CSHARP-4255: Fix bug and some tests. (#993)

Author: DmitryLukyanov

src/MongoDB.Driver/CreateCollectionOptions.cs

@@ -196,6 +196,27 @@ public DocumentValidationLevel? ValidationLevel
             get { return _validationLevel; }
             set { _validationLevel = value; }
         }
+
+        internal virtual CreateCollectionOptions Clone() =>
+            new CreateCollectionOptions
+            {
+                _autoIndexId = _autoIndexId,
+                _capped = _capped,
+                _changeStreamPreAndPostImagesOptions = _changeStreamPreAndPostImagesOptions,
+                _collation = _collation,
+                _encryptedFields = _encryptedFields,
+                _expireAfter = _expireAfter,
+                _indexOptionDefaults = _indexOptionDefaults,
+                _maxDocuments = _maxDocuments,
+                _maxSize = _maxSize,
+                _noPadding = _noPadding,
+                _serializerRegistry = _serializerRegistry,
+                _storageEngine = _storageEngine,
+                _timeSeriesOptions = _timeSeriesOptions,
+                _usePowerOf2Sizes = _usePowerOf2Sizes,
+                _validationAction = _validationAction,
+                _validationLevel = _validationLevel
+            };
     }
 
     /// <summary>
@@ -282,5 +303,32 @@ public FilterDefinition<TDocument> Validator
             get { return _validator; }
             set { _validator = value; }
         }
+
+        internal override CreateCollectionOptions Clone() =>
+            new CreateCollectionOptions<TDocument>
+            {
+    #pragma warning disable CS0618 // Type or member is obsolete
+                AutoIndexId = base.AutoIndexId,
+    #pragma warning restore CS0618 // Type or member is obsolete
+                Capped = base.Capped,
+                ChangeStreamPreAndPostImagesOptions = base.ChangeStreamPreAndPostImagesOptions,
+                Collation = base.Collation,
+                EncryptedFields = base.EncryptedFields,
+                ExpireAfter = base.ExpireAfter,
+                IndexOptionDefaults = base.IndexOptionDefaults,
+                MaxDocuments = base.MaxDocuments,
+                MaxSize = base.MaxSize,
+                NoPadding = base.NoPadding,
+                SerializerRegistry = base.SerializerRegistry,
+                StorageEngine = base.StorageEngine,
+                TimeSeriesOptions = base.TimeSeriesOptions,
+                UsePowerOf2Sizes = base.UsePowerOf2Sizes,
+                ValidationAction = base.ValidationAction,
+                ValidationLevel = base.ValidationLevel,
+
+                _clusteredIndex = _clusteredIndex,
+                _documentSerializer = _documentSerializer,
+                _validator = _validator
+            };
     }
 }

src/MongoDB.Driver/Encryption/ClientEncryption.cs

@@ -82,59 +82,85 @@ public Task<BsonDocument> AddAlternateKeyNameAsync(Guid id, string alternateKeyN
         /// <summary>
         /// Create encrypted collection.
         /// </summary>
-        /// <param name="collectionNamespace">The collection namespace.</param>
+        /// <param name="database">The database.</param>
+        /// <param name="collectionName">The collection name.</param>
         /// <param name="createCollectionOptions">The create collection options.</param>
         /// <param name="kmsProvider">The kms provider.</param>
         /// <param name="dataKeyOptions">The datakey options.</param>
         /// <param name="cancellationToken">The cancellation token.</param>
+        /// <returns>The operation result.</returns>
         /// <remarks>
         /// if EncryptionFields contains a keyId with a null value, a data key will be automatically generated and assigned to keyId value.
         /// </remarks>
-        public void CreateEncryptedCollection<TCollection>(CollectionNamespace collectionNamespace, CreateCollectionOptions createCollectionOptions, string kmsProvider, DataKeyOptions dataKeyOptions, CancellationToken cancellationToken = default)
+        public CreateEncryptedCollectionResult CreateEncryptedCollection(IMongoDatabase database, string collectionName, CreateCollectionOptions createCollectionOptions, string kmsProvider, DataKeyOptions dataKeyOptions, CancellationToken cancellationToken = default)
         {
-            Ensure.IsNotNull(collectionNamespace, nameof(collectionNamespace));
+            Ensure.IsNotNull(database, nameof(database));
+            Ensure.IsNotNull(collectionName, nameof(collectionName));
             Ensure.IsNotNull(createCollectionOptions, nameof(createCollectionOptions));
             Ensure.IsNotNull(dataKeyOptions, nameof(dataKeyOptions));
             Ensure.IsNotNull(kmsProvider, nameof(kmsProvider));
 
