mongodb · kevinAlbs · Apr 21, 2023 · Mar 31, 2023 · Mar 31, 2023 · Apr 5, 2023
@@ -102,6 +102,8 @@ BSON_BEGIN_DECLS
 #define WIRE_VERSION_5_1 14
 /* version corresponding to server 6.0 release */
 #define WIRE_VERSION_6_0 17
+/* version corresponding to server 7.0 release */
+#define WIRE_VERSION_7_0 21
 
 struct _mongoc_collection_t;
 

@@ -764,7 +764,7 @@ mongoc_collection_count_with_opts (
       kv ("query",
           if (query,                // If we have a query,
               then (bson (*query)), // Copy it
-              else(doc ()))),       // Otherwise, add an empty doc
+              else (doc ()))),      // Otherwise, add an empty doc
       if (limit, then (kv ("limit", int64 (limit)))),
       if (skip, then (kv ("skip", int64 (skip)))));
 
@@ -1055,10 +1055,8 @@ drop_with_opts_with_encryptedFields (mongoc_collection_t *collection,
                                      bson_error_t *error)
 {
    char *escName = NULL;
-   char *eccName = NULL;
    char *ecocName = NULL;
    mongoc_collection_t *escCollection = NULL;
-   mongoc_collection_t *eccCollection = NULL;
    mongoc_collection_t *ecocCollection = NULL;
    bool ok = false;
    const char *name = mongoc_collection_get_name (collection);
@@ -1087,23 +1085,6 @@ drop_with_opts_with_encryptedFields (mongoc_collection_t *collection,
       }
    }
 
-   /* Drop ECC collection. */
-   eccName = _mongoc_get_encryptedField_state_collection (
-      encryptedFields, name, "ecc", error);
-   if (!eccName) {
-      goto fail;
-   }
-
-   eccCollection = mongoc_client_get_collection (
-      collection->client, collection->db, eccName);
-   if (!drop_with_opts (eccCollection, NULL /* opts */, error)) {
-      if (error->code == MONGOC_SERVER_ERR_NS_NOT_FOUND) {
-         memset (error, 0, sizeof (bson_error_t));
-      } else {
-         goto fail;
-      }
-   }
-
    /* Drop ECOC collection. */
    ecocName = _mongoc_get_encryptedField_state_collection (
       encryptedFields, name, "ecoc", error);
@@ -1134,8 +1115,6 @@ drop_with_opts_with_encryptedFields (mongoc_collection_t *collection,
 fail:
    mongoc_collection_destroy (ecocCollection);
    bson_free (ecocName);
-   mongoc_collection_destroy (eccCollection);
-   bson_free (eccName);
    mongoc_collection_destroy (escCollection);
    bson_free (escName);
    return ok;

@@ -1015,15 +1015,13 @@ _mongoc_get_encryptedField_state_collection (
 
    if (0 == strcmp (state_collection_suffix, "esc")) {
       fieldName = "escCollection";
-   } else if (0 == strcmp (state_collection_suffix, "ecc")) {
-      fieldName = "eccCollection";
    } else if (0 == strcmp (state_collection_suffix, "ecoc")) {
       fieldName = "ecocCollection";
    } else {
       bson_set_error (error,
                       MONGOC_ERROR_COMMAND,
                       MONGOC_ERROR_COMMAND_INVALID_ARG,
-                      "expected state_collection_suffix to be 'esc', 'ecc', or "
+                      "expected state_collection_suffix to be 'esc' or "
                       "'ecoc', got: %s",
                       state_collection_suffix);
       return NULL;
@@ -1100,15 +1098,40 @@ create_collection_with_encryptedFields (mongoc_database_t *database,
    bool state_collections_ok =
       create_encField_state_collection (
          database, encryptedFields, name, "esc", error) &&
-      create_encField_state_collection (
-         database, encryptedFields, name, "ecc", error) &&
       create_encField_state_collection (
          database, encryptedFields, name, "ecoc", error);
    if (!state_collections_ok) {
       // Failed to create one or more state collections
       goto fail;
    }
 
+   // Check the wire version to ensure server is 7.0.0 or newer.
+   {
+      mongoc_server_stream_t *stream =
+         mongoc_cluster_stream_for_writes (&database->client->cluster,
+                                           NULL /* client session */,
+                                           NULL /* reply */,
+                                           error);
+      if (!stream) {
+         goto fail;
+      }
+      if (stream->sd->max_wire_version < WIRE_VERSION_7_0) {
+         bson_set_error (
+            error,
+            MONGOC_ERROR_PROTOCOL,
+            MONGOC_ERROR_PROTOCOL_BAD_WIRE_VERSION,
+            "Driver support of Queryable Encryption is incompatible "
+            "with server. Upgrade server to use Queryable Encryption. "
+            "Got maxWireVersion %" PRId32 " but need maxWireVersion >= %d",
+            stream->sd->max_wire_version,
+            WIRE_VERSION_7_0);
+         mongoc_server_stream_cleanup (stream);
+         goto fail;
+      }
+      mongoc_server_stream_cleanup (stream);
+   }
+
+
    /* Create data collection. */
    cc_opts = bson_copy (opts);
    if (!BSON_APPEND_DOCUMENT (cc_opts, "encryptedFields", encryptedFields)) {

