MONGOCRYPT-432 Allow keyAltName in encryptedFieldsMap

src/mc-efc-private.h

@@ -37,6 +37,7 @@ typedef enum _supported_query_type_flags {
 typedef struct _mc_EncryptedField_t {
     supported_query_type_flags supported_queries;
     _mongocrypt_buffer_t keyId;
+    const char *keyAltName;
     const char *path;
     struct _mc_EncryptedField_t *next;
 } mc_EncryptedField_t;

src/mc-efc.c

@@ -85,18 +85,46 @@ static bool _parse_field(mc_EncryptedFieldConfig_t *efc, bson_t *field, mongocry
     BSON_ASSERT_PARAM(efc);
     BSON_ASSERT_PARAM(field);
 
-    if (!bson_iter_init_find(&field_iter, field, "keyId")) {
-        CLIENT_ERR("unable to find 'keyId' in 'field' document");
+    bool has_keyid = false;
+    bool has_keyaltname = false;
+    if (bson_iter_init_find(&field_iter, field, "keyId")) {
+        has_keyid = true;
+    }
+    if (bson_iter_init_find(&field_iter, field, "keyAltName")) {
+        has_keyaltname = true;
+    }
+    if (!(has_keyid || has_keyaltname)) {
+        CLIENT_ERR("unable to find 'keyId' or 'keyAltName' in 'field' document");
         return false;
     }
-    if (!BSON_ITER_HOLDS_BINARY(&field_iter)) {
-        CLIENT_ERR("expected 'fields.keyId' to be type binary, got: %d", (int)bson_iter_type(&field_iter));
+    if (has_keyid && has_keyaltname) {
+        CLIENT_ERR("only one of 'keyId' or 'keyAltName may be in 'field' document");
         return false;
     }
+
     _mongocrypt_buffer_t field_keyid;
-    if (!_mongocrypt_buffer_from_uuid_iter(&field_keyid, &field_iter)) {
-        CLIENT_ERR("unable to parse uuid key from 'fields.keyId'");
-        return false;
+    if (has_keyid) {
+        BSON_ASSERT(bson_iter_init_find(&field_iter, field, "keyId"));
+        if (!BSON_ITER_HOLDS_BINARY(&field_iter)) {
+            CLIENT_ERR("expected 'fields.keyId' to be type binary, got: %d", (int)bson_iter_type(&field_iter));
+            return false;
+        }
+        if (!_mongocrypt_buffer_from_uuid_iter(&field_keyid, &field_iter)) {
+            CLIENT_ERR("unable to parse uuid key from 'fields.keyId'");
+            return false;
+        }
+    } else if (has_keyaltname) {
+        BSON_ASSERT(bson_iter_init_find(&field_iter, field, "keyAltName"));
+    }
+
+    const char *keyAltName = "";
+    if (has_keyaltname) {
+        BSON_ASSERT(bson_iter_init_find(&field_iter, field, "keyAltName"));
+        if (!BSON_ITER_HOLDS_UTF8(&field_iter)) {
+            CLIENT_ERR("expected 'fields.keyAltName' to be type UTF-8, got: %d", (int)bson_iter_type(&field_iter));
+            return false;
+        }
+        keyAltName = bson_iter_utf8(&field_iter, NULL);
     }
 
     const char *field_path;
@@ -151,7 +179,12 @@ static bool _parse_field(mc_EncryptedFieldConfig_t *efc, bson_t *field, mongocry
 
     /* Prepend a new mc_EncryptedField_t */
     mc_EncryptedField_t *ef = bson_malloc0(sizeof(mc_EncryptedField_t));
-    _mongocrypt_buffer_copy_to(&field_keyid, &ef->keyId);
+    if (has_keyid) {
+        _mongocrypt_buffer_copy_to(&field_keyid, &ef->keyId);
+    }
+    if (has_keyaltname) {
+        ef->keyAltName = bson_strdup(keyAltName);
+    }
     ef->path = bson_strdup(field_path);
     ef->next = efc->fields;
     ef->supported_queries = query_types;
@@ -229,6 +262,7 @@ void mc_EncryptedFieldConfig_cleanup(mc_EncryptedFieldConfig_t *efc) {
         mc_EncryptedField_t *ptr_next = ptr->next;
         _mongocrypt_buffer_cleanup(&ptr->keyId);
         bson_free((char *)ptr->path);
+        bson_free((char *)ptr->keyAltName);
         bson_free(ptr);
         ptr = ptr_next;
     }

src/mc-schema-broker-private.h

@@ -19,6 +19,7 @@
 
 #include "mc-efc-private.h" // mc_EncryptedFieldConfig_t
 #include "mongocrypt-cache-collinfo-private.h"
+#include "mongocrypt-key-broker-private.h"
 #include "mongocrypt.h"
 #include <bson/bson.h>
 
@@ -102,6 +103,12 @@ bool mc_schema_broker_need_more_schemas(const mc_schema_broker_t *sb);
 const mc_EncryptedFieldConfig_t *
 mc_schema_broker_get_encryptedFields(const mc_schema_broker_t *sb, const char *coll, mongocrypt_status_t *status);
 
+// mc_schema_broker_get_encryptedFields returns encryptedFields for a collection if any exists.
+//
+// Returns NULL if none is found.
+const mc_EncryptedFieldConfig_t *
+mc_schema_broker_maybe_get_encryptedFields(const mc_schema_broker_t *sb, const char *coll, mongocrypt_status_t *status);
+
 typedef enum {
     MC_CMD_SCHEMAS_FOR_CRYPT_SHARED, // target the crypt_shared library.
     MC_CMD_SCHEMAS_FOR_MONGOCRYPTD,  // target mongocryptd process.
@@ -118,8 +125,23 @@ typedef enum {
 // - encryptionInformation: for QE.
 //
 // Set cmd_target to the intended command destination. This impacts if/how schema information is added.
-bool mc_schema_broker_add_schemas_to_cmd(const mc_schema_broker_t *sb,
+bool mc_schema_broker_add_schemas_to_cmd(mc_schema_broker_t *sb,
+                                         _mongocrypt_key_broker_t *kb,
                                          bson_t *cmd /* in and out */,
                                          mc_cmd_target_t cmd_target,
                                          mongocrypt_status_t *status);
+
+// mc_translate_fields_keyAltName_to_keyId processes a "fields" array from encryptedFields,
+// translating keyAltName to keyId for each field document.
+//
+// @param fields_bson The fields array to process
+// @param kb The key broker to use for keyAltName to keyId translation
+// @param out The output array to append translated fields to
+// @param status Output status
+// @return true on success, false on error
+bool mc_translate_fields_keyAltName_to_keyId(const bson_t *fields_bson,
+                                             _mongocrypt_key_broker_t *kb,
+                                             bson_t *out,
+                                             mongocrypt_status_t *status);
+
 #endif // MC_SCHEMA_BROKER_PRIVATE_H