Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

mongodb-client-encryption

Package Overview
Dependencies
Maintainers
5
Versions
63
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

mongodb-client-encryption - npm Package Compare versions

Comparing version 2.0.0-beta.0 to 2.0.0-beta.1

2

CHANGELOG.md

@@ -5,2 +5,4 @@ # Changelog

## [2.0.0-beta.1](https://github.com/mongodb/libmongocrypt/compare/node-v2.0.0-beta.0...node-v2.0.0-beta.1) (2021-12-21)
## [2.0.0-beta.0](https://github.com/mongodb/libmongocrypt/compare/node-v1.2.7...node-v2.0.0-beta.0) (2021-10-07)

@@ -7,0 +9,0 @@

69

index.d.ts
import type { Binary } from 'bson';
import type { MongoClient } from 'mongodb';
export type ClientEncryptionDataKeyProvider = 'aws' | 'azure' | 'gcp' | 'local';
export type ClientEncryptionDataKeyProvider = 'aws' | 'azure' | 'gcp' | 'local' | 'kmip';

@@ -12,2 +12,12 @@ /**

/**
* A set of options for specifying a Socks5 proxy.
*/
export interface ProxyOptions {
host: string;
port?: number;
username?: string;
password?: string;
}
export interface ClientEncryptionCreateDataKeyCallback {

@@ -74,2 +84,14 @@ /**

/**
* Configuration options for using 'kmip' as your KMS provider
*/
kmip?: {
/**
* The output endpoint string.
* The endpoint consists of a hostname and port separated by a colon.
* E.g. "example.com:123". A port is always present.
*/
endpoint?: string;
};
/**
* Configuration options for using 'azure' as your KMS provider

@@ -125,2 +147,37 @@ */

/**
* TLS options to use when connecting. The spec specifically calls out which insecure
* tls options are not allowed:
*
* - tlsAllowInvalidCertificates
* - tlsAllowInvalidHostnames
* - tlsInsecure
* - tlsDisableOCSPEndpointCheck
* - tlsDisableCertificateRevocationCheck
*/
export interface ClientEncryptionTLSOptions {
/**
* Enables or disables TLS/SSL for the connection.
*/
tls?: boolean;
/**
* Specifies the location of a local .pem file that contains
* either the client's TLS/SSL certificate and key or only the
* client's TLS/SSL key when tlsCertificateFile is used to
* provide the certificate.
*/
tlsCertificateKeyFile?: string;
/**
* Specifies the password to de-crypt the tlsCertificateKeyFile.
*/
tlsCertificateKeyFilePassword?: string;
/**
* Specifies the location of a local .pem file that contains the
* root certificate chain from the Certificate Authority.
* This file is used to validate the certificate presented by the
* KMS provider.
*/
tlsCAFile?: string;
}
/**
* Additional settings to provide when creating a new `ClientEncryption` instance.

@@ -143,2 +200,12 @@ */

kmsProviders?: KMSProviders;
/**
* Options for specifying a Socks5 proxy to use for connecting to the KMS.
*/
proxyOptions?: ProxyOptions;
/**
* TLS options for kms providers to use.
*/
tlsOptions?: ClientEncryptionTLSOptions;
}

@@ -145,0 +212,0 @@

6

lib/autoEncrypter.js

@@ -101,3 +101,3 @@ 'use strict';

useUnifiedTopology: true,
serverSelectionTimeoutMS: 1000
serverSelectionTimeoutMS: 10000
});

@@ -216,3 +216,3 @@ }

const stateMachine = new StateMachine(Object.assign({ bson }, options));
const stateMachine = new StateMachine({ bson, ...options, proxyOptions: this._proxyOptions });
stateMachine.execute(this, context, callback);

@@ -248,3 +248,3 @@ }

const stateMachine = new StateMachine(Object.assign({ bson }, options));
const stateMachine = new StateMachine({ bson, ...options, proxyOptions: this._proxyOptions });
stateMachine.execute(this, context, callback);

@@ -251,0 +251,0 @@ }

7

lib/clientEncryption.js

@@ -68,2 +68,3 @@ 'use strict';

this._bson = options.bson || client.topology.bson;
this._proxyOptions = options.proxyOptions;

@@ -202,3 +203,3 @@ if (options.keyVaultNamespace == null) {

const context = this._mongoCrypt.makeDataKeyContext(dataKeyBson, { keyAltNames });
const stateMachine = new StateMachine({ bson });
const stateMachine = new StateMachine({ bson, proxyOptions: this._proxyOptions });

@@ -295,3 +296,3 @@ return promiseOrCallback(callback, cb => {

const stateMachine = new StateMachine({ bson });
const stateMachine = new StateMachine({ bson, proxyOptions: this._proxyOptions });
const context = this._mongoCrypt.makeExplicitEncryptionContext(valueBuffer, contextOptions);

@@ -341,3 +342,3 @@

const stateMachine = new StateMachine({ bson });
const stateMachine = new StateMachine({ bson, proxyOptions: this._proxyOptions });

@@ -344,0 +345,0 @@ return promiseOrCallback(callback, cb => {

69

lib/stateMachine.js

@@ -5,2 +5,5 @@ 'use strict';

const tls = require('tls');
const net = require('net');
const { once } = require('events');
const { SocksClient } = require('socks');

@@ -228,23 +231,65 @@ // Try first to import 4.x name, fallback to 3.x name

return new Promise((resolve, reject) => {
return new Promise(async (resolve, reject) => {
const buffer = new BufferList();
const socket = tls.connect(options, () => {
socket.write(message);
});
socket.once('timeout', () => {
socket.removeAllListeners();
socket.destroy();
let socket;
let rawSocket;
function destroySockets() {
for (const sock of [socket, rawSocket]) {
if (sock) {
sock.removeAllListeners();
sock.destroy();
}
}
}
function ontimeout() {
destroySockets();
reject(new MongoCryptError('KMS request timed out'));
});
}
socket.once('error', err => {
socket.removeAllListeners();
socket.destroy();
function onerror(err) {
destroySockets();
const mcError = new MongoCryptError('KMS request failed');
mcError.originalError = err;
reject(mcError);
}
if (this.options.proxyOptions && this.options.proxyOptions.host) {
rawSocket = net.connect({
host: this.options.proxyOptions.host,
port: this.options.proxyOptions.port || 1080
});
rawSocket.on('timeout', ontimeout);
rawSocket.on('error', onerror);
try {
await once(rawSocket, 'connect');
options.socket = (
await SocksClient.createConnection({
existing_socket: rawSocket,
command: 'connect',
destination: { host: options.host, port: options.port },
proxy: {
host: 'locahost',
port: 0,
type: 5,
userId: this.options.proxyOptions.username,
password: this.options.proxyOptions.username
}
})
).socket;
} catch (err) {
return onerror(err);
}
}
socket = tls.connect(options, () => {
socket.write(message);
});
socket.once('timeout', ontimeout);
socket.once('error', onerror);
socket.on('data', data => {

@@ -251,0 +296,0 @@ buffer.append(data);

5

package.json
{
"name": "mongodb-client-encryption",
"version": "2.0.0-beta.0",
"version": "2.0.0-beta.1",
"description": "Official client encryption module for the MongoDB Node.js driver",

@@ -43,3 +43,4 @@ "main": "index.js",

"node-addon-api": "^4.1.0",
"prebuild-install": "6.1.2"
"prebuild-install": "6.1.2",
"socks": "^2.6.1"
},

@@ -46,0 +47,0 @@ "devDependencies": {

src/mongocrypt.cc

Sorry, the diff of this file is not supported yet

src/mongocrypt.h

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc