initial ae setup
This commit is contained in:
parent
2ab756ee6d
commit
82e3d61d12
37
test/functional/setup/certificate.ps1
Normal file
37
test/functional/setup/certificate.ps1
Normal file
|
@ -0,0 +1,37 @@
|
|||
Param(
|
||||
[Parameter(Mandatory=$True,Position=1)]
|
||||
[string]$serverName,
|
||||
[Parameter(Mandatory=$True,Position=2)]
|
||||
[string]$databaseName,
|
||||
[Parameter(Mandatory=$True,Position=3)]
|
||||
[string]$userName,
|
||||
[Parameter(Mandatory=$True,Position=4)]
|
||||
[string]$password)
|
||||
|
||||
# Create a column master key in Windows Certificate Store.
|
||||
$cert1 = New-SelfSignedCertificate -Subject "PHPAlwaysEncryptedCert" -CertStoreLocation Cert:CurrentUser\My -KeyExportPolicy Exportable -Type DocumentEncryptionCert -KeyUsage DataEncipherment -KeySpec KeyExchange
|
||||
|
||||
# Import the SqlServer module.
|
||||
Import-Module "SqlServer"
|
||||
|
||||
#For SQL Server Authentication
|
||||
Add-Type -AssemblyName "Microsoft.SqlServer.Smo"
|
||||
$MySQL = new-object('Microsoft.SqlServer.Management.Smo.Server') $serverName
|
||||
$MySQL.ConnectionContext.LoginSecure = $false
|
||||
$MySQL.ConnectionContext.set_Login($userName)
|
||||
$MySQL.ConnectionContext.set_Password($password)
|
||||
$database = $MySQL.Databases[$databaseName]
|
||||
|
||||
# Create a SqlColumnMasterKeySettings object for your column master key.
|
||||
$cmkSettings = New-SqlCertificateStoreColumnMasterKeySettings -CertificateStoreLocation "CurrentUser" -Thumbprint $cert1.Thumbprint
|
||||
|
||||
# Create column master key metadata in the database.
|
||||
$cmkName = "CMK2"
|
||||
New-SqlColumnMasterKey -Name $cmkName -InputObject $database -ColumnMasterKeySettings $cmkSettings
|
||||
|
||||
# Generate a column encryption key, encrypt it with the column master key and create column encryption key metadata in the database.
|
||||
$cekName = "CEK2"
|
||||
New-SqlColumnEncryptionKey -Name $cekName -InputObject $database -ColumnMasterKey $cmkName
|
||||
|
||||
# Disconnect
|
||||
$MySQL.ConnectionContext.Disconnect()
|
|
@ -27,3 +27,9 @@ if __name__ == '__main__':
|
|||
conn_options = ' -S ' + server + ' -U ' + uid + ' -P ' + pwd + ' '
|
||||
|
||||
executeSQLscript( os.path.join( os.path.dirname(os.path.realpath(__file__)), 'drop_db.sql'), conn_options, args.DBNAME)
|
||||
|
||||
# if Windows, remove self signed certificate using ps command
|
||||
if platform.system() == 'Windows':
|
||||
remove_cert_ps = "Get-ChildItem Cert:CurrentUser\My | Where-Object { $_.Subject -match 'PHPAlwaysEncryptedCert' } | Remove-Item"
|
||||
inst_command = 'powershell -executionPolicy Unrestricted -command ' + remove_cert_ps
|
||||
executeCommmand(inst_command)
|
|
@ -45,6 +45,32 @@ def executeBulkCopy(conn_options, dbname, tblname, datafile):
|
|||
inst_command = redirect_string.format(dbname, tblname, datafile) + conn_options
|
||||
executeCommmand(inst_command)
|
||||
|
||||
def getmsodbcsql_version( server, uid, pwd ):
|
||||
command = "php -r \"echo sqlsrv_client_info( sqlsrv_connect( '{0}', array( 'UID'=>'{1}', 'PWD'=>'{2}')))['DriverVer'];\""
|
||||
p = subprocess.Popen( command.format( server, uid, pwd ), stdout=subprocess.PIPE, shell = True )
|
||||
out, err = p.communicate()
|
||||
return out.decode('ascii')
|
||||
|
||||
def getserver_version( server, uid, pwd ):
|
||||
command = "php -r \"echo sqlsrv_server_info( sqlsrv_connect( '{0}', array( 'UID'=>'{1}', 'PWD'=>'{2}')))['SQLServerVersion'];\""
|
||||
p = subprocess.Popen( command.format( server, uid, pwd ), stdout=subprocess.PIPE, shell = True )
|
||||
out, err = p.communicate()
|
||||
return out.decode('ascii')
|
||||
|
||||
def is_ae_qualified( server, uid, pwd ):
|
||||
msodbcsql_ver = getmsodbcsql_version( server, uid, pwd );
|
||||
server_ver = getserver_version( server, uid, pwd );
|
||||
msodbcsql_maj = msodbcsql_ver.split()[1]
|
||||
