def __init__(self, ctx, kms_provider, opts):
"""Abstracts libmongocrypt's mongocrypt_ctx_t type.
:Parameters:
- `ctx`: A mongocrypt_ctx_t. This MongoCryptContext takes ownership
of the underlying mongocrypt_ctx_t.
- `kms_provider`: The KMS provider.
- `opts`: An optional class:`DataKeyOpts`.
"""
super(DataKeyContext, self).__init__(ctx)
try:
if kms_provider == 'aws':
if opts is None or opts.master_key is None:
raise ValueError(
'master_key is required for kms_provider: "aws"')
if ('region' not in opts.master_key
or 'key' not in opts.master_key):
raise ValueError(
'master_key must include "region" and "key" for '
'kms_provider: "aws"')
region = str_to_bytes(opts.master_key['region'])
key = str_to_bytes(opts.master_key['key'])
if not lib.mongocrypt_ctx_setopt_masterkey_aws(
ctx, region, len(region), key, len(key)):
self._raise_from_status()
if 'endpoint' in opts.master_key:
endpoint = str_to_bytes(opts.master_key['endpoint'])
if not lib.mongocrypt_ctx_setopt_masterkey_aws_endpoint(
ctx, endpoint, len(endpoint)):
self._raise_from_status()
elif kms_provider == 'local':
if not lib.mongocrypt_ctx_setopt_masterkey_local(ctx):
self._raise_from_status()
else:
raise ValueError('unknown kms_provider: %s' % (kms_provider, ))
if opts.key_alt_names:
for key_alt_name in opts.key_alt_names:
with MongoCryptBinaryIn(key_alt_name) as binary:
if not lib.mongocrypt_ctx_setopt_key_alt_name(
ctx, binary.bin):
self._raise_from_status()
if not lib.mongocrypt_ctx_datakey_init(ctx):
self._raise_from_status()
except Exception:
# Destroy the context on error.
self._close()
raise
def __init__(self, ctx, kms_provider, opts, callback):
"""Abstracts libmongocrypt's mongocrypt_ctx_t type.
:Parameters:
- `ctx`: A mongocrypt_ctx_t. This MongoCryptContext takes ownership
of the underlying mongocrypt_ctx_t.
- `kms_provider`: The KMS provider.
- `opts`: An optional class:`DataKeyOpts`.
- `callback`: A :class:`MongoCryptCallback`.
"""
super(DataKeyContext, self).__init__(ctx)
try:
if kms_provider not in ['aws', 'gcp', 'azure', 'local']:
raise ValueError('unknown kms_provider: %s' % (kms_provider, ))
if opts is None or opts.master_key is None:
if kms_provider == 'local':
master_key = {}
else:
raise ValueError(
'master_key is required for kms_provider: "%s"' %
(kms_provider, ))
else:
master_key = opts.master_key.copy()
if kms_provider == 'aws':
if ('region' not in opts.master_key
or 'key' not in opts.master_key):
raise ValueError(
'master_key must include "region" and "key" for '
'kms_provider: "aws"')
elif kms_provider == 'azure':
if ('keyName' not in opts.master_key
or 'keyVaultEndpoint' not in opts.master_key):
raise ValueError(
'master key must include "keyName" and '
'"keyVaultEndpoint" for kms_provider: "azure"')
elif kms_provider == 'gcp':
if ('projectId' not in opts.master_key
or 'location' not in opts.master_key
or 'keyRing' not in opts.master_key
or 'keyName' not in opts.master_key):
raise ValueError(
'master key must include "projectId", "location",'
'"keyRing", and "keyName" for kms_provider: "gcp"')
master_key['provider'] = kms_provider
with MongoCryptBinaryIn(callback.bson_encode(master_key)) as mkey:
if not lib.mongocrypt_ctx_setopt_key_encryption_key(
ctx, mkey.bin):
self._raise_from_status()
if opts.key_alt_names:
for key_alt_name in opts.key_alt_names:
with MongoCryptBinaryIn(key_alt_name) as binary:
if not lib.mongocrypt_ctx_setopt_key_alt_name(
ctx, binary.bin):
self._raise_from_status()
if not lib.mongocrypt_ctx_datakey_init(ctx):
self._raise_from_status()
except Exception:
# Destroy the context on error.
self._close()
raise