From 0fe5172651f78bfc0d5c10675153e1766b82161a Mon Sep 17 00:00:00 2001
From: v-kaywon <v-kaywon@microsoft.com>
Date: Mon, 24 Jul 2017 13:33:52 -0700
Subject: [PATCH] import certificate and generate CMK and CEK using tsql, no
 long depends on SSMS

---
 test/functional/setup/PHPcert.pfx             | Bin 0 -> 2574 bytes
 test/functional/setup/ae_keys.sql             |  38 ++++++++
 test/functional/setup/certificate.ps1         |  37 --------
 test/functional/setup/setup_dbs.py            |   9 +-
 test/functional/sqlsrv/AEData.inc             |  84 ------------------
 .../sqlsrv/sqlsrv_fetch_ae_int.phpt           |  60 -------------
 .../functional/sqlsrv/test_ae_keys_setup.phpt |  32 +++++++
 7 files changed, 76 insertions(+), 184 deletions(-)
 create mode 100644 test/functional/setup/PHPcert.pfx
 create mode 100644 test/functional/setup/ae_keys.sql
 delete mode 100644 test/functional/setup/certificate.ps1
 delete mode 100644 test/functional/sqlsrv/AEData.inc
 delete mode 100644 test/functional/sqlsrv/sqlsrv_fetch_ae_int.phpt
 create mode 100644 test/functional/sqlsrv/test_ae_keys_setup.phpt

diff --git a/test/functional/setup/PHPcert.pfx b/test/functional/setup/PHPcert.pfx
new file mode 100644
index 0000000000000000000000000000000000000000..742a217c88350cbd0e8eab87409de9c9235b0dbf
GIT binary patch
literal 2574
zcmZXUcU05a632fDAxQ7iq%BAl4Iw}zp?9UXU8Jgns$zly(g{TcL4goZP<n4l7Z8>v
z3rNcvq)M*>p|eysdfwYT@4R!*+?n~z_s+fl+=1a47{DMJ7@qzklwKy<Ao_qAL<h>m
z)7L@p^i@<`0mDOq|0&UKLGZNeFg)!F)fS+P|2f6P00L*?A!jf=<Op^F%J5%IZO#HY
z*TSpMeuTbP0S40zLhz808$0y#b~chP@(cbD>%M1|i<#=VtD%(L;ZKowY)!sTM4=NG
z=G|)2*5{D1I|(5b1Dq7xkqElrfFzjGiFK~;azfn!=~ZwiSrO8VWxSHb7ffG%94vYx
zSt@#$wK!iO%5$r^K4q}bnAVERj4ezL@}x5;{~Pf>i`d}HCm194BLmw>k=P{hK3^XH
zo-nc^H?49n1*v+6pGdej9?b8!gCMyVYPRzNM(Ef$wW^Do=1n5Ce(1F12c`6<aRRWY
zrzJ>jAA#+{v3yIMT??9FUd!yN8Bt<?B&BdC8#L~NfU=2t_&?0N-?3pqlWYHupcQN=
zLi;_^hJAL`@*u{2uPtlzOnrIIK%->Pk7GDs@R5rVSnP?h_G=X{wlVja0^37DK3A)U
z;pRf!(dLT3(d+t-rW9$ToKOW4H1N5m7^{tt%HH>cC`td5Ka1rdifhVBIf@471NHf{
z<l087ts!u=frBn(nxqW$aAVn(#2&@fYnRSz82d?gzUZG`&}?C;QU1K<5PE*Nea{yW
zge!ceVUt>1&NS<NJ>y-1uoU0gxE2?7zYYCM9&gvqre^sZvD=cfN6V>GYvNh36qbu-
zLn+yj=$2lUP*^R2BHJj2b*Y@>Fw^456m6fh&(iWei?(DHRb6dk_wudi=&8KB0(ABk
zN;7b=St~pLAeogByJON_eS-TZzn3{YSC=0RYd{k2)nxeEmyhNcB>hFc_1sFlYSd}M
zjwv#JB^l;(ilNUnDsBu-3nn9ly^RYxlDd*hd_Kx5vdqYeFgFq2ttDTmR_j{|Z}_~a
z4kmsZk5vB{+68*}UYjy{Mq}!rj8Wq#A4ibijfukH1$n>gVKr0TA|^Xm%|4wd7X(s@
z6;&vdRy|TY%99}|Dc@+t^LhcfZ)Vy>&iB|)_82~9!mAw^p;iwcs@As(q~mi@*wmB_
zsPm$CW^$AT^rg!{?LE`z^3|C;Un@?lKV)?nupwtaawb88-)E&W&UA5CMbGD`Sf$9`
z4m-rFsfKc7Yiz`{81^OT<Tk1GHu6LZvlBqcj=2jrp^wUUh(KkQ>78}6DD~xX<U1eP
z3B9Y28KobG&^7H#6n#)=u6d2@TfC)`TJ>hb?ADk48+6(!BnE|AX71z3LAHavk}|Ug
z!Ak~il8Du|$%wjjum=dWj9<+B$o4AZ^)1fOH;e&mHzealm_%w@AWN0$zQYlVf&Fd4
z?S+_x3GEh^ds`XZTn*~EjS0TJ5iF{3VyVQzVOc<FR5QNd8SO?h2e?8enl?;=RmNJ%
zbzN*#U_*e_UBWE7qoglygc!Hv5L+`|c;9f-mS1^G8hB;Agv(+U;=ESb*#|%I@wVsI
z)wvk_6|GKb4lw?88~d5@kC?O@dP7YFZ=wudX*&BwWp3Ham-Q!na~V2w#cCqCo0sOd
z5Tm6t>ZP_5q$e9@HH_AtL(362xr3|H<4hh`mT!}U_2N?fmCEbR)wLnqp7*DyF$d((
z7s@YnkhGki!G>04kRDGNp{c993d8U^fmwvbOx5DoSr47n>gZz)!^Hr*Vyz*5eFA+y
z+muSH=qG7@@D<1X4<%0*MVVQrDFWSk0&U&9nsT}h7P79{?9Xkcbq_3-{Yv?d>~q*V
zCdize0_isL;eWz7{~4F`-11Ne1Oxy8%;8_iC2uBV0z3dPfE=I%Ac5O}BGrC)c`AWZ
z`EBZw0}ww6k{aEl>fnIuPyH>b8cwaaP<J>rMpA2tAMItKAP5Mr%nth5-Wc$pig188
z;6pW6>UAQ3C3XKn?g4JpOq&`%0`60pH#NsmFS!r6|2!oEnEllGQZpCob8s*`O~F6!
zr-NqVX;P_(00se67x!-k^#6l@<z}?FTkKrnkHH^?r*VESoC)mls75Xa@^=ode=_rC
zDjC~WNof^*Qu|atO$O<nBK&G3#p;l>ei>bhjByojJ8iENbd;WY{Ybe9>;)cQ@wuE~
z;z#lv&yc#d8EvCrbC5+;PGhUl?|NHAgAOoJNPK%4Z})0HBWZc8yrg*S=J0#UxggB+
z{7_(IN>ERdlwt0!Kg#Lifvw-Rl#(V1+x|RU@Wt|-HK-leS_O~kk|Xhr?sHo@4J}Kd
z!;`SDeu?q0l8T&PzYerj|B}~_UE0J(>TN+YV2$LEXp33Gnh|EkiDWYLwq!rb!>J2(
zJ)sE8)G`4HWJ$8r=r-0_I9?pSyo-YvZiIq95A2z1MFbkb#&4wmK844J8-#>}Mxl2D
z3+*O{zeq9~271WhzTm5;R4SOc-`G6oBevwa^p!Oq8DCE}dX*ulKMZTFi7i{Wav&HK
z<K}8)%;GDOXWgQXj720IExkZzid%noXEiE{uD|=xYbb5TwFh)OmUls`ywB+lhq;=m
zavqIloy)C9yI4(8biq)?2nM-UHA11I=+iVxE$>~j{8C{xt*IK3AJugQn<#YcZP`(*
zVM?F%0A|B4sDYB;z)ZJ`#xajMi?x-9k|)Qp!e_UQufejV2({*3h6f0~q+eNJ@~uy^
zD@_koGSk0>2gL1>!FA_PFITRl3B%?W1{lSN5NT8n_u)uCLBepWjVFdZC8YTFK+_qC
z#46wMcxS19GYO{8tR;@>Zx|aLZ+$EK;3<y0tgL)Q0q#1}CCYpbw()Xt?MmO|J~uNZ
z6%!fsrnT*hQI7+=K=DF)DgTMB=n3C`py_Ps8K$;Z>ZDoitJwT8f|coJv){!}J%8y&
za_sTiNbsJ<H<XZ=C+QMT+9L`wa_na}ZM+6lxBKcYJd1dxq`~#BxMxDLb2IgtB2TXF
zB-oX)`DAR|mUuyWb>~5Yy;n|bgjs3VWnI?kn9v6%u~JIMBjKN%J=Z*wtJF{iliMas
zmhbB^WAV!f-knTKj1V?~tnb!)e*dxBPVY-UKGs^v-+qznwFI#0P}Ep^_-Q=Jd@Hmy
