CSHARP-3527: Consider accepting EncryptionAlgorithm enum in EncryptOptions. (#526)

CSHARP-3527: Consider accepting EncryptionAlgorithm enum in EncryptOptions.

Author: DmitryLukyanov

src/MongoDB.Driver.Core/MongoDB.Driver.Core.csproj

@@ -126,7 +126,7 @@
   <ItemGroup>
     <PackageReference Include="DnsClient" Version="1.4.0" />
     <PackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="2.6.2" PrivateAssets="All" />
-    <PackageReference Include="MongoDB.Libmongocrypt" Version="1.2.1" />
+    <PackageReference Include="MongoDB.Libmongocrypt" Version="1.2.2" />
     <PackageReference Include="SharpCompress" Version="0.23.0" />
     <PackageReference Include="System.Buffers" Version="4.5.1" />
   </ItemGroup>

src/MongoDB.Driver/Encryption/ClientEncryption.cs

@@ -121,12 +121,11 @@ public void Dispose()
         /// <returns>The encrypted value.</returns>
         public BsonBinaryData Encrypt(BsonValue value, EncryptOptions encryptOptions, CancellationToken cancellationToken)
         {
-            var algorithm = (EncryptionAlgorithm)Enum.Parse(typeof(EncryptionAlgorithm), encryptOptions.Algorithm);
             return _libMongoCryptController.EncryptField(
                 value,
                 encryptOptions.KeyId,
                 encryptOptions.AlternateKeyName,
-                algorithm,
+                encryptOptions.Algorithm,
                 cancellationToken);
         }
 
@@ -139,12 +138,11 @@ public BsonBinaryData Encrypt(BsonValue value, EncryptOptions encryptOptions, Ca
         /// <returns>The encrypted value.</returns>
         public Task<BsonBinaryData> EncryptAsync(BsonValue value, EncryptOptions encryptOptions, CancellationToken cancellationToken)
         {
-            var algorithm = (EncryptionAlgorithm)Enum.Parse(typeof(EncryptionAlgorithm), encryptOptions.Algorithm);
             return _libMongoCryptController.EncryptFieldAsync(
                 value,
                 encryptOptions.KeyId,
                 encryptOptions.AlternateKeyName,
-                algorithm,
+                encryptOptions.Algorithm,
                 cancellationToken);
         }
     }

src/MongoDB.Driver/Encryption/EncryptOptions.cs

@@ -23,6 +23,16 @@ namespace MongoDB.Driver.Encryption
     /// </summary>
     public class EncryptOptions
     {
+        #region static
+        private static string ConvertEnumAlgorithmToString(EncryptionAlgorithm encryptionAlgorithm) =>
+            encryptionAlgorithm switch
+            {
+                EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic => "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic",
+                EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random => "AEAD_AES_256_CBC_HMAC_SHA_512-Random",
+                _ => encryptionAlgorithm.ToString(),
+            };
+        #endregion
+
         // private fields
         private readonly string _algorithm;
         private readonly string _alternateKeyName;
@@ -40,12 +50,38 @@ public EncryptOptions(
             Optional<string> alternateKeyName = default,
             Optional<Guid?> keyId = default)
         {
-            _algorithm = Ensure.IsNotNull(algorithm, nameof(algorithm));
+            Ensure.IsNotNull(algorithm, nameof(algorithm));
+            if (Enum.TryParse<EncryptionAlgorithm>(algorithm, out var @enum))
+            {
+                _algorithm = ConvertEnumAlgorithmToString(@enum);
+            }
+            else
+            {
+                _algorithm = algorithm;
+            }
+
             _alternateKeyName = alternateKeyName.WithDefault(null);
             _keyId = keyId.WithDefault(null);
             EnsureThatOptionsAreValid();
         }
 
