use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by microsoft.
the class JDBCEncryptionDecryptionTest method testAkvNameWithTokenCredential.
@ParameterizedTest
@MethodSource("enclaveParams")
@Tag(Constants.reqExternalSetup)
public void testAkvNameWithTokenCredential(String serverName, String url, String protocol) throws Exception {
setAEConnectionString(serverName, url, protocol);
ClientSecretCredential credential = new ClientSecretCredentialBuilder().tenantId(tenantID).clientId(applicationClientID).clientSecret(applicationKey).build();
try {
SQLServerColumnEncryptionAzureKeyVaultProvider akv = new SQLServerColumnEncryptionAzureKeyVaultProvider(credential);
String keystoreName = "keystoreName";
akv.setName(keystoreName);
assertTrue(akv.getName().equals(keystoreName));
} catch (SQLServerException e) {
fail(TestResource.getResource("R_unexpectedException") + e.getMessage());
}
}
use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by microsoft.
the class JDBCEncryptionDecryptionTest method testAkvBadEncryptColumnEncryptionKeyWithAuthCallback.
@ParameterizedTest
@MethodSource("enclaveParams")
@Tag(Constants.reqExternalSetup)
public void testAkvBadEncryptColumnEncryptionKeyWithAuthCallback(String serverName, String url, String protocol) throws Exception {
setAEConnectionString(serverName, url, protocol);
SQLServerColumnEncryptionAzureKeyVaultProvider akv = null;
try {
akv = new SQLServerColumnEncryptionAzureKeyVaultProvider(authenticationCallback);
} catch (SQLServerException e) {
fail(TestResource.getResource("R_unexpectedException") + e.getMessage());
}
// null encryptedColumnEncryptionKey
try {
akv.encryptColumnEncryptionKey(keyIDs[0], Constants.CEK_ALGORITHM, null);
fail(TestResource.getResource("R_expectedExceptionNotThrown"));
} catch (SQLServerException e) {
assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_NullColumnEncryptionKey")));
}
// empty encryptedColumnEncryptionKey
try {
byte[] emptyCek = new byte[0];
akv.encryptColumnEncryptionKey(keyIDs[0], Constants.CEK_ALGORITHM, emptyCek);
fail(TestResource.getResource("R_expectedExceptionNotThrown"));
} catch (SQLServerException e) {
assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_EmptyCEK")));
}
}
use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by microsoft.
the class AESetup method createCEK.
/**
* Create column encryption key
*
* @param storeProvider
* @param certStore
* @throws SQLException
*/
private static void createCEK(String cmkName, String cekName, SQLServerColumnEncryptionKeyStoreProvider storeProvider) throws SQLException {
try (SQLServerConnection con = (SQLServerConnection) PrepUtil.getConnection(AETestConnectionString + ";sendTimeAsDateTime=false", AEInfo);
SQLServerStatement stmt = (SQLServerStatement) con.createStatement()) {
byte[] valuesDefault = Constants.CEK_STRING.getBytes();
String encryptedValue;
if (storeProvider instanceof SQLServerColumnEncryptionJavaKeyStoreProvider) {
byte[] key = storeProvider.encryptColumnEncryptionKey(javaKeyAliases, Constants.CEK_ALGORITHM, valuesDefault);
encryptedValue = "0x" + TestUtils.bytesToHexString(key, key.length);
} else if (storeProvider instanceof SQLServerColumnEncryptionAzureKeyVaultProvider) {
byte[] key = storeProvider.encryptColumnEncryptionKey(keyIDs[0], Constants.CEK_ALGORITHM, valuesDefault);
encryptedValue = "0x" + TestUtils.bytesToHexString(key, key.length);
} else {
encryptedValue = Constants.CEK_ENCRYPTED_VALUE;
}
String sql = "if not exists (SELECT name from sys.column_encryption_keys where name='" + cekName + "')" + " begin" + " CREATE COLUMN ENCRYPTION KEY " + cekName + " WITH VALUES " + "(COLUMN_MASTER_KEY = " + cmkName + ", ALGORITHM = '" + Constants.CEK_ALGORITHM + "', ENCRYPTED_VALUE = " + encryptedValue + ") end;";
stmt.execute(sql);
}
}
use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by microsoft.
the class FedauthWithAE method setupKeyStoreProvider_AKVOld.
private SQLServerColumnEncryptionKeyStoreProvider setupKeyStoreProvider_AKVOld() throws SQLServerException {
ExecutorService service = Executors.newFixedThreadPool(2);
SQLServerKeyVaultAuthenticationCallback authenticationCallback = new SQLServerKeyVaultAuthenticationCallback() {
@Override
public String getAccessToken(String authority, String resource, String scope) {
AuthenticationResult result = null;
try {
AuthenticationContext context = new AuthenticationContext(authority, false, service);
ClientCredential cred = new ClientCredential(applicationClientID, applicationKey);
Future<AuthenticationResult> future = context.acquireToken(resource, cred, null);
result = future.get();
return result.getAccessToken();
} catch (Exception e) {
fail(e.getMessage());
return null;
}
}
};
return new SQLServerColumnEncryptionAzureKeyVaultProvider(authenticationCallback);
}
use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by microsoft.
the class AbstractTest method setup.
/**
* This will take care of all initialization before running the Test Suite.
