com.microsoft.sqlserver.jdbc.AE Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of mssql-jdbc Show documentation
Show all versions of mssql-jdbc Show documentation
Microsoft JDBC 4.2 Driver for SQL Server.
The Azure Key Vault feature in Microsoft JDBC Driver for SQL Server depends on
Azure SDK for JAVA and Azure Active Directory Library For Java.
//---------------------------------------------------------------------------------------------------------------------------------
// File: AE.java
//
//
// Microsoft JDBC Driver for SQL Server
// Copyright(c) Microsoft Corporation
// All rights reserved.
// MIT License
// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files(the ""Software""),
// to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
// and / or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions :
// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
// THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
// IN THE SOFTWARE.
//---------------------------------------------------------------------------------------------------------------------------------
package com.microsoft.sqlserver.jdbc;
import java.util.Vector;
/**
* Represents a single encrypted value for a CEK. It contains the encrypted CEK,the store type, name,the key path and encryption algorithm.
*/
class EncryptionKeyInfo {
EncryptionKeyInfo(
byte[] encryptedKeyVal,
int dbId,
int keyId,
int keyVersion,
byte[] mdVersion,
String keyPathVal,
String keyStoreNameVal,
String algorithmNameVal)
{
encryptedKey = encryptedKeyVal;
databaseId = dbId;
cekId = keyId;
cekVersion = keyVersion;
cekMdVersion = mdVersion;
keyPath = keyPathVal;
keyStoreName = keyStoreNameVal;
algorithmName = algorithmNameVal;
}
byte[] encryptedKey; // the encrypted "column encryption key"
int databaseId;
int cekId;
int cekVersion;
byte[] cekMdVersion;
String keyPath;
String keyStoreName;
String algorithmName;
byte normalizationRuleVersion;
}
/**
* Represents a unique CEK as an entry in the CekTable. A unique (plaintext is unique) CEK can have multiple
* encrypted CEKs when using multiple CMKs. These encrypted CEKs are represented by a member vector.
*/
class CekTableEntry
{
static final private java.util.logging.Logger aeLogger =
java.util.logging.Logger.getLogger("com.microsoft.sqlserver.jdbc.AE");
Vector columnEncryptionKeyValues;
int ordinal;
int databaseId;
int cekId;
int cekVersion;
byte[] cekMdVersion;
Vector getColumnEncryptionKeyValues() {
return columnEncryptionKeyValues;
}
int getOrdinal() {
return ordinal;
}
int getDatabaseId() {
return databaseId;
}
int getCekId() {
return cekId;
}
int getCekVersion() {
return cekVersion;
}
byte[] getCekMdVersion() {
return cekMdVersion;
}
CekTableEntry(int ordinalVal)
{
ordinal = ordinalVal;
databaseId = 0;
cekId = 0;
cekVersion = 0;
cekMdVersion = null;
columnEncryptionKeyValues = new Vector();
}
int getSize(){
return columnEncryptionKeyValues.size();
}
void add(byte[] encryptedKey, int dbId, int keyId, int keyVersion, byte[] mdVersion, String keyPath, String keyStoreName, String algorithmName) {
assert null != columnEncryptionKeyValues : "columnEncryptionKeyValues should already be initialized.";
if (aeLogger.isLoggable(java.util.logging.Level.FINE)){
aeLogger.fine("Retrieving CEK values");
}
EncryptionKeyInfo encryptionKey = new EncryptionKeyInfo(
encryptedKey,
dbId,
keyId,
keyVersion,
mdVersion,
keyPath,
keyStoreName,
algorithmName);
columnEncryptionKeyValues.add(encryptionKey);
if (0 == databaseId) {
databaseId = dbId;
cekId = keyId;
cekVersion = keyVersion;
cekMdVersion = mdVersion;
}
else {
assert(databaseId == dbId);
assert(cekId == keyId);
assert(cekVersion == keyVersion);
assert ((null != cekMdVersion) && (null != mdVersion) && (cekMdVersion.length == mdVersion.length));
}
}
}
/**
* Contains all CEKs, each row represents one unique CEK (represented by CekTableEntry).
