CXX-2517 Add support for Range Explicit Encryption (#955)

* Sync Range Explicit Encryption test files with c94fefe3

* Add support for ClientEncryption.encryptExpression()

* Add support for RangeOpts

* Add support for EncryptOpts.algorithm "RangePreview"

* Add support for EncryptOpts.queryType "rangePreview"

* Add support for EncryptOpts.rangeOpts

* Add Range Explicit Encryption prose tests

* Document Public Technical Preview notes as warnings

* Replace fprintf with WARN in run_encryption_tests_in_file

* Use is_open() to improve context in error message

* Reorder options::encrypt member functions for consistency

* Replace raw owning pointers with RAII helpers

Author: eramongodb

data/client_side_encryption/explicit-encryption/range-encryptedFields-Date.json

@@ -0,0 +1,30 @@
+{
+    "fields": [
+      {
+        "keyId": {
+          "$binary": {
+            "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+            "subType": "04"
+          }
+        },
+        "path": "encryptedDate",
+        "bsonType": "date",
+        "queries": {
+          "queryType": "rangePreview",
+          "sparsity": {
+            "$numberLong": "1"
+          },
+          "min": {
+            "$date": {
+              "$numberLong": "0"
+          }
+          },
+          "max": {
+            "$date": {
+              "$numberLong": "200"
+          }
+          }
+        }
+      }
+    ]
+}

data/client_side_encryption/explicit-encryption/range-encryptedFields-DecimalNoPrecision.json

@@ -0,0 +1,21 @@
+{
+    "fields": [
+      {
+        "keyId": {
+          "$binary": {
+            "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+            "subType": "04"
+          }
+        },
+        "path": "encryptedDecimalNoPrecision",
+        "bsonType": "decimal",
+        "queries": {
+          "queryType": "rangePreview",
+          "sparsity": {
+            "$numberInt": "1"
+          }
+        }
+      }
+    ]
+  }
+  

data/client_side_encryption/explicit-encryption/range-encryptedFields-DecimalPrecision.json

@@ -0,0 +1,29 @@
+{
+  "fields": [
+    {
+      "keyId": {
+        "$binary": {
+          "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+          "subType": "04"
+        }
+      },
+      "path": "encryptedDecimalPrecision",
+      "bsonType": "decimal",
+      "queries": {
+        "queryType": "rangePreview",
+        "sparsity": {
+          "$numberInt": "1"
+        },
+        "min": {
+          "$numberDecimal": "0.0"
+        },
+        "max": {
+          "$numberDecimal": "200.0"
+        },
+        "precision": {
+          "$numberInt": "2"
+        }
+      }
+    }
+  ]
+}

data/client_side_encryption/explicit-encryption/range-encryptedFields-DoubleNoPrecision.json

@@ -0,0 +1,21 @@
+{
+    "fields": [
+      {
+        "keyId": {
+          "$binary": {
+            "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+            "subType": "04"
+          }
+        },
+        "path": "encryptedDoubleNoPrecision",
+        "bsonType": "double",
+        "queries": {
+          "queryType": "rangePreview",
+          "sparsity": {
+            "$numberLong": "1"
+          }
+        }
+      }
+    ]
+  }
+  

data/client_side_encryption/explicit-encryption/range-encryptedFields-DoublePrecision.json

@@ -0,0 +1,30 @@
+{
+    "fields": [
+      {
+        "keyId": {
+          "$binary": {
+            "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+            "subType": "04"
+          }
+        },
+        "path": "encryptedDoublePrecision",
+        "bsonType": "double",
+        "queries": {
+          "queryType": "rangePreview",
+          "sparsity": {
+            "$numberLong": "1"
+          },
+          "min": {
+            "$numberDouble": "0.0"
+          },
+          "max": {
+            "$numberDouble": "200.0"
+          },
+          "precision": {
+            "$numberInt": "2"
+          }
+        }
+      }
+    ]
+  }
+  

data/client_side_encryption/explicit-encryption/range-encryptedFields-Int.json

@@ -0,0 +1,27 @@
+{
+    "fields": [
+      {
+        "keyId": {
+          "$binary": {
+            "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+            "subType": "04"
+          }
+        },
+        "path": "encryptedInt",
+        "bsonType": "int",
+        "queries": {
+          "queryType": "rangePreview",
+          "sparsity": {
+            "$numberLong": "1"
+          },
+          "min": {
+            "$numberInt": "0"
+          },
+          "max": {
+            "$numberInt": "200"
+          }
+        }
+      }
+    ]
+  }
+  

data/client_side_encryption/explicit-encryption/range-encryptedFields-Long.json

@@ -0,0 +1,27 @@
+{
+    "fields": [
+      {
+        "keyId": {
+          "$binary": {
+            "base64": "EjRWeBI0mHYSNBI0VniQEg==",
+            "subType": "04"
+          }
+        },
+        "path": "encryptedLong",
+        "bsonType": "long",
+        "queries": {
+          "queryType": "rangePreview",
+          "sparsity": {
+            "$numberLong": "1"
+          },
+          "min": {
+            "$numberLong": "0"
+          },
+          "max": {
+            "$numberLong": "200"
+          }
+        }
+      }
+    ]
+  }
+  

