From 364fef6908ff49416bac0c0445c5985c39125f1a Mon Sep 17 00:00:00 2001
From: David Puglielli <v-dapugl@microsoft.com>
Date: Tue, 8 May 2018 16:16:27 -0700
Subject: [PATCH] Changes according to PR comments

---
 .../pdo_sqlsrv/MsCommon_mid-refactor.inc      |   8 +-
 .../pdo_ae_azure_key_vault_keywords.phpt      | 166 +--------------
 .../pdo_ae_azure_key_vault_verification.phpt  | 198 ++++++++++++++++++
 test/functional/sqlsrv/MsHelper.inc           |  10 +-
 .../sqlsrv_ae_azure_key_vault_keywords.phpt   | 179 ++--------------
 ...qlsrv_ae_azure_key_vault_verification.phpt | 196 +++++++++++++++++
 6 files changed, 422 insertions(+), 335 deletions(-)
 create mode 100644 test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_verification.phpt
 create mode 100644 test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_verification.phpt

diff --git a/test/functional/pdo_sqlsrv/MsCommon_mid-refactor.inc b/test/functional/pdo_sqlsrv/MsCommon_mid-refactor.inc
index 081d451c..dd183c32 100644
--- a/test/functional/pdo_sqlsrv/MsCommon_mid-refactor.inc
+++ b/test/functional/pdo_sqlsrv/MsCommon_mid-refactor.inc
@@ -93,10 +93,10 @@ function getDSN($sqlsrvserver, $database, $keywords = '', $disableCE = false)
         $dsn .= "ColumnEncryption=Enabled;";
     }
     if ($keystore == "akv" && !$disableCE) {
-        if ($keyStoreAuthentication == "KeyVaultPassword") {
-            $dsn .= "KeyStoreAuthentication=$keyStoreAuthentication;KeyStorePrincipalId=$principalName;KeyStoreSecret=$AKVPassword;";
-        } else if ($keyStoreAuthentication == "KeyVaultClientSecret") {
-            $dsn .= "KeyStoreAuthentication=$keyStoreAuthentication;KeyStorePrincipalId=$clientID;KeyStoreSecret=$AKVSecret;";
+        if ($AKVKeyStoreAuthentication == "KeyVaultPassword") {
+            $dsn .= "KeyStoreAuthentication=$AKVKeyStoreAuthentication;KeyStorePrincipalId=$AKVPrincipalName;KeyStoreSecret=$AKVPassword;";
+        } else if ($AKVKeyStoreAuthentication == "KeyVaultClientSecret") {
+            $dsn .= "KeyStoreAuthentication=$AKVKeyStoreAuthentication;KeyStorePrincipalId=$AKVClientID;KeyStoreSecret=$AKVSecret;";
         }
     }
     if ($keystore == "ksp" && !$disableCE) {
diff --git a/test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_keywords.phpt b/test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_keywords.phpt
index a80aa99a..cfd06418 100644
--- a/test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_keywords.phpt
+++ b/test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_keywords.phpt
@@ -11,7 +11,7 @@ require_once('values.php');
 // We will test the direct product (set of all possible combinations) of the following
 $columnEncryption = ['enabled', 'disabled', 'notvalid', ''];
 $keyStoreAuthentication = ['KeyVaultPassword', 'KeyVaultClientSecret', 'KeyVaultNothing', ''];
-$keyStorePrincipalId = [$principalName, $clientID, 'notaname', ''];
+$keyStorePrincipalId = [$AKVPrincipalName, $AKVClientID, 'notaname', ''];
 $keyStoreSecret = [$AKVPassword, $AKVSecret, 'notasecret', ''];
 
 function checkErrors($errors, ...$codes)
@@ -79,6 +79,8 @@ $dataTypes = array ("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
                     "decimal", "float", "real", "bigint", "int", "bit"
                     );
 
+$tableName = "akv_comparison_table";
+
 // Test every combination of the keywords above
 // Leave good credentials to the end to avoid caching influencing the results.
