def __init__(self, ctx, value, opts): """Abstracts libmongocrypt's mongocrypt_ctx_t type. :Parameters: - `ctx`: A mongocrypt_ctx_t. This MongoCryptContext takes ownership of the underlying mongocrypt_ctx_t. - `value`: The encoded document to encrypt, which must be in the form { "v" : BSON value to encrypt }}. - `opts`: A :class:`ExplicitEncryptOpts`. """ super(ExplicitEncryptionContext, self).__init__(ctx) try: algorithm = str_to_bytes(opts.algorithm) if not lib.mongocrypt_ctx_setopt_algorithm(ctx, algorithm, -1): self._raise_from_status() if opts.key_id is not None: with MongoCryptBinaryIn(opts.key_id) as binary: if not lib.mongocrypt_ctx_setopt_key_id(ctx, binary.bin): self._raise_from_status() if opts.key_alt_name is not None: with MongoCryptBinaryIn(opts.key_alt_name) as binary: if not lib.mongocrypt_ctx_setopt_key_alt_name( ctx, binary.bin): self._raise_from_status() with MongoCryptBinaryIn(value) as binary: if not lib.mongocrypt_ctx_explicit_encrypt_init( ctx, binary.bin): self._raise_from_status() except Exception: # Destroy the context on error. self._close() raise
def __init__(self, ctx, kms_provider, opts): """Abstracts libmongocrypt's mongocrypt_ctx_t type. :Parameters: - `ctx`: A mongocrypt_ctx_t. This MongoCryptContext takes ownership of the underlying mongocrypt_ctx_t. - `kms_provider`: The KMS provider. - `opts`: An optional class:`DataKeyOpts`. """ super(DataKeyContext, self).__init__(ctx) try: if kms_provider == 'aws': if opts is None or opts.master_key is None: raise ValueError( 'master_key is required for kms_provider: "aws"') if ('region' not in opts.master_key or 'key' not in opts.master_key): raise ValueError( 'master_key must include "region" and "key" for ' 'kms_provider: "aws"') region = str_to_bytes(opts.master_key['region']) key = str_to_bytes(opts.master_key['key']) if not lib.mongocrypt_ctx_setopt_masterkey_aws( ctx, region, len(region), key, len(key)): self._raise_from_status() if 'endpoint' in opts.master_key: endpoint = str_to_bytes(opts.master_key['endpoint']) if not lib.mongocrypt_ctx_setopt_masterkey_aws_endpoint( ctx, endpoint, len(endpoint)): self._raise_from_status() elif kms_provider == 'local': if not lib.mongocrypt_ctx_setopt_masterkey_local(ctx): self._raise_from_status() else: raise ValueError('unknown kms_provider: %s' % (kms_provider, )) if opts.key_alt_names: for key_alt_name in opts.key_alt_names: with MongoCryptBinaryIn(key_alt_name) as binary: if not lib.mongocrypt_ctx_setopt_key_alt_name( ctx, binary.bin): self._raise_from_status() if not lib.mongocrypt_ctx_datakey_init(ctx): self._raise_from_status() except Exception: # Destroy the context on error. self._close() raise
def __init__(self, ctx, kms_provider, opts, callback): """Abstracts libmongocrypt's mongocrypt_ctx_t type. :Parameters: - `ctx`: A mongocrypt_ctx_t. This MongoCryptContext takes ownership of the underlying mongocrypt_ctx_t. - `kms_provider`: The KMS provider. - `opts`: An optional class:`DataKeyOpts`. - `callback`: A :class:`MongoCryptCallback`. """ super(DataKeyContext, self).__init__(ctx) try: if kms_provider not in ['aws', 'gcp', 'azure', 'local']: raise ValueError('unknown kms_provider: %s' % (kms_provider, )) if opts is None or opts.master_key is None: if kms_provider == 'local': master_key = {} else: raise ValueError( 'master_key is required for kms_provider: "%s"' % (kms_provider, )) else: master_key = opts.master_key.copy() if kms_provider == 'aws': if ('region' not in opts.master_key or 'key' not in opts.master_key): raise ValueError( 'master_key must include "region" and "key" for ' 'kms_provider: "aws"') elif kms_provider == 'azure': if ('keyName' not in opts.master_key or 'keyVaultEndpoint' not in opts.master_key): raise ValueError( 'master key must include "keyName" and ' '"keyVaultEndpoint" for kms_provider: "azure"') elif kms_provider == 'gcp': if ('projectId' not in opts.master_key or 'location' not in opts.master_key or 'keyRing' not in opts.master_key or 'keyName' not in opts.master_key): raise ValueError( 'master key must include "projectId", "location",' '"keyRing", and "keyName" for kms_provider: "gcp"') master_key['provider'] = kms_provider with MongoCryptBinaryIn(callback.bson_encode(master_key)) as mkey: if not lib.mongocrypt_ctx_setopt_key_encryption_key( ctx, mkey.bin): self._raise_from_status() if opts.key_alt_names: for key_alt_name in opts.key_alt_names: with MongoCryptBinaryIn(key_alt_name) as binary: if not lib.mongocrypt_ctx_setopt_key_alt_name( ctx, binary.bin): self._raise_from_status() if not lib.mongocrypt_ctx_datakey_init(ctx): self._raise_from_status() except Exception: # Destroy the context on error. self._close() raise