mongodb · nbbeeken · Aug 1, 2024 · Jul 29, 2024 · Jul 31, 2024 · Aug 1, 2024
diff --git a/.evergreen/run-typescript.sh b/.evergreen/run-typescript.sh
diff --git a/src/client-side-encryption/auto_encrypter.ts b/src/client-side-encryption/auto_encrypter.ts
@@ -15,7 +15,11 @@ import * as cryptoCallbacks from './crypto_callbacks';
 import { MongoCryptInvalidArgumentError } from './errors';
 import { MongocryptdManager } from './mongocryptd_manager';
 import { type KMSProviders, refreshKMSCredentials } from './providers';
-import { type CSFLEKMSTlsOptions, StateMachine } from './state_machine';
+import {
+  type ClientEncryptionSocketOptions,
+  type CSFLEKMSTlsOptions,
+  StateMachine
+} from './state_machine';
 
 /** @public */
 export interface AutoEncryptionOptions {
@@ -101,6 +105,8 @@ export interface AutoEncryptionOptions {
   proxyOptions?: ProxyOptions;
   /** The TLS options to use connecting to the KMS provider */
   tlsOptions?: CSFLEKMSTlsOptions;
+  /** Options for KMS socket requests. */
+  socketOptions?: ClientEncryptionSocketOptions;
 }
 
 /**
@@ -150,6 +156,7 @@ export class AutoEncrypter {
   _kmsProviders: KMSProviders;
   _bypassMongocryptdAndCryptShared: boolean;
   _contextCounter: number;
+  _socketOptions: ClientEncryptionSocketOptions;
 
   _mongocryptdManager?: MongocryptdManager;
   _mongocryptdClient?: MongoClient;
@@ -234,6 +241,7 @@ export class AutoEncrypter {
     this._proxyOptions = options.proxyOptions || {};
     this._tlsOptions = options.tlsOptions || {};
     this._kmsProviders = options.kmsProviders || {};
+    this._socketOptions = options.socketOptions || {};
 
     const mongoCryptOptions: MongoCryptOptions = {
       cryptoCallbacks
@@ -379,7 +387,8 @@ export class AutoEncrypter {
       promoteValues: false,
       promoteLongs: false,
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: this._socketOptions
     });
 
     return deserialize(await stateMachine.execute(this, context), {
@@ -399,7 +408,8 @@ export class AutoEncrypter {
     const stateMachine = new StateMachine({
       ...options,
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: this._socketOptions
     });
 
     return await stateMachine.execute(this, context);

diff --git a/src/client-side-encryption/client_encryption.ts b/src/client-side-encryption/client_encryption.ts
@@ -28,7 +28,11 @@ import {
   type KMSProviders,
   refreshKMSCredentials
 } from './providers/index';
-import { type CSFLEKMSTlsOptions, StateMachine } from './state_machine';
+import {
+  type ClientEncryptionSocketOptions,
+  type CSFLEKMSTlsOptions,
+  StateMachine
+} from './state_machine';
 
 /**
  * @public
@@ -62,6 +66,8 @@ export class ClientEncryption {
   _tlsOptions: CSFLEKMSTlsOptions;
   /** @internal */
   _kmsProviders: KMSProviders;
+  /** @internal */
+  _socketOptions: ClientEncryptionSocketOptions;
 
   /** @internal */
   _mongoCrypt: MongoCrypt;
@@ -108,6 +114,15 @@ export class ClientEncryption {
     this._proxyOptions = options.proxyOptions ?? {};
     this._tlsOptions = options.tlsOptions ?? {};
     this._kmsProviders = options.kmsProviders || {};
+    this._socketOptions = {};
+
+    if ('autoSelectFamily' in client.s.options) {
+      this._socketOptions.autoSelectFamily = client.s.options.autoSelectFamily;
+    }
+    if ('autoSelectFamilyAttemptTimeout' in client.s.options) {
+      this._socketOptions.autoSelectFamilyAttemptTimeout =
+        client.s.options.autoSelectFamilyAttemptTimeout;
+    }
 
     if (options.keyVaultNamespace == null) {
       throw new MongoCryptInvalidArgumentError('Missing required option `keyVaultNamespace`');
@@ -199,7 +214,8 @@ export class ClientEncryption {
 
