Search in sources :

Example 11 with SQLServerColumnEncryptionAzureKeyVaultProvider

use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by Microsoft.

the class FedauthWithAE method setupKeyStoreProvider_AKVOld.

private SQLServerColumnEncryptionKeyStoreProvider setupKeyStoreProvider_AKVOld() throws SQLServerException {
    ExecutorService service = Executors.newFixedThreadPool(2);
    SQLServerKeyVaultAuthenticationCallback authenticationCallback = new SQLServerKeyVaultAuthenticationCallback() {

        @Override
        public String getAccessToken(String authority, String resource, String scope) {
            AuthenticationResult result = null;
            try {
                AuthenticationContext context = new AuthenticationContext(authority, false, service);
                ClientCredential cred = new ClientCredential(applicationClientID, applicationKey);
                Future<AuthenticationResult> future = context.acquireToken(resource, cred, null);
                result = future.get();
                return result.getAccessToken();
            } catch (Exception e) {
                fail(e.getMessage());
                return null;
            }
        }
    };
    return new SQLServerColumnEncryptionAzureKeyVaultProvider(authenticationCallback);
}
Also used : ClientCredential(com.microsoft.aad.adal4j.ClientCredential) AuthenticationContext(com.microsoft.aad.adal4j.AuthenticationContext) ExecutorService(java.util.concurrent.ExecutorService) SQLServerKeyVaultAuthenticationCallback(com.microsoft.sqlserver.jdbc.SQLServerKeyVaultAuthenticationCallback) SQLException(java.sql.SQLException) SQLServerException(com.microsoft.sqlserver.jdbc.SQLServerException) SQLServerColumnEncryptionAzureKeyVaultProvider(com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider) AuthenticationResult(com.microsoft.aad.adal4j.AuthenticationResult)

Example 12 with SQLServerColumnEncryptionAzureKeyVaultProvider

use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by Microsoft.

the class JDBCEncryptionDecryptionTest method testAkvDecryptColumnEncryptionKey.

/*
     * Test decryptColumnEncryptionKey for AKV
     */
@ParameterizedTest
@MethodSource("enclaveParams")
@Tag(Constants.reqExternalSetup)
public void testAkvDecryptColumnEncryptionKey(String serverName, String url, String protocol) throws Exception {
    setAEConnectionString(serverName, url, protocol);
    SQLServerColumnEncryptionAzureKeyVaultProvider akv = null;
    akv = new SQLServerColumnEncryptionAzureKeyVaultProvider(applicationClientID, applicationKey);
    // null akvpath
    try {
        akv.decryptColumnEncryptionKey(null, "", null);
        fail(TestResource.getResource("R_expectedExceptionNotThrown"));
    } catch (SQLServerException e) {
        assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_AKVPathNull")));
    }
    // invalid akvpath
    try {
        akv.decryptColumnEncryptionKey("keypath", "", null);
        fail(TestResource.getResource("R_expectedExceptionNotThrown"));
    } catch (SQLServerException e) {
        assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_AKVMasterKeyPathInvalid")));
    }
    // invalid akvpath url
    try {
        akv.decryptColumnEncryptionKey("http:///^[!#$&-;=?-[]_a-", "", null);
        fail(TestResource.getResource("R_expectedExceptionNotThrown"));
    } catch (SQLServerException e) {
        assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_AKVURLInvalid")));
    }
    // null encryptedColumnEncryptionKey
    try {
        akv.decryptColumnEncryptionKey(keyIDs[0], Constants.CEK_ALGORITHM, null);
        fail(TestResource.getResource("R_expectedExceptionNotThrown"));
    } catch (SQLServerException e) {
        assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_NullEncryptedColumnEncryptionKey")));
    }
    // empty encryptedColumnEncryptionKey
    try {
        byte[] emptyCek = new byte[0];
        akv.decryptColumnEncryptionKey(keyIDs[0], Constants.CEK_ALGORITHM, emptyCek);
        fail(TestResource.getResource("R_expectedExceptionNotThrown"));
    } catch (SQLServerException e) {
        assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_EmptyEncryptedColumnEncryptionKey")));
    }
    // invalid algorithm
    try {
        byte[] badCek = new byte[1];
        akv.decryptColumnEncryptionKey(keyIDs[0], "invalidAlgo", badCek);
        fail(TestResource.getResource("R_expectedExceptionNotThrown"));
    } catch (SQLServerException e) {
        assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_InvalidKeyEncryptionAlgorithm")));
    }
    // bad encryptedColumnEncryptionKey
    try {
        byte[] badCek = new byte[1];
        akv.decryptColumnEncryptionKey(keyIDs[0], Constants.CEK_ALGORITHM, badCek);
        fail(TestResource.getResource("R_expectedExceptionNotThrown"));
    } catch (SQLServerException e) {
        assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_InvalidEcryptionAlgorithmVersion")));
    }
}
Also used : SQLServerException(com.microsoft.sqlserver.jdbc.SQLServerException) SQLServerColumnEncryptionAzureKeyVaultProvider(com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource) Tag(org.junit.jupiter.api.Tag)

Example 13 with SQLServerColumnEncryptionAzureKeyVaultProvider

use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by Microsoft.

the class JDBCEncryptionDecryptionTest method testAkvNameWithAuthCallback_ADAL.