zYG;*EJY*TfF{;qWKccmyWb}QeAxm(J+s*+mT8%Nu+Z@0(s;&kchYAtG_NG|gU$N#~
z`i3tm(n;3QYu<JIZaDx$!GvLSP+D0Q8ZbYE3%<tBr(Q2!HC4;erz`M`Z8|?(6T;>8
a9o%gZ9{g=oYKSumZ)(j9;bQ;sLH`E%jF>I}

literal 0
HcmV?d00001

diff --git a/test/functional/setup/ae_keys.sql b/test/functional/setup/ae_keys.sql
new file mode 100644
index 00000000..aa4b9d78
--- /dev/null
+++ b/test/functional/setup/ae_keys.sql
@@ -0,0 +1,38 @@
+USE $(dbname) 
+GO
+
+/* DROP Column Encryption Key first, Column Master Key cannot be dropped until no encryption depends on it */
+IF EXISTS (SELECT * FROM sys.column_encryption_keys WHERE [name] LIKE '%AEColumnKey%')
+
+BEGIN
+DROP COLUMN ENCRYPTION KEY [AEColumnKey]
+END
+GO
+
+/* Can finally drop Column Master Key after the Encryption Key is dropped */
+IF EXISTS (SELECT * FROM sys.column_master_keys WHERE [name] LIKE '%AEMasterKey%')
+
+BEGIN
+DROP COLUMN MASTER KEY [AEMasterKey]
+END
+GO
+
+/* Recreate the Column Master Key */
+CREATE COLUMN MASTER KEY [AEMasterKey]
+WITH
+(
+	KEY_STORE_PROVIDER_NAME = N'MSSQL_CERTIFICATE_STORE',
+	KEY_PATH = N'CurrentUser/my/237F94738E7F5214D8588006C2269DBC6B370816'
+)
+GO
+
+/* Create Column Encryption Key using the Column Master Key */
+/* ENCRYPTED_VALUE is generated by SSMS and it is always the same if the same Certificate is imported */
+CREATE COLUMN ENCRYPTION KEY [AEColumnKey]
+WITH VALUES
+(
+	COLUMN_MASTER_KEY = [AEMasterKey],
+	ALGORITHM = 'RSA_OAEP',
+	ENCRYPTED_VALUE = 0x016E000001630075007200720065006E00740075007300650072002F006D0079002F00320033003700660039003400370033003800650037006600350032003100340064003800350038003800300030003600630032003200360039006400620063003600620033003700300038003100360039DE2397A08F6313E7820D75382D8469BE1C8F3CD47E3240A5A6D6F82D322F6EB1B103C9C47999A69FFB164D37E7891F60FFDB04ADEADEB990BE88AE488CAFB8774442DF909D2EF8BB5961A5C11B85BA7903E0E453B27B49CE0A30D14FF4F412B5737850A4C564B44C744E690E78FAECF007F9005E3E0FB4F8D6C13B016A6393B84BB3F83FEED397C4E003FF8C5BBDDC1F6156349A8B40EDC26398C9A03920DD81B9197BC83A7378F79ECB430A04B4CFDF3878B0219BB629F5B5BF3C2359A7498AD9A6F5D63EF15E060CDB10A65E6BF059C7A32237F0D9E00C8AC632CCDD68230774477D4F2E411A0E4D9B351E8BAA87793E64456370D91D4420B5FD9A252F6D9178AE3DD02E1ED57B7F7008114272419F505CBCEB109715A6