msodbcsql_min = msodbcsql_ver.split()[2]
|
||||
if msodbcsql_maj < 13 or ( msodbcsql_maj == 13 and msodbcsql_min == 0 ) or server_ver.split()[1] < 13:
|
||||
return false
|
||||
return true;
|
||||
|
||||
def setupAETestDatabase( server, dbname, uid, pwd):
|
||||
if platform.system() == 'Windows':
|
||||
inst_command = 'powershell -executionPolicy Unrestricted certificate.ps1 ' + server + ' ' + dbname + ' ' + uid + ' ' + pwd
|
||||
executeCommmand(inst_command)
|
||||
|
||||
if __name__ == '__main__':
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument('-dbname', '--DBNAME', required=True)
|
||||
|
@ -75,5 +101,9 @@ if __name__ == '__main__':
|
|||
setupTestDatabase(conn_options, args.DBNAME, args.AZURE)
|
||||
# populate these tables
|
||||
populateTables(conn_options, args.DBNAME)
|
||||
|
||||
if is_ae_qualified( server, uid, pwd ):
|
||||
setupAE(server, args.DBNAME, uid, pwd)
|
||||
|
||||
os.chdir(current_working_dir)
|
||||
|
||||
|
|
55
test/functional/sqlsrv/AEData.inc
Normal file
55
test/functional/sqlsrv/AEData.inc
Normal file
|
@ -0,0 +1,55 @@
|
|||
<?php
|
||||
|
||||
// exact numerics
|
||||
$bigint_params = array(2147483648, -922337203685477580, 922337203685477580, -2147583649, 461168601735364608, -461168601735364608);
|
||||
$int_params = array(32768, -2147483647, 2147483647, -32769, 1073725440, -1073725440);
|
||||
$smallint_params = array(256, -32767, 32767, -1, 16256, -16256);
|
||||
$tinyint_params = array(128, 0, 255, 96, 64, 162);
|
||||
$decimal_params = array(21474.83648, -9223372036854.77580, 9223372036854.77580, -21475.83649, -4611686017353.64608, -4611686017353.64608);
|
||||
$numeric_params = array(0.32768, -21474.83647, 21474.83647, -0.32769, 10737.25440, -10737.25440);
|
||||
$money_params = array(214748.3648, -92233720368547.5807, 92233720368547.5807, -214758.3649, 46116860173536.608, -46116860173536.608);
|
||||
$smallmoney_params = array(0, -214748.3647, 214748.3647, 161061.2736, 107374.1824, -107374.1824);
|
||||
$bit_params = array(0, FALSE, 0, 1, TRUE, 1);
|
||||
|
||||
// approximate numerics
|
||||
$float_params = array(21474.83648, -9223372036.85477, 9223372036.85477, -21475, 4611686017, -4611686017);
|
||||
$real_params = array(0, -2147.483, 2147.483, 1610, 1073, -1073);
|
||||
|
||||
// date and time
|
||||
$date_params = array('1900-01-01', '0001-01-01', '9999-12-31', '5000-07-15', '2500-04-08', '7500-10-23');
|
||||
$datetime2_params = array('1900-01-01 00:00:00', '0001-01-01 00:00:00', '9999-12-31 23:59:59.9999999', '5000-07-15 12:30:30.5555', '2500-04-08 06:15:15.33', '7500-10-23 18:45:45.888888');
|
||||
$datetime_params = array('1900-01-01 00:00:00', '1753-01-01 00:00:00', '9999-12-31 23:59:59.997', '5000-07-15 12:30:30.5', '2500-04-08 06:15:15.33', '7500-10-23 18:45:45.888');
|
||||
$datetimeoffset_params = array('1900-01-01 00:00:00 +01:00', '0001-01-01 00:00:00 -14:00', '9999-12-31 23:59:59.9999999 +14:00', '5000-07-15 12:30:30.55 -03:00', '2500-04-08 06:15:15.3333 -07:00', '7500-10-23 18:45:45.888888 +07:00');
|
||||
$smalldatetime_params = array('1900-01-01 00:00:00', '1900-01-01 00:00:00', '2079-06-06 23:59:59', '1990-07-15 12:30:30', '1945-04-08 06:15:15', '2500-10-23 18:45:45');
|
||||
$time_params = array('00:00:00', '00:00:00.0000000', '23:59:59.9999999', '12:30:30.5555', '06:15:15.33', '18:45:45.888888');
|
||||
|
||||
// character strings
|
||||
$char_params = array('Fixed', '-leng', 'th, n', 'on-Un', 'icode', 'strin');
|
||||
$varchar_params = array('Variable-length, non-', 'Unicode string data. n', 'defines the string length', 'and can be a value from 1', 'through 8,000.', 'The storage size is the');
|
||||
$varcharmax_params = array('max indicates that the maximum storage size is 2^31-1 bytes (2 GB)',
|
||||
'Use varchar(max) when the sizes of the column data entries vary considerably, and the size might exceed 8,000 bytes.',
|