+        /// <summary>
+        /// Initializes a new instance of the <see cref="EncryptOptions"/> class.
+        /// </summary>
+        /// <param name="algorithm">The encryption algorithm.</param>
+        /// <param name="alternateKeyName">The alternate key name.</param>
+        /// <param name="keyId">The key Id.</param>
+        public EncryptOptions(
+            EncryptionAlgorithm algorithm,
+            Optional<string> alternateKeyName = default,
+            Optional<Guid?> keyId = default)
+            : this(
+                  algorithm: ConvertEnumAlgorithmToString(algorithm),
+                  alternateKeyName,
+                  keyId)
+        {
+        }
+
         // public properties
         /// <summary>
         /// Gets the algorithm.

src/MongoDB.Driver/Encryption/EncryptionAlgorithm.cs

@@ -0,0 +1,32 @@
+/* Copyright 2021-present MongoDB Inc.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+namespace MongoDB.Driver.Encryption
+{
+    /// <summary>
+    /// Represents an encryption algorithm.
+    /// </summary>
+    public enum EncryptionAlgorithm
+    {
+        /// <summary>
+        /// Deterministic algorithm.
+        /// </summary>
+        AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic,
+        /// <summary>
+        /// Random algorithm.
+        /// </summary>
+        AEAD_AES_256_CBC_HMAC_SHA_512_Random
+    }
+}

src/MongoDB.Driver/Encryption/ExplicitEncryptionLibMongoCryptController.cs

@@ -143,7 +143,7 @@ public BsonBinaryData EncryptField(
             BsonValue value,
             Guid? keyId,
             string alternateKeyName,
-            EncryptionAlgorithm encryptionAlgorithm,
+            string encryptionAlgorithm,
             CancellationToken cancellationToken)
         {
             try
@@ -188,7 +188,7 @@ public async Task<BsonBinaryData> EncryptFieldAsync(
             BsonValue value,
             Guid? keyId,
             string alternateKeyName,
-            EncryptionAlgorithm encryptionAlgorithm,
+            string encryptionAlgorithm,
             CancellationToken cancellationToken)
         {
             try

src/MongoDB.Driver/MongoDB.Driver.csproj

@@ -50,7 +50,7 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="2.6.2" PrivateAssets="All" />
-    <PackageReference Include="MongoDB.Libmongocrypt" Version="1.2.1" />
+    <PackageReference Include="MongoDB.Libmongocrypt" Version="1.2.2" />
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'netstandard1.5'">

tests/MongoDB.Driver.Examples/ExplicitEncryptionExamples.cs

@@ -20,7 +20,6 @@
 using MongoDB.Driver.Core.Misc;
 using MongoDB.Driver.Core.TestHelpers.XunitExtensions;
 using MongoDB.Driver.Encryption;
-using MongoDB.Libmongocrypt;
 using Xunit;
 using Xunit.Abstractions;
 