/**
 * This tests callback implemented using ADAL lib
 */
@ParameterizedTest
@MethodSource("enclaveParams")
@Tag(Constants.reqExternalSetup)
public void testAkvNameWithAuthCallback_ADAL(String serverName, String url, String protocol) throws Exception {
    setAEConnectionString(serverName, url, protocol);
    try {
        SQLServerColumnEncryptionAzureKeyVaultProvider akv = new SQLServerColumnEncryptionAzureKeyVaultProvider(authenticationCallback_ADAL);
        String keystoreName = "keystoreName";
        akv.setName(keystoreName);
        assertTrue(akv.getName().equals(keystoreName));
    } catch (SQLServerException e) {
        fail(TestResource.getResource("R_unexpectedException") + e.getMessage());
    }
}
Also used : SQLServerException(com.microsoft.sqlserver.jdbc.SQLServerException) SQLServerColumnEncryptionAzureKeyVaultProvider(com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource) Tag(org.junit.jupiter.api.Tag)

Example 14 with SQLServerColumnEncryptionAzureKeyVaultProvider

use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by Microsoft.

the class JDBCEncryptionDecryptionTest method testAkvName.

/*
     * Test getting/setting AKV name
     */
@ParameterizedTest
@MethodSource("enclaveParams")
@Tag(Constants.reqExternalSetup)
public void testAkvName(String serverName, String url, String protocol) throws Exception {
    setAEConnectionString(serverName, url, protocol);
    SQLServerColumnEncryptionAzureKeyVaultProvider akv = new SQLServerColumnEncryptionAzureKeyVaultProvider(applicationClientID, applicationKey);
    String keystoreName = "keystoreName";
    akv.setName(keystoreName);
    assertTrue(akv.getName().equals(keystoreName));
}
Also used : SQLServerColumnEncryptionAzureKeyVaultProvider(com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource) Tag(org.junit.jupiter.api.Tag)

Example 15 with SQLServerColumnEncryptionAzureKeyVaultProvider

use of com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider in project mssql-jdbc by Microsoft.

the class AESetup method createCEK.

/**
 * Create column encryption key
 *
 * @param storeProvider
 * @param certStore
 * @throws SQLException
 */
private static void createCEK(String cmkName, String cekName, SQLServerColumnEncryptionKeyStoreProvider storeProvider) throws SQLException {
    try (SQLServerConnection con = (SQLServerConnection) PrepUtil.getConnection(AETestConnectionString + ";sendTimeAsDateTime=false", AEInfo);
        SQLServerStatement stmt = (SQLServerStatement) con.createStatement()) {
        byte[] valuesDefault = Constants.CEK_STRING.getBytes();
        String encryptedValue;
        if (storeProvider instanceof SQLServerColumnEncryptionJavaKeyStoreProvider) {
            byte[] key = storeProvider.encryptColumnEncryptionKey(javaKeyAliases, Constants.CEK_ALGORITHM, valuesDefault);
            encryptedValue = "0x" + TestUtils.bytesToHexString(key, key.length);
        } else if (storeProvider instanceof SQLServerColumnEncryptionAzureKeyVaultProvider) {
            byte[] key = storeProvider.encryptColumnEncryptionKey(keyIDs[0], Constants.CEK_ALGORITHM, valuesDefault);
            encryptedValue = "0x" + TestUtils.bytesToHexString(key, key.length);
        } else {
            encryptedValue = Constants.CEK_ENCRYPTED_VALUE;
        }
        String sql = "if not exists (SELECT name from sys.column_encryption_keys where name='" + cekName + "')" + " begin" + " CREATE COLUMN ENCRYPTION KEY " + cekName + " WITH VALUES " + "(COLUMN_MASTER_KEY = " + cmkName + ", ALGORITHM = '" + Constants.CEK_ALGORITHM + "', ENCRYPTED_VALUE = " + encryptedValue + ") end;";
        stmt.execute(sql);
    }
}
Also used : SQLServerConnection(com.microsoft.sqlserver.jdbc.SQLServerConnection) SQLServerStatement(com.microsoft.sqlserver.jdbc.SQLServerStatement) SQLServerColumnEncryptionAzureKeyVaultProvider(com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider) SQLServerColumnEncryptionJavaKeyStoreProvider(com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionJavaKeyStoreProvider)

Aggregations

SQLServerColumnEncryptionAzureKeyVaultProvider (com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider)24 SQLServerException (com.microsoft.sqlserver.jdbc.SQLServerException)18 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)18 MethodSource (org.junit.jupiter.params.provider.MethodSource)18 Tag (org.junit.jupiter.api.Tag)14 SQLServerColumnEncryptionJavaKeyStoreProvider (com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionJavaKeyStoreProvider)4 SQLException (java.sql.SQLException)4 ClientSecretCredential (com.azure.identity.ClientSecretCredential)2 ClientSecretCredentialBuilder (com.azure.identity.ClientSecretCredentialBuilder)2 AuthenticationContext (com.microsoft.aad.adal4j.AuthenticationContext)2 AuthenticationResult (com.microsoft.aad.adal4j.AuthenticationResult)2 ClientCredential (com.microsoft.aad.adal4j.ClientCredential)2 ISQLServerDataSource (com.microsoft.sqlserver.jdbc.ISQLServerDataSource)2 SQLServerColumnEncryptionKeyStoreProvider (com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider)2 SQLServerConnection (com.microsoft.sqlserver.jdbc.SQLServerConnection)2 SQLServerConnectionPoolDataSource (com.microsoft.sqlserver.jdbc.SQLServerConnectionPoolDataSource)2 SQLServerDataSource (com.microsoft.sqlserver.jdbc.SQLServerDataSource)2 SQLServerKeyVaultAuthenticationCallback (com.microsoft.sqlserver.jdbc.SQLServerKeyVaultAuthenticationCallback)2 SQLServerStatement (com.microsoft.sqlserver.jdbc.SQLServerStatement)2 SQLServerXADataSource (com.microsoft.sqlserver.jdbc.SQLServerXADataSource)2