Add config option for fle types

lib/mongo.rb

@@ -100,6 +100,7 @@ def self.delegate_option(obj, opt)
     delegate_option Config, :broken_view_aggregate
     delegate_option Config, :broken_view_options
     delegate_option Config, :validate_update_replace
+    delegate_option Config, :csfle_convert_to_ruby_types
   end
 
   # Clears the driver's OCSP response cache.

lib/mongo/config.rb

@@ -27,6 +27,10 @@ module Config
     # validate the parameters and raise an error if they are invalid.
     option :validate_update_replace, default: false
 
+    # When this flag is set to true, the CSFLE will use Ruby types for
+    # decryption instead of BSON types.
+    option :csfle_convert_to_ruby_types, default: false
+
     # Set the configuration options.
     #
     # @example Set the options.

lib/mongo/crypt/auto_decryption_context.rb

@@ -38,6 +38,15 @@ def initialize(mongocrypt, io, command)
 
         Binding.ctx_decrypt_init(self, @command)
       end
+
+      # Which BSON mode to use when creating documents from the outcome of
+      # the state machine. The returned value is based on the
+      # +Mongo::Config.csfle_convert_to_ruby_types+ option.
+      #
+      # @return [ Symbol, nil ] The BSON mode.
+      def bson_mode
+        Mongo::Config.csfle_convert_to_ruby_types ? nil : :bson
+      end
     end
   end
 end

lib/mongo/crypt/binding.rb

@@ -1216,7 +1216,7 @@ def self.ctx_finalize(context)
         # TODO since the binary references a C pointer, and ByteBuffer is
         # written in C in MRI, we could omit a copy of the data by making
         # ByteBuffer reference the string that is owned by libmongocrypt.
-        BSON::Document.from_bson(BSON::ByteBuffer.new(binary.to_s), mode: :bson)
+        BSON::Document.from_bson(BSON::ByteBuffer.new(binary.to_s), mode: context.bson_mode)
       end
 
       # @!method self.mongocrypt_ctx_destroy(ctx)

lib/mongo/crypt/context.rb

@@ -109,6 +109,16 @@ def run_state_machine(timeout_holder)
         end
       end
 
+      # Which BSON mode to use when creating documents from the outcome of
+      # the state machine. The default is :bson, which creates BSON::Document
+      # with BSON types. Subclasses may override this method to
+      # change this behavior.
+      #
+      # @return [ Symbol, nil ] The BSON mode.
+      def bson_mode
+        :bson
+      end
+
       private
 
       def provide_markings(timeout_ms)

lib/mongo/crypt/explicit_decryption_context.rb

@@ -38,6 +38,15 @@ def initialize(mongocrypt, io, doc)
         # explicit decryption
         Binding.ctx_explicit_decrypt_init(self, doc)
       end
+
+      # Which BSON mode to use when creating documents from the outcome of
+      # the state machine. The returned value is based on the
+      # +Mongo::Config.csfle_convert_to_ruby_types+ option.
+      #
+      # @return [ Symbol, nil ] The BSON mode.
+      def bson_mode
+        Mongo::Config.csfle_convert_to_ruby_types ? nil : :bson
+      end
     end
   end
 end

