Merge pull request #781 from david-puglielli/akv-verification-test-fix
Split akv verification tests to fix SSL issue
This commit is contained in:
commit
0861f06351
|
@ -174,7 +174,7 @@ const int SQL_SERVER_MAX_PRECISION = 38;
|
|||
const int SQL_SERVER_MAX_TYPE_SIZE = 0;
|
||||
const int SQL_SERVER_MAX_PARAMS = 2100;
|
||||
// increase the maximum message length to accommodate for the long error returned for operand type clash
|
||||
const int SQL_MAX_ERROR_MESSAGE_LENGTH = SQL_MAX_MESSAGE_LENGTH * 4;
|
||||
const int SQL_MAX_ERROR_MESSAGE_LENGTH = SQL_MAX_MESSAGE_LENGTH * 7;
|
||||
|
||||
// max size of a date time string when converting from a DateTime object to a string
|
||||
const int MAX_DATETIME_STRING_LEN = 256;
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
--TEST--
|
||||
Test client ID/secret credentials for Azure Key Vault for Always Encrypted.
|
||||
--SKIPIF--
|
||||
<?php require('skipif_mid-refactor.inc'); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
require_once('pdo_ae_azure_key_vault_common.php');
|
||||
|
||||
// The array of data types corresponding to $small_values in values.php.
|
||||
// SHORT_STRSIZE is defined in values.php as well.
|
||||
$dataTypes = array("char(".SHORT_STRSIZE.")", "varchar(".SHORT_STRSIZE.")", "nvarchar(".SHORT_STRSIZE.")",
|
||||
"decimal", "float", "real", "bigint", "int", "bit"
|
||||
);
|
||||
|
||||
$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
|
||||
|
||||
$connectionOptions .= ";ColumnEncryption=enabled";
|
||||
$connectionOptions .= ";KeyStoreAuthentication=KeyVaultClientSecret";
|
||||
$connectionOptions .= ";KeyStorePrincipalId=".$AKVClientID;
|
||||
$connectionOptions .= ";KeyStoreSecret=".$AKVSecret;
|
||||
$connectionOptions .= ";";
|
||||
|
||||
$tableName = "akv_comparison_table";
|
||||
|
||||
// Connect to the AE-enabled database, insert the data, and verify
|
||||
try {
|
||||
$conn = new PDO($connectionOptions, $uid, $pwd);
|
||||
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
|
||||
insertDataAndVerify($conn, $tableName, $dataTypes, $small_values);
|
||||
|
||||
echo "Successful insertion and retrieval with client ID/secret.\n";
|
||||
|
||||
unset($conn);
|
||||
} catch (Exception $e) {
|
||||
echo "Unexpected error.\n";
|
||||
print_r($e->errorInfo);
|
||||
}
|
||||
|
||||
?>
|
||||
--EXPECT--
|
||||
Successful insertion and retrieval with client ID/secret.
|
94
test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_common.php
Normal file
94
test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_common.php
Normal file
|
@ -0,0 +1,94 @@
|
|||
<?php
|
||||
require_once("MsCommon_mid-refactor.inc");
|
||||
require_once("MsSetup.inc");
|
||||
require_once('values.php');
|
||||
|
||||
// Set up the columns and build the insert query. Each data type has an
|
||||
// AE-encrypted and a non-encrypted column side by side in the table.
|
||||
// If column encryption is not set in MsSetup.inc, this function simply
|
||||
// creates two non-encrypted columns side-by-side for each type.
|
||||
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
|
||||
{
|
||||
$columns = array();
|
||||
$queryTypes = "(";
|
||||
$queryTypesAE = "(";
|
||||
$valuesString = "VALUES (";
|
||||
$numTypes = sizeof($dataTypes);
|
||||
|
||||
for ($i = 0; $i < $numTypes; ++$i) {
|
||||
// Replace parentheses for column names
|
||||
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
|
||||
$columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname."_AE", null, "deterministic", false);
|
||||
$columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname, null, "none", false);
|
||||
$queryTypes .= "c_"."$colname, ";
|
||||
$queryTypes .= "c_"."$colname"."_AE, ";
|
||||
$valuesString .= "?, ?, ";
|
||||
}
|
||||
|
||||
$queryTypes = substr($queryTypes, 0, -2).")";
|
||||
$valuesString = substr($valuesString, 0, -2).")";
|
||||
|
||||
$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
|
||||
}
|
||||
|
||||
// Create the table and insert the data, then retrieve it back and make
|
||||
// sure the encrypted and non-encrypted values are identical.
