From e5cdbbab296f5f5c2925537a26702cefc2022825 Mon Sep 17 00:00:00 2001 From: v-afrafi Date: Tue, 13 Jun 2017 13:42:19 -0700 Subject: [PATCH 1/4] Always Encrypted setup --- .travis.yml | 15 +- appveyor.yml | 11 + pom.xml | 7 + .../jdbc/AlwaysEncrypted/AESetup.java | 199 ++++++++++++++++++ .../JDBCEncryptionDecryptionTest.java | 125 +++++++++++ 5 files changed, 354 insertions(+), 3 deletions(-) create mode 100644 src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java create mode 100644 src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java diff --git a/.travis.yml b/.travis.yml index 7ff46efec..a6ece9453 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,4 @@ -sudo: required +sudo: required language: java jdk: @@ -18,8 +18,17 @@ env: cache: directories: - $HOME/.m2 - + +before_install: + - mkdir AE_Certificates + install: + - cd AE_Certificates + - openssl req -newkey rsa:2048 -x509 -keyout cakey.pem -out cacert.pem -days 3650 -subj "/C=US/ST=WA/L=Redmond/O=Microsoft Corporation/OU=SQL Server/CN=JDBC Driver" -nodes + - openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out identity.p12 -password pass:password + - keytool -importkeystore -destkeystore clientcert.jks -deststorepass password -srckeystore identity.p12 -srcstoretype PKCS12 -srcstorepass password + - keytool -list -v -keystore clientcert.jks -storepass "password" > JavaKeyStore.txt + - cd .. - mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V -Pbuild41 - mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V -Pbuild42 @@ -36,4 +45,4 @@ script: #after_success: # instead of after success we are using && operator for conditional submitting coverage report. -# - bash <(curl -s https://codecov.io/bash) +# - bash <(curl -s https://codecov.io/bash) \ No newline at end of file diff --git a/appveyor.yml b/appveyor.yml index 857c635f8..2ab7d47ef 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -14,14 +14,25 @@ install: - ps: choco pack - ps: choco install jce -fdv -s . -y -failonstderr - ps: cd.. + - ps: mkdir AE_Certificates + - ps: cd AE_Certificates + - ps: $cert = New-SelfSignedCertificate -dns "AlwaysEncryptedCert" -CertStoreLocation Cert:CurrentUser\My + - ps: $pwd = ConvertTo-SecureString -String "password" -Force -AsPlainText + - ps: $path = 'cert:\CurrentUser\My\' + $cert.thumbprint + - ps: $certificate = Export-PfxCertificate -cert $path -FilePath cert.pfx -Password $pwd + - ps: Get-ChildItem -path cert:\CurrentUser\My > certificate.txt cache: - C:\Users\appveyor\.m2 -> pom.xml build_script: + - keytool -importkeystore -srckeystore cert.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS -srcstorepass password -deststorepass password + - keytool -list -v -keystore clientcert.jks -storepass "password" > JavaKeyStore.txt + - cd.. - mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V -Pbuild41 - mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V -Pbuild42 test_script: - mvn test -B -Pbuild41 - mvn test -B -Pbuild42 + \ No newline at end of file diff --git a/pom.xml b/pom.xml index 2114ab98c..53bfc1b2f 100644 --- a/pom.xml +++ b/pom.xml @@ -222,6 +222,13 @@ **/*.csv + + AE_Certificates + + **/*.txt + **/*.jks + + diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java new file mode 100644 index 000000000..cdaf20d68 --- /dev/null +++ b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java @@ -0,0 +1,199 @@ +/* + * Microsoft JDBC Driver for SQL Server + * + * Copyright(c) Microsoft Corporation All rights reserved. + * + * This program is made available under the terms of the MIT License. See the LICENSE file in the project root for more information. + */ +package com.microsoft.sqlserver.jdbc.AlwaysEncrypted; + +import java.io.BufferedReader; +import java.io.File; +import java.io.FileReader; +import