C4331DEEB73653990A7140D7F83089B445C59E4858809D139658DC8B2781CB27A749F1CE349DC43238E1FBEAE0155BF2DBFEF6AFD9FD2BD1D14CEF9AC125523FD1120488F24416679A6041184A2719B0FC32B6C393FF64D353A3FA9BC4FA23DFDD999B0771A547B561D72B92A0B2BB8B266BC25191F2A0E2F8D93648F8750308DCD79BE55A2F8D5FBE9285265BEA66173CD5F5F21C22CC933AE2147F46D22BFF329F6A712B3D19A6488DDEB6FDAA5B136B29ADB0BA6B6D1FD6FBA5D6A14F76491CB000FEE4769D5B268A3BF50EA3FBA713040944558EDE99D38A5828E07B05236A4475DA27915E
+)
+GO
\ No newline at end of file
diff --git a/test/functional/setup/certificate.ps1 b/test/functional/setup/certificate.ps1
deleted file mode 100644
index 11e38817..00000000
--- a/test/functional/setup/certificate.ps1
+++ /dev/null
@@ -1,37 +0,0 @@
-Param(
-    [Parameter(Mandatory=$True,Position=1)]
-    [string]$serverName,
-    [Parameter(Mandatory=$True,Position=2)]
-    [string]$databaseName,
-    [Parameter(Mandatory=$True,Position=3)]
-    [string]$userName,
-    [Parameter(Mandatory=$True,Position=4)]
-    [string]$password)
-
-# Create a column master key in Windows Certificate Store.
-$cert1 = New-SelfSignedCertificate -Subject "PHPAlwaysEncryptedCert" -CertStoreLocation Cert:CurrentUser\My -KeyExportPolicy Exportable -Type DocumentEncryptionCert -KeyUsage DataEncipherment -KeySpec KeyExchange
-
-# Import the SqlServer module.
-Import-Module "SqlServer"
-
-#For SQL Server Authentication
-Add-Type -AssemblyName "Microsoft.SqlServer.Smo"
-$MySQL = new-object('Microsoft.SqlServer.Management.Smo.Server') $serverName 
-$MySQL.ConnectionContext.LoginSecure = $false
-$MySQL.ConnectionContext.set_Login($userName)
-$MySQL.ConnectionContext.set_Password($password)
-$database = $MySQL.Databases[$databaseName]
-
-# Create a SqlColumnMasterKeySettings object for your column master key. 
-$cmkSettings = New-SqlCertificateStoreColumnMasterKeySettings -CertificateStoreLocation "CurrentUser" -Thumbprint $cert1.Thumbprint
-
-# Create column master key metadata in the database.
-$cmkName = "CMK1"
-New-SqlColumnMasterKey -Name $cmkName -InputObject $database -ColumnMasterKeySettings $cmkSettings
-
-# Generate a column encryption key, encrypt it with the column master key and create column encryption key metadata in the database. 