|
||||
function insertDataAndVerify($conn, $tableName, $dataTypes, $values)
|
||||
{
|
||||
$columns = array();
|
||||
$insertQuery = "";
|
||||
|
||||
// Generate the INSERT query
|
||||
formulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
|
||||
|
||||
createTable($conn, $tableName, $columns);
|
||||
|
||||
// Duplicate all values for insertion - one is encrypted, one is not
|
||||
$testValues = array();
|
||||
for ($n = 0; $n < sizeof($values); ++$n) {
|
||||
$testValues[] = $values[$n];
|
||||
$testValues[] = $values[$n];
|
||||
}
|
||||
|
||||
// Prepare the INSERT query
|
||||
// This is never expected to fail
|
||||
$stmt = $conn->prepare($insertQuery);
|
||||
if ($stmt == false) {
|
||||
print_r($conn->errorInfo());
|
||||
fatalError("sqlsrv_prepare failed\n");
|
||||
}
|
||||
|
||||
// Execute the INSERT query
|
||||
// This should not fail since our credentials are correct
|
||||
if ($stmt->execute($testValues) == false) {
|
||||
print_r($stmt->errorInfo());
|
||||
fatalError("INSERT query execution failed with good credentials.\n");
|
||||
} else {
|
||||
// Get the data back and compare encrypted and non-encrypted versions
|
||||
$selectQuery = "SELECT * FROM $tableName";
|
||||
|
||||
$stmt1 = $conn->query($selectQuery);
|
||||
|
||||
$data = $stmt1->fetchAll(PDO::FETCH_NUM);
|
||||
$data = $data[0];
|
||||
|
||||
if (sizeof($data) != 2*sizeof($dataTypes)) {
|
||||
fatalError("Incorrect number of fields returned.\n");
|
||||
}
|
||||
|
||||
for ($n = 0; $n < sizeof($data); $n += 2) {
|
||||
if ($data[$n] != $data[$n + 1]) {
|
||||
echo "Failed on field $n: ".$data[$n]." ".$data[$n + 1]."\n";
|
||||
fatalError("AE and non-AE values do not match.\n");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
unset($stmt);
|
||||
unset($stmt1);
|
||||
}
|
||||
|
||||
// Drop the table
|
||||
dropTable($conn, $tableName);
|
||||
}
|
||||
?>
|
|
@ -4,9 +4,7 @@ Test connection keywords for Azure Key Vault for Always Encrypted.
|
|||
<?php require('skipif_mid-refactor.inc'); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
require_once("MsCommon_mid-refactor.inc");
|
||||
require_once("MsSetup.inc");
|
||||
require_once('values.php');
|
||||
require_once('pdo_ae_azure_key_vault_common.php');
|
||||
|
||||
// We will test the direct product (set of all possible combinations) of the following
|
||||
$columnEncryption = ['enabled', 'disabled', 'notvalid', ''];
|
||||
|
@ -35,37 +33,9 @@ function checkErrors($errors, ...$codes)
|
|||
}
|
||||
}
|
||||
|
||||
// Set up the columns and build the insert query. Each data type has an
|
||||
// AE-encrypted and a non-encrypted column side by side in the table.
|
||||
// If column encryption is not set in MsSetup.inc, this function simply
|
||||
// creates two non-encrypted columns side-by-side for each type.
|
||||
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
|
||||
{
|
||||
$columns = array();
|
||||
$queryTypes = "(";
|
||||
$queryTypesAE = "(";
|
||||
$valuesString = "VALUES (";
|
||||
$numTypes = sizeof($dataTypes);
|
||||
|
||||
for ($i = 0; $i < $numTypes; ++$i) {
|
||||
// Replace parentheses for column names
|
||||
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
|
||||
$columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname."_AE", null, "deterministic", false);
|
||||
$columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname, null, "none", false);
|
||||
$queryTypes .= "c_"."$colname, ";
|
||||
$queryTypes .= "c_"."$colname"."_AE, ";
|
||||
$valuesString .= "?, ?, ";
|
||||
}
|
||||
|
||||
$queryTypes = substr($queryTypes, 0, -2).")";
|
||||
$valuesString = substr($valuesString, 0, -2).")";
|
||||
|
||||
$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
|
||||
}
|
||||
|
||||
$strsize = 64;
|
||||
|
||||
$dataTypes = array("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
|
||||
// The array of data types corresponding to $small_values in values.php.
|
||||
// SHORT_STRSIZE is defined in values.php as well.
|
||||
$dataTypes = array("char(".SHORT_STRSIZE.")", "varchar(".SHORT_STRSIZE.")", "nvarchar(".SHORT_STRSIZE.")",
|
||||
"decimal", "float", "real", "bigint", "int", "bit"
|
||||
);
|
||||
|
||||
|
@ -146,8 +116,9 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
|
|||
}
|
||||
}
|
||||
|
||||
// Free the statement and close the connection
|
||||
// Free the statement, drop the table, and close the connection
|
||||
unset($stmt);
|
||||
dropTable($conn, $tableName);
|
||||
unset($conn);
|
||||
} catch (Exception $e) {
|
||||
$errors = $e->errorInfo;
|
||||
|
@ -162,7 +133,7 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
|
|||
array('IMSSP', '-87'),
|
||||
array('IMSSP', '-88'),
|
||||
array('08001', '0'),
|
||||
array('08001', '-1') // SSL error occurs in Ubuntu
|
||||
array('08001', '-1') // SSL error occurs on some Linuxes
|
||||
);
|
||||
} else {
|
||||
checkErrors(
|
||||
|
@ -174,7 +145,7 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
|
|||
array('IMSSP', '-87'),
|
||||
array('IMSSP', '-88'),
|
||||
array('08001', '0'),
|
||||
array('08001', '-1'), // SSL error occurs in Ubuntu
|
||||
array('08001', '-1'), // SSL error occurs on some Linuxes
|
||||
array('22018', '206')
|
||||
);
|
||||
}
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
--TEST--
|
||||
Test username/password credentials for Azure Key Vault for Always Encrypted.
|
||||
--SKIPIF--
|
||||
<?php require('skipif_mid-refactor.inc'); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
require_once('pdo_ae_azure_key_vault_common.php');
|
||||
|
||||
// The array of data types corresponding to $small_values in values.php.
|
||||
// SHORT_STRSIZE is defined in values.php as well.