||||
'Each non-null varchar(max) or nvarchar(max) column requires 24 bytes of additional fixed allocation which counts against the 8,060 byte row limit during a sort operation.',
|
||||
'This can create an implicit limit to the number of non-null varchar(max) or nvarchar(max) columns that can be created in a table.',
|
||||
'No special error is provided when the table is created (beyond the usual warning that the maximum row size exceeds the allowed maximum of 8060 bytes) or at the time of data insertion.',
|
||||
'This large row size can cause errors (such as error 512) during some normal operations, such as a clustered index key update, or sorts of the full column set, which users cannot anticipate until performing an operation.');
|
||||
|
||||
// unicode character strings
|
||||
$nchar_params = array('Fixed', '-leng', 'th Un', 'icode', 'strin', 'g dat');
|
||||
$nvarchar_params = array('Variable-length Unicode', 'string data. n defines', 'the string length and can', 'be a value from 1 through', '4,000.', 'The storage size, in');
|
||||
$nvarcharmax_params = array('max indicates that the maximum storage size is 2^31-1 bytes (2 GB).',
|
||||
'When prefixing a string constant with the letter N, the implicit conversion will result in a Unicode string if the constant to convert does not exceed the max length for a Unicode string data type (4,000).',
|
||||
'Otherwise, the implicit conversion will result in a Unicode large-value (max).',
|
||||
'Each non-null varchar(max) or nvarchar(max) column requires 24 bytes of additional fixed allocation which counts against the 8,060 byte row limit during a sort operation.',
|
||||
'This can create an implicit limit to the number of non-null varchar(max) or nvarchar(max) columns that can be created in a table.',
|
||||
'No special error is provided when the table is created (beyond the usual warning that the maximum row size exceeds the allowed maximum of 8060 bytes) or at the time of data insertion.');
|
||||
|
||||
// binary strings
|
||||
$binary_params = array('Fixed', '-leng', 'th, n', 'on-Un', 'icode', 'strin');
|
||||
$varbinary_params = array('Variable-length, non-', 'Unicode string data. n', 'defines the string length', 'and can be a value from 1', 'through 8,000.', 'The storage size is the');
|
||||
$varbinarymax_params = array('max indicates that the maximum storage size is 2^31-1 bytes (2 GB)',
|
||||
'Use varchar(max) when the sizes of the column data entries vary considerably, and the size might exceed 8,000 bytes.',
|
||||
'Each non-null varchar(max) or nvarchar(max) column requires 24 bytes of additional fixed allocation which counts against the 8,060 byte row limit during a sort operation.',
|
||||
'This can create an implicit limit to the number of non-null varchar(max) or nvarchar(max) columns that can be created in a table.',
|
||||
'No special error is provided when the table is created (beyond the usual warning that the maximum row size exceeds the allowed maximum of 8060 bytes) or at the time of data insertion.', 'This large row size can cause errors (such as error 512) during some normal operations, such as a clustered index key update, or sorts of the full column set, which users cannot anticipate until performing an operation.');
|
||||
|
||||
?>
|
43
test/functional/sqlsrv/encrypttable.ps1
Normal file
43
test/functional/sqlsrv/encrypttable.ps1
Normal file
|
@ -0,0 +1,43 @@
|
|||
Param(
|
||||
[Parameter(Mandatory=$True,Position=1)]
|
||||
[string]$serverName,
|
||||
[Parameter(Mandatory=$True,Position=2)]
|
||||
[string]$databaseName,
|
||||
[Parameter(Mandatory=$True,Position=3)]
|
||||
[string]$userName,
|
||||
[Parameter(Mandatory=$True,Position=4)]
|
||||
[string]$password,
|
||||
[Parameter(Mandatory=$True,Position=5)]
|
||||
[string]$tableName,
|
||||
[Parameter(Mandatory=$True,Position=6)]
|
||||
[string]$columnNames)