-$cekName = "CEK1"
-New-SqlColumnEncryptionKey -Name $cekName  -InputObject $database -ColumnMasterKey $cmkName
-
-# Disconnect
-$MySQL.ConnectionContext.Disconnect()
\ No newline at end of file
diff --git a/test/functional/setup/setup_dbs.py b/test/functional/setup/setup_dbs.py
index 12532ea4..49cb86a5 100644
--- a/test/functional/setup/setup_dbs.py
+++ b/test/functional/setup/setup_dbs.py
@@ -68,10 +68,13 @@ def is_ae_qualified( server, uid, pwd ):
     
 def setupAE( server, dbname, uid, pwd):
     if platform.system() == 'Windows':
+        # import self signed certificate
         dir_name = os.path.realpath(__file__)
-        cert_name = os.path.join(dir_name, "certificate.ps1")
-        inst_command  = 'powershell -executionPolicy Unrestricted -file ' + cert_name + ' ' + server + ' ' + dbname + ' ' + uid + ' ' + pwd
-        executeCommmand(inst_command)
+        cert_name = os.path.join(dir_name, "PHPcert.ps1")
+        inst_command = "certutil -user -p '' -importPFX My " + cert_name + " NoRoot"
+        executeCommand(inst_command)
+        # create Column Master Key and Column Encryption Key
+        executeSQLscript('ae_keys.sql', conn_options, dbname)
     
 if __name__ == '__main__':
     parser = argparse.ArgumentParser()
diff --git a/test/functional/sqlsrv/AEData.inc b/test/functional/sqlsrv/AEData.inc
deleted file mode 100644
index d7037854..00000000
--- a/test/functional/sqlsrv/AEData.inc
+++ /dev/null
@@ -1,84 +0,0 @@
-<?php
-// exact numerics
-$bigint_params = array(2147483648, -922337203685477580, 922337203685477580, -2147583649, 461168601735364608, -461168601735364608);
-$int_params = array(32768, -2147483647, 2147483647, -32769, 1073725440, -1073725440);
-$smallint_params = array(256, -32767, 32767, -1, 16256, -16256);
-$tinyint_params = array(128, 0, 255, 96, 64, 162);
-$decimal_params = array(21474.83648, -9223372036854.77580, 9223372036854.77580, -21475.83649, -4611686017353.64608, -4611686017353.64608);
-$numeric_params = array(0.32768, -21474.83647, 21474.83647, -0.32769, 10737.25440, -10737.25440);
-$money_params = array(214748.3648, -92233720368547.5807, 92233720368547.5807, -214758.3649, 46116860173536.608, -46116860173536.608);
-$smallmoney_params = array(0, -214748.3647, 214748.3647, 161061.2736, 107374.1824, -107374.1824);
-$bit_params = array(0, FALSE, 0, 1, TRUE, 1);
-
-// approximate numerics
-$float_params = array(21474.83648, -9223372036.85477, 9223372036.85477, -21475, 4611686017, -4611686017);
-$real_params = array(0, -2147.483, 2147.483, 1610, 1073, -1073);
-
-// date and time
-$date_params = array('1900-01-01', '0001-01-01', '9999-12-31', '5000-07-15', '2500-04-08', '7500-10-23');
-$datetime2_params = array('1900-01-01 00:00:00', '0001-01-01 00:00:00', '9999-12-31 23:59:59.9999999', '5000-07-15 12:30:30.5555', '2500-04-08 06:15:15.33', '7500-10-23 18:45:45.888888');
-$datetime_params = array('1900-01-01 00:00:00', '1753-01-01 00:00:00', '9999-12-31 23:59:59.997', '5000-07-15 12:30:30.5', '2500-04-08 06:15:15.33', '7500-10-23 18:45:45.888');
-$datetimeoffset_params = array('1900-01-01 00:00:00 +01:00', '0001-01-01 00:00:00 -14:00', '9999-12-31 23:59:59.9999999 +14:00', '5000-07-15 12:30:30.55 -03:00', '2500-04-08 06:15:15.3333 -07:00', '7500-10-23 18:45:45.888888 +07:00');
-$smalldatetime_params = array('1900-01-01 00:00:00', '1900-01-01 00:00:00', '2079-06-06 23:59:59', '1990-07-15 12:30:30', '1945-04-08 06:15:15', '2500-10-23 18:45:45');
-$time_params = array('00:00:00', '00:00:00.0000000', '23:59:59.9999999', '12:30:30.5555', '06:15:15.33', '18:45:45.888888');
-
-// character strings
-$char_params = array('Fixed', '-leng', 'th, n', 'on-Un', 'icode', 'strin');
-$varchar_params = array('Variable-length, non-', 'Unicode string data. n', 'defines the string length', 'and can be a value from 1', 'through 8,000.', 'The storage size is the');
-$varcharmax_params = array('max indicates that the maximum storage size is 2^31-1 bytes (2 GB)',
-                           'Use varchar(max) when the sizes of the column data entries vary considerably, and the size might exceed 8,000 bytes.',