*
* @throws Exception
* when an error occurs
*/
@BeforeAll
public static void setup() throws Exception {
// Invoke fine logging...
invokeLogging();
// get Properties from config file
try (InputStream input = new FileInputStream(Constants.CONFIG_PROPERTIES_FILE)) {
configProperties = new Properties();
configProperties.load(input);
} catch (FileNotFoundException | SecurityException e) {
// no config file used
}
connectionString = getConfiguredPropertyOrEnv(Constants.MSSQL_JDBC_TEST_CONNECTION_PROPERTIES);
connectionStringNTLM = connectionString;
applicationClientID = getConfiguredProperty("applicationClientID");
applicationKey = getConfiguredProperty("applicationKey");
tenantID = getConfiguredProperty("tenantID");
javaKeyPath = TestUtils.getCurrentClassPath() + Constants.JKS_NAME;
keyIDs = getConfiguredProperty("keyID", "").split(Constants.SEMI_COLON);
windowsKeyPath = getConfiguredProperty("windowsKeyPath");
String prop;
prop = getConfiguredProperty("enclaveServer", null);
if (null == prop) {
// default to server in connection string
String serverName = (connectionString.substring(Constants.JDBC_PREFIX.length()).split(Constants.SEMI_COLON)[0]).split(":")[0];
enclaveServer = new String[1];
enclaveServer[0] = new String(serverName);
} else {
enclaveServer = prop.split(Constants.SEMI_COLON);
}
prop = getConfiguredProperty("enclaveAttestationUrl", null);
enclaveAttestationUrl = null != prop ? prop.split(Constants.SEMI_COLON) : null;
prop = getConfiguredProperty("enclaveAttestationProtocol", null);
enclaveAttestationProtocol = null != prop ? prop.split(Constants.SEMI_COLON) : null;
clientCertificate = getConfiguredProperty("clientCertificate", null);
clientKey = getConfiguredProperty("clientKey", null);
clientKeyPassword = getConfiguredProperty("clientKeyPassword", "");
trustStorePath = getConfiguredProperty("trustStore", "");
Map<String, SQLServerColumnEncryptionKeyStoreProvider> map = new HashMap<String, SQLServerColumnEncryptionKeyStoreProvider>();
if (null == jksProvider) {
jksProvider = new SQLServerColumnEncryptionJavaKeyStoreProvider(javaKeyPath, Constants.JKS_SECRET.toCharArray());
map.put(Constants.CUSTOM_KEYSTORE_NAME, jksProvider);
}
if (null == akvProvider && null != applicationClientID && null != applicationKey) {
File file = null;
try {
file = new File(Constants.MSSQL_JDBC_PROPERTIES);
try (OutputStream os = new FileOutputStream(file)) {
Properties props = new Properties();
// Append to the list of hardcoded endpoints.
props.setProperty(Constants.AKV_TRUSTED_ENDPOINTS_KEYWORD, ";vault.azure.net");
props.store(os, "");
}
akvProvider = new SQLServerColumnEncryptionAzureKeyVaultProvider(applicationClientID, applicationKey);
map.put(Constants.AZURE_KEY_VAULT_NAME, akvProvider);
} finally {
if (null != file) {
file.delete();
}
}
}
if (!isKspRegistered) {
SQLServerConnection.registerColumnEncryptionKeyStoreProviders(map);
isKspRegistered = true;
}
// if these properties are defined then NTLM is desired, modify connection string accordingly
String domain = getConfiguredProperty("domainNTLM");
String user = getConfiguredProperty("userNTLM");
String password = getConfiguredProperty("passwordNTLM");
if (null != domain) {
connectionStringNTLM = TestUtils.addOrOverrideProperty(connectionStringNTLM, "domain", domain);
}
if (null != user) {
connectionStringNTLM = TestUtils.addOrOverrideProperty(connectionStringNTLM, "user", user);
}
if (null != password) {
connectionStringNTLM = TestUtils.addOrOverrideProperty(connectionStringNTLM, "password", password);
}
if (null != user && null != password) {
connectionStringNTLM = TestUtils.addOrOverrideProperty(connectionStringNTLM, "authenticationScheme", "NTLM");
connectionStringNTLM = TestUtils.addOrOverrideProperty(connectionStringNTLM, "integratedSecurity", "true");
}
// MSI properties
msiClientId = getConfiguredProperty("msiClientId");
keyStorePrincipalId = getConfiguredProperty("keyStorePrincipalId");
keyStoreSecret = getConfiguredProperty("keyStoreSecret");
ds = updateDataSource(connectionString, new SQLServerDataSource());
dsXA = updateDataSource(connectionString, new SQLServerXADataSource());
dsPool = updateDataSource(connectionString, new SQLServerConnectionPoolDataSource());
try {
Assertions.assertNotNull(connectionString, TestResource.getResource("R_ConnectionStringNull"));
Class.forName(Constants.MSSQL_JDBC_PACKAGE + ".SQLServerDriver");
if (!SQLServerDriver.isRegistered()) {
SQLServerDriver.register();
}
if (null == connection || connection.isClosed()) {
connection = getConnection();
}
isSqlAzureOrAzureDW(connection);
checkSqlOS(connection);
} catch (Exception e) {
throw e;
}
}
Aggregations