 // The cache timeout can only be changed with SQLSetConnectAttr, so we can't
@@ -113,8 +115,6 @@ for ($i=0; $i < sizeof($columnEncryption); ++$i) {
                     $conn = new PDO($connectionOptions, $uid, $pwd);
                     $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
                     
-                    $tableName = "type_conversion_table";
-                    
                     $columns = array();
                     $insertQuery = "";
 
@@ -175,163 +175,7 @@ for ($i=0; $i < sizeof($columnEncryption); ++$i) {
     }
 }
 
-// Now test the good credentials, where ($i, $j, $k, $m) == (0, 0, 0, 0)
-// and ($i, $j, $k, $m) == (0, 1, 1, 1)
-$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
-
-$connectionOptions .= ";ColumnEncryption=".$columnEncryption[0];
-$connectionOptions .= ";KeyStoreAuthentication=".$keyStoreAuthentication[0];
-$connectionOptions .= ";KeyStorePrincipalId=".$keyStorePrincipalId[0];                
-$connectionOptions .= ";KeyStoreSecret=".$keyStoreSecret[0];
-
-$connectionOptions .= ";";
-
-try {
-    // Connect to the AE-enabled database
-    $conn = new PDO($connectionOptions, $uid, $pwd);
-    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-    
-    $tableName = "type_conversion_table";
-    
-    $columns = array();
-    $insertQuery = "";
-
-    // Generate the INSERT query
-    FormulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
-
-    createTable($conn, $tableName, $columns);
-    
-    // Duplicate all values for insertion - one is encrypted, one is not
-    $testValues = array();
-    for ($n=0; $n<sizeof($small_values); ++$n) {
-        $testValues[] = $small_values[$n];
-        $testValues[] = $small_values[$n];
-    }
-
-    // Prepare the INSERT query
-    // This is never expected to fail
-    $stmt = $conn->prepare($insertQuery);
-    if ($stmt == false) {
-        print_r($conn->errorInfo());
-        fatalError("sqlsrv_prepare failed\n");
-    }
-
-    // Execute the INSERT query
-    // This should not fail since our credentials are correct
-    if ($stmt->execute($testValues) == false) {
-        print_r($stmt->errorInfo());
-        fatalError("INSERT query execution failed with good credentials.\n");
-    } else {
-        echo "Successful insertion with username/password.\n";
-        
-        $selectQuery = "SELECT * FROM $tableName";
-        
-        $stmt1 = $conn->query($selectQuery);
-        
-        $data = $stmt1->fetchAll(PDO::FETCH_NUM);
-        $data = $data[0];
-        
-        if (sizeof($data) != 2*sizeof($dataTypes)) {
-            fatalError("Incorrect number of fields returned.\n");
-        }
-
-        for ($n=0; $n<sizeof($data); $n+=2) {
-            if ($data[$n] != $data[$n+1]) {
-                echo "Failed on field $n: ".$data[$n]." ".$data[$n+1]."\n";
-                fatalError("AE and non-AE values do not match.\n");
-            }
-        }
-        
-        $stmt = null;
-        $stmt1 = null;
-    }
-    
-    // Free the statement and close the connection
-    $stmt = null;
-    $conn = null;
-} catch(Exception $e) {
-    echo "Unexpected error.\n";
-    print_r($e->errorInfo);
-}
-
-$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
-
-$connectionOptions .= ";ColumnEncryption=".$columnEncryption[0];
-$connectionOptions .= ";KeyStoreAuthentication=".$keyStoreAuthentication[1];
-$connectionOptions .= ";KeyStorePrincipalId=".$keyStorePrincipalId[1];
-$connectionOptions .= ";KeyStoreSecret=".$keyStoreSecret[1];
-
-$connectionOptions .= ";";
-
-try {
-    // Connect to the AE-enabled database
-    $conn = new PDO($connectionOptions, $uid, $pwd);
-    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-    
-    $tableName = "type_conversion_table";
-    
-    $columns = array();
-    $insertQuery = "";
-
-    // Generate the INSERT query
-    FormulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
-
-    createTable($conn, $tableName, $columns);
-    
-    // Duplicate all values for insertion - one is encrypted, one is not
-    $testValues = array();
-    for ($n=0; $n<sizeof($small_values); ++$n) {
-        $testValues[] = $small_values[$n];
-        $testValues[] = $small_values[$n];
-    }
-
-    // Prepare the INSERT query
-    // This is never expected to fail
-    $stmt = $conn->prepare($insertQuery);
-    if ($stmt == false) {
-        print_r($conn->errorInfo());
-        fatalError("sqlsrv_prepare failed\n");
-    }
-
-    // Execute the INSERT query
-    // This should not fail since our credentials are correct
-    if ($stmt->execute($testValues) == false) {
-        print_r($stmt->errorInfo());
-        fatalError("INSERT query execution failed with good credentials.\n");
-    } else {
-        echo "Successful insertion with client ID/secret.\n";
-        
-        $selectQuery = "SELECT * FROM $tableName";
-        
-        $stmt1 = $conn->query($selectQuery);
-        
-        $data = $stmt1->fetchAll(PDO::FETCH_NUM);
-        $data = $data[0];
-        
-        if (sizeof($data) != 2*sizeof($dataTypes)) {
-            fatalError("Incorrect number of fields returned.\n");
-        }
-
-        for ($n=0; $n<sizeof($data); $n+=2) {
-            if ($data[$n] != $data[$n+1]) {
-                echo "Failed on field $n: ".$data[$n]." ".$data[$n+1]."\n";
-                fatalError("AE and non-AE values do not match.\n");
-            }
-        }
-        
-        $stmt = null;
-        $stmt1 = null;
-    }
-    
-    // Free the statement and close the connection
-    $stmt = null;
-    $conn = null;
-} catch(Exception $e) {
-    echo "Unexpected error2.\n";
-    print_r($e->errorInfo);
-}
-
+echo "Done.\n";
 ?>
 --EXPECT--
-Successful insertion with username/password.
-Successful insertion with clinet ID/secret.
+Done.
diff --git a/test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_verification.phpt b/test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_verification.phpt
new file mode 100644
index 00000000..ce7c6166
--- /dev/null
+++ b/test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_verification.phpt
@@ -0,0 +1,198 @@
+--TEST--
+Test connection keywords and credentials for Azure Key Vault for Always Encrypted.
+--SKIPIF--
+<?php require('skipif_mid-refactor.inc'); ?>
+--FILE--
+<?php
+require_once("MsCommon_mid-refactor.inc");
+require_once("MsSetup.inc");
+require_once('values.php');
+
+// Set up the columns and build the insert query. Each data type has an
+// AE-encrypted and a non-encrypted column side by side in the table.
+function FormulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
+{
+    $columns = array();
+    $queryTypes = "(";
+    $queryTypesAE = "(";
+    $valuesString = "VALUES (";
+    $numTypes = sizeof($dataTypes);
+
+    for ($i = 0; $i < $numTypes; ++$i) {
+        // Replace parentheses for column names
+        $colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
+        $columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname."_AE", null, "deterministic", false);
+        $columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname, null, "none", false);
+        $queryTypes .= "c_"."$colname, ";
+        $queryTypes .= "c_"."$colname"."_AE, ";
+        $valuesString .= "?, ?, ";
+    }
+
+    $queryTypes = substr($queryTypes, 0, -2).")";
+    $valuesString = substr($valuesString, 0, -2).")";
+
+    $insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
+}
+
+$strsize = 64;
+
+$dataTypes = array ("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
+                    "decimal", "float", "real", "bigint", "int", "bit"
+                    );
+
+// Test data insertion and retrieval with username/password
+// and client Id/client secret combinations.
+$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
+
+$connectionOptions .= ";ColumnEncryption=enabled";
+$connectionOptions .= ";KeyStoreAuthentication=KeyVaultPassword";
+$connectionOptions .= ";KeyStorePrincipalId=".$AKVPrincipalName;                
+$connectionOptions .= ";KeyStoreSecret=".$AKVPassword;
+$connectionOptions .= ";";
+
+$tableName = "akv_comparison_table";
+
+try {
+    // Connect to the AE-enabled database
+    $conn = new PDO($connectionOptions, $uid, $pwd);
+    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+    
+    $columns = array();
+    $insertQuery = "";
+
+    // Generate the INSERT query
+    FormulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
+
+    createTable($conn, $tableName, $columns);
+    
+    // Duplicate all values for insertion - one is encrypted, one is not
+    $testValues = array();
+    for ($n=0; $n<sizeof($small_values); ++$n) {
+        $testValues[] = $small_values[$n];
+        $testValues[] = $small_values[$n];
+    }
+
+    // Prepare the INSERT query
+    // This is never expected to fail
+    $stmt = $conn->prepare($insertQuery);
+    if ($stmt == false) {
+        print_r($conn->errorInfo());
+        fatalError("sqlsrv_prepare failed\n");
+    }
+
+    // Execute the INSERT query
+    // This should not fail since our credentials are correct
+    if ($stmt->execute($testValues) == false) {
+        print_r($stmt->errorInfo());
+        fatalError("INSERT query execution failed with good credentials.\n");
+    } else {
+        $selectQuery = "SELECT * FROM $tableName";
+        
+        $stmt1 = $conn->query($selectQuery);
+        
+        $data = $stmt1->fetchAll(PDO::FETCH_NUM);
+        $data = $data[0];
+        
+        if (sizeof($data) != 2*sizeof($dataTypes)) {
+            fatalError("Incorrect number of fields returned.\n");
+        }
+
+        for ($n=0; $n<sizeof($data); $n+=2) {
+            if ($data[$n] != $data[$n+1]) {
+                echo "Failed on field $n: ".$data[$n]." ".$data[$n+1]."\n";
+                fatalError("AE and non-AE values do not match.\n");
+            }
+        }
+        
+        echo "Successful insertion and retrieval with username/password.\n";
+        
+        $stmt = null;
+        $stmt1 = null;
+    }
+    
+    // Free the statement and close the connection
+    $stmt = null;
+    $conn = null;
+} catch(Exception $e) {
+    echo "Unexpected error.\n";
+    print_r($e->errorInfo);
+}
+
+$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
+
+$connectionOptions .= ";ColumnEncryption=enabled";
+$connectionOptions .= ";KeyStoreAuthentication=KeyVaultClientSecret";
+$connectionOptions .= ";KeyStorePrincipalId=".$AKVClientID;
+$connectionOptions .= ";KeyStoreSecret=".$AKVSecret;
+$connectionOptions .= ";";
+
+try {
+    // Connect to the AE-enabled database
+    $conn = new PDO($connectionOptions, $uid, $pwd);
+    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+    
+    $columns = array();
+    $insertQuery = "";
+
+    // Generate the INSERT query
+    FormulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
+
+    createTable($conn, $tableName, $columns);
+    
+    // Duplicate all values for insertion - one is encrypted, one is not
+    $testValues = array();
+    for ($n=0; $n<sizeof($small_values); ++$n) {
+        $testValues[] = $small_values[$n];
+        $testValues[] = $small_values[$n];
+    }
+
+    // Prepare the INSERT query
+    // This is never expected to fail
+    $stmt = $conn->prepare($insertQuery);
+    if ($stmt == false) {
+        print_r($conn->errorInfo());
+        fatalError("sqlsrv_prepare failed\n");
+    }
+
+    // Execute the INSERT query
+    // This should not fail since our credentials are correct
+    if ($stmt->execute($testValues) == false) {
+        print_r($stmt->errorInfo());
+        fatalError("INSERT query execution failed with good credentials.\n");
+    } else {
+        $selectQuery = "SELECT * FROM $tableName";
+        
+        $stmt1 = $conn->query($selectQuery);
+        
+        $data = $stmt1->fetchAll(PDO::FETCH_NUM);
+        $data = $data[0];
+        
+        if (sizeof($data) != 2*sizeof($dataTypes)) {
+            fatalError("Incorrect number of fields returned.\n");
+        }
+
+        for ($n=0; $n<sizeof($data); $n+=2) {
+            if ($data[$n] != $data[$n+1]) {
+                echo "Failed on field $n: ".$data[$n]." ".$data[$n+1]."\n";
+                fatalError("AE and non-AE values do not match.\n");
+            }
+        }
+        
+        echo "Successful insertion and retrieval with client ID/secret.\n";
+        
+        $stmt = null;
+        $stmt1 = null;
+    }
+    
+    // Free the statement and close the connection
+    $stmt = null;
+    $conn = null;
+} catch(Exception $e) {
+    echo "Unexpected error.\n";
+    print_r($e->errorInfo);
+}
+
+?>
+--EXPECT--
+Successful insertion and retrieval with username/password.
+Successful insertion and retrieval with client ID/secret.
diff --git a/test/functional/sqlsrv/MsHelper.inc b/test/functional/sqlsrv/MsHelper.inc
index e3ba3014..2058e5e0 100644
--- a/test/functional/sqlsrv/MsHelper.inc
+++ b/test/functional/sqlsrv/MsHelper.inc
@@ -360,12 +360,12 @@ function connect($options = array(), $disableCE = false)
             $connectionOptions = array_merge($connectionOptions, array("ColumnEncryption" => "Enabled"));
         }
         if ($keystore == 'akv') {
-            $akv_options = array("KeyStoreAuthentication"=>$keyStoreAuthentication);
-            if ($keyStoreAuthentication == 'KeyVaultPassword') {
-                $akv_options["KeyStorePrincipalId"] = $principalName;
+            $akv_options = array("KeyStoreAuthentication"=>$AKVKeyStoreAuthentication);
+            if ($AKVKeyStoreAuthentication == "KeyVaultPassword") {
+                $akv_options["KeyStorePrincipalId"] = $AKVPrincipalName;
                 $akv_options["KeyStoreSecret"] = $AKVPassword;
-            } else if ($keyStoreAuthentication == "KeyVaultClientSecret") {
-                $akv_options["KeyStorePrincipalId"] = $clientID;
+            } else if ($AKVKeyStoreAuthentication == "KeyVaultClientSecret") {
+                $akv_options["KeyStorePrincipalId"] = $AKVClientID;
                 $akv_options["KeyStoreSecret"] = $AKVSecret;
             }
             $connectionOptions = array_merge($connectionOptions, $akv_options);
diff --git a/test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_keywords.phpt b/test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_keywords.phpt
index 99b49d8b..4c6240df 100644
--- a/test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_keywords.phpt
+++ b/test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_keywords.phpt
@@ -11,7 +11,7 @@ require_once('values.php');
 // We will test the direct product (set of all possible combinations) of the following
 $columnEncryption = ['enabled', 'disabled', 'notvalid', ''];
 $keyStoreAuthentication = ['KeyVaultPassword', 'KeyVaultClientSecret', 'KeyVaultNothing', ''];
-$keyStorePrincipalId = [$principalName, $clientID, 'notaname', ''];
+$keyStorePrincipalId = [$AKVPrincipalName, $AKVClientID, 'notaname', ''];
 $keyStoreSecret = [$AKVPassword, $AKVSecret, 'notasecret', ''];
 
 function checkErrors($errors, ...$codes)
@@ -49,7 +49,7 @@ function checkErrors($errors, ...$codes)
 
 // Set up the columns and build the insert query. Each data type has an
 // AE-encrypted and a non-encrypted column side by side in the table.
-function FormulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery, $strsize)
+function FormulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
 {
     $columns = array();
     $queryTypes = "(";
@@ -79,12 +79,15 @@ $dataTypes = array ("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
                     "decimal", "float", "real", "bigint", "int", "bit"
                     );
 
-// Test every combination of the keywords above
-// Leave good credentials to the end to avoid caching influencing the results.
-// The cache timeout can only be changed with SQLSetConnectAttr, so we can't
-// run a PHP test without caching, and if we started with good credentials
-// then subsequent calls with bad credentials can work, which would muddle
-// the results of this test.
+$tableName = "akv_comparison_table";
+
+// Test every combination of the keywords above.
+// Leave out good credentials to ensure that caching does not influence the 
+// results. The cache timeout can only be changed with SQLSetConnectAttr, so
+// we can't run a PHP test without caching, and if we started with good
+// credentials then subsequent calls with bad credentials can work, which
+// would muddle the results of this test. Good credentials are tested in a
+// separate test.
 for ($i=0; $i < sizeof($columnEncryption); ++$i) {
     for ($j=0; $j < sizeof($keyStoreAuthentication); ++$j) {
         for ($k=0; $k < sizeof($keyStorePrincipalId); ++$k) {
@@ -129,13 +132,11 @@ for ($i=0; $i < sizeof($columnEncryption); ++$i) {
                     else
                         fatalError("Connection failed, unexpected connection string.\n");
                 } else {
-                    $tableName = "type_conversion_table";
-                    
                     $columns = array();
                     $insertQuery = "";
 
                     // Generate the INSERT query
-                    FormulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery, $strsize);
+                    FormulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
 
                     $stmt = AE\createTable($conn, $tableName, $columns);
                     if (!$stmt) {
@@ -185,159 +186,7 @@ for ($i=0; $i < sizeof($columnEncryption); ++$i) {
     }
 }
 
-// Now test the good credentials, where ($i, $j, $k, $m) == (0, 0, 0, 0)
-// and ($i, $j, $k, $m) == (0, 1, 1, 1)
-$connectionOptions = array("CharacterSet"=>"UTF-8", 
-                           "database"=>$databaseName, 
-                           "uid"=>$uid, 
-                           "pwd"=>$pwd,
-                           "ConnectionPooling"=>0);
-                
-$connectionOptions['ColumnEncryption'] = $columnEncryption[0];
-$connectionOptions['KeyStoreAuthentication'] = $keyStoreAuthentication[0];
-$connectionOptions['KeyStorePrincipalId'] = $keyStorePrincipalId[0];                
-$connectionOptions['KeyStoreSecret'] = $keyStoreSecret[0];
-                
-// Connect to the AE-enabled database
-$conn = sqlsrv_connect($server, $connectionOptions);
-if (!$conn) {
-    $errors = sqlsrv_errors();
-    fatalError("Connection failed while testing good credentials.\n");
-} else {
-    $tableName = "type_conversion_table";
-
-    $columns = array();
-    $insertQuery = "";
-
-    // Generate the INSERT query
-    FormulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery, $strsize);
-
-    $stmt = AE\createTable($conn, $tableName, $columns);
-    if (!$stmt) {
-        fatalError("Failed to create table $tableName\n");
-    }
-
-    // Duplicate all values for insertion - one is encrypted, one is not
-    $testValues = array();
-    for ($n=0; $n<sizeof($small_values); ++$n) {
-        $testValues[] = $small_values[$n];
-        $testValues[] = $small_values[$n];
-    }
-
-    // Prepare the INSERT query
-    // This is never expected to fail
-    $stmt = sqlsrv_prepare($conn, $insertQuery, $testValues);
-    if ($stmt == false) {
-        print_r(sqlsrv_errors());
-        fatalError("sqlsrv_prepare failed\n");
-    }
-
-    // Execute the INSERT query
-    // This should not fail since our credentials are correct
-    if (sqlsrv_execute($stmt) == false) {
-        $errors = sqlsrv_errors();
-        fatalError("INSERT query failed with good credentials.\n");
-    } else {
-        echo "Successful insertion with username/password.\n";
-        
-        // Now get the data back and display it
-        $selectQuery = "SELECT * FROM $tableName";
-        
-        $stmt1 = sqlsrv_query($conn, $selectQuery);
-        $data = sqlsrv_fetch_array($stmt1, SQLSRV_FETCH_NUMERIC);
-        
-        if (sizeof($data) != 2*sizeof($dataTypes)) {
-            fatalError("Incorrect number of fields returned.\n");
-        }
-        
-        for ($n=0; $n<sizeof($data); $n+=2) {
-            if ($data[$n] != $data[$n+1]) {
-                echo "Failed on field $n: ".$data[$n]." ".$data[$n+1]."\n";
-                fatalError("AE and non-AE values do not match.\n");
-            }
-        }
-        
-        sqlsrv_free_stmt($stmt);
-        sqlsrv_free_stmt($stmt1);
-    }
-
-    // Free the statement and close the connection
-    sqlsrv_close($conn);
-}
-
-$connectionOptions['ColumnEncryption'] = $columnEncryption[0];
-$connectionOptions['KeyStoreAuthentication'] = $keyStoreAuthentication[1];
-$connectionOptions['KeyStorePrincipalId'] = $keyStorePrincipalId[1];                
-$connectionOptions['KeyStoreSecret'] = $keyStoreSecret[1];
-                
-// Connect to the AE-enabled database
-$conn = sqlsrv_connect($server, $connectionOptions);
-if (!$conn) {
-    $errors = sqlsrv_errors();
-    fatalError("Connection failed while testing good credentials.\n");
-} else {
-    $tableName = "type_conversion_table";
-    
-    $columns = array();
-    $insertQuery = "";
-
-    // Generate the INSERT query
-    FormulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery, $strsize);
-
-    $stmt = AE\createTable($conn, $tableName, $columns);
-    if (!$stmt) {
-        fatalError("Failed to create table $tableName\n");
-    }
-
-    // Duplicate all values for insertion - one is encrypted, one is not
-    $testValues = array();
-    for ($n=0; $n<sizeof($small_values); ++$n) {
-        $testValues[] = $small_values[$n];
-        $testValues[] = $small_values[$n];
-    }
-
-    // Prepare the INSERT query
-    // This is never expected to fail
-    $stmt = sqlsrv_prepare($conn, $insertQuery, $testValues);
-    if ($stmt == false) {
-        print_r(sqlsrv_errors());
-        fatalError("sqlsrv_prepare failed\n");
-    }
-
-    // Execute the INSERT query
-    // This should not fail since our credentials are correct
-    if (sqlsrv_execute($stmt) == false) {
-        $errors = sqlsrv_errors();
-        fatalError("INSERT query execution failed with good credentials.\n");
-    } else {
-        echo "Successful insertion with client ID/secret.\n";
-        
-        // Now get the data back and display it
-        $selectQuery = "SELECT * FROM $tableName";
-        
-        $stmt1 = sqlsrv_query($conn, $selectQuery);
-        $data = sqlsrv_fetch_array($stmt1, SQLSRV_FETCH_NUMERIC);
-        
-        if (sizeof($data) != 2*sizeof($dataTypes)) {
-            fatalError("Incorrect number of fields returned.\n");
-        }
-        
-        for ($n=0; $n<sizeof($data); $n+=2) {
-            if ($data[$n] != $data[$n+1]) {
-                echo "Failed on field $n: ".$data[$n]." ".$data[$n+1]."\n";
-                fatalError("AE and non-AE values do not match.\n");
-            }
-        }
-        
-        sqlsrv_free_stmt($stmt);
-        sqlsrv_free_stmt($stmt1);
-    }
-
-    // Free the statement and close the connection
-    sqlsrv_close($conn);
-}
-
+echo "Done.\n";
 ?>
 --EXPECT--
-Successful insertion with username/password.
-Successful insertion with clinet ID/secret.
\ No newline at end of file
+Done.
diff --git a/test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_verification.phpt b/test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_verification.phpt
new file mode 100644
index 00000000..f3136f5e
--- /dev/null
+++ b/test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_verification.phpt
@@ -0,0 +1,196 @@
+--TEST--
+Test connection keywords nad credentials for Azure Key Vault for Always Encrypted.
+--SKIPIF--
+<?php require('skipif.inc'); ?>
+--FILE--
+<?php
+require_once('MsCommon.inc');
+require_once('tools.inc');
+require_once('values.php');
+
+// Set up the columns and build the insert query. Each data type has an
+// AE-encrypted and a non-encrypted column side by side in the table.
+function FormulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
+{
+    $columns = array();
+    $queryTypes = "(";
+    $queryTypesAE = "(";
+    $valuesString = "VALUES (";
+    $numTypes = sizeof($dataTypes);
+
+    for ($i = 0; $i < $numTypes; ++$i) {
+        // Replace parentheses for column names
+        $colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
+        $columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE");
+        $columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname, null, true, true);
+        $queryTypes .= "c_"."$colname, ";
+        $queryTypes .= "c_"."$colname"."_AE, ";
+        $valuesString .= "?, ?, ";
+    }
+
+    $queryTypes = substr($queryTypes, 0, -2).")";
+    $valuesString = substr($valuesString, 0, -2).")";
+
+    $insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
+}
+
+$strsize = 64;
+
+$dataTypes = array ("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
+                    "decimal", "float", "real", "bigint", "int", "bit"
+                    );
+
+// Test data insertion and retrieval with username/password
+// and client Id/client secret combinations.
+$connectionOptions = array("CharacterSet"=>"UTF-8", 
+                           "database"=>$databaseName, 
+                           "uid"=>$uid, 
+                           "pwd"=>$pwd,
+                           "ConnectionPooling"=>0);
+                
+$connectionOptions['ColumnEncryption'] = "enabled";
+$connectionOptions['KeyStoreAuthentication'] = "KeyVaultPassword";
+$connectionOptions['KeyStorePrincipalId'] = $AKVPrincipalName;
+$connectionOptions['KeyStoreSecret'] = $AKVPassword;
+
+$tableName = "akv_comparison_table";
+
+// Connect to the AE-enabled database
+$conn = sqlsrv_connect($server, $connectionOptions);
+if (!$conn) {
+    $errors = sqlsrv_errors();
+    fatalError("Connection failed while testing good credentials.\n");
+} else {
+    $columns = array();
+    $insertQuery = "";
+
+    // Generate the INSERT query
+    FormulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
+
+    $stmt = AE\createTable($conn, $tableName, $columns);
+    if (!$stmt) {
+        fatalError("Failed to create table $tableName\n");
+    }
+
+    // Duplicate all values for insertion - one is encrypted, one is not
+    $testValues = array();
+    for ($n=0; $n<sizeof($small_values); ++$n) {
+        $testValues[] = $small_values[$n];
+        $testValues[] = $small_values[$n];
+    }
+
+    // Prepare the INSERT query
+    // This is never expected to fail
+    $stmt = sqlsrv_prepare($conn, $insertQuery, $testValues);
+    if ($stmt == false) {
+        print_r(sqlsrv_errors());
+        fatalError("sqlsrv_prepare failed\n");
+    }
+
+    // Execute the INSERT query
+    // This should not fail since our credentials are correct
+    if (sqlsrv_execute($stmt) == false) {
+        $errors = sqlsrv_errors();