spec/integration/client_side_encryption/auto_encryption_type_conversion_spec.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Auto Encryption Type Conversion' do
+  require_libmongocrypt
+  require_enterprise
+  min_server_fcv '4.2'
+
+  include_context 'define shared FLE helpers'
+  include_context 'with local kms_providers'
+
+  let(:client) do
+    new_local_client(
+      SpecConfig.instance.addresses,
+      SpecConfig.instance.test_options.merge(
+        auto_encryption_options: {
+          kms_providers: kms_providers,
+          key_vault_namespace: key_vault_namespace,
+          schema_map: { 'auto_encryption.users' => schema_map },
+          # Spawn mongocryptd on non-default port for sharded cluster tests
+          extra_options: extra_options,
+        },
+        database: 'auto_encryption'
+      )
+    )
+  end
+
+  let(:large_number) { 2**40 }
+
+  let(:ssn) { '123-45-6789' }
+
+  let(:decrypted_doc) do
+    client['users'].find(_id: 1).first
+  end
+
+  before do
+    authorized_client.use('auto_encryption')['users'].drop
+
+    key_vault_collection.drop
+    key_vault_collection.insert_one(data_key)
+
+    client['users'].insert_one(
+      _id: 1,
+      large_number: large_number,
+      ssn: ssn
+    )
+  end
+
+  context 'when csfle_convert_to_ruby_types is true' do
+    config_override :csfle_convert_to_ruby_types, true
+
+    it 'returns Int64 as Integer' do
+      expect(decrypted_doc['ssn']).to eq(ssn) # To check that decryption works
+      expect(decrypted_doc['large_number']).to be_a(Integer)
+      expect(decrypted_doc['large_number']).to eq(large_number)
+    end
+  end
+
+  context 'when csfle_convert_to_ruby_types is false' do
+    config_override :csfle_convert_to_ruby_types, false
+
+    it 'returns Int64 as BSON::Int64' do
+      expect(decrypted_doc['ssn']).to eq(ssn) # To check that decryption works
+      expect(decrypted_doc['large_number']).to be_a(BSON::Int64)
+      expect(decrypted_doc['large_number'].value).to eq(large_number)
+    end
+  end
+end

spec/integration/client_side_encryption/explicit_encryption_spec.rb

@@ -28,7 +28,7 @@
     client.use(key_vault_db)[key_vault_coll].drop
   end
 
-  shared_examples 'an explicit encrypter' do
+  shared_examples 'an explicit encrypter' do |decrypted_value|
     it 'encrypts and decrypts the value using key_id' do
       data_key_id = client_encryption.create_data_key(
         kms_provider_name,
@@ -44,8 +44,13 @@
       )
 
       decrypted = client_encryption.decrypt(encrypted)
-      expect(decrypted).to eq(value)
-      expect(decrypted).to be_a_kind_of(value.class)
+      if decrypted_value.nil?
+        expect(decrypted).to eq(value)
+        expect(decrypted).to be_a_kind_of(value.class)
+      else
+        expect(decrypted).to eq(decrypted_value)
+        expect(decrypted).to be_a_kind_of(decrypted_value.class)
+      end
     end
 
     it 'encrypts and decrypts the value using key_alt_name' do
@@ -63,8 +68,13 @@
       )
 
       decrypted = client_encryption.decrypt(encrypted)
-      expect(decrypted).to eq(value)
-      expect(decrypted).to be_a_kind_of(value.class)
+      if decrypted_value.nil?
+        expect(decrypted).to eq(value)
+        expect(decrypted).to be_a_kind_of(value.class)
+      else
+        expect(decrypted).to eq(decrypted_value)
+        expect(decrypted).to be_a_kind_of(decrypted_value.class)
+      end
     end
   end
 
@@ -140,6 +150,30 @@
     end
   end
 
+  context 'values is a large integer that requires BSON::Int64' do
+    let(:value) { 2**40 }
+
+    context 'when csfle_convert_to_ruby_types is true' do
+      config_override :csfle_convert_to_ruby_types, true
+
+      context 'with local KMS provider' do
+        include_context 'with local kms_providers'
+
+        it_behaves_like 'an explicit encrypter'
+      end
+    end
+
+    context 'when csfle_convert_to_ruby_types is false' do
+      config_override :csfle_convert_to_ruby_types, false
+
+      context 'with local KMS provider' do
+        include_context 'with local kms_providers'
+
+        it_behaves_like 'an explicit encrypter', BSON::Int64.new(2**40)
+      end
+    end
+  end
+
   context 'value is an symbol' do
     let(:value) { BSON::Symbol::Raw.new(:hello_world) }