|
||||
|
||||
# Import the SqlServer module.
|
||||
Import-Module "SqlServer"
|
||||
|
||||
#For SQL Server Authentication
|
||||
Add-Type -AssemblyName "Microsoft.SqlServer.Smo"
|
||||
$MySQL = new-object('Microsoft.SqlServer.Management.Smo.Server') $serverName
|
||||
$MySQL.ConnectionContext.LoginSecure = $false
|
||||
$MySQL.ConnectionContext.set_Login($userName)
|
||||
$MySQL.ConnectionContext.set_Password($password)
|
||||
$database = $MySQL.Databases[$databaseName]
|
||||
|
||||
#split the column names into an array
|
||||
$column_arr = $columnNames.Split(",")
|
||||
|
||||
# Encrypt the selected columns (or re-encrypt, if they are already encrypted using keys/encrypt types, different than the specified keys/types.
|
||||
$ces = @()
|
||||
foreach($col_name in $column_arr){
|
||||
$col_full_name = "$tableName.$col_name"
|
||||
if($col_name -like '*det*'){
|
||||
$ces += New-SqlColumnEncryptionSettings -ColumnName $col_full_name -EncryptionType "Deterministic" -EncryptionKey "CEK1"
|
||||
}
|
||||
elseif($col_name -like '*rand*'){
|
||||
$ces += New-SqlColumnEncryptionSettings -ColumnName $col_full_name -EncryptionType "Randomized" -EncryptionKey "CEK1"
|
||||
}
|
||||
}
|
||||
Set-SqlColumnEncryption -InputObject $database -ColumnEncryptionSettings $ces
|
||||
|
||||
# Disconnect
|
||||
$MySQL.ConnectionContext.Disconnect()
|
38
test/functional/sqlsrv/sqlsrv_fetch_ae_int.php
Normal file
38
test/functional/sqlsrv/sqlsrv_fetch_ae_int.php
Normal file
|
@ -0,0 +1,38 @@
|
|||
<?php
|
||||
include 'MsCommon.inc';
|
||||
include 'AEData.inc';
|
||||
include 'MsSetup.inc';
|
||||
|
||||
try{
|
||||
$conn = Connect( array("ColumnEncryption"=>"Enabled"));
|
||||
|
||||
// create table
|
||||
$tbname = GetTempTableName("", false);
|
||||
$dataTypes = array("bigint", "int", "smallint");
|
||||
$encTypes = array("norm", "det", "rand");
|
||||
$dataTypes_str = "";
|
||||
$col_names = array();
|
||||
foreach ($dataType in $dataTypes){
|
||||
foreach ($encType in $encTypes) {
|
||||
$col_name = $encType + $dataType;
|
||||
$dataTypes_str = $dataTypes_str + "[" + $col_name + "] " + $dataTypes + ", ";
|
||||
array_push($col_names, $col_name);
|
||||
}
|
||||
}
|
||||
$dataTypes_str = rtrim($dataTypes_str, ", ");
|
||||
CreateTableEx( $conn, $tbname, $dataTypes_str);
|
||||
|
||||
// populate table
|
||||
$data_arr = array_merge( array_slice($bigint_params, 0, 3), array_slice($int_params, 0, 3), array_slice($smallint_params, 0, 3) );
|
||||
$data_str = implode(", ", $data_arr);
|
||||
sqlsrv_query( $conn, "INSERT INTO $tbname VALUES ( $data_str )");
|
||||
|
||||
// encrypt columns
|
||||
$col_name_str = implode($col_names);
|
||||
$runCMD = "powershell -executionPolicy Unrestricted encrypttable.ps1 " . $server . " " . $database . " " . $userName . " " . $userPassword . " " . $tbname . " " . $col_name_str;
|
||||
shell_exec($runCMD);
|
||||
|
||||
DropTable($conn, $tbname);
|
||||
sqlsrv_close($conn);
|
||||
}
|
||||
?>
|
Loading…
Reference in a new issue