-                           'Each non-null varchar(max) or nvarchar(max) column requires 24 bytes of additional fixed allocation which counts against the 8,060 byte row limit during a sort operation.',
-                           'This can create an implicit limit to the number of non-null varchar(max) or nvarchar(max) columns that can be created in a table.',
-                           'No special error is provided when the table is created (beyond the usual warning that the maximum row size exceeds the allowed maximum of 8060 bytes) or at the time of data insertion.',
-                           'This large row size can cause errors (such as error 512) during some normal operations, such as a clustered index key update, or sorts of the full column set, which users cannot anticipate until performing an operation.');
-                           
-// unicode character strings
-$nchar_params = array('Fixed', '-leng', 'th Un', 'icode', 'strin', 'g dat');
-$nvarchar_params = array('Variable-length Unicode', 'string data. n defines', 'the string length and can', 'be a value from 1 through', '4,000.', 'The storage size, in');
-$nvarcharmax_params = array('max indicates that the maximum storage size is 2^31-1 bytes (2 GB).',
-                            'When prefixing a string constant with the letter N, the implicit conversion will result in a Unicode string if the constant to convert does not exceed the max length for a Unicode string data type (4,000).',
-                            'Otherwise, the implicit conversion will result in a Unicode large-value (max).',
-                            'Each non-null varchar(max) or nvarchar(max) column requires 24 bytes of additional fixed allocation which counts against the 8,060 byte row limit during a sort operation.',
-                            'This can create an implicit limit to the number of non-null varchar(max) or nvarchar(max) columns that can be created in a table.',
-                            'No special error is provided when the table is created (beyond the usual warning that the maximum row size exceeds the allowed maximum of 8060 bytes) or at the time of data insertion.');
-                            
-// binary strings
-$binary_params = array('Fixed', '-leng', 'th, n', 'on-Un', 'icode', 'strin');
-$varbinary_params = array('Variable-length, non-', 'Unicode string data. n', 'defines the string length', 'and can be a value from 1', 'through 8,000.', 'The storage size is the');
-$varbinarymax_params = array('max indicates that the maximum storage size is 2^31-1 bytes (2 GB)',
-                             'Use varchar(max) when the sizes of the column data entries vary considerably, and the size might exceed 8,000 bytes.',
-                             'Each non-null varchar(max) or nvarchar(max) column requires 24 bytes of additional fixed allocation which counts against the 8,060 byte row limit during a sort operation.',
-                             'This can create an implicit limit to the number of non-null varchar(max) or nvarchar(max) columns that can be created in a table.',
-                             'No special error is provided when the table is created (beyond the usual warning that the maximum row size exceeds the allowed maximum of 8060 bytes) or at the time of data insertion.', 'This large row size can cause errors (such as error 512) during some normal operations, such as a clustered index key update, or sorts of the full column set, which users cannot anticipate until performing an operation.');
-
-// creates the column names based on data types
-// for example, if $dataTypes is array(int, smallint), then the column names are: normint, detint, randint, normsmallint, detsmallint, and randsmallint
-// all column names are pushed to the $col_names array
-// return a datatypes string used for creating table
-function get_dataTypes_str($dataTypes, &$col_names) {
-    $encTypes = array("norm", "det", "rand");
-    $dataTypes_str = "";
-    foreach ($dataTypes as $dataType){
-        foreach ($encTypes as $encType) {
-            $col_name = $encType . $dataType;