     const stateMachine = new StateMachine({
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: this._socketOptions
     });
 
     const dataKey = deserialize(await stateMachine.execute(this, context)) as DataKey;
@@ -256,7 +272,8 @@ export class ClientEncryption {
     const context = this._mongoCrypt.makeRewrapManyDataKeyContext(filterBson, keyEncryptionKeyBson);
     const stateMachine = new StateMachine({
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: this._socketOptions
     });
 
     const { v: dataKeys } = deserialize(await stateMachine.execute(this, context));
@@ -637,7 +654,8 @@ export class ClientEncryption {
 
     const stateMachine = new StateMachine({
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: this._socketOptions
     });
 
     const { v } = deserialize(await stateMachine.execute(this, context));
@@ -715,7 +733,8 @@ export class ClientEncryption {
     const valueBuffer = serialize({ v: value });
     const stateMachine = new StateMachine({
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: this._socketOptions
     });
     const context = this._mongoCrypt.makeExplicitEncryptionContext(valueBuffer, contextOptions);
 

diff --git a/src/client-side-encryption/state_machine.ts b/src/client-side-encryption/state_machine.ts
@@ -114,6 +114,16 @@ export type CSFLEKMSTlsOptions = {
   [key: string]: ClientEncryptionTlsOptions | undefined;
 };
 
+/**
+ * @public
+ *
+ * Socket options to use for KMS requests.
+ */
+export type ClientEncryptionSocketOptions = Pick<
+  MongoClientOptions,
+  'autoSelectFamily' | 'autoSelectFamilyAttemptTimeout'
+>;
+
 /**
  * This is kind of a hack.  For `rewrapManyDataKey`, we have tests that
  * guarantee that when there are no matching keys, `rewrapManyDataKey` returns
@@ -153,6 +163,9 @@ export type StateMachineOptions = {
 
   /** TLS options for KMS requests, if set. */
   tlsOptions: CSFLEKMSTlsOptions;
+
+  /** Socket specific options we support. */
+  socketOptions: ClientEncryptionSocketOptions;
 } & Pick<BSONSerializeOptions, 'promoteLongs' | 'promoteValues'>;
 
 /**
@@ -289,14 +302,27 @@ export class StateMachine {
   async kmsRequest(request: MongoCryptKMSRequest): Promise<void> {
     const parsedUrl = request.endpoint.split(':');
     const port = parsedUrl[1] != null ? Number.parseInt(parsedUrl[1], 10) : HTTPS_PORT;
-    const options: tls.ConnectionOptions & { host: string; port: number } = {
+    const options: tls.ConnectionOptions & {
+      host: string;
+      port: number;
+      autoSelectFamily?: boolean;
+      autoSelectFamilyAttemptTimeout?: number;
+    } = {
       host: parsedUrl[0],
       servername: parsedUrl[0],
       port
     };
     const message = request.message;
     const buffer = new BufferPool();
 
+    const socketOptions = this.options.socketOptions || {};
+    if ('autoSelectFamily' in socketOptions) {
+      options.autoSelectFamily = socketOptions.autoSelectFamily;
+    }
+    if ('autoSelectFamilyAttemptTimeout' in socketOptions) {
+      options.autoSelectFamilyAttemptTimeout = socketOptions.autoSelectFamilyAttemptTimeout;
+    }
+
     const netSocket: net.Socket = new net.Socket();
     let socket: tls.TLSSocket;
 

diff --git a/src/cmap/connect.ts b/src/cmap/connect.ts
@@ -269,6 +269,8 @@ export const LEGAL_TLS_SOCKET_OPTIONS = [
 
