feat(NODE-3777): pass tls options through to csfle

Author: durran

src/deps.ts

@@ -174,6 +174,28 @@ export const AutoEncryptionLoggerLevel = Object.freeze({
 export type AutoEncryptionLoggerLevel =
   typeof AutoEncryptionLoggerLevel[keyof typeof AutoEncryptionLoggerLevel];
 
+/** @public */
+export interface AutoEncryptionTlsOptions {
+  /**
+   * Specifies the location of a local .pem file that contains
+   * either the client's TLS/SSL certificate and key or only the
+   * client's TLS/SSL key when tlsCertificateFile is used to
+   * provide the certificate.
+   */
+  tlsCertificateKeyFile?: string;
+  /**
+   * Specifies the password to de-crypt the tlsCertificateKeyFile.
+   */
+  tlsCertificateKeyFilePassword?: string;
+  /**
+   * Specifies the location of a local .pem file that contains the
+   * root certificate chain from the Certificate Authority.
+   * This file is used to validate the certificate presented by the
+   * KMS provider.
+   */
+  tlsCAFile?: string;
+}
+
 /** @public */
 export interface AutoEncryptionOptions {
   /** @internal */
@@ -275,6 +297,14 @@ export interface AutoEncryptionOptions {
     mongocryptdSpawnArgs?: string[];
   };
   proxyOptions?: ProxyOptions;
+  /** The TLS options to use connecting to the KMS provider */
+  tlsOptions?: {
+    aws?: AutoEncryptionTlsOptions;
+    local?: AutoEncryptionTlsOptions;
+    azure?: AutoEncryptionTlsOptions;
+    gcp?: AutoEncryptionTlsOptions;
+    kmip?: AutoEncryptionTlsOptions;
+  }
 }
 
 /** @public */

test/integration/client-side-encryption/client_side_encryption.corpus.spec.test.js

@@ -202,9 +202,16 @@ describe('Client Side Encryption Corpus', function () {
           //    .. code:: javascript
           //       Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk
           //    Configure both objects with ``keyVaultNamespace`` set to ``keyvault.datakeys``.
+          const tlsOptions = {
+            kmip: {
+              tlsCAFile: '/Users/modetojoy/work/mongodb-labs/drivers-evergreen-tools/.evergreen/x509gen/ca.pem',
+              tlsCertificateKeyFile: '/Users/modetojoy/work/mongodb-labs/drivers-evergreen-tools/.evergreen/x509gen/client.pem'
+            }
+          };
           const autoEncryption = {
             keyVaultNamespace,
-            kmsProviders
+            kmsProviders,
+            tlsOptions
           };
           if (useClientSideSchema) {
             autoEncryption.schemaMap = {
@@ -217,7 +224,8 @@ describe('Client Side Encryption Corpus', function () {
             clientEncryption = new mongodbClientEncryption.ClientEncryption(client, {
               bson: BSON,
               keyVaultNamespace,
-              kmsProviders
+              kmsProviders,
+              tlsOptions
             });
           });
         });