|
||||
$dataTypes = array("char(".SHORT_STRSIZE.")", "varchar(".SHORT_STRSIZE.")", "nvarchar(".SHORT_STRSIZE.")",
|
||||
"decimal", "float", "real", "bigint", "int", "bit"
|
||||
);
|
||||
|
||||
$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
|
||||
|
||||
$connectionOptions .= ";ColumnEncryption=enabled";
|
||||
$connectionOptions .= ";KeyStoreAuthentication=KeyVaultPassword";
|
||||
$connectionOptions .= ";KeyStorePrincipalId=".$AKVPrincipalName;
|
||||
$connectionOptions .= ";KeyStoreSecret=".$AKVPassword;
|
||||
$connectionOptions .= ";";
|
||||
|
||||
$tableName = "akv_comparison_table";
|
||||
|
||||
// Connect to the AE-enabled database, insert the data, and verify
|
||||
try {
|
||||
$conn = new PDO($connectionOptions, $uid, $pwd);
|
||||
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
|
||||
insertDataAndVerify($conn, $tableName, $dataTypes, $small_values);
|
||||
|
||||
echo "Successful insertion and retrieval with username/password.\n";
|
||||
|
||||
unset($conn);
|
||||
} catch (Exception $e) {
|
||||
echo "Unexpected error.\n";
|
||||
print_r($e->errorInfo);
|
||||
}
|
||||
|
||||
?>
|
||||
--EXPECT--
|
||||
Successful insertion and retrieval with username/password.
|
|
@ -1,207 +0,0 @@
|
|||
--TEST--
|
||||
Test credentials for Azure Key Vault for Always Encrypted.
|
||||
--SKIPIF--
|
||||
<?php require('skipif_mid-refactor.inc'); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
// TODO: Fix the test on Ubuntu - right now it produces a SSL error on Ubuntu
|
||||
// The following skips Ubuntu to prevent a test failure
|
||||
$is_ubuntu = php_uname('v');
|
||||
if (strpos($is_ubuntu, 'buntu') !== false) {
|
||||
echo "Skipping test on Ubuntu\n";
|
||||
exit();
|
||||
}
|
||||
|
||||
require_once("MsCommon_mid-refactor.inc");
|
||||
require_once("MsSetup.inc");
|
||||
require_once('values.php');
|
||||
|
||||
// Set up the columns and build the insert query. Each data type has an
|
||||
// AE-encrypted and a non-encrypted column side by side in the table.
|
||||
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
|
||||
{
|
||||
$columns = array();
|
||||
$queryTypes = "(";
|
||||
$queryTypesAE = "(";
|
||||
$valuesString = "VALUES (";
|
||||
$numTypes = sizeof($dataTypes);
|
||||
|
||||
for ($i = 0; $i < $numTypes; ++$i) {
|
||||
// Replace parentheses for column names
|
||||
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
|
||||
$columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname."_AE", null, "deterministic", false);
|
||||
$columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname, null, "none", false);
|
||||
$queryTypes .= "c_"."$colname, ";
|
||||
$queryTypes .= "c_"."$colname"."_AE, ";
|
||||
$valuesString .= "?, ?, ";
|
||||
}
|
||||
|
||||
$queryTypes = substr($queryTypes, 0, -2).")";
|
||||
$valuesString = substr($valuesString, 0, -2).")";
|
||||
|
||||
$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
|
||||
}
|
||||
|
||||
$strsize = 64;
|
||||
|
||||
$dataTypes = array("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
|
||||
"decimal", "float", "real", "bigint", "int", "bit"
|
||||
);
|
||||
|
||||
// Test data insertion and retrieval with username/password
|
||||
// and client Id/client secret combinations.
|
||||
$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
|
||||
|
||||
$connectionOptions .= ";ColumnEncryption=enabled";
|
||||
$connectionOptions .= ";KeyStoreAuthentication=KeyVaultPassword";
|
||||
$connectionOptions .= ";KeyStorePrincipalId=".$AKVPrincipalName;
|
||||
$connectionOptions .= ";KeyStoreSecret=".$AKVPassword;
|
||||
$connectionOptions .= ";";
|
||||
|
||||
$tableName = "akv_comparison_table";
|
||||
|
||||
try {
|
||||
// Connect to the AE-enabled database
|
||||
$conn = new PDO($connectionOptions, $uid, $pwd);
|
||||
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
|
||||
$columns = array();
|
||||
$insertQuery = "";
|
||||
|
||||
// Generate the INSERT query
|
||||
formulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
|
||||
|
||||
createTable($conn, $tableName, $columns);
|
||||
|
||||
// Duplicate all values for insertion - one is encrypted, one is not
|
||||
$testValues = array();
|
||||
for ($n = 0; $n < sizeof($small_values); ++$n) {
|
||||
$testValues[] = $small_values[$n];
|
||||
$testValues[] = $small_values[$n];
|
||||
}
|
||||
|
||||
// Prepare the INSERT query
|
||||
// This is never expected to fail
|
||||
$stmt = $conn->prepare($insertQuery);
|
||||
if ($stmt == false) {
|
||||
print_r($conn->errorInfo());
|
||||
fatalError("sqlsrv_prepare failed\n");
|
||||
}
|
||||
|
||||
// Execute the INSERT query
|
||||
// This should not fail since our credentials are correct
|
||||
if ($stmt->execute($testValues) == false) {
|
||||
print_r($stmt->errorInfo());
|
||||
fatalError("INSERT query execution failed with good credentials.\n");
|
||||
} else {
|
||||