-            foreach (var fieldDocument in EncryptedCollectionHelper.IterateEmptyKeyIds(collectionNamespace, createCollectionOptions.EncryptedFields))
+            var encryptedFields = createCollectionOptions.EncryptedFields?.DeepClone()?.AsBsonDocument;
+            try
             {
-                var dataKey = CreateDataKey(kmsProvider, dataKeyOptions, cancellationToken);
-                EncryptedCollectionHelper.ModifyEncryptedFields(fieldDocument, dataKey);
+                foreach (var fieldDocument in EncryptedCollectionHelper.IterateEmptyKeyIds(new CollectionNamespace(database.DatabaseNamespace.DatabaseName, collectionName), encryptedFields))
+                {
+                    var dataKey = CreateDataKey(kmsProvider, dataKeyOptions, cancellationToken);
+                    EncryptedCollectionHelper.ModifyEncryptedFields(fieldDocument, dataKey);
+                }
+
+                var effectiveCreateEncryptionOptions = createCollectionOptions.Clone();
+                effectiveCreateEncryptionOptions.EncryptedFields = encryptedFields;
+                database.CreateCollection(collectionName, effectiveCreateEncryptionOptions, cancellationToken);
+            }
+            catch (Exception ex)
+            {
+                throw new MongoEncryptionCreateCollectionException(ex, encryptedFields);
             }
 
-            var database = _libMongoCryptController.KeyVaultClient.GetDatabase(collectionNamespace.DatabaseNamespace.DatabaseName);
-
-            database.CreateCollection(collectionNamespace.CollectionName, createCollectionOptions, cancellationToken);
+            return new CreateEncryptedCollectionResult(encryptedFields);
         }
 
         /// <summary>
         /// Create encrypted collection.
         /// </summary>
-        /// <param name="collectionNamespace">The collection namespace.</param>
+        /// <param name="database">The database.</param>
+        /// <param name="collectionName">The collection name.</param>
         /// <param name="createCollectionOptions">The create collection options.</param>
         /// <param name="kmsProvider">The kms provider.</param>
         /// <param name="dataKeyOptions">The datakey options.</param>
         /// <param name="cancellationToken">The cancellation token.</param>
+        /// <returns>The operation result.</returns>
         /// <remarks>
         /// if EncryptionFields contains a keyId with a null value, a data key will be automatically generated and assigned to keyId value.
         /// </remarks>
-        public async Task CreateEncryptedCollectionAsync<TCollection>(CollectionNamespace collectionNamespace, CreateCollectionOptions createCollectionOptions, string kmsProvider, DataKeyOptions dataKeyOptions, CancellationToken cancellationToken = default)
+        public async Task<CreateEncryptedCollectionResult> CreateEncryptedCollectionAsync(IMongoDatabase database, string collectionName, CreateCollectionOptions createCollectionOptions, string kmsProvider, DataKeyOptions dataKeyOptions, CancellationToken cancellationToken = default)
         {
-            Ensure.IsNotNull(collectionNamespace, nameof(collectionNamespace));
+            Ensure.IsNotNull(database, nameof(database));
+            Ensure.IsNotNull(collectionName, nameof(collectionName));
             Ensure.IsNotNull(createCollectionOptions, nameof(createCollectionOptions));
             Ensure.IsNotNull(dataKeyOptions, nameof(dataKeyOptions));
             Ensure.IsNotNull(kmsProvider, nameof(kmsProvider));
 
-            foreach (var fieldDocument in EncryptedCollectionHelper.IterateEmptyKeyIds(collectionNamespace, createCollectionOptions.EncryptedFields))
+            var encryptedFields = createCollectionOptions.EncryptedFields?.DeepClone()?.AsBsonDocument;
+            try
             {
-                var dataKey = await CreateDataKeyAsync(kmsProvider, dataKeyOptions, cancellationToken).ConfigureAwait(false);
-                EncryptedCollectionHelper.ModifyEncryptedFields(fieldDocument, dataKey);
+                foreach (var fieldDocument in EncryptedCollectionHelper.IterateEmptyKeyIds(new CollectionNamespace(database.DatabaseNamespace.DatabaseName, collectionName), encryptedFields))
+                {
+                    var dataKey = await CreateDataKeyAsync(kmsProvider, dataKeyOptions, cancellationToken).ConfigureAwait(false);
+                    EncryptedCollectionHelper.ModifyEncryptedFields(fieldDocument, dataKey);
+                }
+
+                var effectiveCreateEncryptionOptions = createCollectionOptions.Clone();
+                effectiveCreateEncryptionOptions.EncryptedFields = encryptedFields;
+                await database.CreateCollectionAsync(collectionName, effectiveCreateEncryptionOptions, cancellationToken).ConfigureAwait(false);
+            }
+            catch (Exception ex)
+            {
+                throw new MongoEncryptionCreateCollectionException(ex, encryptedFields);
             }
 