+        fatalError("INSERT query failed with good credentials.\n");
+    } else {
+        // Get the data back and compare the encrypted and non-encrypted versions
+        $selectQuery = "SELECT * FROM $tableName";
+        
+        $stmt1 = sqlsrv_query($conn, $selectQuery);
+        $data = sqlsrv_fetch_array($stmt1, SQLSRV_FETCH_NUMERIC);
+        
+        if (sizeof($data) != 2*sizeof($dataTypes)) {
+            fatalError("Incorrect number of fields returned.\n");
+        }
+        
+        for ($n=0; $n<sizeof($data); $n+=2) {
+            if ($data[$n] != $data[$n+1]) {
+                echo "Failed on field $n: ".$data[$n]." ".$data[$n+1]."\n";
+                fatalError("AE and non-AE values do not match.\n");
+            }
+        }
+        
+        echo "Successful insertion and retrieval with username/password.\n";
+        
+        sqlsrv_free_stmt($stmt);
+        sqlsrv_free_stmt($stmt1);
+    }
+
+    // Free the statement and close the connection
+    sqlsrv_close($conn);
+}
+
+$connectionOptions['ColumnEncryption'] = "enabled";
+$connectionOptions['KeyStoreAuthentication'] = "KeyVaultClientSecret";
+$connectionOptions['KeyStorePrincipalId'] = $AKVClientID;
+$connectionOptions['KeyStoreSecret'] = $AKVSecret;
+                
+// Connect to the AE-enabled database
+$conn = sqlsrv_connect($server, $connectionOptions);
+if (!$conn) {
+    $errors = sqlsrv_errors();
+    fatalError("Connection failed while testing good credentials.\n");
+} else {
+    $columns = array();
+    $insertQuery = "";
+
+    // Generate the INSERT query
+    FormulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
+
+    $stmt = AE\createTable($conn, $tableName, $columns);
+    if (!$stmt) {
+        fatalError("Failed to create table $tableName\n");
+    }
+
+    // Duplicate all values for insertion - one is encrypted, one is not
+    $testValues = array();
+    for ($n=0; $n<sizeof($small_values); ++$n) {
+        $testValues[] = $small_values[$n];
+        $testValues[] = $small_values[$n];
+    }
+
+    // Prepare the INSERT query
+    // This is never expected to fail
+    $stmt = sqlsrv_prepare($conn, $insertQuery, $testValues);
+    if ($stmt == false) {
+        print_r(sqlsrv_errors());
+        fatalError("sqlsrv_prepare failed\n");
+    }
+
+    // Execute the INSERT query
+    // This should not fail since our credentials are correct
+    if (sqlsrv_execute($stmt) == false) {
+        $errors = sqlsrv_errors();
+        fatalError("INSERT query execution failed with good credentials.\n");
+    } else {
+        // Get the data back and compare the encrypted and non-encrypted versions
+        $selectQuery = "SELECT * FROM $tableName";
+        
+        $stmt1 = sqlsrv_query($conn, $selectQuery);
+        $data = sqlsrv_fetch_array($stmt1, SQLSRV_FETCH_NUMERIC);
+        
+        if (sizeof($data) != 2*sizeof($dataTypes)) {
+            fatalError("Incorrect number of fields returned.\n");
+        }
+        
+        for ($n=0; $n<sizeof($data); $n+=2) {
+            if ($data[$n] != $data[$n+1]) {
+                echo "Failed on field $n: ".$data[$n]." ".$data[$n+1]."\n";
+                fatalError("AE and non-AE values do not match.\n");
+            }
+        }
+        
+        echo "Successful insertion and retrieval with client ID/secret.\n";
+        
+        sqlsrv_free_stmt($stmt);
+        sqlsrv_free_stmt($stmt1);
+    }
+
+    // Free the statement and close the connection
+    sqlsrv_close($conn);
+}
+
+?>
+--EXPECT--
+Successful insertion and retrieval with username/password.
+Successful insertion and retrieval with client ID/secret.
\ No newline at end of file