// Get the data back and compare encrypted and non-encrypted versions
|
||||
$selectQuery = "SELECT * FROM $tableName";
|
||||
|
||||
$stmt1 = $conn->query($selectQuery);
|
||||
|
||||
$data = $stmt1->fetchAll(PDO::FETCH_NUM);
|
||||
$data = $data[0];
|
||||
|
||||
if (sizeof($data) != 2*sizeof($dataTypes)) {
|
||||
fatalError("Incorrect number of fields returned.\n");
|
||||
}
|
||||
|
||||
for ($n = 0; $n < sizeof($data); $n += 2) {
|
||||
if ($data[$n] != $data[$n + 1]) {
|
||||
echo "Failed on field $n: ".$data[$n]." ".$data[$n + 1]."\n";
|
||||
fatalError("AE and non-AE values do not match.\n");
|
||||
}
|
||||
}
|
||||
|
||||
echo "Successful insertion and retrieval with username/password.\n";
|
||||
|
||||
unset($stmt);
|
||||
unset($stmt1);
|
||||
}
|
||||
|
||||
// Free the statement and close the connection
|
||||
unset($stmt);
|
||||
unset($conn);
|
||||
} catch (Exception $e) {
|
||||
echo "Unexpected error.\n";
|
||||
print_r($e->errorInfo);
|
||||
}
|
||||
|
||||
$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
|
||||
|
||||
$connectionOptions .= ";ColumnEncryption=enabled";
|
||||
$connectionOptions .= ";KeyStoreAuthentication=KeyVaultClientSecret";
|
||||
$connectionOptions .= ";KeyStorePrincipalId=".$AKVClientID;
|
||||
$connectionOptions .= ";KeyStoreSecret=".$AKVSecret;
|
||||
$connectionOptions .= ";";
|
||||
|
||||
try {
|
||||
// Connect to the AE-enabled database
|
||||
$conn = new PDO($connectionOptions, $uid, $pwd);
|
||||
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
|
||||
$columns = array();
|
||||
$insertQuery = "";
|
||||
|
||||
// Generate the INSERT query
|
||||
formulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
|
||||
|
||||
createTable($conn, $tableName, $columns);
|
||||
|
||||
// Duplicate all values for insertion - one is encrypted, one is not
|
||||
$testValues = array();
|
||||
for ($n = 0; $n < sizeof($small_values); ++$n) {
|
||||
$testValues[] = $small_values[$n];
|
||||
$testValues[] = $small_values[$n];
|
||||
}
|
||||
|
||||
// Prepare the INSERT query
|
||||
// This is never expected to fail
|
||||
$stmt = $conn->prepare($insertQuery);
|
||||
if ($stmt == false) {
|
||||
print_r($conn->errorInfo());
|
||||
fatalError("sqlsrv_prepare failed\n");
|
||||
}
|
||||
|
||||
// Execute the INSERT query
|
||||
// This should not fail since our credentials are correct
|
||||
if ($stmt->execute($testValues) == false) {
|
||||
print_r($stmt->errorInfo());
|
||||
fatalError("INSERT query execution failed with good credentials.\n");
|
||||
} else {
|
||||
// Get the data back and compare encrypted and non-encrypted versions
|
||||
$selectQuery = "SELECT * FROM $tableName";
|
||||
|
||||
$stmt1 = $conn->query($selectQuery);
|
||||
|
||||
$data = $stmt1->fetchAll(PDO::FETCH_NUM);
|
||||
$data = $data[0];
|
||||
|
||||
if (sizeof($data) != 2*sizeof($dataTypes)) {
|
||||
fatalError("Incorrect number of fields returned.\n");
|
||||
}
|
||||
|
||||
for ($n = 0; $n < sizeof($data); $n += 2) {
|
||||
if ($data[$n] != $data[$n + 1]) {
|
||||
echo "Failed on field $n: ".$data[$n]." ".$data[$n + 1]."\n";
|
||||
fatalError("AE and non-AE values do not match.\n");
|
||||
}
|
||||
}
|
||||
|
||||
echo "Successful insertion and retrieval with client ID/secret.\n";
|
||||
|
||||
unset($stmt);
|
||||
unset($stmt1);
|
||||
}
|
||||
|
||||
// Free the statement and close the connection
|
||||
unset($stmt);
|
||||
unset($conn);
|
||||
} catch (Exception $e) {
|
||||
echo "Unexpected error.\n";
|
||||
print_r($e->errorInfo);
|
||||
}
|
||||
|
||||
?>
|
||||
--EXPECTREGEX--
|
||||
(Successful insertion and retrieval with username\/password\.\nSuccessful insertion and retrieval with client ID\/secret\.|Skipping test on Ubuntu)
|
|
@ -3,10 +3,12 @@
|
|||
// This file holds different data of many different types for testing
|
||||
// Always Encrypted. Currently, the tests that use this data are:
|
||||
// pdo__ae_azure_key_vault_keywords.phpt ($small_values)
|
||||
// pdo_ae_azure_key_vault_verification.phpt ($small_values)
|
||||
// pdo_ae_azure_key_vault_username_password.phpt ($small_values)
|
||||
// pdo_ae_azure_key_vault_client_secret.phpt ($small_values)
|
||||
// sqlsrv_ae_fetch_phptypes.phpt ($values)
|
||||
// sqlsrv_ae_azure_key_vault_keywords.phpt ($small_values)
|
||||
// sqlsrv_ae_azure_key_vault_verification.phpt ($small_values)
|
||||
// sqlsrv_ae_azure_key_vault_username_password.phpt ($small_values)
|
||||
// sqlsrv_ae_azure_key_vault_client_secret.phpt ($small_values)
|
||||
|
||||
$values = array();
|
||||
$values[] = array(array(("BA3EA123EA8FFF46A01"), null, SQLSRV_PHPTYPE_STRING(SQLSRV_ENC_CHAR), SQLSRV_SQLTYPE_BINARY(256)),
|
||||
|
@ -786,6 +788,10 @@ $values[] = array(array(("C0A0B025C680B0A23D7885F7C203AD211F679679F97F910F0F1A36
|
|||
null,
|
||||
);
|
||||
|
||||
// For the $small_values array, the string size of 64 is large enough
|
||||
// to hold every string value.
