use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by Microsoft.
the class FedauthWithAE method setupKeyStoreProvider_AKVOld.
private SQLServerColumnEncryptionKeyStoreProvider setupKeyStoreProvider_AKVOld() throws SQLServerException {
ExecutorService service = Executors.newFixedThreadPool(2);
SQLServerKeyVaultAuthenticationCallback authenticationCallback = new SQLServerKeyVaultAuthenticationCallback() {
@Override
public String getAccessToken(String authority, String resource, String scope) {
AuthenticationResult result = null;
try {
AuthenticationContext context = new AuthenticationContext(authority, false, service);
ClientCredential cred = new ClientCredential(applicationClientID, applicationKey);
Future<AuthenticationResult> future = context.acquireToken(resource, cred, null);
result = future.get();
return result.getAccessToken();
} catch (Exception e) {
fail(e.getMessage());
return null;
}
}
};
return new SQLServerColumnEncryptionAzureKeyVaultProvider(authenticationCallback);
}
use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by Microsoft.
the class JDBCEncryptionDecryptionTest method testAkvDecryptColumnEncryptionKey.
/*
* Test decryptColumnEncryptionKey for AKV
*/
@ParameterizedTest
@MethodSource("enclaveParams")
@Tag(Constants.reqExternalSetup)
public void testAkvDecryptColumnEncryptionKey(String serverName, String url, String protocol) throws Exception {
setAEConnectionString(serverName, url, protocol);
SQLServerColumnEncryptionAzureKeyVaultProvider akv = null;
akv = new SQLServerColumnEncryptionAzureKeyVaultProvider(applicationClientID, applicationKey);
// null akvpath
try {
akv.decryptColumnEncryptionKey(null, "", null);
fail(TestResource.getResource("R_expectedExceptionNotThrown"));
} catch (SQLServerException e) {
assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_AKVPathNull")));
}
// invalid akvpath
try {
akv.decryptColumnEncryptionKey("keypath", "", null);
fail(TestResource.getResource("R_expectedExceptionNotThrown"));
} catch (SQLServerException e) {
assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_AKVMasterKeyPathInvalid")));
}
// invalid akvpath url
try {
akv.decryptColumnEncryptionKey("http:///^[!#$&-;=?-[]_a-", "", null);
fail(TestResource.getResource("R_expectedExceptionNotThrown"));
} catch (SQLServerException e) {
assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_AKVURLInvalid")));
}
// null encryptedColumnEncryptionKey
try {
akv.decryptColumnEncryptionKey(keyIDs[0], Constants.CEK_ALGORITHM, null);
fail(TestResource.getResource("R_expectedExceptionNotThrown"));
} catch (SQLServerException e) {
assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_NullEncryptedColumnEncryptionKey")));
}
// empty encryptedColumnEncryptionKey
try {
byte[] emptyCek = new byte[0];
akv.decryptColumnEncryptionKey(keyIDs[0], Constants.CEK_ALGORITHM, emptyCek);
fail(TestResource.getResource("R_expectedExceptionNotThrown"));
} catch (SQLServerException e) {
assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_EmptyEncryptedColumnEncryptionKey")));
}
// invalid algorithm
try {
byte[] badCek = new byte[1];
akv.decryptColumnEncryptionKey(keyIDs[0], "invalidAlgo", badCek);
fail(TestResource.getResource("R_expectedExceptionNotThrown"));
} catch (SQLServerException e) {
assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_InvalidKeyEncryptionAlgorithm")));
}
// bad encryptedColumnEncryptionKey
try {
byte[] badCek = new byte[1];
akv.decryptColumnEncryptionKey(keyIDs[0], Constants.CEK_ALGORITHM, badCek);
fail(TestResource.getResource("R_expectedExceptionNotThrown"));
} catch (SQLServerException e) {
assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_InvalidEcryptionAlgorithmVersion")));
}
}
use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by Microsoft.
the class JDBCEncryptionDecryptionTest method testAkvNameWithAuthCallback_ADAL.
/**
* This tests callback implemented using ADAL lib
*/
@ParameterizedTest
@MethodSource("enclaveParams")
@Tag(Constants.reqExternalSetup)
public void testAkvNameWithAuthCallback_ADAL(String serverName, String url, String protocol) throws Exception {
setAEConnectionString(serverName, url, protocol);
try {
SQLServerColumnEncryptionAzureKeyVaultProvider akv = new SQLServerColumnEncryptionAzureKeyVaultProvider(authenticationCallback_ADAL);
String keystoreName = "keystoreName";
akv.setName(keystoreName);
assertTrue(akv.getName().equals(keystoreName));
} catch (SQLServerException e) {
fail(TestResource.getResource("R_unexpectedException") + e.getMessage());
}
}
use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by Microsoft.
the class JDBCEncryptionDecryptionTest method testAkvName.
/*
* Test getting/setting AKV name
*/
@ParameterizedTest
@MethodSource("enclaveParams")
@Tag(Constants.reqExternalSetup)
public void testAkvName(String serverName, String url, String protocol) throws Exception {
setAEConnectionString(serverName, url, protocol);
SQLServerColumnEncryptionAzureKeyVaultProvider akv = new SQLServerColumnEncryptionAzureKeyVaultProvider(applicationClientID, applicationKey);
String keystoreName = "keystoreName";
akv.setName(keystoreName);
assertTrue(akv.getName().equals(keystoreName));
}
use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by Microsoft.
the class AESetup method createCEK.
/**
* Create column encryption key
*
* @param storeProvider
* @param certStore
* @throws SQLException
*/
private static void createCEK(String cmkName, String cekName, SQLServerColumnEncryptionKeyStoreProvider storeProvider) throws SQLException {
try (SQLServerConnection con = (SQLServerConnection) PrepUtil.getConnection(AETestConnectionString + ";sendTimeAsDateTime=false", AEInfo);
SQLServerStatement stmt = (SQLServerStatement) con.createStatement()) {
byte[] valuesDefault = Constants.CEK_STRING.getBytes();
String encryptedValue;
if (storeProvider instanceof SQLServerColumnEncryptionJavaKeyStoreProvider) {
byte[] key = storeProvider.encryptColumnEncryptionKey(javaKeyAliases, Constants.CEK_ALGORITHM, valuesDefault);
encryptedValue = "0x" + TestUtils.bytesToHexString(key, key.length);
} else if (storeProvider instanceof SQLServerColumnEncryptionAzureKeyVaultProvider) {
byte[] key = storeProvider.encryptColumnEncryptionKey(keyIDs[0], Constants.CEK_ALGORITHM, valuesDefault);
encryptedValue = "0x" + TestUtils.bytesToHexString(key, key.length);
} else {
encryptedValue = Constants.CEK_ENCRYPTED_VALUE;
}
String sql = "if not exists (SELECT name from sys.column_encryption_keys where name='" + cekName + "')" + " begin" + " CREATE COLUMN ENCRYPTION KEY " + cekName + " WITH VALUES " + "(COLUMN_MASTER_KEY = " + cmkName + ", ALGORITHM = '" + Constants.CEK_ALGORITHM + "', ENCRYPTED_VALUE = " + encryptedValue + ") end;";
stmt.execute(sql);
}
}
Aggregations