-            var database = _libMongoCryptController.KeyVaultClient.GetDatabase(collectionNamespace.DatabaseNamespace.DatabaseName);
-
-            await database.CreateCollectionAsync(collectionNamespace.CollectionName, createCollectionOptions, cancellationToken).ConfigureAwait(false);
+            return new CreateEncryptedCollectionResult(encryptedFields);
         }
 
         /// <summary>

src/MongoDB.Driver/Encryption/CreateEncryptedCollectionResult.cs

@@ -0,0 +1,38 @@
+/* Copyright 2010-present MongoDB Inc.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+using MongoDB.Bson;
+
+namespace MongoDB.Driver.Encryption
+{
+    /// <summary>
+    /// Represents the result of a create encrypted collection.
+    /// </summary>
+    public sealed class CreateEncryptedCollectionResult
+    {
+        private readonly BsonDocument _encryptedFields;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="CreateEncryptedCollectionResult"/> class.
+        /// </summary>
+        /// <param name="encryptedFields">The encrypted fields document.</param>
+        public CreateEncryptedCollectionResult(BsonDocument encryptedFields) => _encryptedFields = encryptedFields;
+
+        /// <summary>
+        /// The encrypted fields document.
+        /// </summary>
+        public BsonDocument EncryptedFields => _encryptedFields;
+    }
+}

src/MongoDB.Driver/Encryption/MongoEncryptionCreateCollectionException.cs

@@ -0,0 +1,69 @@
+/* Copyright 2010-present MongoDB Inc.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+using System;
+using System.Runtime.Serialization;
+using MongoDB.Bson;
+
+namespace MongoDB.Driver.Encryption
+{
+    /// <summary>
+    /// Represents an encryption exception.
+    /// </summary>
+    [Serializable]
+    public class MongoEncryptionCreateCollectionException : MongoEncryptionException
+    {
+        private readonly BsonDocument _encryptedFields;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="MongoEncryptionException"/> class.
+        /// </summary>
+        /// <param name="innerException">The inner exception.</param>
+        /// <param name="encryptedFields">The encrypted fields.</param>
+        public MongoEncryptionCreateCollectionException(Exception innerException, BsonDocument encryptedFields)
+            : base(innerException)
+        {
+            _encryptedFields = encryptedFields;
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="MongoEncryptionCreateCollectionException"/> class (this overload used by deserialization).
+        /// </summary>
+        /// <param name="info">The SerializationInfo.</param>
+        /// <param name="context">The StreamingContext.</param>
+        protected MongoEncryptionCreateCollectionException(SerializationInfo info, StreamingContext context)
+            : base(info, context)
+        {
+            _encryptedFields = (BsonDocument)info.GetValue(nameof(_encryptedFields), typeof(BsonDocument));
+        }
+
+        /// <summary>
+        /// The encrypted fields.
+        /// </summary>
+        public BsonDocument EncryptedFields => _encryptedFields;
+
+        // public methods
+        /// <summary>
+        /// Gets the object data.
+        /// </summary>
+        /// <param name="info">The information.</param>
+        /// <param name="context">The context.</param>
+        public override void GetObjectData(SerializationInfo info, StreamingContext context)
+        {
+            base.GetObjectData(info, context);
+            info.AddValue(nameof(_encryptedFields), _encryptedFields);
+        }
+    }
+}

src/MongoDB.Driver/Encryption/MongoEncryptionException.cs

@@ -15,7 +15,6 @@
 
 using System;
 using System.Runtime.Serialization;
-using MongoDB.Driver.Core.Misc;
 
 namespace MongoDB.Driver.Encryption
 {

tests/MongoDB.Bson.TestHelpers/BsonValueEquivalencyComparer.cs

@@ -13,6 +13,7 @@
 * limitations under the License.
 */
 
+using System;
 using System.Collections.Generic;
 
 namespace MongoDB.Bson.TestHelpers
@@ -22,15 +23,17 @@ public class BsonValueEquivalencyComparer : IEqualityComparer<BsonValue>
         #region static
         public static BsonValueEquivalencyComparer Instance { get; } = new BsonValueEquivalencyComparer();
 