java.io.IOException; +import java.sql.DriverManager; +import java.sql.SQLException; +import java.sql.Statement; +import java.util.Properties; + +import javax.xml.bind.DatatypeConverter; + +import org.junit.jupiter.api.BeforeAll; +import org.junit.platform.runner.JUnitPlatform; +import org.junit.runner.RunWith; +import org.opentest4j.TestAbortedException; + +import com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionJavaKeyStoreProvider; +import com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider; +import com.microsoft.sqlserver.jdbc.SQLServerConnection; +import com.microsoft.sqlserver.jdbc.SQLServerException; +import com.microsoft.sqlserver.testframework.AbstractTest; +import com.microsoft.sqlserver.testframework.DBConnection; +import com.microsoft.sqlserver.testframework.Utils; +import static org.junit.jupiter.api.Assertions.fail; +import static org.junit.jupiter.api.Assumptions.assumeTrue; + +/** + * Setup for Always Encrypted test + * + */ +@RunWith(JUnitPlatform.class) +public class AESetup extends AbstractTest { + + static String javaKeyStoreInputFile = "JavaKeyStore.txt"; + static String keyStoreName = "MSSQL_JAVA_KEYSTORE"; + static String jksName = "clientcert.jks"; + static String filePath = null; + static String thumbprint = null; + static SQLServerConnection con = null; + static Statement stmt = null; + static String cmkName = "JDBC_CMK"; + static String cekName = "JDBC_CEK"; + static String keyPath = null; + static String certStore = null; + static String javaKeyAliases = null; + static String OS = System.getProperty("os.name").toLowerCase(); + static SQLServerColumnEncryptionKeyStoreProvider storeProvider = null; + static String secretstrJks = "password"; + static String numericTable = "numericTable"; + + /** + * Create connection, statement and generate path of resource file + * @throws Exception + * @throws TestAbortedException + */ + @BeforeAll + static void setUpConnection() throws TestAbortedException, Exception { + assumeTrue(13 <= new DBConnection(connectionString).getServerVersion(), + "Aborting test case as SQL Server version is not compatible with Always encrypted "); + + readFromFile(javaKeyStoreInputFile, "Alias name"); + con = (SQLServerConnection) DriverManager.getConnection(connectionString); + stmt = con.createStatement(); + Utils.dropTableIfExists(numericTable, stmt); + dropCEK(); + dropCMK(); + con.close(); + + + keyPath = Utils.getCurrentClassPath() + jksName; + storeProvider = new SQLServerColumnEncryptionJavaKeyStoreProvider(keyPath, secretstrJks.toCharArray()); + Properties info = new Properties(); + info.setProperty("ColumnEncryptionSetting", "Enabled"); + info.setProperty("keyStoreAuthentication", "JavaKeyStorePassword"); + info.setProperty("keyStoreLocation", keyPath); + info.setProperty("keyStoreSecret", secretstrJks); + con = (SQLServerConnection) DriverManager.getConnection(connectionString, info); + stmt = con.createStatement(); + createCMK(keyStoreName, javaKeyAliases); + certStore = keyStoreName; + } + + private static void readFromFile(String inputFile, + String lookupValue) throws IOException { + BufferedReader buffer = null; + filePath = Utils.getCurrentClassPath(); + try { + File f = new File(filePath + inputFile); + buffer = new BufferedReader(new FileReader(f)); + String readLine = ""; + String[] linecontents; + + while ((readLine = buffer.readLine()) != null) { + if (readLine.trim().contains(lookupValue)) { + linecontents = readLine.split(" "); + javaKeyAliases = linecontents[2]; + break; + } + } + + } + catch (IOException e) { + fail(e.toString());; + } + finally{ + if (null != buffer){ + buffer.close(); + } + } + + } + + /** + * Creating numeric table + */ + static void createNumericTable() { + String sql = "create table " + numericTable + " (" + "PlainSmallint