|
||||
const SHORT_STRSIZE = 64;
|
||||
|
||||
// The bigint field must be inserted as a string to maintain accuracy
|
||||
$small_values = array("qwerty",
|
||||
"wertyu",
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
--TEST--
|
||||
Test client ID/secret credentials for Azure Key Vault for Always Encrypted.
|
||||
--SKIPIF--
|
||||
<?php require('skipif_versions_old.inc'); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
require_once('sqlsrv_ae_azure_key_vault_common.php');
|
||||
|
||||
// The array of data types corresponding to $small_values in values.php.
|
||||
// SHORT_STRSIZE is defined in values.php as well.
|
||||
$dataTypes = array("char(".SHORT_STRSIZE.")", "varchar(".SHORT_STRSIZE.")", "nvarchar(".SHORT_STRSIZE.")",
|
||||
"decimal", "float", "real", "bigint", "int", "bit"
|
||||
);
|
||||
|
||||
// Test data insertion and retrieval with username/password
|
||||
// and client Id/client secret combinations.
|
||||
$connectionOptions = array("CharacterSet"=>"UTF-8",
|
||||
"database"=>$databaseName,
|
||||
"uid"=>$uid,
|
||||
"pwd"=>$pwd,
|
||||
"ConnectionPooling"=>0);
|
||||
|
||||
$connectionOptions['ColumnEncryption'] = "enabled";
|
||||
$connectionOptions['KeyStoreAuthentication'] = "KeyVaultClientSecret";
|
||||
$connectionOptions['KeyStorePrincipalId'] = $AKVClientID;
|
||||
$connectionOptions['KeyStoreSecret'] = $AKVSecret;
|
||||
|
||||
$tableName = "akv_comparison_table";
|
||||
|
||||
// Connect to the AE-enabled database, insert the data, and verify
|
||||
$conn = sqlsrv_connect($server, $connectionOptions);
|
||||
if (!$conn) {
|
||||
$errors = sqlsrv_errors();
|
||||
fatalError("Connection failed while testing good credentials.\n");
|
||||
} else {
|
||||
insertDataAndVerify($conn, $tableName, $dataTypes, $small_values);
|
||||
|
||||
echo "Successful insertion and retrieval with client ID/secret.\n";
|
||||
|
||||
sqlsrv_close($conn);
|
||||
}
|
||||
|
||||
?>
|
||||
--EXPECT--
|
||||
Successful insertion and retrieval with client ID/secret.
|
93
test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_common.php
Normal file
93
test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_common.php
Normal file
|
@ -0,0 +1,93 @@
|
|||
<?php
|
||||
require_once('MsCommon.inc');
|
||||
require_once('values.php');
|
||||
|
||||
// Set up the columns and build the insert query. Each data type has an
|
||||
// AE-encrypted and a non-encrypted column side by side in the table.
|
||||
// If column encryption is not set in MsSetup.inc, this function simply
|
||||
// creates two non-encrypted columns side-by-side for each type.
|
||||
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
|
||||
{
|
||||
$columns = array();
|
||||
$queryTypes = "(";
|
||||
$queryTypesAE = "(";
|
||||
$valuesString = "VALUES (";
|
||||
$numTypes = sizeof($dataTypes);
|
||||
|
||||
for ($i = 0; $i < $numTypes; ++$i) {
|
||||
// Replace parentheses for column names
|
||||
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
|
||||
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE");
|
||||
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname, null, true, true);
|
||||
$queryTypes .= "c_"."$colname, ";
|
||||
$queryTypes .= "c_"."$colname"."_AE, ";
|
||||
$valuesString .= "?, ?, ";
|
||||
}
|
||||
|
||||
$queryTypes = substr($queryTypes, 0, -2).")";
|
||||
$valuesString = substr($valuesString, 0, -2).")";
|
||||
|
||||
$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
|
||||
}
|
||||
|
||||
// Create the table and insert the data, then retrieve it back and make
|
||||
// sure the encrypted and non-encrypted values are identical.