-        public static bool Compare(BsonValue a, BsonValue b)
+        public static bool Compare(BsonValue a, BsonValue b, Action<BsonValue, BsonValue> massageAction = null)
         {
+            massageAction?.Invoke(a, b);
+
             if (a.BsonType == BsonType.Document && b.BsonType == BsonType.Document)
             {
-                return CompareDocuments((BsonDocument)a, (BsonDocument)b);
+                return CompareDocuments((BsonDocument)a, (BsonDocument)b, massageAction);
             }
             else if (a.BsonType == BsonType.Array && b.BsonType == BsonType.Array)
             {
-                return CompareArrays((BsonArray)a, (BsonArray)b);
+                return CompareArrays((BsonArray)a, (BsonArray)b, massageAction);
             }
             else if (a.BsonType == b.BsonType)
             {
@@ -50,7 +53,7 @@ public static bool Compare(BsonValue a, BsonValue b)
             }
         }
 
-        private static bool CompareArrays(BsonArray a, BsonArray b)
+        private static bool CompareArrays(BsonArray a, BsonArray b, Action<BsonValue, BsonValue> massageAction = null)
         {
             if (a.Count != b.Count)
             {
@@ -59,7 +62,7 @@ private static bool CompareArrays(BsonArray a, BsonArray b)
 
             for (var i = 0; i < a.Count; i++)
             {
-                if (!Compare(a[i], b[i]))
+                if (!Compare(a[i], b[i], massageAction))
                 {
                     return false;
                 }
@@ -68,7 +71,7 @@ private static bool CompareArrays(BsonArray a, BsonArray b)
             return true;
         }
 
-        private static bool CompareDocuments(BsonDocument a, BsonDocument b)
+        private static bool CompareDocuments(BsonDocument a, BsonDocument b, Action<BsonValue, BsonValue> massageAction = null)
         {
             if (a.ElementCount != b.ElementCount)
             {
@@ -83,7 +86,7 @@ private static bool CompareDocuments(BsonDocument a, BsonDocument b)
                     return false;
                 }
 
-                if (!Compare(aElement.Value, bElement.Value))
+                if (!Compare(aElement.Value, bElement.Value, massageAction))
                 {
                     return false;
                 }

tests/MongoDB.Driver.Tests/Encryption/ClientEncryptionTests.cs

@@ -25,6 +25,9 @@
 using MongoDB.Driver.Tests.Specifications.client_side_encryption;
 using MongoDB.Libmongocrypt;
 using Xunit;
+using Moq;
+using System.Collections.Generic;
+using System.Threading;
 
 namespace MongoDB.Driver.Tests.Encryption
 {
@@ -64,6 +67,149 @@ public async Task CreateDataKey_should_correctly_handle_input_arguments()
             }
         }
 
+        [Fact]
+        public async Task CreateEncryptedCollection_should_handle_input_arguments()
+        {
+            const string kmsProvider = "local";
+            const string collectionName = "collName";
+            var createCollectionOptions = new CreateCollectionOptions();
+            var database = Mock.Of<IMongoDatabase>();
+
+            var dataKeyOptions = new DataKeyOptions();
+
+            using (var subject = CreateSubject())
+            {
+                ShouldBeArgumentException(Record.Exception(() => subject.CreateEncryptedCollection(database: null, collectionName, createCollectionOptions, kmsProvider, dataKeyOptions)), expectedParamName: "database");
+                ShouldBeArgumentException(await Record.ExceptionAsync(() => subject.CreateEncryptedCollectionAsync(database: null, collectionName, createCollectionOptions, kmsProvider, dataKeyOptions)), expectedParamName: "database");
+
+                ShouldBeArgumentException(Record.Exception(() => subject.CreateEncryptedCollection(database, collectionName: null, createCollectionOptions, kmsProvider, dataKeyOptions)), expectedParamName: "collectionName");
+                ShouldBeArgumentException(await Record.ExceptionAsync(() => subject.CreateEncryptedCollectionAsync(database, collectionName: null, createCollectionOptions, kmsProvider, dataKeyOptions)), expectedParamName: "collectionName");
+
+                ShouldBeArgumentException(Record.Exception(() => subject.CreateEncryptedCollection(database, collectionName: collectionName, createCollectionOptions: null, kmsProvider, dataKeyOptions)), expectedParamName: "createCollectionOptions");
+                ShouldBeArgumentException(await Record.ExceptionAsync(() => subject.CreateEncryptedCollectionAsync(database, collectionName, createCollectionOptions: null, kmsProvider, dataKeyOptions)), expectedParamName: "createCollectionOptions");
+
+                ShouldBeArgumentException(Record.Exception(() => subject.CreateEncryptedCollection(database, collectionName: collectionName, createCollectionOptions, kmsProvider: null, dataKeyOptions)), expectedParamName: "kmsProvider");
+                ShouldBeArgumentException(await Record.ExceptionAsync(() => subject.CreateEncryptedCollectionAsync(database, collectionName, createCollectionOptions, kmsProvider: null, dataKeyOptions)), expectedParamName: "kmsProvider");
+
+                ShouldBeArgumentException(Record.Exception(() => subject.CreateEncryptedCollection(database, collectionName: collectionName, createCollectionOptions, kmsProvider, dataKeyOptions: null)), expectedParamName: "dataKeyOptions");
+                ShouldBeArgumentException(await Record.ExceptionAsync(() => subject.CreateEncryptedCollectionAsync(database, collectionName, createCollectionOptions, kmsProvider, dataKeyOptions: null)), expectedParamName: "dataKeyOptions");
+            }
+        }
+
+        [Fact]
+        public async Task CreateEncryptedCollection_should_handle_save_generated_key_when_second_key_failed()
+        {
+            const string kmsProvider = "local";
+            const string collectionName = "collName";
+            const string encryptedFieldsStr = "{ fields : [{ keyId : null }, { keyId : null }] }";
+            var database = Mock.Of<IMongoDatabase>(d => d.DatabaseNamespace == new DatabaseNamespace("db"));
+
+            var dataKeyOptions = new DataKeyOptions();
+
+            var mockCollection = new Mock<IMongoCollection<BsonDocument>>();
+            mockCollection
+                .SetupSequence(c => c.InsertOne(It.IsAny<BsonDocument>(), It.IsAny<InsertOneOptions>(), It.IsAny<CancellationToken>()))
+                .Pass()
+                .Throws(new Exception("test"));
+            mockCollection
+                .SetupSequence(c => c.InsertOneAsync(It.IsAny<BsonDocument>(), It.IsAny<InsertOneOptions>(), It.IsAny<CancellationToken>()))
+                .Returns(Task.CompletedTask)
+                .Throws(new Exception("test"));
+            var mockDatabase = new Mock<IMongoDatabase>();
+            mockDatabase.Setup(c => c.GetCollection<BsonDocument>(It.IsAny<string>(), It.IsAny<MongoCollectionSettings>())).Returns(mockCollection.Object);
+            var client = new Mock<IMongoClient>();
+            client.Setup(c => c.GetDatabase(It.IsAny<string>(), It.IsAny<MongoDatabaseSettings>())).Returns(mockDatabase.Object);
+
+            using (var subject = CreateSubject(client.Object))
+            {
+                var createCollectionOptions = new CreateCollectionOptions() { EncryptedFields = BsonDocument.Parse(encryptedFieldsStr) };
+                var exception = Record.Exception(() => subject.CreateEncryptedCollection(database, collectionName, createCollectionOptions, kmsProvider, dataKeyOptions));
+                AssertResults(exception, createCollectionOptions);
+
+                exception = await Record.ExceptionAsync(() => subject.CreateEncryptedCollectionAsync(database, collectionName, createCollectionOptions, kmsProvider, dataKeyOptions));
+                AssertResults(exception, createCollectionOptions);
+            }
+
+            void AssertResults(Exception ex, CreateCollectionOptions createCollectionOptions)
+            {
+                var createCollectionException = ex.Should().BeOfType<MongoEncryptionCreateCollectionException>().Subject;
+                createCollectionException
+                    .InnerException
+                    .Should().BeOfType<MongoEncryptionException>().Subject.InnerException
+                    .Should().BeOfType<Exception>().Which.Message
+                    .Should().Be("test");
+                var fields = createCollectionException.EncryptedFields["fields"].AsBsonArray;
+                fields[0].AsBsonDocument["keyId"].Should().BeOfType<BsonBinaryData>(); // pass
+                /*
+                    - If generating `D` resulted in an error `E`, the entire
+                    `CreateEncryptedCollection` must now fail with error `E`. Return the
+                    partially-formed `EF'` with the error so that the caller may know what
+                    datakeys have already been created by the helper.
+                 */
+                fields[1].AsBsonDocument["keyId"].Should().BeOfType<BsonNull>(); // throw
+            }
+        }
+
+        [Theory]
+        [InlineData(null, "There are no encrypted fields defined for the collection.")]
+        [InlineData("{}", "{}")]
+        [InlineData("{ a : 1 }", "{ a : 1 }")]
+        [InlineData("{ fields : { } }", "{ fields: { } }")]
+        [InlineData("{ fields : [] }", "{ fields: [] }")]
+        [InlineData("{ fields : [{ a : 1 }] }", "{ fields: [{ a : 1 }] }")]
+        [InlineData("{ fields : [{ keyId : 1 }] }", "{ fields: [{ keyId : 1 }] }")]
+        [InlineData("{ fields : [{ keyId : null }] }", "{ fields: [{ keyId : '#binary_generated#' }] }")]
+        [InlineData("{ fields : [{ keyId : null }, { keyId : null }] }", "{ fields: [{ keyId : '#binary_generated#' }, { keyId : '#binary_generated#' }] }")]
+        [InlineData("{ fields : [{ keyId : 3 }, { keyId : null }] }", "{ fields: [{ keyId : 3 }, { keyId : '#binary_generated#' }] }")]
+        public async Task CreateEncryptedCollection_should_handle_various_encryptedFields(string encryptedFieldsStr, string expectedResult)
+        {
+            const string kmsProvider = "local";
+            const string collectionName = "collName";
+            var database = Mock.Of<IMongoDatabase>(d => d.DatabaseNamespace == new DatabaseNamespace("db"));
+
+            var dataKeyOptions = new DataKeyOptions();
+
+            using (var subject = CreateSubject())
+            {
+                var createCollectionOptions = new CreateCollectionOptions() { EncryptedFields = encryptedFieldsStr != null ? BsonDocument.Parse(encryptedFieldsStr) : null };
+
+                if (BsonDocument.TryParse(expectedResult, out var encryptedFields))
+                {
+                    var createCollectionResult = subject.CreateEncryptedCollection(database, collectionName, createCollectionOptions, kmsProvider, dataKeyOptions);
+                    createCollectionResult.EncryptedFields.WithComparer(new EncryptedFieldsComparer()).Should().Be(encryptedFields.DeepClone());
+
+                    createCollectionResult = await subject.CreateEncryptedCollectionAsync(database, collectionName, createCollectionOptions, kmsProvider, dataKeyOptions);
+                    createCollectionResult.EncryptedFields.WithComparer(new EncryptedFieldsComparer()).Should().Be(encryptedFields.DeepClone());
+                }
+                else
+                {
+                    AssertInvalidOperationException(Record.Exception(() => subject.CreateEncryptedCollection(database, collectionName, createCollectionOptions, kmsProvider, dataKeyOptions)), expectedResult);
+                    AssertInvalidOperationException(await Record.ExceptionAsync(() => subject.CreateEncryptedCollectionAsync(database, collectionName, createCollectionOptions, kmsProvider, dataKeyOptions)), expectedResult);
+                }
+            }
+
+            void AssertInvalidOperationException(Exception ex, string message) =>
+                ex
+                .Should().BeOfType<MongoEncryptionCreateCollectionException>().Subject.InnerException
+                .Should().BeOfType<InvalidOperationException>().Which.Message.Should().Be(message);
+        }
+
+        private sealed class EncryptedFieldsComparer : IEqualityComparer<BsonDocument>
+        {
+            public bool Equals(BsonDocument x, BsonDocument y) =>
+                BsonValueEquivalencyComparer.Compare(
+                    x, y,
+                    massageAction: (a, b) =>
+                    {
+                        if (a is BsonDocument aDocument && aDocument.TryGetValue("keyId", out var aKeyId) && aKeyId.IsBsonBinaryData &&
+                            b is BsonDocument bDocument && bDocument.TryGetValue("keyId", out var bKeyId) && bKeyId == "#binary_generated#")
+                        {
+                            bDocument["keyId"] = aDocument["keyId"];
+                        }
+                    });
+
+            public int GetHashCode(BsonDocument obj) => obj.GetHashCode();
+        }
 
         [Fact]
         public void CryptClient_should_be_initialized()
@@ -167,10 +313,10 @@ public async Task RewrapManyDataKey_should_correctly_handle_input_arguments()
         }
 
         // private methods
-        private ClientEncryption CreateSubject()
+        private ClientEncryption CreateSubject(IMongoClient client = null)
         {
             var clientEncryptionOptions = new ClientEncryptionOptions(
-                DriverTestConfiguration.Client,
+                client ?? DriverTestConfiguration.Client,
                 __keyVaultCollectionNamespace,
                 kmsProviders: EncryptionTestHelper.GetKmsProviders(filter: "local"));
 

tests/MongoDB.Driver.Tests/Encryption/MongoEncryptionCreateCollectionExceptionTests.cs

@@ -0,0 +1,47 @@
+/* Copyright 2010-present MongoDB Inc.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+using System;
+using System.IO;
+using System.Runtime.Serialization.Formatters.Binary;
+using FluentAssertions;
+using MongoDB.Bson;
+using MongoDB.Driver.Encryption;
+using Xunit;
+
+namespace MongoDB.Driver.Tests.Encryption
+{
+    public class MongoEncryptionCreateCollectionExceptionTests
+    {
+        [Fact]
+        public void Serialization_should_work()
+        {
+            var subject = new MongoEncryptionCreateCollectionException(new Exception("inner"), new BsonDocument("value", 1));
+
+            var formatter = new BinaryFormatter();
+            using (var stream = new MemoryStream())
+            {
+#pragma warning disable SYSLIB0011 // BinaryFormatter serialization is obsolete
+                formatter.Serialize(stream, subject);
+                stream.Position = 0;
+                var rehydrated = (MongoEncryptionCreateCollectionException)formatter.Deserialize(stream);
+#pragma warning restore SYSLIB0011 // BinaryFormatter serialization is obsolete
+
+                rehydrated.InnerException.Message.Should().Be(subject.InnerException.Message);
+                rehydrated.EncryptedFields.Should().Be(subject.EncryptedFields).And.Should().NotBeNull();
+            }
+        }
+    }
+}

tests/MongoDB.Driver.Tests/Specifications/client-side-encryption/prose-tests/ClientEncryptionProseTests.cs

@@ -119,32 +119,36 @@ void RunTestCase(int testCase)
                     {
                         case 1: // Case 1: Simple Creation and Validation
                             {
-                                var collection = CreateEncryptedCollection(client, clientEncryption, __collCollectionNamespace, encryptedFields, kmsProvider, async);
+                                var collection = CreateEncryptedCollection(client, clientEncryption, __collCollectionNamespace, encryptedFields, kmsProvider, async, out _);
 
                                 var exception = Record.Exception(() => Insert(collection, async, new BsonDocument("ssn", "123-45-6789")));
                                 exception.Should().BeOfType<MongoBulkWriteException<BsonDocument>>().Which.Message.Should().Contain("Document failed validation");
                             }
                             break;
                         case 2: // Case 2: Missing ``encryptedFields``
                             {
-                                var exception = Record.Exception(() => CreateEncryptedCollection(client, clientEncryption, __collCollectionNamespace, encryptedFields: null, kmsProvider, async));
+                                var exception = Record.Exception(() => CreateEncryptedCollection(client, clientEncryption, __collCollectionNamespace, encryptedFields: null, kmsProvider, async, out _));
 
-                                exception.Should().BeOfType<InvalidOperationException>().Which.Message.Should().Contain("There are no encrypted fields defined for the collection.") ;
+                                exception
+                                    .Should().BeOfType<MongoEncryptionCreateCollectionException>().Which.InnerException
+                                    .Should().BeOfType<InvalidOperationException>().Which.Message.Should().Contain("There are no encrypted fields defined for the collection.") ;
                             }
                             break;
                         case 3: // Case 3: Invalid ``keyId``
                             {
                                 var effectiveEncryptedFields = encryptedFields.DeepClone();
                                 effectiveEncryptedFields["fields"].AsBsonArray[0].AsBsonDocument["keyId"] = false;
-                                var exception = Record.Exception(() => CreateEncryptedCollection(client, clientEncryption, __collCollectionNamespace, effectiveEncryptedFields.AsBsonDocument, kmsProvider, async));
-                                exception.Should().BeOfType<MongoCommandException>().Which.Message.Should().Contain("BSON field 'create.encryptedFields.fields.keyId' is the wrong type 'bool', expected type 'binData'");
+                                var exception = Record.Exception(() => CreateEncryptedCollection(client, clientEncryption, __collCollectionNamespace, effectiveEncryptedFields.AsBsonDocument, kmsProvider, async, out _));
+                                exception
+                                    .Should().BeOfType<MongoEncryptionCreateCollectionException>().Which.InnerException
+                                    .Should().BeOfType<MongoCommandException>().Which.Message.Should().Contain("BSON field 'create.encryptedFields.fields.keyId' is the wrong type 'bool', expected type 'binData'");
                             }
                             break;
                        case 4: // Case 4: Insert encrypted value
                             {
                                 var createCollectionOptions = new CreateCollectionOptions { EncryptedFields = encryptedFields };
-                                var collection = CreateEncryptedCollection(client, clientEncryption, __collCollectionNamespace, createCollectionOptions, kmsProvider, async);
-                                var dataKey = createCollectionOptions.EncryptedFields["fields"].AsBsonArray[0].AsBsonDocument["keyId"].AsGuid; // get generated datakey
+                                var collection = CreateEncryptedCollection(client, clientEncryption, __collCollectionNamespace, createCollectionOptions, kmsProvider, async, out var effectiveEncryptedFields);
+                                var dataKey = effectiveEncryptedFields["fields"].AsBsonArray[0].AsBsonDocument["keyId"].AsGuid; // get generated datakey
                                 var encryptedValue = ExplicitEncrypt(clientEncryption, new EncryptOptions(algorithm: EncryptionAlgorithm.Unindexed, keyId: dataKey), "123-45-6789", async); // use explicit encryption to encrypt data before inserting
                                 Insert(collection, async, new BsonDocument("ssn", encryptedValue));
                             }
@@ -2340,24 +2344,23 @@ private void CreateCollection(IMongoClient client, CollectionNamespace collectio
                     });
         }
 
-        private IMongoCollection<BsonDocument> CreateEncryptedCollection(IMongoClient client, ClientEncryption clientEncryption, CollectionNamespace collectionNamespace, BsonDocument encryptedFields, string kmsProvider, bool async)
+        private IMongoCollection<BsonDocument> CreateEncryptedCollection(IMongoClient client, ClientEncryption clientEncryption, CollectionNamespace collectionNamespace, BsonDocument encryptedFields, string kmsProvider, bool async, out BsonDocument effectiveEncryptedFields)
         {
             var createCollectionOptions = new CreateCollectionOptions { EncryptedFields = encryptedFields };
-            return CreateEncryptedCollection(client, clientEncryption, collectionNamespace, createCollectionOptions, kmsProvider, async);
+            return CreateEncryptedCollection(client, clientEncryption, collectionNamespace, createCollectionOptions, kmsProvider, async, out effectiveEncryptedFields);
         }
 
-        private IMongoCollection<BsonDocument> CreateEncryptedCollection(IMongoClient client, ClientEncryption clientEncryption, CollectionNamespace collectionNamespace, CreateCollectionOptions createCollectionOptions, string kmsProvider, bool async)
+        private IMongoCollection<BsonDocument> CreateEncryptedCollection(IMongoClient client, ClientEncryption clientEncryption, CollectionNamespace collectionNamespace, CreateCollectionOptions createCollectionOptions, string kmsProvider, bool async, out BsonDocument effectiveEncryptedFields)
         {
             var datakeyOptions = CreateDataKeyOptions(kmsProvider);
+            var database = client.GetDatabase(collectionNamespace.DatabaseNamespace.DatabaseName);
 
-            if (async)
-            {
-                clientEncryption.CreateEncryptedCollectionAsync<BsonDocument>(collectionNamespace, createCollectionOptions, kmsProvider, datakeyOptions, cancellationToken: default).GetAwaiter().GetResult();
-            }
-            else
-            { 
-                clientEncryption.CreateEncryptedCollection<BsonDocument>(collectionNamespace, createCollectionOptions, kmsProvider, datakeyOptions, cancellationToken: default);
-            }
+
+            var result = async
+                ? clientEncryption.CreateEncryptedCollectionAsync(database, collectionNamespace.CollectionName, createCollectionOptions, kmsProvider, datakeyOptions, cancellationToken: default).GetAwaiter().GetResult()
+                : clientEncryption.CreateEncryptedCollection(database, collectionNamespace.CollectionName, createCollectionOptions, kmsProvider, datakeyOptions, cancellationToken: default);
+
+            effectiveEncryptedFields = result.EncryptedFields;
 
             return client.GetDatabase(collectionNamespace.DatabaseNamespace.DatabaseName).GetCollection<BsonDocument>(collectionNamespace.CollectionName);
         }