 /** @public */
 export const LEGAL_TCP_SOCKET_OPTIONS = [
+  'autoSelectFamily',
+  'autoSelectFamilyAttemptTimeout',
   'family',
   'hints',
   'localAddress',

diff --git a/src/connection_string.ts b/src/connection_string.ts
@@ -740,6 +740,13 @@ export const OPTIONS = {
   autoEncryption: {
     type: 'record'
   },
+  autoSelectFamily: {
+    type: 'boolean',
+    default: true
+  },
+  autoSelectFamilyAttemptTimeout: {
+    type: 'uint'
+  },
   bsonRegExp: {
     type: 'boolean'
   },

diff --git a/src/encrypter.ts b/src/encrypter.ts
@@ -1,6 +1,7 @@
 import { callbackify } from 'util';
 
 import { AutoEncrypter, type AutoEncryptionOptions } from './client-side-encryption/auto_encrypter';
+import { type ClientEncryptionSocketOptions } from './client-side-encryption/state_machine';
 import { MONGO_CLIENT_EVENTS } from './constants';
 import { getMongoDBClientEncryption } from './deps';
 import { MongoInvalidArgumentError, MongoMissingDependencyError } from './error';
@@ -56,6 +57,15 @@ export class Encrypter {
       };
     }
 
+    const socketOptions: ClientEncryptionSocketOptions = {};
+    if ('autoSelectFamily' in options) {
+      socketOptions.autoSelectFamily = options.autoSelectFamily;
+    }
+    if ('autoSelectFamilyAttemptTimeout' in options) {
+      socketOptions.autoSelectFamilyAttemptTimeout = options.autoSelectFamilyAttemptTimeout;
+    }
+    options.autoEncryption.socketOptions = socketOptions;
+
     this.autoEncrypter = new AutoEncrypter(client, options.autoEncryption);
   }
 

diff --git a/src/index.ts b/src/index.ts
@@ -248,6 +248,7 @@ export type {
   LocalKMSProviderConfiguration
 } from './client-side-encryption/providers/index';
 export type {
+  ClientEncryptionSocketOptions,
   ClientEncryptionTlsOptions,
   CSFLEKMSTlsOptions,
   StateMachineExecutable

diff --git a/src/mongo_client.ts b/src/mongo_client.ts
@@ -104,7 +104,7 @@ export type SupportedTLSSocketOptions = Pick<
 
 /** @public */
 export type SupportedSocketOptions = Pick<
-  TcpNetConnectOpts,
+  TcpNetConnectOpts & { autoSelectFamily?: boolean; autoSelectFamilyAttemptTimeout?: number },
   (typeof LEGAL_TCP_SOCKET_OPTIONS)[number]
 >;
 

diff --git a/test/integration/node-specific/mongo_client.test.ts b/test/integration/node-specific/mongo_client.test.ts
@@ -1,5 +1,6 @@
 import { expect } from 'chai';
 import { once } from 'events';
+import * as net from 'net';
 import * as sinon from 'sinon';
 
 import {
@@ -721,4 +722,56 @@ describe('class MongoClient', function () {
       });
     });
   });
+
+  context('when connecting', function () {
+    let netSpy;
+
+    beforeEach(function () {
+      netSpy = sinon.spy(net, 'createConnection');
+    });
+
+    afterEach(function () {
+      sinon.restore();
+    });
+
+    context('when auto select options are provided', function () {
+      beforeEach(function () {
+        client = this.configuration.newClient({
+          autoSelectFamily: false,
+          autoSelectFamilyAttemptTimeout: 100
+        });
+      });
+
+      it('sets the provided options', {
+        metadata: { requires: { topology: ['single'] } },
+        test: async function () {
+          await client.connect();
+          expect(netSpy).to.have.been.calledWith({
+            autoSelectFamily: false,
+            autoSelectFamilyAttemptTimeout: 100,
+            host: 'localhost',
+            port: 27017
+          });
+        }
+      });
+    });
+
+    context('when auto select options are not provided', function () {
+      beforeEach(function () {
+        client = this.configuration.newClient();
+      });
+
+      it('sets the default options', {
+        metadata: { requires: { topology: ['single'] } },
+        test: async function () {
+          await client.connect();
+          expect(netSpy).to.have.been.calledWith({
+            autoSelectFamily: true,
+            host: 'localhost',
+            port: 27017
+          });
+        }
+      });
+    });
+  });
 });
diff --git a/test/manual/mocharc.json b/test/manual/mocharc.json
@@ -1,5 +1,8 @@
 {
-  "require": "ts-node/register",
+  "require": [
+    "ts-node/register",
+    "test/tools/runner/chai_addons.ts"
+  ],
   "reporter": "test/tools/reporter/mongodb_reporter.js",
   "failZero": true,
   "color": true,