|
||||
function insertDataAndVerify($conn, $tableName, $dataTypes, $values)
|
||||
{
|
||||
$columns = array();
|
||||
$insertQuery = "";
|
||||
|
||||
// Generate the INSERT query
|
||||
formulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
|
||||
|
||||
$stmt = AE\createTable($conn, $tableName, $columns);
|
||||
if (!$stmt) {
|
||||
fatalError("Failed to create table $tableName\n");
|
||||
}
|
||||
|
||||
// Duplicate all values for insertion - one is encrypted, one is not
|
||||
$testValues = array();
|
||||
for ($n = 0; $n < sizeof($values); ++$n) {
|
||||
$testValues[] = $values[$n];
|
||||
$testValues[] = $values[$n];
|
||||
}
|
||||
|
||||
// Prepare the INSERT query
|
||||
// This is never expected to fail
|
||||
$stmt = sqlsrv_prepare($conn, $insertQuery, $testValues);
|
||||
if ($stmt == false) {
|
||||
print_r(sqlsrv_errors());
|
||||
fatalError("sqlsrv_prepare failed\n");
|
||||
}
|
||||
|
||||
// Execute the INSERT query
|
||||
// This should not fail since our credentials are correct
|
||||
if (sqlsrv_execute($stmt) == false) {
|
||||
$errors = sqlsrv_errors();
|
||||
fatalError("INSERT query execution failed with good credentials.\n");
|
||||
} else {
|
||||
// Get the data back and compare encrypted and non-encrypted versions
|
||||
$selectQuery = "SELECT * FROM $tableName";
|
||||
|
||||
$stmt1 = sqlsrv_query($conn, $selectQuery);
|
||||
$data = sqlsrv_fetch_array($stmt1, SQLSRV_FETCH_NUMERIC);
|
||||
|
||||
if (sizeof($data) != 2*sizeof($dataTypes)) {
|
||||
fatalError("Incorrect number of fields returned.\n");
|
||||
}
|
||||
|
||||
for ($n = 0; $n < sizeof($data); $n += 2) {
|
||||
if ($data[$n] != $data[$n + 1]) {
|
||||
echo "Failed on field $n: ".$data[$n]." ".$data[$n + 1]."\n";
|
||||
fatalError("AE and non-AE values do not match.\n");
|
||||
}
|
||||
}
|
||||
|
||||
sqlsrv_free_stmt($stmt);
|
||||
sqlsrv_free_stmt($stmt1);
|
||||
}
|
||||
|
||||
// Drop the table
|
||||
dropTable($conn, $tableName);
|
||||
}
|
||||
?>
|
|
@ -4,8 +4,7 @@ Test connection keywords for Azure Key Vault for Always Encrypted.
|
|||
<?php require('skipif_versions_old.inc'); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
require_once('MsCommon.inc');
|
||||
require_once('values.php');
|
||||
require_once('sqlsrv_ae_azure_key_vault_common.php');
|
||||
|
||||
// We will test the direct product (set of all possible combinations) of the following
|
||||
$columnEncryption = ['enabled', 'disabled', 'notvalid', ''];
|
||||
|
@ -13,8 +12,6 @@ $keyStoreAuthentication = ['KeyVaultPassword', 'KeyVaultClientSecret', 'KeyVault
|
|||
$keyStorePrincipalId = [$AKVPrincipalName, $AKVClientID, 'notaname', ''];
|
||||
$keyStoreSecret = [$AKVPassword, $AKVSecret, 'notasecret', ''];
|
||||
|
||||
$is_win = (strtoupper(substr(php_uname('s'), 0, 3)) === 'WIN');
|
||||
|
||||
function checkErrors($errors, ...$codes)
|
||||
{
|
||||
$codeFound = false;
|
||||
|
@ -35,35 +32,9 @@ function checkErrors($errors, ...$codes)
|
|||
}
|
||||
}
|
||||
|
||||
// Set up the columns and build the insert query. Each data type has an
|
||||
// AE-encrypted and a non-encrypted column side by side in the table.
|
||||
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
|
||||
{
|
||||
$columns = array();
|
||||
$queryTypes = "(";
|
||||
$queryTypesAE = "(";
|
||||
$valuesString = "VALUES (";
|
||||
$numTypes = sizeof($dataTypes);
|
||||
|
||||
for ($i = 0; $i < $numTypes; ++$i) {
|
||||
// Replace parentheses for column names
|
||||
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
|
||||
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE");
|
||||
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname, null, true, true);
|
||||
$queryTypes .= "c_"."$colname, ";
|
||||
$queryTypes .= "c_"."$colname"."_AE, ";
|
||||
$valuesString .= "?, ?, ";
|
||||
}
|
||||
|
||||
$queryTypes = substr($queryTypes, 0, -2).")";
|
||||
$valuesString = substr($valuesString, 0, -2).")";
|
||||
|
||||
$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
|
||||
}
|
||||
|
||||
$strsize = 64;
|
||||
|
||||
$dataTypes = array("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
|
||||
// The array of data types corresponding to $small_values in values.php.
|
||||
// SHORT_STRSIZE is defined in values.php as well.
|
||||
$dataTypes = array("char(".SHORT_STRSIZE.")", "varchar(".SHORT_STRSIZE.")", "nvarchar(".SHORT_STRSIZE.")",
|
||||
"decimal", "float", "real", "bigint", "int", "bit"
|
||||
);
|
||||
|
||||
|
@ -114,7 +85,7 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
|
|||
checkErrors(
|
||||
$errors,
|
||||
array('08001','0'),
|
||||
array('08001','-1'), // SSL error occurs in Ubuntu
|
||||
array('08001','-1'), // SSL error on some Linuxes
|
||||
array('IMSSP','-110'),
|
||||
array('IMSSP','-111'),
|
||||
array('IMSSP','-112'),
|
||||
|
@ -176,7 +147,8 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
|
|||
}
|
||||
}
|
||||
|
||||
// Free the statement and close the connection
|
||||
// Drop the table and close the connection
|
||||
dropTable($conn, $tableName);
|
||||
sqlsrv_close($conn);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
--TEST--
|
||||
Test username/password credentials for Azure Key Vault for Always Encrypted.
|
||||
--SKIPIF--
|
||||
<?php require('skipif_versions_old.inc'); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
require_once('sqlsrv_ae_azure_key_vault_common.php');
|
||||
|
||||
// The array of data types corresponding to $small_values in values.php.
