コード例 #1
0
ファイル: AKVUnitTests.cs プロジェクト: vikas304/SqlClient 
        public static void TokenCredentialTest()
        {
            ClientSecretCredential clientSecretCredential        = new ClientSecretCredential(DataTestUtility.AKVTenantId, DataTestUtility.AKVClientId, DataTestUtility.AKVClientSecret);
            SqlColumnEncryptionAzureKeyVaultProvider akvProvider = new SqlColumnEncryptionAzureKeyVaultProvider(clientSecretCredential);

            byte[] encryptedCek = akvProvider.EncryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, s_columnEncryptionKey);
            byte[] decryptedCek = akvProvider.DecryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, encryptedCek);

            Assert.Equal(s_columnEncryptionKey, decryptedCek);
        }
コード例 #2
0
ファイル: AKVUnitTests.cs プロジェクト: vikas304/SqlClient 
        public static void LegacyAuthenticationCallbackTest()
        {
            // SqlClientCustomTokenCredential implements legacy authentication callback to request access token at client-side.
            SqlColumnEncryptionAzureKeyVaultProvider akvProvider = new SqlColumnEncryptionAzureKeyVaultProvider(new SqlClientCustomTokenCredential());

            byte[] encryptedCek = akvProvider.EncryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, s_columnEncryptionKey);
            byte[] decryptedCek = akvProvider.DecryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, encryptedCek);

            Assert.Equal(s_columnEncryptionKey, decryptedCek);
        }
コード例 #3
0
ファイル: AKVUnitTests.cs プロジェクト: vikas304/SqlClient 
        public static void ThrowWhenUrlHasLessThanThreeSegments()
        {
            SqlColumnEncryptionAzureKeyVaultProvider azureKeyProvider = new SqlColumnEncryptionAzureKeyVaultProvider(new SqlClientCustomTokenCredential());
            string    invalidKeyPath = "https://my-key-vault.vault.azure.net/keys";
            Exception ex1            = Assert.Throws <ArgumentException>(() => azureKeyProvider.EncryptColumnEncryptionKey(invalidKeyPath, EncryptionAlgorithm, s_columnEncryptionKey));

            Assert.Contains($"Invalid url specified: '{invalidKeyPath}'", ex1.Message);
            Exception ex2 = Assert.Throws <ArgumentException>(() => azureKeyProvider.DecryptColumnEncryptionKey(invalidKeyPath, EncryptionAlgorithm, s_columnEncryptionKey));

            Assert.Contains($"Invalid url specified: '{invalidKeyPath}'", ex2.Message);
        }
コード例 #4
0
        public void IsCompatibleWithProviderUsingLegacyClient()
        {
            AzureKeyVaultKeyStoreProvider            newAkvProvider = new AzureKeyVaultKeyStoreProvider(new ClientSecretCredential(tenantId, clientId, clientSecret));
            SqlColumnEncryptionAzureKeyVaultProvider oldAkvProvider = new SqlColumnEncryptionAzureKeyVaultProvider(AzureActiveDirectoryAuthenticationCallback);

            byte[] encryptedCekWithNewProvider = newAkvProvider.WrapKey(keyEncryptionKeyPath, EncryptionAlgorithm, ColumnEncryptionKey);
            byte[] decryptedCekWithOldProvider = oldAkvProvider.DecryptColumnEncryptionKey(keyEncryptionKeyPath, EncryptionAlgorithm.ToString(), encryptedCekWithNewProvider);
            Assert.Equal(ColumnEncryptionKey, decryptedCekWithOldProvider);

            byte[] encryptedCekWithOldProvider = oldAkvProvider.EncryptColumnEncryptionKey(keyEncryptionKeyPath, EncryptionAlgorithm.ToString(), ColumnEncryptionKey);
            byte[] decryptedCekWithNewProvider = newAkvProvider.UnwrapKey(keyEncryptionKeyPath, EncryptionAlgorithm, encryptedCekWithOldProvider);
            Assert.Equal(ColumnEncryptionKey, decryptedCekWithNewProvider);
        }
コード例 #5
0
        public static void TokenCredentialTest()
        {
            Guid activityId = Trace.CorrelationManager.ActivityId = Guid.NewGuid();

            using DataTestUtility.AKVEventListener AKVListener = new();

            ClientSecretCredential clientSecretCredential        = new ClientSecretCredential(DataTestUtility.AKVTenantId, DataTestUtility.AKVClientId, DataTestUtility.AKVClientSecret);
            SqlColumnEncryptionAzureKeyVaultProvider akvProvider = new SqlColumnEncryptionAzureKeyVaultProvider(clientSecretCredential);

            byte[] encryptedCek = akvProvider.EncryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, s_columnEncryptionKey);
            byte[] decryptedCek = akvProvider.DecryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, encryptedCek);

            Assert.Equal(s_columnEncryptionKey, decryptedCek);
            ValidateAKVTraces(AKVListener.EventData, activityId);
        }
コード例 #6
0
        public static void LegacyAuthenticationCallbackTest()
        {
            Guid activityId = Trace.CorrelationManager.ActivityId = Guid.NewGuid();

            using DataTestUtility.AKVEventListener AKVListener = new();