tests/MongoDB.Driver.Tests/EncryptOptionsTests.cs

@@ -0,0 +1,126 @@
+/* Copyright 2021-present MongoDB Inc.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+using System;
+using FluentAssertions;
+using MongoDB.Driver.Encryption;
+using Xunit;
+
+namespace MongoDB.Driver.Tests
+{
+    public class EncryptOptionsTests
+    {
+        [Fact]
+        public void Constructor_should_fail_when_algorithm_is_null()
+        {
+            var exception = Record.Exception(() => new EncryptOptions(algorithm: null));
+            exception.Should().BeOfType<ArgumentNullException>();
+        }
+
+        [Fact]
+        public void Constructor_should_fail_when_keyId_and_alternateKeyName_are_both_empty()
+        {
+            var exception = Record.Exception(() => new EncryptOptions(algorithm: "test", alternateKeyName: null, keyId: null));
+            var e = exception.Should().BeOfType<ArgumentException>().Subject;
+            e.Message.Should().Be("Key Id and AlternateKeyName may not both be null.");
+        }
+
+        [Fact]
+        public void Constructor_should_fail_when_keyId_and_alternateKeyName_are_both_specified()
+        {
+            var exception = Record.Exception(() => new EncryptOptions(algorithm: "test", alternateKeyName: "alternateKeyName", keyId: Guid.NewGuid()));
+            var e = exception.Should().BeOfType<ArgumentException>().Subject;
+            e.Message.Should().Be("Key Id and AlternateKeyName may not both be set.");
+        }
+
+        [Theory]
+        [InlineData(EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic, "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic")]
+        [InlineData(EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random, "AEAD_AES_256_CBC_HMAC_SHA_512-Random")]
+        // these values are required to be supported due a CSHARP-3527 bug of how we worked with input algorithm values. So,
+        // since we cannot remove them because of BC, we need to keep supporting them even after solving the underlying bug
+        [InlineData("AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic", "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic")]
+        [InlineData("AEAD_AES_256_CBC_HMAC_SHA_512_Random", "AEAD_AES_256_CBC_HMAC_SHA_512-Random")]
+        // the below values match to the spec wording
+        [InlineData("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic", "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic")] 
+        [InlineData("AEAD_AES_256_CBC_HMAC_SHA_512-Random", "AEAD_AES_256_CBC_HMAC_SHA_512-Random")]
+        // just a random string value
+        [InlineData("TEST_random", "TEST_random")]
+        // just a random value in enum form
+        [InlineData((EncryptionAlgorithm)99, "99")]
+        public void Constructor_should_support_different_algorithm_representations(object algorithm, string expectedAlgorithmRepresentation)
+        {
+            var alternateKeyName = "test";
+
+            EncryptOptions subject;
+            if (algorithm is EncryptionAlgorithm enumedAlgorithm)
+            {
+                subject = new EncryptOptions(enumedAlgorithm, alternateKeyName: alternateKeyName);
+            }
+            else
+            {
+                subject = new EncryptOptions(algorithm.ToString(), alternateKeyName: alternateKeyName);
+            }
+
+            subject.Algorithm.Should().Be(expectedAlgorithmRepresentation);
+            subject.AlternateKeyName.Should().Be("test");
+            subject.KeyId.Should().NotHaveValue();
+        }
+
+        [Fact]
+        public void With_should_set_correct_values()
+        {
+            var originalAlgorithm = "originalAlgorithm";
+            var newAlgorithm = "newAlgorithm";
+            var originalKeyId = Guid.Empty;
+            var newKeyId = Guid.NewGuid();
+            var originalAlternateKeyName = "test";
+            var newAlternateKeyName = "new";
+
+            var subject = CreateConfiguredSubject(withKeyId: true);
+            AssertValues(subject, originalAlgorithm, originalKeyId, null);
+
+            subject = subject.With(algorithm: newAlgorithm);
+            AssertValues(subject, newAlgorithm, originalKeyId, null);
+
+            subject = subject.With(keyId: newKeyId);
+            AssertValues(subject, newAlgorithm, newKeyId, null);
+
+            subject = CreateConfiguredSubject(withKeyId: false);
+            AssertValues(subject, originalAlgorithm, null, originalAlternateKeyName);
+
+            subject = subject.With(alternateKeyName: newAlternateKeyName);
+            AssertValues(subject, originalAlgorithm, null, newAlternateKeyName);
+
+            static void AssertValues(EncryptOptions subject, string algorithm, Guid? keyId, string alternateKeyName)
+            {
+                subject.Algorithm.Should().Be(algorithm);
+                subject.KeyId.Should().Be(keyId);
+                subject.AlternateKeyName.Should().Be(alternateKeyName);
+            }
+
+            EncryptOptions CreateConfiguredSubject(bool withKeyId)
+            {
+                if (withKeyId)
+                {
+                    return new EncryptOptions(algorithm: originalAlgorithm, keyId: originalKeyId);
+                }
+                else
+                {
+                    return new EncryptOptions(algorithm: originalAlgorithm, alternateKeyName: originalAlternateKeyName);
+                }
+            }
+        }
+    }
+}

tests/MongoDB.Driver.Tests/EncryptionTests.cs

@@ -184,6 +184,12 @@ public void Mongocryptd_should_be_initialized_only_for_auto_encryption([Values(f
             }
         }
 
+        [Fact]
+        public void Mongocrypt_native_library_should_have_expected_version()
+        {
+            Library.Version.Should().Be("1.2.1");
+        }
+
         // private methods
         private object CreateInstance(Type type)
         {