaBytes = schemaDocument.ToBson(writerSettings: writerSettings);`
`106`	`98`	`}`
`107`	`99`
`108`		`- return new CryptOptions(kmsProvidersMap, schemaBytes);`
	`100`	`+ return new CryptOptions(kmsProviders, schemaBytes);`
	`101`	`+ }`
	`102`	`+`
	`103`	`+ private BsonDocument CreateProviderDocument(string kmsType, IReadOnlyDictionary<string, object> data)`
	`104`	`+ {`
	`105`	`+ var providerContent = new BsonDocument();`
	`106`	`+ foreach (var record in data)`
	`107`	`+ {`
	`108`	`+ providerContent.Add(new BsonElement(record.Key, BsonValue.Create(record.Value)));`
	`109`	`+ }`
	`110`	`+ var providerDocument = new BsonDocument(kmsType, providerContent);`
	`111`	`+ return providerDocument;`
`109`	`112`	`}`
`110`	`113`	`}`
`111`	`114`	`}`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,6 @@`
`20`	`20`	`using System.Threading.Tasks;`
`21`	`21`	`using MongoDB.Bson;`
`22`	`22`	`using MongoDB.Bson.IO;`
`23`		`-using MongoDB.Bson.Serialization.Serializers;`
`24`	`23`	`using MongoDB.Driver.Core.Misc;`
`25`	`24`	`using MongoDB.Libmongocrypt;`
`26`	`25`
`@@ -219,26 +218,20 @@ public async Task<BsonBinaryData> EncryptFieldAsync(`
`219`	`218`	`}`
`220`	`219`
`221`	`220`	`// private methods`
`222`		`- private IKmsKeyId GetKmsKeyId(string kmsProvider, IReadOnlyList<string> alternateKeyNames, BsonDocument masterKey)`
	`221`	`+ private KmsKeyId GetKmsKeyId(string kmsProvider, IReadOnlyList<string> alternateKeyNames, BsonDocument masterKey)`
`223`	`222`	`{`
`224`	`223`	`IEnumerable<byte[]> wrappedAlternateKeyNamesBytes = null;`
`225`	`224`	`if (alternateKeyNames != null)`
`226`	`225`	`{`
`227`	`226`	`wrappedAlternateKeyNamesBytes = alternateKeyNames.Select(GetWrappedAlternateKeyNameBytes);`
`228`	`227`	`}`
`229`	`228`
`230`		`- switch (kmsProvider)`
	`229`	`+ var dataKeyDocument = new BsonDocument("provider", kmsProvider.ToLower());`
	`230`	`+ if (masterKey != null)`
`231`	`231`	`{`
`232`		`- case "aws":`
`233`		`- var customerMasterKey = masterKey["key"].ToString();`
`234`		`- var endpoint = masterKey.GetValue("endpoint", null)?.ToString();`
`235`		`- var region = masterKey["region"].ToString();`
`236`		`- return new AwsKeyId(customerMasterKey, region, wrappedAlternateKeyNamesBytes, endpoint);`
`237`		`- case "local":`
`238`		`- return wrappedAlternateKeyNamesBytes != null ? new LocalKeyId(wrappedAlternateKeyNamesBytes) : new LocalKeyId();`
`239`		`- default:`
`240`		`- throw new ArgumentException($"Invalid kmsProvider {kmsProvider}.");`
	`232`	`+ dataKeyDocument.AddRange(masterKey.Elements);`
`241`	`233`	`}`
	`234`	`+ return new KmsKeyId(dataKeyDocument.ToBson(), wrappedAlternateKeyNamesBytes);`
`242`	`235`	`}`
`243`	`236`
`244`	`237`	`private byte[] GetWrappedAlternateKeyNameBytes(string value)`
Original file line number	Diff line number	Diff line change
`@@ -100,6 +100,9 @@ public static Exception CreateException(string errorType)`
`100`	`100`	`case "TimedOutSocketException":`
`101`	`101`	`return new SocketException((int)SocketError.TimedOut);`
`102`	`102`
	`103`	`+ case "ConnectionRefusedSocketException":`
	`104`	`+ return new SocketException((int)SocketError.ConnectionRefused);`
	`105`	`+`
`103`	`106`	`default:`
`104`	`107`	`throw new ArgumentException("Unknown error type.");`
`105`	`108`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public void GetOrCreateCluster_should_return_a_cluster_with_the_correct_settings`
`54`	`54`	`};`
`55`	`55`	`var kmsProviders = new Dictionary<string, IReadOnlyDictionary<string, object>>()`
`56`	`56`	`{`
`57`		`- { "local", new Dictionary<string, object>() { { "key" , "test" } } }`
	`57`	`+ { "local", new Dictionary<string, object>() { { "key" , new byte[96] } } }`
`58`	`58`	`};`
`59`	`59`	`var schemaMap = new Dictionary<string, BsonDocument>()`
`60`	`60`	`{`