@@ -27,6 +27,7 @@
 #include "mongoc-rand-private.h"
 #include "mongoc-util-private.h"
 #include "mongoc-client.h"
+#include "mongoc-client-private.h" // WIRE_VERSION_* macros.
 #include "mongoc-client-session-private.h"
 #include "mongoc-trace-private.h"
 
@@ -288,28 +289,30 @@ _mongoc_wire_version_to_server_version (int32_t version)
       return "3.4";
    case 6:
       return "3.6";
-   case 7:
+   case WIRE_VERSION_4_0:
       return "4.0";
-   case 8:
+   case WIRE_VERSION_4_2:
       return "4.2";
-   case 9:
+   case WIRE_VERSION_4_4:
       return "4.4";
    case 10:
       return "4.7";
    case 11:
       return "4.8";
-   case 12:
+   case WIRE_VERSION_4_9:
       return "4.9";
-   case 13:
+   case WIRE_VERSION_5_0:
       return "5.0";
-   case 14:
+   case WIRE_VERSION_5_1:
       return "5.1";
    case 15:
       return "5.2";
    case 16:
       return "5.3";
-   case 17:
+   case WIRE_VERSION_6_0:
       return "6.0";
+   case WIRE_VERSION_7_0:
+      return "7.0";
    default:
       return "Unknown";
    }

@@ -27,4 +27,4 @@
         }
       }
     ]
-}
+}
@@ -17,4 +17,5 @@
         }
       }
     ]
-  }
+  }
+
@@ -26,4 +26,5 @@
         }
       }
     ]
-  }
+  }
+
@@ -23,4 +23,5 @@
         }
       }
     ]
-  }
+  }
+
@@ -23,4 +23,5 @@
         }
       }
     ]
-  }
+  }
+
@@ -14,9 +14,6 @@
   "collection_name": "default",
   "data": [],
   "encrypted_fields": {
-    "escCollection": "enxcol_.default.esc",
-    "eccCollection": "enxcol_.default.ecc",
-    "ecocCollection": "enxcol_.default.ecoc",
     "fields": [
       {
         "keyId": {
@@ -153,7 +150,44 @@
                   }
                 }
               ],
-              "ordered": true
+              "ordered": true,
+              "encryptionInformation": {
+                "type": 1,
+                "schema": {
+                  "default.default": {
+                    "escCollection": "enxcol_.default.esc",
+                    "ecocCollection": "enxcol_.default.ecoc",
+                    "fields": [
+                      {
+                        "keyId": {
+                          "$binary": {
+                            "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+                            "subType": "04"
+                          }
+                        },
+                        "path": "encryptedIndexed",
+                        "bsonType": "string",
+                        "queries": {
+                          "queryType": "equality",
+                          "contention": {
+                            "$numberLong": "0"
+                          }
+                        }
+                      },
+                      {
+                        "keyId": {
+                          "$binary": {
+                            "base64": "q83vqxI0mHYSNBI0VniQEg==",
+                            "subType": "04"
+                          }
+                        },
+                        "path": "encryptedUnindexed",
+                        "bsonType": "string"
+                      }
+                    ]
+                  }
+                }
+              }
             },
             "command_name": "insert"
           }

@@ -14,9 +14,6 @@
   "collection_name": "default",
   "data": [],
   "encrypted_fields": {
-    "escCollection": "enxcol_.default.esc",
-    "eccCollection": "enxcol_.default.ecc",
-    "ecocCollection": "enxcol_.default.ecoc",
     "fields": [
       {
         "keyId": {

@@ -0,0 +1,62 @@
+{
+  "runOn": [
+    {
+      "minServerVersion": "6.0.0",
+      "maxServerVersion": "6.3.99",
+      "topology": [
+        "replicaset",
+        "sharded",
+        "load-balanced"
+      ]
+    }
+  ],
+  "database_name": "default",
+  "collection_name": "default",
+  "tests": [
+    {
+      "description": "driver returns an error if creating a QEv2 collection on unsupported server",
+      "clientOptions": {
+        "autoEncryptOpts": {
+          "kmsProviders": {
+            "aws": {}
+          },
+          "encryptedFieldsMap": {
+            "default.encryptedCollection": {
+              "fields": [
+                {
+                  "path": "firstName",
+                  "bsonType": "string",
+                  "keyId": {
+                    "$binary": {
+                      "base64": "AAAAAAAAAAAAAAAAAAAAAA==",
+                      "subType": "04"
+                    }
+                  }
+                }
+              ]
+            }
+          }
+        }
+      },
+      "operations": [
+        {
+          "name": "dropCollection",
+          "object": "database",
+          "arguments": {
+            "collection": "encryptedCollection"
+          }
+        },
+        {
+          "name": "createCollection",
+          "object": "database",
+          "arguments": {
+            "collection": "encryptedCollection"
+          },
+          "result": {
+            "errorContains": "Driver support of Queryable Encryption is incompatible with server. Upgrade server to use Queryable Encryption."
+          }
+        }
+      ]
+    }
+  ]
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -27,4 +27,4 @@ @@
             }
           }
         ]
-    }
+    }