microsoft · ulvii · Jan 23, 2020 · Jan 20, 2020 · Jan 21, 2020 · Jan 23, 2020
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java
@@ -6202,7 +6202,7 @@ void writeRPCReaderUnicode(String sName, Reader re, long reLength, boolean bOut,
 
     void sendEnclavePackage(String sql, ArrayList<byte[]> enclaveCEKs) throws SQLServerException {
         if (null != con && con.isAEv2()) {
-            if (null != sql && "" != sql && null != enclaveCEKs && 0 < enclaveCEKs.size() && con.enclaveEstablished()) {
+            if (null != sql && !"".equals(sql) && null != enclaveCEKs && 0 < enclaveCEKs.size() && con.enclaveEstablished()) {
                 byte[] b = con.generateEnclavePackage(sql, enclaveCEKs);
                 if (null != b && 0 != b.length) {
                     this.writeShort((short) b.length);

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/ISQLServerEnclaveProvider.java b/src/main/java/com/microsoft/sqlserver/jdbc/ISQLServerEnclaveProvider.java
@@ -292,21 +292,16 @@ void initBcryptECDH() throws SQLServerException {
         /*
          * Create our BCRYPT_ECCKEY_BLOB
          */
-        KeyPairGenerator kpg = null;
         try {
-            kpg = KeyPairGenerator.getInstance("EC");
+            KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC");
             kpg.initialize(new ECGenParameterSpec("secp384r1"));
-        } catch (GeneralSecurityException e) {
-            SQLServerException.makeFromDriverError(null, kpg, e.getLocalizedMessage(), "0", false);
-        }
-        KeyPair kp = kpg.generateKeyPair();
-        ECPublicKey publicKey = (ECPublicKey) kp.getPublic();
-        privateKey = kp.getPrivate();
-        ECPoint w = publicKey.getW();
-        try {
+            KeyPair kp = kpg.generateKeyPair();
+            ECPublicKey publicKey = (ECPublicKey) kp.getPublic();
+            privateKey = kp.getPrivate();
+            ECPoint w = publicKey.getW();
             x = adjustBigInt(w.getAffineX().toByteArray());
             y = adjustBigInt(w.getAffineY().toByteArray());
-        } catch (IOException e) {
+        } catch (GeneralSecurityException | IOException e) {
             SQLServerException.makeFromDriverError(null, this, e.getLocalizedMessage(), "0", false);
         }
     }

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerAASEnclaveProvider.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerAASEnclaveProvider.java
@@ -102,47 +102,42 @@ public EnclaveSession getEnclaveSession() {
         return enclaveSession;
     }
 
-    private AASAttestationResponse validateAttestationResponse(AASAttestationResponse ar) throws SQLServerException {
-        try {
-            ar.validateToken(attestationURL, aasParams.getNonce());
-            ar.validateDHPublicKey(aasParams.getNonce());
-        } catch (GeneralSecurityException e) {
-            SQLServerException.makeFromDriverError(null, this, e.getLocalizedMessage(), "0", false);
+    private void validateAttestationResponse() throws SQLServerException {
+        if (null != hgsResponse) {
+            try {
+                hgsResponse.validateToken(attestationURL, aasParams.getNonce());
+                hgsResponse.validateDHPublicKey(aasParams.getNonce());
+            } catch (GeneralSecurityException e) {
+                SQLServerException.makeFromDriverError(null, this, e.getLocalizedMessage(), "0", false);
+            }
         }
-        return ar;
     }
 
     private ArrayList<byte[]> describeParameterEncryption(SQLServerConnection connection, String userSql,
             String preparedTypeDefinitions, Parameter[] params,
             ArrayList<String> parameterNames) throws SQLServerException {
         ArrayList<byte[]> enclaveRequestedCEKs = new ArrayList<>();
-        ResultSet rs = null;
         try (PreparedStatement stmt = connection.prepareStatement(connection.enclaveEstablished() ? SDPE1 : SDPE2)) {
-            if (connection.enclaveEstablished()) {
-                rs = executeSDPEv1(stmt, userSql, preparedTypeDefinitions);
-            } else {
-                rs = executeSDPEv2(stmt, userSql, preparedTypeDefinitions, aasParams);
-            }
-            if (null == rs) {
-                // No results. Meaning no parameter.
-                // Should never happen.
-                return enclaveRequestedCEKs;
-            }
-            processSDPEv1(userSql, preparedTypeDefinitions, params, parameterNames, connection, stmt, rs,
-                    enclaveRequestedCEKs);
-            // Process the third resultset.
-            if (connection.isAEv2() && stmt.getMoreResults()) {
-                rs = (SQLServerResultSet) stmt.getResultSet();
-                while (rs.next()) {
-                    hgsResponse = new AASAttestationResponse(rs.getBytes(1));
-                    // This validates and establishes the enclave session if valid
-                    if (!connection.enclaveEstablished()) {
-                        hgsResponse = validateAttestationResponse(hgsResponse);
+            try (ResultSet rs = connection.enclaveEstablished() ? executeSDPEv1(stmt, userSql,
+                    preparedTypeDefinitions) : executeSDPEv2(stmt, userSql, preparedTypeDefinitions, aasParams)) {
+                if (null == rs) {
+                    // No results. Meaning no parameter.
+                    // Should never happen.
+                    return enclaveRequestedCEKs;
+                }
+                processSDPEv1(userSql, preparedTypeDefinitions, params, parameterNames, connection, stmt, rs,
+                        enclaveRequestedCEKs);
+                // Process the third resultset.
+                if (connection.isAEv2() && stmt.getMoreResults()) {
+                    try (ResultSet hgsRs = (SQLServerResultSet) stmt.getResultSet()) {
+                        if (hgsRs.next()) {
+                            hgsResponse = new AASAttestationResponse(hgsRs.getBytes(1));
+                            // This validates and establishes the enclave session if valid
+                            validateAttestationResponse();
+                        }
                     }
                 }
             }
-            // Null check for rs is done already.
-            rs.close();
         } catch (SQLException | IOException e) {
             if (e instanceof SQLServerException) {
                 throw (SQLServerException) e;

diff --git a/...main/java/com/microsoft/sqlserver/jdbc/SQLServerColumnEncryptionJavaKeyStoreProvider.java b/...main/java/com/microsoft/sqlserver/jdbc/SQLServerColumnEncryptionJavaKeyStoreProvider.java
@@ -348,6 +348,9 @@ public boolean verifyColumnMasterKeyMetadata(String masterKeyPath, boolean allow
 
         KeyStoreProviderCommon.validateNonEmptyMasterKeyPath(masterKeyPath);
         CertificateDetails certificateDetails = getCertificateDetails(masterKeyPath);
+        if (null == certificateDetails) {
+            return false;
+        }
 
         try {
             MessageDigest md = MessageDigest.getInstance("SHA-256");
@@ -356,7 +359,6 @@ public boolean verifyColumnMasterKeyMetadata(String masterKeyPath, boolean allow
             // value of allowEnclaveComputations is always true here
             md.update("true".getBytes(java.nio.charset.StandardCharsets.UTF_16LE));
             return rsaVerifySignature(md.digest(), signature, certificateDetails);
-
         } catch (NoSuchAlgorithmException e) {
             throw new SQLServerException(SQLServerException.getErrString("R_NoSHA256Algorithm"), e);
         }

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDatabaseMetaData.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDatabaseMetaData.java
@@ -1047,9 +1047,9 @@ private ResultSet executeSPFkeys(String[] procParams) throws SQLException, SQLTi
                 cstmt.setString(i + 1, procParams[i]);
             }
             String currentDB = null;
-            if (null != procParams[2] && procParams[2] != "") {// pktable_qualifier
+            if (null != procParams[2] && !"".equals(procParams[2])) {// pktable_qualifier
                 currentDB = switchCatalogs(procParams[2]);
-            } else if (null != procParams[5] && procParams[5] != "") {// fktable_qualifier
+            } else if (null != procParams[5] && !"".equals(procParams[5])) {// fktable_qualifier
                 currentDB = switchCatalogs(procParams[5]);
             }
             ResultSet rs = cstmt.executeQuery();

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerFMTQuery.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerFMTQuery.java
@@ -74,7 +74,7 @@ String constructTableTargets() {
 
     String getFMTQuery() {
         StringBuilder sb = new StringBuilder(FMT_ON);
-        if (prefix != "") {
+        if (!"".equals(prefix)) {
             sb.append(prefix);
         }
         sb.append(SELECT);