src/mongocxx/CMakeLists.txt

@@ -155,6 +155,7 @@ set(mongocxx_sources
     options/index_view.cpp
     options/insert.cpp
     options/pool.cpp
+    options/range.cpp
     options/replace.cpp
     options/rewrap_many_datakey.cpp
     options/server_api.cpp
@@ -406,6 +407,8 @@ set_local_dist (src_mongocxx_DIST_local
    options/private/server_api.hh
    options/private/ssl.hh
    options/private/transaction.hh
+   options/range.cpp
+   options/range.hpp
    options/replace.cpp
    options/replace.hpp
    options/rewrap_many_datakey.cpp

src/mongocxx/client_encryption.cpp

@@ -40,6 +40,11 @@ bsoncxx::types::bson_value::value client_encryption::encrypt(bsoncxx::types::bso
     return _impl->encrypt(value, opts);
 }
 
+bsoncxx::document::value client_encryption::encrypt_expression(
+    bsoncxx::document::view_or_value expr, const options::encrypt& opts) {
+    return _impl->encrypt_expression(expr, opts);
+}
+
 bsoncxx::types::bson_value::value client_encryption::decrypt(
     bsoncxx::types::bson_value::view value) {
     return _impl->decrypt(value);

src/mongocxx/client_encryption.hpp

@@ -101,6 +101,22 @@ class MONGOCXX_API client_encryption {
     bsoncxx::types::bson_value::value encrypt(bsoncxx::types::bson_value::view value,
                                               const options::encrypt& opts);
 
+    ///
+    /// Encrypts a Match Expression or Aggregate Expression to query a range index.
+    ///
+    /// @note Only supported when queryType is "rangePreview" and algorithm is "RangePreview".
+    ///
+    /// @param expr A BSON document corresponding to either a Match Expression or an Aggregate
+    /// Expression.
+    /// @param opts Options must be given in order to specify queryType and algorithm.
+    ///
+    /// @returns The encrypted expression.
+    ///
+    /// @warning The Range algorithm is experimental only. It is not intended for public use. It is
+    /// subject to breaking changes.
+    bsoncxx::document::value encrypt_expression(bsoncxx::document::view_or_value expr,
+                                                const options::encrypt& opts);
+
     ///
     /// Decrypts an encrypted value (BSON binary of subtype 6).
     ///

src/mongocxx/options/auto_encryption.hpp

@@ -244,9 +244,6 @@ class MONGOCXX_API auto_encryption {
     /// an encryptedFields obtained from the server. It protects against a
     /// malicious server advertising a false encryptedFields.
     ///
-    /// Queryable Encryption is in Public Technical Preview. Queryable Encryption should not be used
-    /// in production and is subject to backwards breaking changes.
-    ///
     /// @param encrypted_fields_map
     ///   The mapping of which fields to encrypt.
     ///
@@ -257,17 +254,20 @@ class MONGOCXX_API auto_encryption {
     ///
     /// @see https://docs.mongodb.com/manual/core/security-client-side-encryption/
     ///
+    /// @warning Queryable Encryption is in Public Technical Preview. Queryable Encryption should
+    /// not be used in production and is subject to backwards breaking changes.
+    ///
     auto_encryption& encrypted_fields_map(bsoncxx::document::view_or_value encrypted_fields_map);
 
     ///
     /// Get encrypted fields map
     ///
-    /// Queryable Encryption is in Public Technical Preview. Queryable Encryption should not be used
-    /// in production and is subject to backwards breaking changes.
-    ///
     /// @return
     ///   An optional document containing the encrypted fields map
     ///
+    /// @warning Queryable Encryption is in Public Technical Preview. Queryable Encryption should
+    /// not be used in production and is subject to backwards breaking changes.
+    ///
     const stdx::optional<bsoncxx::document::view_or_value>& encrypted_fields_map() const;
 
     ///
@@ -296,9 +296,6 @@ class MONGOCXX_API auto_encryption {
     /// Query analysis is disabled when the 'bypassQueryAnalysis'
     /// option is true. Default is 'false' (i.e. query analysis is enabled).
     ///
-    /// Queryable Encryption is in Public Technical Preview. Queryable Encryption should not be used
-    /// in production and is subject to backwards breaking changes.
-    ///
     /// @param should_bypass
     ///   Whether or not to bypass query analysis.
     ///
@@ -307,17 +304,20 @@ class MONGOCXX_API auto_encryption {
     ///
     /// @see https://docs.mongodb.com/manual/core/security-client-side-encryption/
     ///
+    /// @warning Queryable Encryption is in Public Technical Preview. Queryable Encryption should
+    /// not be used in production and is subject to backwards breaking changes.
+    ///
     auto_encryption& bypass_query_analysis(bool should_bypass);
 
     ///
     /// Gets a boolean specifying whether or not query analysis is bypassed.
     ///
-    /// Queryable Encryption is in Public Technical Preview. Queryable Encryption should not be used
-    /// in production and is subject to backwards breaking changes.
-    ///
     /// @return
     ///   A boolean specifying whether query analysis is bypassed.
     ///
+    /// @warning Queryable Encryption is in Public Technical Preview. Queryable Encryption should
+    /// not be used in production and is subject to backwards breaking changes.
+    ///
     bool bypass_query_analysis() const;
 
     ///