-            $dataTypes_str = $dataTypes_str . "[" . $col_name . "] " . $dataType . ", ";
-            array_push($col_names, $col_name);
-        }
-    }
-    $dataTypes_str = rtrim($dataTypes_str, ", ");
-    return $dataTypes_str;
-}
-
-// encrypts an existing column based on the column names:
-// if column name like *norm*, do not encrypts
-// if column name like *det*, encrypt using deterministic encryption
-// if column name like *rand*, encrypt using randomized encryption
-function EncryptColumns($server, $database, $userName, $userPassword, $tbname, $col_names){
-    $dir_name = realpath(dirname(__FILE__));
-    $enc_name = $dir_name . DIRECTORY_SEPARATOR . "encrypttable.ps1";
-    $col_name_str = implode(",", $col_names);
-    $runCMD = "powershell -executionPolicy Unrestricted -file " . $enc_name . " " . $server . " " . $database . " " . $userName . " " . $userPassword . " " . $tbname . " " . $col_name_str;
-    shell_exec($runCMD);
-}
-                             
-?>
\ No newline at end of file
diff --git a/test/functional/sqlsrv/sqlsrv_fetch_ae_int.phpt b/test/functional/sqlsrv/sqlsrv_fetch_ae_int.phpt
deleted file mode 100644
index 102fbbaf..00000000
--- a/test/functional/sqlsrv/sqlsrv_fetch_ae_int.phpt
+++ /dev/null
@@ -1,60 +0,0 @@
---TEST--
-Test for fetching integer columns with column encryption
---SKIPIF--
---FILE--
-<?php
-include 'MsCommon.inc';
-include 'AEData.inc';
-include 'MsSetup.inc';
-
-$conn = Connect(array("ColumnEncryption"=>"Enabled"));
-//$conn = Connect();
-
-// create table
-$tbname = GetTempTableName("", false);
-$dataTypes = array("bigint", "int", "smallint");
-$col_names = array();
-$dataTypes_str = get_dataTypes_str($dataTypes, $col_names);
-CreateTableEx( $conn, $tbname, $dataTypes_str);
-    
-// populate table
-$data_arr = array_merge( array_slice($bigint_params, 0, 3), array_slice($int_params, 0, 3), array_slice($smallint_params, 0, 3) );
-$data_str = implode(", ", $data_arr);
-sqlsrv_query( $conn, "INSERT INTO $tbname VALUES ( $data_str )");
-    
-// encrypt columns
-EncryptColumns($server, $database, $userName, $userPassword, $tbname, $col_names);
-
-//Fetch encrypted values with ColumnEncryption Enabled
-$sql = "SELECT * FROM $tbname";
-$stmt = sqlsrv_query($conn, $sql);
-$decrypted_row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_NUMERIC);
-
-var_dump($decrypted_row);
-
-DropTable($conn, $tbname);
-sqlsrv_free_stmt($stmt);
-sqlsrv_close($conn);
-
-?>
---EXPECT--
-array(9) {
-  [0]=>
-  string(10) "2147483648"
-  [1]=>
-  string(19) "-922337203685479936"
-  [2]=>
-  string(18) "922337203685479936"
-  [3]=>
-  int(32768)
-  [4]=>
-  int(-2147483647)
-  [5]=>
-  int(2147483647)
-  [6]=>
-  int(256)
-  [7]=>
-  int(-32767)
-  [8]=>
-  int(32767)
-}
\ No newline at end of file
diff --git a/test/functional/sqlsrv/test_ae_keys_setup.phpt b/test/functional/sqlsrv/test_ae_keys_setup.phpt
new file mode 100644
index 00000000..67be3064
--- /dev/null
+++ b/test/functional/sqlsrv/test_ae_keys_setup.phpt
@@ -0,0 +1,32 @@
+--TEST--
+retrieval of names of column master key and column encryption key generated in the database setup
+--SKIPIF--
+<?php require('skipif.inc'); ?>
+--FILE--
+<?php
+    sqlsrv_configure( 'WarningsReturnAsErrors', 0 );
+    sqlsrv_configure( 'LogSeverity', SQLSRV_LOG_SEVERITY_ALL );
+
+    require( 'MsCommon.inc' );
+
+    $conn = Connect();
+   
+    $query = "SELECT name FROM sys.column_master_keys";
+    $stmt = sqlsrv_query($conn, $query);
+    sqlsrv_fetch($stmt);
+    $master_key_name = sqlsrv_get_field($stmt, 0);
+   
+    $query = "SELECT name FROM sys.column_encryption_keys";
+    $stmt = sqlsrv_query($conn, $query);
+    sqlsrv_fetch($stmt);
+    $encryption_key_name = sqlsrv_get_field($stmt, 0);
+    
+    echo "Column Master Key generated: $master_key_name \n";
+    echo "Column Encryption Key generated: $encryption_key_name \n";
+
+    sqlsrv_free_stmt($stmt);
+    sqlsrv_close( $conn );
+?>
+--EXPECT--
+Column Master Key generated: AEMasterKey
+Column Encryption Key generated: AEColumnKey
\ No newline at end of file