*/
class CekTable
{
CekTableEntry[] keyList;
CekTable(int tableSize)
{
keyList = new CekTableEntry[tableSize];
}
int getSize()
{
return keyList.length;
}
CekTableEntry getCekTableEntry(int index)
{
return keyList[index];
}
void setCekTableEntry(int index, CekTableEntry entry)
{
keyList[index] = entry;
}
}
/**
* Represents Encryption related information of the cipher data.
*/
class CryptoMetadata
{
TypeInfo baseTypeInfo;
CekTableEntry cekTableEntry;
byte cipherAlgorithmId;
String cipherAlgorithmName;
SQLServerEncryptionType encryptionType;
byte normalizationRuleVersion;
SQLServerEncryptionAlgorithm cipherAlgorithm = null;
EncryptionKeyInfo encryptionKeyInfo;
short ordinal;
CekTableEntry getCekTableEntry() {
return cekTableEntry;
}
void setCekTableEntry(CekTableEntry cekTableEntryObj) {
cekTableEntry = cekTableEntryObj;
}
TypeInfo getBaseTypeInfo() {
return baseTypeInfo;
}
void setBaseTypeInfo(TypeInfo baseTypeInfoObj) {
baseTypeInfo = baseTypeInfoObj;
}
SQLServerEncryptionAlgorithm getEncryptionAlgorithm() {
return cipherAlgorithm;
}
void setEncryptionAlgorithm(SQLServerEncryptionAlgorithm encryptionAlgorithmObj) {
cipherAlgorithm = encryptionAlgorithmObj;
}
EncryptionKeyInfo getEncryptionKeyInfo() {
return encryptionKeyInfo;
}
void setEncryptionKeyInfo(EncryptionKeyInfo encryptionKeyInfoObj) {
encryptionKeyInfo = encryptionKeyInfoObj;
}
byte getEncryptionAlgorithmId() {
return cipherAlgorithmId;
}
String getEncryptionAlgorithmName() {
return cipherAlgorithmName;
}
SQLServerEncryptionType getEncryptionType() {
return encryptionType;
}
byte getNormalizationRuleVersion() {
return normalizationRuleVersion;
}
short getOrdinal() {
return ordinal;
}
CryptoMetadata(CekTableEntry cekTableEntryObj,
short ordinalVal,
byte cipherAlgorithmIdVal,
String cipherAlgorithmNameVal,
byte encryptionTypeVal,
byte normalizationRuleVersionVal) throws SQLServerException
{
cekTableEntry = cekTableEntryObj;
ordinal = ordinalVal;
cipherAlgorithmId = cipherAlgorithmIdVal;
cipherAlgorithmName = cipherAlgorithmNameVal;
encryptionType = SQLServerEncryptionType.of(encryptionTypeVal);
normalizationRuleVersion = normalizationRuleVersionVal;
encryptionKeyInfo = null;
}
boolean IsAlgorithmInitialized() {
return (null != cipherAlgorithm) ? true : false;
}
}
// Fields in the first resultset of "sp_describe_parameter_encryption"
// We expect the server to return the fields in the resultset in the same order as mentioned below.
// If the server changes the below order, then transparent parameter encryption will break.
enum DescribeParameterEncryptionResultSet1 {
KeyOrdinal,
DbId,
KeyId,
KeyVersion,
KeyMdVersion,
EncryptedKey,
ProviderName,
KeyPath,
KeyEncryptionAlgorithm;
private int value;
// Column indexing starts from 1;
static{
for (int i = 0; i < values().length; ++i)
{
values()[i].value = i + 1;
}
}
int value()
{
return value;
}
}
// Fields in the second resultset of "sp_describe_parameter_encryption"
// We expect the server to return the fields in the resultset in the same order as mentioned below.
// If the server changes the below order, then transparent parameter encryption will break.
enum DescribeParameterEncryptionResultSet2 {
ParameterOrdinal,
ParameterName,
ColumnEncryptionAlgorithm,
ColumnEncrytionType,
ColumnEncryptionKeyOrdinal,
NormalizationRuleVersion;
private int value;
// Column indexing starts from 1;
static{
for (int i = 0; i < values().length; ++i)
{
values()[i].value = i + 1;
}
}
int value()
{
return value;
}
}