smallint null," + + "RandomizedSmallint smallint ENCRYPTED WITH (ENCRYPTION_TYPE = RANDOMIZED, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256', COLUMN_ENCRYPTION_KEY = " + + cekName + ") NULL," + + "DeterministicSmallint smallint ENCRYPTED WITH (ENCRYPTION_TYPE = DETERMINISTIC, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256', COLUMN_ENCRYPTION_KEY = " + + cekName + ") NULL" + ");"; + + try { + stmt.execute(sql); + } + catch (SQLException e) { + fail(e.toString()); + } + } + + /** + * Create column master key + * @param keyStoreName + * @param keyPath + * @throws SQLException + */ + private static void createCMK(String keyStoreName, + String keyPath) throws SQLException { + String sql = " if not exists (SELECT name from sys.column_master_keys where name='" + cmkName + "')" + " begin" + " CREATE COLUMN MASTER KEY " + + cmkName + " WITH (KEY_STORE_PROVIDER_NAME = '" + keyStoreName + "', KEY_PATH = '" + keyPath + "')" + " end"; + stmt.execute(sql); + } + + /** + * Create column encryption key + * @param storeProvider + * @param certStore + * @throws SQLException + */ + static void createCEK(SQLServerColumnEncryptionKeyStoreProvider storeProvider, + String certStore) throws SQLException { + String letters = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + byte[] valuesDefault = letters.getBytes(); + String cekSql = null; + if (certStore.equalsIgnoreCase("MSSQL_JAVA_KEYSTORE")) { + byte[] key = storeProvider.encryptColumnEncryptionKey(javaKeyAliases, "RSA_OAEP", valuesDefault); + cekSql = "CREATE COLUMN ENCRYPTION KEY " + cekName + " WITH VALUES " + "(COLUMN_MASTER_KEY = " + cmkName + + ", ALGORITHM = 'RSA_OAEP', ENCRYPTED_VALUE = 0x" + DatatypeConverter.printHexBinary(key) + ")" + ";"; + } + else if (certStore.equalsIgnoreCase("MSSQL_CERTIFICATE_STORE")) { + String encryptedValue = "0x016E000001630075007200720065006E00740075007300650072002F006D0079002F0066006200640066003900360031003600360031003100390066006600390039006200380032003800300064003200390064003100360030006600610065006300370030006300640031003100620034002DC298A90D6C4FB6EE59BD1F4E58E3CE334B33E4786608B0A29B8B6FDD376F9C42716E00077D91FE80659EB427F1D5509971D24B3B7CB761E79CBD894CBE8EE0009DE4DB9ABECCC398F80AD8B95E3A89692E91BCF6B0518552CFD224816F67E0C37D48B538E38A91A9BA73D6CF84F315560BCB69423D0F4682FDE1DD12412823362641E6B7F19843390D2BE9E26BDA0FCAB01F987EF7AA882468EE86FAB6FE29C771FB22BEF355377B158DA06D9998171110A21AEEDA875851CE8BC64A49D00925AD844F47150F27B6147DAACE1E4B93C9E2B9B91BF5B26BD6FE10EF0C2EDC9395A9E5D2B007E6F16229ABC27068C07F7A77EC32F24FCFE04D53CF260A58440009F8B70E4A9091426159189C021A25D52E7FEA9B341DAC5361C41F3E32800D31A10EF193E4F58DE161302C1E0607B1FA56288FA4592F3F269173D4177BB77EEFCA6B99052EE9A8725B121A731981133C25414634DAB47040A7AED2EAFBA459FF1CA6A19C500A305C2154D9E64B4DD79D8B7394703756A4BCE39782BC5C3E6C9FAC088149554F5AED125FBFC081CFEE8FA83153135BE10718167AF4114F37CA10925A690D94BF53C69AF4BE6F8CAE74450BCDE312E2074D9F5788E57C515A507B86E64B54AC3624F3F8A29C9007C798518304766F6862A0824108143B2E532B82442816A9D89A9585E343CEE6480F7AC881584CA14F5A929A7FF3562D57B40305"; + cekSql = "CREATE COLUMN ENCRYPTION KEY " + cekName + " WITH VALUES " + "(COLUMN_MASTER_KEY = " + cmkName + + ", ALGORITHM = 'RSA_OAEP', ENCRYPTED_VALUE = " + encryptedValue + ")" + ";"; + + } + stmt.execute(cekSql); + } + + /** + * Dropping column encryption key + * @throws SQLServerException + * @throws SQLException + */ + static void dropCEK() throws SQLServerException, SQLException { + String cekSql = " if exists (SELECT name from sys.column_encryption_keys where name='" + cekName + "')" + " begin" + + " drop column encryption key " + cekName + " end"; + stmt.execute(cekSql); + } + + /** + * Dropping column master key + * @throws SQLServerException + * @throws SQLException + */ + static void dropCMK() throws SQLServerException, SQLException { + String cekSql = " if exists (SELECT name from sys.column_master_keys where name='" + cmkName + "')" + " begin" + " drop column master key " + + cmkName + " end"; + stmt.execute(cekSql); + } +} diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java new file mode 100644 index 000000000..c85fdfc99 --- /dev/null +++ b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java @@ -0,0 +1,125 @@ +/* + * Microsoft JDBC Driver for SQL Server + * + * Copyright(c) Microsoft Corporation All rights reserved. + * + * This program is made available under the terms of the MIT License. See the LICENSE file in the project root for more information. + */ +package com.microsoft.sqlserver.jdbc.AlwaysEncrypted; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assumptions.assumeTrue; + +import java.sql.ResultSet; +import java.sql.SQLException; + +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Test; +import org.junit.platform.runner.JUnitPlatform; +import org.junit.runner.RunWith; +import org.opentest4j.TestAbortedException; + +import com.microsoft.sqlserver.jdbc.SQLServerException; +import com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement; +import com.microsoft.sqlserver.jdbc.SQLServerStatementColumnEncryptionSetting; +import com.microsoft.sqlserver.testframework.DBConnection; +import com.microsoft.sqlserver.testframework.Utils; + +/** + * Tests Decryption and encryption of values + * + */ +@RunWith(JUnitPlatform.class) +public class JDBCEncryptionDecryptionTest extends AESetup { + private static SQLServerPreparedStatement pstmt = null; + String[] values = {"10"}; + + /** + * Test encryption and decryption of numeric values + * + * @throws Exception + * @throws TestAbortedException + */ + @Test + @DisplayName("test numeric values") + public void testNumeric() throws TestAbortedException, Exception { + assumeTrue(13 <= new DBConnection(connectionString).getServerVersion(), + "Aborting test case as SQL Server version is not compatible with Always encrypted "); + + try { + createCEK(storeProvider, certStore); + createNumericTable(); + populateNumeric(values); + verifyResults(); + } + finally { + Utils.dropTableIfExists(numericTable, stmt); + } + } + + /** + * Dropping all CMKs and CEKs and any open resources. + * + * @throws SQLServerException + * @throws SQLException + */ + @AfterAll + static void dropAll() throws SQLServerException, SQLException { + Utils.dropTableIfExists(numericTable, stmt); + dropCEK(); + dropCMK(); + stmt.close(); + con.close(); + } + + /** + * Populating the table + * + * @param values + * @throws SQLException + */ + private void populateNumeric(String[] values) throws SQLException { + String sql = "insert into " + numericTable + " values( " + "?,?,?" + ")"; + + pstmt = (SQLServerPreparedStatement) con.prepareStatement(sql, ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_READ_ONLY, + connection.getHoldability(), SQLServerStatementColumnEncryptionSetting.Enabled); + + for (int i = 1; i <= 3; i++) { + pstmt.setShort(i, Short.valueOf(values[0])); + } + pstmt.execute(); + if (null != pstmt) { + pstmt.close(); + } + } + + /** + * Verify the decryption and encryption of values + * + * @throws NumberFormatException + * @throws SQLException + */ + private void verifyResults() throws NumberFormatException, SQLException { + String sql = "select * from " + numericTable; + pstmt = (SQLServerPreparedStatement) connection.prepareStatement(sql, ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_READ_ONLY, + connection.getHoldability(), SQLServerStatementColumnEncryptionSetting.Enabled); + ResultSet rs = null; + + rs = pstmt.executeQuery(); + + while (rs.next()) { + assertEquals(Short.valueOf(values[0]), rs.getObject(1)); + assertEquals(Short.valueOf(values[0]), rs.getObject(2)); + assertEquals(Short.valueOf(values[0]), rs.getObject(3)); + } + + if (null != rs) { + rs.close(); + } + if (null != pstmt) { + pstmt.close(); + } + } + +} From f308eed7e8f7d0751e0483ffc9e8ad00ceee8b08 Mon Sep 17 00:00:00 2001 From: v-afrafi Date: Tue, 13 Jun 2017 13:54:45 -0700 Subject: [PATCH 2/4] javadoc fix --- .../microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java | 6 ++++++ .../AlwaysEncrypted/JDBCEncryptionDecryptionTest.java | 8 ++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java index cdaf20d68..c64cb63de 100644 --- a/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java +++ b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java @@ -89,6 +89,12 @@ static void setUpConnection() throws TestAbortedException, Exception { certStore = keyStoreName; } + /** + * Read the alias from file which is created during java + * @param inputFile + * @param lookupValue + * @throws IOException + */ private static void readFromFile(String inputFile, String lookupValue) throws IOException { BufferedReader buffer = null; diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java index c85fdfc99..53ccc3c77 100644 --- a/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java +++ b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java @@ -69,8 +69,12 @@ static void dropAll() throws SQLServerException, SQLException { Utils.dropTableIfExists(numericTable, stmt); dropCEK(); dropCMK(); - stmt.close(); - con.close(); + if (null != stmt) { + stmt.close(); + } + if (null != con) { + con.close(); + } } /** From f4bf23dd2bc137a6f67f0a7f866ac25c031a1031 Mon Sep 17 00:00:00 2001 From: v-afrafi Date: Tue, 13 Jun 2017 14:18:15 -0700 Subject: [PATCH 3/4] add check if the jks exists on the local machine. --- .../microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java index c64cb63de..81a1c9190 100644 --- a/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java +++ b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java @@ -35,6 +35,8 @@ /** * Setup for Always Encrypted test + * This test will work on Appveyor and Travis-ci as java key store gets created from the .yml scripts. Users on their local machine should create the + * keystore manually and save the alias name in JavaKeyStore.txt file. For local test purposes, put this in the target/test-classes directory * */ @RunWith(JUnitPlatform.class) @@ -90,7 +92,8 @@ static void setUpConnection() throws TestAbortedException, Exception { } /** - * Read the alias from file which is created during java + * Read the alias from file which is created during creating jks + * If the jks and alias name in JavaKeyStore.txt does not exists, will not run! * @param inputFile * @param lookupValue * @throws IOException @@ -101,6 +104,7 @@ private static void readFromFile(String inputFile, filePath = Utils.getCurrentClassPath(); try { File f = new File(filePath + inputFile); + assumeTrue(f.exists(), "Aborting test case since no java key store and alias name exists!"); buffer = new BufferedReader(new FileReader(f)); String readLine = ""; String[] linecontents; From 2fb1df3a8a22a34310f2f3e3d6b129d2b8b50931 Mon Sep 17 00:00:00 2001 From: v-afrafi Date: Tue, 13 Jun 2017 17:03:06 -0700 Subject: [PATCH 4/4] removed windows certificate store from test --- .../jdbc/AlwaysEncrypted/AESetup.java | 19 ++++--------------- .../JDBCEncryptionDecryptionTest.java | 2 +- 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java index 81a1c9190..b646d8e45 100644 --- a/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java +++ b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java @@ -52,7 +52,6 @@ public class AESetup extends AbstractTest { static String cmkName = "JDBC_CMK"; static String cekName = "JDBC_CEK"; static String keyPath = null; - static String certStore = null; static String javaKeyAliases = null; static String OS = System.getProperty("os.name").toLowerCase(); static SQLServerColumnEncryptionKeyStoreProvider storeProvider = null; @@ -88,7 +87,6 @@ static void setUpConnection() throws TestAbortedException, Exception { con = (SQLServerConnection) DriverManager.getConnection(connectionString, info); stmt = con.createStatement(); createCMK(keyStoreName, javaKeyAliases); - certStore = keyStoreName; } /** @@ -166,22 +164,13 @@ private static void createCMK(String keyStoreName, * @param certStore * @throws SQLException */ - static void createCEK(SQLServerColumnEncryptionKeyStoreProvider storeProvider, - String certStore) throws SQLException { + static void createCEK(SQLServerColumnEncryptionKeyStoreProvider storeProvider) throws SQLException { String letters = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; byte[] valuesDefault = letters.getBytes(); String cekSql = null; - if (certStore.equalsIgnoreCase("MSSQL_JAVA_KEYSTORE")) { - byte[] key = storeProvider.encryptColumnEncryptionKey(javaKeyAliases, "RSA_OAEP", valuesDefault); - cekSql = "CREATE COLUMN ENCRYPTION KEY " + cekName + " WITH VALUES " + "(COLUMN_MASTER_KEY = " + cmkName - + ", ALGORITHM = 'RSA_OAEP', ENCRYPTED_VALUE = 0x" + DatatypeConverter.printHexBinary(key) + ")" + ";"; - } - else if (certStore.equalsIgnoreCase("MSSQL_CERTIFICATE_STORE")) { - String encryptedValue = "0x016E000001630075007200720065006E00740075007300650072002F006D0079002F0066006200640066003900360031003600360031003100390066006600390039006200380032003800300064003200390064003100360030006600610065006300370030006300640031003100620034002DC298A90D6C4FB6EE59BD1F4E58E3CE334B33E4786608B0A29B8B6FDD376F9C42716E00077D91FE80659EB427F1D5509971D24B3B7CB761E79CBD894CBE8EE0009DE4DB9ABECCC398F80AD8B95E3A89692E91BCF6B0518552CFD224816F67E0C37D48B538E38A91A9BA73D6CF84F315560BCB69423D0F4682FDE1DD12412823362641E6B7F19843390D2BE9E26BDA0FCAB01F987EF7AA882468EE86FAB6FE29C771FB22BEF355377B158DA06D9998171110A21AEEDA875851CE8BC64A49D00925AD844F47150F27B6147DAACE1E4B93C9E2B9B91BF5B26BD6FE10EF0C2EDC9395A9E5D2B007E6F16229ABC27068C07F7A77EC32F24FCFE04D53CF260A58440009F8B70E4A9091426159189C021A25D52E7FEA9B341DAC5361C41F3E32800D31A10EF193E4F58DE161302C1E0607B1FA56288FA4592F3F269173D4177BB77EEFCA6B99052EE9A8725B121A731981133C25414634DAB47040A7AED2EAFBA459FF1CA6A19C500A305C2154D9E64B4DD79D8B7394703756A4BCE39782BC5C3E6C9FAC088149554F5AED125FBFC081CFEE8FA83153135BE10718167AF4114F37CA10925A690D94BF53C69AF4BE6F8CAE74450BCDE312E2074D9F5788E57C515A507B86E64B54AC3624F3F8A29C9007C798518304766F6862A0824108143B2E532B82442816A9D89A9585E343CEE6480F7AC881584CA14F5A929A7FF3562D57B40305"; - cekSql = "CREATE COLUMN ENCRYPTION KEY " + cekName + " WITH VALUES " + "(COLUMN_MASTER_KEY = " + cmkName - + ", ALGORITHM = 'RSA_OAEP', ENCRYPTED_VALUE = " + encryptedValue + ")" + ";"; - - } + byte[] key = storeProvider.encryptColumnEncryptionKey(javaKeyAliases, "RSA_OAEP", valuesDefault); + cekSql = "CREATE COLUMN ENCRYPTION KEY " + cekName + " WITH VALUES " + "(COLUMN_MASTER_KEY = " + cmkName + + ", ALGORITHM = 'RSA_OAEP', ENCRYPTED_VALUE = 0x" + DatatypeConverter.printHexBinary(key) + ")" + ";"; stmt.execute(cekSql); } diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java index 53ccc3c77..ad3729d7a 100644 --- a/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java +++ b/src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java @@ -48,7 +48,7 @@ public void testNumeric() throws TestAbortedException, Exception { "Aborting test case as SQL Server version is not compatible with Always encrypted "); try { - createCEK(storeProvider, certStore); + createCEK(storeProvider); createNumericTable(); populateNumeric(values); verifyResults();