|
||||
// SHORT_STRSIZE is defined in values.php as well.
|
||||
$dataTypes = array("char(".SHORT_STRSIZE.")", "varchar(".SHORT_STRSIZE.")", "nvarchar(".SHORT_STRSIZE.")",
|
||||
"decimal", "float", "real", "bigint", "int", "bit"
|
||||
);
|
||||
|
||||
// Test data insertion and retrieval with username/password
|
||||
// and client Id/client secret combinations.
|
||||
$connectionOptions = array("CharacterSet"=>"UTF-8",
|
||||
"database"=>$databaseName,
|
||||
"uid"=>$uid,
|
||||
"pwd"=>$pwd,
|
||||
"ConnectionPooling"=>0);
|
||||
|
||||
$connectionOptions['ColumnEncryption'] = "enabled";
|
||||
$connectionOptions['KeyStoreAuthentication'] = "KeyVaultPassword";
|
||||
$connectionOptions['KeyStorePrincipalId'] = $AKVPrincipalName;
|
||||
$connectionOptions['KeyStoreSecret'] = $AKVPassword;
|
||||
|
||||
$tableName = "akv_comparison_table";
|
||||
|
||||
// Connect to the AE-enabled database, insert the data, and verify
|
||||
$conn = sqlsrv_connect($server, $connectionOptions);
|
||||
if (!$conn) {
|
||||
$errors = sqlsrv_errors();
|
||||
fatalError("Connection failed while testing good credentials.\n");
|
||||
} else {
|
||||
insertDataAndVerify($conn, $tableName, $dataTypes, $small_values);
|
||||
|
||||
echo "Successful insertion and retrieval with username/password.\n";
|
||||
|
||||
sqlsrv_close($conn);
|
||||
}
|
||||
|
||||
?>
|
||||
--EXPECT--
|
||||
Successful insertion and retrieval with username/password.
|
|
@ -1,203 +0,0 @@
|
|||
--TEST--
|
||||
Test credentials for Azure Key Vault for Always Encrypted.
|
||||
--SKIPIF--
|
||||
<?php require('skipif_versions_old.inc'); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
// TODO: Fix the test on Ubuntu - right now it produces a SSL error on Ubuntu
|
||||
// The following skips Ubuntu to prevent a test failure
|
||||
$is_ubuntu = php_uname('v');
|
||||
if (strpos($is_ubuntu, 'buntu') !== false)
|
||||
{
|
||||
echo "Skipping test on Ubuntu\n";
|
||||
exit();
|
||||
}
|
||||
|
||||
require_once('MsCommon.inc');
|
||||
require_once('values.php');
|
||||
|
||||
// Set up the columns and build the insert query. Each data type has an
|
||||
// AE-encrypted and a non-encrypted column side by side in the table.
|
||||
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
|
||||
{
|
||||
$columns = array();
|
||||
$queryTypes = "(";
|
||||
$queryTypesAE = "(";
|
||||
$valuesString = "VALUES (";
|
||||
$numTypes = sizeof($dataTypes);
|
||||
|
||||
for ($i = 0; $i < $numTypes; ++$i) {
|
||||
// Replace parentheses for column names
|
||||
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
|
||||
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE");
|
||||
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname, null, true, true);
|
||||
$queryTypes .= "c_"."$colname, ";
|
||||
$queryTypes .= "c_"."$colname"."_AE, ";
|
||||
$valuesString .= "?, ?, ";
|
||||
}
|
||||
|
||||
$queryTypes = substr($queryTypes, 0, -2).")";
|
||||
$valuesString = substr($valuesString, 0, -2).")";
|
||||
|
||||
$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
|
||||
}
|
||||
|
||||
$strsize = 64;
|
||||
|
||||
$dataTypes = array ("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
|
||||
"decimal", "float", "real", "bigint", "int", "bit"
|
||||
);
|
||||
|
||||
// Test data insertion and retrieval with username/password
|
||||
// and client Id/client secret combinations.
