From 423be4a8d58eb350f533c14acf241e0c44d64fb1 Mon Sep 17 00:00:00 2001 From: v-reye Date: Mon, 20 Jul 2020 14:46:09 -0700 Subject: [PATCH] Change | Enclave caching key (#1388) Added database name to caching key. The new key format is serverName + databaseName + attestationUrl. Removed an unused package privatate SQLServerConnection getter getScatalog() which returned the same value as the public getter getCatalog. Changed cache key lookup to occur before calling sp_de because doing so after would cause a new connection to call sp_de with 3 parameters which would create another enclave session. --- .../jdbc/ISQLServerEnclaveProvider.java | 6 ++-- .../jdbc/SQLServerAASEnclaveProvider.java | 33 ++++++++++--------- .../sqlserver/jdbc/SQLServerConnection.java | 4 --- .../jdbc/SQLServerVSMEnclaveProvider.java | 24 ++++++++------ 4 files changed, 36 insertions(+), 31 deletions(-) diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/ISQLServerEnclaveProvider.java b/src/main/java/com/microsoft/sqlserver/jdbc/ISQLServerEnclaveProvider.java index ff9d436d3..16666440e 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/ISQLServerEnclaveProvider.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/ISQLServerEnclaveProvider.java @@ -426,8 +426,10 @@ final class EnclaveSessionCache { sessionCache = new Hashtable<>(0); } - void addEntry(String servername, String attestationUrl, BaseAttestationRequest b, EnclaveSession e) { - sessionCache.put(servername + attestationUrl, new EnclaveCacheEntry(b, e)); + void addEntry(String servername, String catalog, String attestationUrl, BaseAttestationRequest b, + EnclaveSession e) { + StringBuilder sb = new StringBuilder(servername).append(catalog).append(attestationUrl); + sessionCache.put(sb.toString(), new EnclaveCacheEntry(b, e)); } void removeEntry(EnclaveSession e) { diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerAASEnclaveProvider.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerAASEnclaveProvider.java index e59846967..bb651f761 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerAASEnclaveProvider.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerAASEnclaveProvider.java @@ -46,15 +46,15 @@ public class SQLServerAASEnclaveProvider implements ISQLServerEnclaveProvider { private AASAttestationParameters aasParams = null; private AASAttestationResponse hgsResponse = null; - private String attestationURL = null; + private String attestationUrl = null; private EnclaveSession enclaveSession = null; @Override public void getAttestationParameters(String url) throws SQLServerException { if (null == aasParams) { - attestationURL = url; + attestationUrl = url; try { - aasParams = new AASAttestationParameters(attestationURL); + aasParams = new AASAttestationParameters(attestationUrl); } catch (IOException e) { SQLServerException.makeFromDriverError(null, this, e.getLocalizedMessage(), "0", false); } @@ -65,21 +65,24 @@ public void getAttestationParameters(String url) throws SQLServerException { public ArrayList createEnclaveSession(SQLServerConnection connection, String userSql, String preparedTypeDefinitions, Parameter[] params, ArrayList parameterNames) throws SQLServerException { + // Check if the session exists in our cache + StringBuilder keyLookup = new StringBuilder(connection.getServerName()).append(connection.getCatalog()) + .append(attestationUrl); + EnclaveCacheEntry entry = enclaveCache.getSession(keyLookup.toString()); + if (null != entry) { + this.enclaveSession = entry.getEnclaveSession(); + this.aasParams = (AASAttestationParameters) entry.getBaseAttestationRequest(); + } ArrayList b = describeParameterEncryption(connection, userSql, preparedTypeDefinitions, params, parameterNames); - if (null != hgsResponse && !connection.enclaveEstablished()) { - // Check if the session exists in our cache - EnclaveCacheEntry entry = enclaveCache.getSession(connection.getServerName() + attestationURL); - if (null != entry) { - this.enclaveSession = entry.getEnclaveSession(); - this.aasParams = (AASAttestationParameters) entry.getBaseAttestationRequest(); - return b; - } + if (connection.enclaveEstablished()) { + return b; + } else if (null != hgsResponse && !connection.enclaveEstablished()) { try { enclaveSession = new EnclaveSession(hgsResponse.getSessionID(), aasParams.createSessionSecret(hgsResponse.getDHpublicKey())); - enclaveCache.addEntry(connection.getServerName(), connection.enclaveAttestationUrl, aasParams, - enclaveSession); + enclaveCache.addEntry(connection.getServerName(), connection.getCatalog(), + connection.enclaveAttestationUrl, aasParams, enclaveSession); } catch (GeneralSecurityException e) { SQLServerException.makeFromDriverError(connection, this, e.getLocalizedMessage(), "0", false); } @@ -94,7 +97,7 @@ public void invalidateEnclaveSession() { } enclaveSession = null; aasParams = null; - attestationURL = null; + attestationUrl = null; } @Override @@ -105,7 +108,7 @@ public EnclaveSession getEnclaveSession() { private void validateAttestationResponse() throws SQLServerException { if (null != hgsResponse) { try { - hgsResponse.validateToken(attestationURL, aasParams.getNonce()); + hgsResponse.validateToken(attestationUrl, aasParams.getNonce()); hgsResponse.validateDHPublicKey(aasParams.getNonce()); } catch (GeneralSecurityException e) { SQLServerException.makeFromDriverError(null, this, e.getLocalizedMessage(), "0", false); diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java index 7fd45b3a2..f11d5d28b 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java @@ -3609,10 +3609,6 @@ public String getCatalog() throws SQLServerException { return sCatalog; } - String getSCatalog() throws SQLServerException { - return sCatalog; - } - @Override public void setTransactionIsolation(int level) throws SQLServerException { if (loggerExternal.isLoggable(Level.FINER)) { diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerVSMEnclaveProvider.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerVSMEnclaveProvider.java index 55e60102f..f04284a5d 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerVSMEnclaveProvider.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerVSMEnclaveProvider.java @@ -58,22 +58,26 @@ public void getAttestationParameters(String url) throws SQLServerException { public ArrayList createEnclaveSession(SQLServerConnection connection, String userSql, String preparedTypeDefinitions, Parameter[] params, ArrayList parameterNames) throws SQLServerException { + // Check if the session exists in our cache + StringBuilder keyLookup = new StringBuilder(connection.getServerName()).append(connection.getCatalog()) + .append(attestationUrl); + EnclaveCacheEntry entry = enclaveCache.getSession(keyLookup.toString()); + if (null != entry) { + this.enclaveSession = entry.getEnclaveSession(); + this.vsmParams = (VSMAttestationParameters) entry.getBaseAttestationRequest(); + } ArrayList b = describeParameterEncryption(connection, userSql, preparedTypeDefinitions, params, parameterNames); - if (null != hgsResponse && !connection.enclaveEstablished()) { - // Check if the session exists in our cache - EnclaveCacheEntry entry = enclaveCache.getSession(connection.getServerName() + attestationUrl); - if (null != entry) { - this.enclaveSession = entry.getEnclaveSession(); - this.vsmParams = (VSMAttestationParameters) entry.getBaseAttestationRequest(); - return b; - } + if (connection.enclaveEstablished()) { + return b; + } else if (null != hgsResponse && !connection.enclaveEstablished()) { + // If not, set it up try { enclaveSession = new EnclaveSession(hgsResponse.getSessionID(), vsmParams.createSessionSecret(hgsResponse.getDHpublicKey())); - enclaveCache.addEntry(connection.getServerName(), connection.enclaveAttestationUrl, vsmParams, - enclaveSession); + enclaveCache.addEntry(connection.getServerName(), connection.getCatalog(), + connection.enclaveAttestationUrl, vsmParams, enclaveSession); } catch (GeneralSecurityException e) { SQLServerException.makeFromDriverError(connection, this, e.getLocalizedMessage(), "0", false); }