            // SqlClientCustomTokenCredential implements legacy authentication callback to request access token at client-side.
            SqlColumnEncryptionAzureKeyVaultProvider akvProvider = new SqlColumnEncryptionAzureKeyVaultProvider(new SqlClientCustomTokenCredential());

            byte[] encryptedCek = akvProvider.EncryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, s_columnEncryptionKey);
            byte[] decryptedCek = akvProvider.DecryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, encryptedCek);

            Assert.Equal(s_columnEncryptionKey, decryptedCek);
            ValidateAKVTraces(AKVListener.EventData, activityId);
        }
コード例 #7
0
ファイル: AKVUnitTests.cs プロジェクト: vikas304/SqlClient 
        public static void TokenCredentialRotationTest()
        {
            // SqlClientCustomTokenCredential implements a legacy authentication callback to request the access token from the client-side.
            SqlColumnEncryptionAzureKeyVaultProvider oldAkvProvider = new SqlColumnEncryptionAzureKeyVaultProvider(new SqlClientCustomTokenCredential());

            ClientSecretCredential clientSecretCredential           = new ClientSecretCredential(DataTestUtility.AKVTenantId, DataTestUtility.AKVClientId, DataTestUtility.AKVClientSecret);
            SqlColumnEncryptionAzureKeyVaultProvider newAkvProvider = new SqlColumnEncryptionAzureKeyVaultProvider(clientSecretCredential);

            byte[] encryptedCekWithNewProvider = newAkvProvider.EncryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, s_columnEncryptionKey);
            byte[] decryptedCekWithOldProvider = oldAkvProvider.DecryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, encryptedCekWithNewProvider);
            Assert.Equal(s_columnEncryptionKey, decryptedCekWithOldProvider);

            byte[] encryptedCekWithOldProvider = oldAkvProvider.EncryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, s_columnEncryptionKey);
            byte[] decryptedCekWithNewProvider = newAkvProvider.DecryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, encryptedCekWithOldProvider);
            Assert.Equal(s_columnEncryptionKey, decryptedCekWithNewProvider);
        }
コード例 #8
0
        public static void CekCacheShouldBeDisabledWhenCustomProviderIsRegisteredGlobally()
        {
            if (SQLSetupStrategyAzureKeyVault.IsAKVProviderRegistered)
            {
                SqlConnection conn             = new();
                FieldInfo     globalCacheField = conn.GetType().GetField(
                    "s_globalCustomColumnEncryptionKeyStoreProviders", BindingFlags.Static | BindingFlags.NonPublic);
                IReadOnlyDictionary <string, SqlColumnEncryptionKeyStoreProvider> globalProviders =
                    globalCacheField.GetValue(conn) as IReadOnlyDictionary <string, SqlColumnEncryptionKeyStoreProvider>;

                SqlColumnEncryptionAzureKeyVaultProvider akvProviderInGlobalCache =
                    globalProviders["AZURE_KEY_VAULT"] as SqlColumnEncryptionAzureKeyVaultProvider;
                byte[] plaintextKey = { 1, 2, 3 };
                byte[] encryptedKey = akvProviderInGlobalCache.EncryptColumnEncryptionKey(DataTestUtility.AKVUrl, "RSA_OAEP", plaintextKey);

                akvProviderInGlobalCache.DecryptColumnEncryptionKey(DataTestUtility.AKVUrl, "RSA_OAEP", encryptedKey);
                Assert.Equal(0, GetCacheCount(cekCacheName, akvProviderInGlobalCache));
            }
        }
コード例 #9
0
        public static void TokenCredentialRotationTest()
        {
            Guid activityId = Trace.CorrelationManager.ActivityId = Guid.NewGuid();

            using DataTestUtility.AKVEventListener AKVListener = new();

            // SqlClientCustomTokenCredential implements a legacy authentication callback to request the access token from the client-side.
            SqlColumnEncryptionAzureKeyVaultProvider oldAkvProvider = new SqlColumnEncryptionAzureKeyVaultProvider(new SqlClientCustomTokenCredential());

            ClientSecretCredential clientSecretCredential           = new ClientSecretCredential(DataTestUtility.AKVTenantId, DataTestUtility.AKVClientId, DataTestUtility.AKVClientSecret);
            SqlColumnEncryptionAzureKeyVaultProvider newAkvProvider = new SqlColumnEncryptionAzureKeyVaultProvider(clientSecretCredential);

            byte[] encryptedCekWithNewProvider = newAkvProvider.EncryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, s_columnEncryptionKey);
            byte[] decryptedCekWithOldProvider = oldAkvProvider.DecryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, encryptedCekWithNewProvider);
            Assert.Equal(s_columnEncryptionKey, decryptedCekWithOldProvider);

            byte[] encryptedCekWithOldProvider = oldAkvProvider.EncryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, s_columnEncryptionKey);
            byte[] decryptedCekWithNewProvider = newAkvProvider.DecryptColumnEncryptionKey(DataTestUtility.AKVUrl, EncryptionAlgorithm, encryptedCekWithOldProvider);
            Assert.Equal(s_columnEncryptionKey, decryptedCekWithNewProvider);

            ValidateAKVTraces(AKVListener.EventData, activityId);
        }