|
||||
$connectionOptions = array("CharacterSet"=>"UTF-8",
|
||||
"database"=>$databaseName,
|
||||
"uid"=>$uid,
|
||||
"pwd"=>$pwd,
|
||||
"ConnectionPooling"=>0);
|
||||
|
||||
$connectionOptions['ColumnEncryption'] = "enabled";
|
||||
$connectionOptions['KeyStoreAuthentication'] = "KeyVaultPassword";
|
||||
$connectionOptions['KeyStorePrincipalId'] = $AKVPrincipalName;
|
||||
$connectionOptions['KeyStoreSecret'] = $AKVPassword;
|
||||
|
||||
$tableName = "akv_comparison_table";
|
||||
|
||||
// Connect to the AE-enabled database
|
||||
$conn = sqlsrv_connect($server, $connectionOptions);
|
||||
if (!$conn) {
|
||||
$errors = sqlsrv_errors();
|
||||
fatalError("Connection failed while testing good credentials.\n");
|
||||
} else {
|
||||
$columns = array();
|
||||
$insertQuery = "";
|
||||
|
||||
// Generate the INSERT query
|
||||
formulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
|
||||
|
||||
$stmt = AE\createTable($conn, $tableName, $columns);
|
||||
if (!$stmt) {
|
||||
fatalError("Failed to create table $tableName\n");
|
||||
}
|
||||
|
||||
// Duplicate all values for insertion - one is encrypted, one is not
|
||||
$testValues = array();
|
||||
for ($n = 0; $n < sizeof($small_values); ++$n) {
|
||||
$testValues[] = $small_values[$n];
|
||||
$testValues[] = $small_values[$n];
|
||||
}
|
||||
|
||||
// Prepare the INSERT query
|
||||
// This is never expected to fail
|
||||
$stmt = sqlsrv_prepare($conn, $insertQuery, $testValues);
|
||||
if ($stmt == false) {
|
||||
print_r(sqlsrv_errors());
|
||||
fatalError("sqlsrv_prepare failed\n");
|
||||
}
|
||||
|
||||
// Execute the INSERT query
|
||||
// This should not fail since our credentials are correct
|
||||
if (sqlsrv_execute($stmt) == false) {
|
||||
$errors = sqlsrv_errors();
|
||||
fatalError("INSERT query failed with good credentials.\n");
|
||||
} else {
|
||||
// Get the data back and compare encrypted and non-encrypted versions
|
||||
$selectQuery = "SELECT * FROM $tableName";
|
||||
|
||||
$stmt1 = sqlsrv_query($conn, $selectQuery);
|
||||
$data = sqlsrv_fetch_array($stmt1, SQLSRV_FETCH_NUMERIC);
|
||||
|
||||
if (sizeof($data) != 2*sizeof($dataTypes)) {
|
||||
fatalError("Incorrect number of fields returned.\n");
|
||||
}
|
||||
|
||||
for ($n = 0; $n < sizeof($data); $n += 2) {
|
||||
if ($data[$n] != $data[$n + 1]) {
|
||||
echo "Failed on field $n: ".$data[$n]." ".$data[$n + 1]."\n";
|
||||
fatalError("AE and non-AE values do not match.\n");
|
||||
}
|
||||
}
|
||||
|
||||
echo "Successful insertion and retrieval with username/password.\n";
|
||||
|
||||
sqlsrv_free_stmt($stmt);
|
||||
sqlsrv_free_stmt($stmt1);
|
||||
}
|
||||
|
||||
// Free the statement and close the connection
|
||||
sqlsrv_close($conn);
|
||||
}
|
||||
|
||||
$connectionOptions['ColumnEncryption'] = "enabled";
|
||||
$connectionOptions['KeyStoreAuthentication'] = "KeyVaultClientSecret";
|
||||
$connectionOptions['KeyStorePrincipalId'] = $AKVClientID;
|
||||
$connectionOptions['KeyStoreSecret'] = $AKVSecret;
|
||||
|
||||
// Connect to the AE-enabled database
|
||||
$conn = sqlsrv_connect($server, $connectionOptions);
|
||||
if (!$conn) {
|
||||
$errors = sqlsrv_errors();
|
||||
fatalError("Connection failed while testing good credentials.\n");
|
||||
} else {
|
||||
$columns = array();
|
||||
$insertQuery = "";
|
||||
|
||||
// Generate the INSERT query
|
||||
formulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
|
||||
|
||||
$stmt = AE\createTable($conn, $tableName, $columns);
|
||||
if (!$stmt) {
|
||||
fatalError("Failed to create table $tableName\n");
|
||||
}
|
||||
|
||||
// Duplicate all values for insertion - one is encrypted, one is not
|
||||
$testValues = array();
|
||||
for ($n = 0; $n < sizeof($small_values); ++$n) {
|
||||
$testValues[] = $small_values[$n];
|
||||
$testValues[] = $small_values[$n];
|
||||
}
|
||||
|
||||
// Prepare the INSERT query
|
||||
// This is never expected to fail
|
||||
$stmt = sqlsrv_prepare($conn, $insertQuery, $testValues);
|
||||
if ($stmt == false) {
|
||||
print_r(sqlsrv_errors());
|
||||
fatalError("sqlsrv_prepare failed\n");
|
||||
}
|
||||
|
||||
// Execute the INSERT query
|
||||
// This should not fail since our credentials are correct
|
||||
if (sqlsrv_execute($stmt) == false) {
|
||||
$errors = sqlsrv_errors();
|
||||
fatalError("INSERT query execution failed with good credentials.\n");
|
||||
} else {
|
||||
// Get the data back and compare encrypted and non-encrypted versions
|
||||
$selectQuery = "SELECT * FROM $tableName";
|
||||
|
||||
$stmt1 = sqlsrv_query($conn, $selectQuery);
|
||||
$data = sqlsrv_fetch_array($stmt1, SQLSRV_FETCH_NUMERIC);
|
||||
|
||||
if (sizeof($data) != 2*sizeof($dataTypes)) {
|
||||
fatalError("Incorrect number of fields returned.\n");
|
||||
}
|
||||
|
||||
for ($n = 0; $n < sizeof($data); $n += 2) {
|
||||
if ($data[$n] != $data[$n + 1]) {
|
||||
echo "Failed on field $n: ".$data[$n]." ".$data[$n + 1]."\n";
|
||||
fatalError("AE and non-AE values do not match.\n");
|
||||
}
|
||||
}
|
||||
|
||||
echo "Successful insertion and retrieval with client ID/secret.\n";
|
||||
|
||||
sqlsrv_free_stmt($stmt);
|
||||
sqlsrv_free_stmt($stmt1);
|
||||
}
|
||||
|
||||
// Free the statement and close the connection
|
||||
sqlsrv_close($conn);
|
||||
}
|
||||
|
||||
?>
|
||||
--EXPECTREGEX--
|
||||
(Successful insertion and retrieval with username\/password\.\nSuccessful insertion and retrieval with client ID\/secret\.|Skipping test on Ubuntu)
|
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue