dprevot/php-sqlsrv
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Refactored some akv tests, other small changes

Browse source
This commit is contained in:
David Puglielli 2018-05-25 13:08:35 -07:00
parent cee6370fda
commit bd9d85b862
12 changed files with 372 additions and 558 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_client_secret.phpt Normal file
View file

@ -0,0 +1,42 @@
--TEST--
Test client ID/secret credentials for Azure Key Vault for Always Encrypted.
--SKIPIF--
<?php require('skipif_mid-refactor.inc'); ?>
--FILE--
<?php
require_once('pdo_ae_azure_key_vault_common.php');
$strsize = 64;
$dataTypes = array("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
"decimal", "float", "real", "bigint", "int", "bit"
);
$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
$connectionOptions .= ";ColumnEncryption=enabled";
$connectionOptions .= ";KeyStoreAuthentication=KeyVaultClientSecret";
$connectionOptions .= ";KeyStorePrincipalId=".$AKVClientID;
$connectionOptions .= ";KeyStoreSecret=".$AKVSecret;
$connectionOptions .= ";";
$tableName = "akv_comparison_table";
// Connect to the AE-enabled database, insert the data, and verify
try {
$conn = new PDO($connectionOptions, $uid, $pwd);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
insertDataAndVerify($conn, $tableName, $dataTypes, $small_values);
echo "Successful insertion and retrieval with client ID/secret.\n";
unset($conn);
} catch (Exception $e) {
echo "Unexpected error.\n";
print_r($e->errorInfo);
}
?>
--EXPECT--
Successful insertion and retrieval with client ID/secret.

216
test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_clientsecret.phpt → test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_common.php
View file

@ -1,122 +1,94 @@
--TEST-- <?php
Test client ID/secret credentials for Azure Key Vault for Always Encrypted. require_once("MsCommon_mid-refactor.inc");
--SKIPIF-- require_once("MsSetup.inc");
<?php require('skipif_mid-refactor.inc'); ?> require_once('values.php');
--FILE--
<?php // Set up the columns and build the insert query. Each data type has an
require_once("MsCommon_mid-refactor.inc"); // AE-encrypted and a non-encrypted column side by side in the table.
require_once("MsSetup.inc"); // If column encryption is not set in MsSetup.inc, this function simply
require_once('values.php'); // creates two non-encrypted columns side-by-side for each type.
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
// Set up the columns and build the insert query. Each data type has an {
// AE-encrypted and a non-encrypted column side by side in the table. $columns = array();
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery) $queryTypes = "(";
{ $queryTypesAE = "(";
$columns = array(); $valuesString = "VALUES (";
$queryTypes = "("; $numTypes = sizeof($dataTypes);
$queryTypesAE = "(";
$valuesString = "VALUES ("; for ($i = 0; $i < $numTypes; ++$i) {
$numTypes = sizeof($dataTypes); // Replace parentheses for column names
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
for ($i = 0; $i < $numTypes; ++$i) { $columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname."_AE", null, "deterministic", false);
// Replace parentheses for column names $columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname, null, "none", false);
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]); $queryTypes .= "c_"."$colname, ";
$columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname."_AE", null, "deterministic", false); $queryTypes .= "c_"."$colname"."_AE, ";
$columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname, null, "none", false); $valuesString .= "?, ?, ";
$queryTypes .= "c_"."$colname, "; }
$queryTypes .= "c_"."$colname"."_AE, ";
$valuesString .= "?, ?, "; $queryTypes = substr($queryTypes, 0, -2).")";
} $valuesString = substr($valuesString, 0, -2).")";
$queryTypes = substr($queryTypes, 0, -2).")"; $insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
$valuesString = substr($valuesString, 0, -2).")"; }
$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString; // Create the table and insert the data, then retrieve it back and make
} // sure the encrypted and non-encrypted values are identical.
function insertDataAndVerify($conn, $tableName, $dataTypes, $values)
$strsize = 64; {
$columns = array();
$dataTypes = array("char($strsize)", "varchar($strsize)", "nvarchar($strsize)", $insertQuery = "";
"decimal", "float", "real", "bigint", "int", "bit"
); // Generate the INSERT query
formulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
$tableName = "akv_comparison_table";
createTable($conn, $tableName, $columns);
$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
// Duplicate all values for insertion - one is encrypted, one is not
$connectionOptions .= ";ColumnEncryption=enabled"; $testValues = array();
$connectionOptions .= ";KeyStoreAuthentication=KeyVaultClientSecret"; for ($n = 0; $n < sizeof($values); ++$n) {
$connectionOptions .= ";KeyStorePrincipalId=".$AKVClientID; $testValues[] = $values[$n];
$connectionOptions .= ";KeyStoreSecret=".$AKVSecret; $testValues[] = $values[$n];
$connectionOptions .= ";"; }
try { // Prepare the INSERT query
// Connect to the AE-enabled database // This is never expected to fail
$conn = new PDO($connectionOptions, $uid, $pwd); $stmt = $conn->prepare($insertQuery);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); if ($stmt == false) {
print_r($conn->errorInfo());
$columns = array(); fatalError("sqlsrv_prepare failed\n");
$insertQuery = ""; }
// Generate the INSERT query // Execute the INSERT query
formulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery); // This should not fail since our credentials are correct
if ($stmt->execute($testValues) == false) {
createTable($conn, $tableName, $columns); print_r($stmt->errorInfo());
fatalError("INSERT query execution failed with good credentials.\n");
// Duplicate all values for insertion - one is encrypted, one is not } else {
$testValues = array(); // Get the data back and compare encrypted and non-encrypted versions
for ($n = 0; $n < sizeof($small_values); ++$n) { $selectQuery = "SELECT * FROM $tableName";
$testValues[] = $small_values[$n];
$testValues[] = $small_values[$n]; $stmt1 = $conn->query($selectQuery);
}
$data = $stmt1->fetchAll(PDO::FETCH_NUM);
// Prepare the INSERT query $data = $data[0];
// This is never expected to fail
$stmt = $conn->prepare($insertQuery); if (sizeof($data) != 2*sizeof($dataTypes)) {
if ($stmt == false) { fatalError("Incorrect number of fields returned.\n");
print_r($conn->errorInfo()); }
fatalError("sqlsrv_prepare failed\n");
} for ($n = 0; $n < sizeof($data); $n += 2) {
if ($data[$n] != $data[$n + 1]) {
// Execute the INSERT query echo "Failed on field $n: ".$data[$n]." ".$data[$n + 1]."\n";
// This should not fail since our credentials are correct fatalError("AE and non-AE values do not match.\n");
if ($stmt->execute($testValues) == false) { }
print_r($stmt->errorInfo()); }
fatalError("INSERT query execution failed with good credentials.\n");
} else {
// Get the data back and compare encrypted and non-encrypted versions unset($stmt);
$selectQuery = "SELECT * FROM $tableName"; unset($stmt1);
}
$stmt1 = $conn->query($selectQuery);
// Drop the table
$data = $stmt1->fetchAll(PDO::FETCH_NUM); dropTable($conn, $tableName);
$data = $data[0]; }
?>
if (sizeof($data) != 2*sizeof($dataTypes)) {
fatalError("Incorrect number of fields returned.\n");
}
for ($n = 0; $n < sizeof($data); $n += 2) {
if ($data[$n] != $data[$n + 1]) {
echo "Failed on field $n: ".$data[$n]." ".$data[$n + 1]."\n";
fatalError("AE and non-AE values do not match.\n");
}
}
echo "Successful insertion and retrieval with client ID/secret.\n";
unset($stmt);
unset($stmt1);
}
// Free the statement and close the connection
unset($stmt);
unset($conn);
} catch (Exception $e) {
echo "Unexpected error.\n";
print_r($e->errorInfo);
}
?>
--EXPECT--
Successful insertion and retrieval with client ID/secret.

32
test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_keywords.phpt
View file

@ -4,9 +4,7 @@ Test connection keywords for Azure Key Vault for Always Encrypted.
<?php require('skipif_mid-refactor.inc'); ?> <?php require('skipif_mid-refactor.inc'); ?>
--FILE-- --FILE--
<?php <?php
require_once("MsCommon_mid-refactor.inc"); require_once('pdo_ae_azure_key_vault_common.php');
require_once("MsSetup.inc");
require_once('values.php');
// We will test the direct product (set of all possible combinations) of the following // We will test the direct product (set of all possible combinations) of the following
$columnEncryption = ['enabled', 'disabled', 'notvalid', '']; $columnEncryption = ['enabled', 'disabled', 'notvalid', ''];
@ -35,34 +33,6 @@ function checkErrors($errors, ...$codes)
} }
} }
// Set up the columns and build the insert query. Each data type has an
// AE-encrypted and a non-encrypted column side by side in the table.
// If column encryption is not set in MsSetup.inc, this function simply
// creates two non-encrypted columns side-by-side for each type.
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
{
$columns = array();
$queryTypes = "(";
$queryTypesAE = "(";
$valuesString = "VALUES (";
$numTypes = sizeof($dataTypes);
for ($i = 0; $i < $numTypes; ++$i) {
// Replace parentheses for column names
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
$columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname."_AE", null, "deterministic", false);
$columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname, null, "none", false);
$queryTypes .= "c_"."$colname, ";
$queryTypes .= "c_"."$colname"."_AE, ";
$valuesString .= "?, ?, ";
}
$queryTypes = substr($queryTypes, 0, -2).")";
$valuesString = substr($valuesString, 0, -2).")";
$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
}
$strsize = 64; $strsize = 64;
$dataTypes = array("char($strsize)", "varchar($strsize)", "nvarchar($strsize)", $dataTypes = array("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",

42
test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_username_password.phpt Normal file
View file

@ -0,0 +1,42 @@
--TEST--
Test username/password credentials for Azure Key Vault for Always Encrypted.
--SKIPIF--
<?php require('skipif_mid-refactor.inc'); ?>
--FILE--
<?php
require_once('pdo_ae_azure_key_vault_common.php');
$strsize = 64;
$dataTypes = array("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
"decimal", "float", "real", "bigint", "int", "bit"
);
$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
$connectionOptions .= ";ColumnEncryption=enabled";
$connectionOptions .= ";KeyStoreAuthentication=KeyVaultPassword";
$connectionOptions .= ";KeyStorePrincipalId=".$AKVPrincipalName;
$connectionOptions .= ";KeyStoreSecret=".$AKVPassword;
$connectionOptions .= ";";
$tableName = "akv_comparison_table";
// Connect to the AE-enabled database, insert the data, and verify
try {
$conn = new PDO($connectionOptions, $uid, $pwd);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
insertDataAndVerify($conn, $tableName, $dataTypes, $small_values);
echo "Successful insertion and retrieval with username/password.\n";
unset($conn);
} catch (Exception $e) {
echo "Unexpected error.\n";
print_r($e->errorInfo);
}
?>
--EXPECT--
Successful insertion and retrieval with username/password.

122
test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_usernamepassword.phpt
View file

@ -1,122 +0,0 @@
--TEST--
Test username/password credentials for Azure Key Vault for Always Encrypted.
--SKIPIF--
<?php require('skipif_mid-refactor.inc'); ?>
--FILE--
<?php
require_once("MsCommon_mid-refactor.inc");
require_once("MsSetup.inc");
require_once('values.php');
// Set up the columns and build the insert query. Each data type has an
// AE-encrypted and a non-encrypted column side by side in the table.
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
{
$columns = array();
$queryTypes = "(";
$queryTypesAE = "(";
$valuesString = "VALUES (";
$numTypes = sizeof($dataTypes);
for ($i = 0; $i < $numTypes; ++$i) {
// Replace parentheses for column names
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
$columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname."_AE", null, "deterministic", false);
$columns[] = new ColumnMeta($dataTypes[$i], "c_".$colname, null, "none", false);
$queryTypes .= "c_"."$colname, ";
$queryTypes .= "c_"."$colname"."_AE, ";
$valuesString .= "?, ?, ";
}
$queryTypes = substr($queryTypes, 0, -2).")";
$valuesString = substr($valuesString, 0, -2).")";
$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
}
$strsize = 64;
$dataTypes = array("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
"decimal", "float", "real", "bigint", "int", "bit"
);
$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
$connectionOptions .= ";ColumnEncryption=enabled";
$connectionOptions .= ";KeyStoreAuthentication=KeyVaultPassword";
$connectionOptions .= ";KeyStorePrincipalId=".$AKVPrincipalName;
$connectionOptions .= ";KeyStoreSecret=".$AKVPassword;
$connectionOptions .= ";";
$tableName = "akv_comparison_table";
try {
// Connect to the AE-enabled database
$conn = new PDO($connectionOptions, $uid, $pwd);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$columns = array();
$insertQuery = "";
// Generate the INSERT query
formulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
createTable($conn, $tableName, $columns);
// Duplicate all values for insertion - one is encrypted, one is not
$testValues = array();
for ($n = 0; $n < sizeof($small_values); ++$n) {
$testValues[] = $small_values[$n];
$testValues[] = $small_values[$n];
}
// Prepare the INSERT query
// This is never expected to fail
$stmt = $conn->prepare($insertQuery);
if ($stmt == false) {
print_r($conn->errorInfo());
fatalError("sqlsrv_prepare failed\n");
}
// Execute the INSERT query
// This should not fail since our credentials are correct
if ($stmt->execute($testValues) == false) {
print_r($stmt->errorInfo());
fatalError("INSERT query execution failed with good credentials.\n");
} else {
// Get the data back and compare encrypted and non-encrypted versions
$selectQuery = "SELECT * FROM $tableName";
$stmt1 = $conn->query($selectQuery);
$data = $stmt1->fetchAll(PDO::FETCH_NUM);
$data = $data[0];
if (sizeof($data) != 2*sizeof($dataTypes)) {
fatalError("Incorrect number of fields returned.\n");
}
for ($n = 0; $n < sizeof($data); $n += 2) {
if ($data[$n] != $data[$n + 1]) {
echo "Failed on field $n: ".$data[$n]." ".$data[$n + 1]."\n";
fatalError("AE and non-AE values do not match.\n");
}
}
echo "Successful insertion and retrieval with username/password.\n";
unset($stmt);
unset($stmt1);
}
// Free the statement and close the connection
unset($stmt);
unset($conn);
} catch (Exception $e) {
echo "Unexpected error.\n";
print_r($e->errorInfo);
}
?>
--EXPECT--
Successful insertion and retrieval with username/password.

6
test/functional/pdo_sqlsrv/values.php
View file

@ -3,10 +3,12 @@
// This file holds different data of many different types for testing // This file holds different data of many different types for testing
// Always Encrypted. Currently, the tests that use this data are: // Always Encrypted. Currently, the tests that use this data are:
// pdo__ae_azure_key_vault_keywords.phpt ($small_values) // pdo__ae_azure_key_vault_keywords.phpt ($small_values)
// pdo_ae_azure_key_vault_verification.phpt ($small_values) // pdo_ae_azure_key_vault_username_password.phpt ($small_values)
// pdo_ae_azure_key_vault_client_secret.phpt ($small_values)
// sqlsrv_ae_fetch_phptypes.phpt ($values) // sqlsrv_ae_fetch_phptypes.phpt ($values)
// sqlsrv_ae_azure_key_vault_keywords.phpt ($small_values) // sqlsrv_ae_azure_key_vault_keywords.phpt ($small_values)
// sqlsrv_ae_azure_key_vault_verification.phpt ($small_values) // sqlsrv_ae_azure_key_vault_username_password.phpt ($small_values)
// sqlsrv_ae_azure_key_vault_client_secret.phpt ($small_values)
$values = array(); $values = array();
$values[] = array(array(("BA3EA123EA8FFF46A01"), null, SQLSRV_PHPTYPE_STRING(SQLSRV_ENC_CHAR), SQLSRV_SQLTYPE_BINARY(256)), $values[] = array(array(("BA3EA123EA8FFF46A01"), null, SQLSRV_PHPTYPE_STRING(SQLSRV_ENC_CHAR), SQLSRV_SQLTYPE_BINARY(256)),

45
test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_client_secret.phpt Normal file
View file

@ -0,0 +1,45 @@
--TEST--
Test client ID/secret credentials for Azure Key Vault for Always Encrypted.
--SKIPIF--
<?php require('skipif_versions_old.inc'); ?>
--FILE--
<?php
require_once('sqlsrv_ae_azure_key_vault_common.php');
$strsize = 64;
$dataTypes = array ("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
"decimal", "float", "real", "bigint", "int", "bit"
);
// Test data insertion and retrieval with username/password
// and client Id/client secret combinations.
$connectionOptions = array("CharacterSet"=>"UTF-8",
"database"=>$databaseName,
"uid"=>$uid,
"pwd"=>$pwd,
"ConnectionPooling"=>0);
$connectionOptions['ColumnEncryption'] = "enabled";
$connectionOptions['KeyStoreAuthentication'] = "KeyVaultClientSecret";
$connectionOptions['KeyStorePrincipalId'] = $AKVClientID;
$connectionOptions['KeyStoreSecret'] = $AKVSecret;
$tableName = "akv_comparison_table";
// Connect to the AE-enabled database, insert the data, and verify
$conn = sqlsrv_connect($server, $connectionOptions);
if (!$conn) {
$errors = sqlsrv_errors();
fatalError("Connection failed while testing good credentials.\n");
} else {
insertDataAndVerify($conn, $tableName, $dataTypes, $small_values);
echo "Successful insertion and retrieval with client ID/secret.\n";
sqlsrv_close($conn);
}
?>
--EXPECT--
Successful insertion and retrieval with client ID/secret.

217
test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_clientsecret.phpt → test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_common.php
View file

@ -1,124 +1,93 @@
--TEST-- <?php
Test client ID/secret credentials for Azure Key Vault for Always Encrypted. require_once('MsCommon.inc');
--SKIPIF-- require_once('values.php');
<?php require('skipif_versions_old.inc'); ?>
--FILE-- // Set up the columns and build the insert query. Each data type has an
<?php // AE-encrypted and a non-encrypted column side by side in the table.
require_once('MsCommon.inc'); // If column encryption is not set in MsSetup.inc, this function simply
require_once('values.php'); // creates two non-encrypted columns side-by-side for each type.
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
// Set up the columns and build the insert query. Each data type has an {
// AE-encrypted and a non-encrypted column side by side in the table. $columns = array();
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery) $queryTypes = "(";
{ $queryTypesAE = "(";
$columns = array(); $valuesString = "VALUES (";
$queryTypes = "("; $numTypes = sizeof($dataTypes);
$queryTypesAE = "(";
$valuesString = "VALUES ("; for ($i = 0; $i < $numTypes; ++$i) {
$numTypes = sizeof($dataTypes); // Replace parentheses for column names
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
for ($i = 0; $i < $numTypes; ++$i) { $columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE");
// Replace parentheses for column names $columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname, null, true, true);
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]); $queryTypes .= "c_"."$colname, ";
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE"); $queryTypes .= "c_"."$colname"."_AE, ";
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname, null, true, true); $valuesString .= "?, ?, ";
$queryTypes .= "c_"."$colname, "; }
$queryTypes .= "c_"."$colname"."_AE, ";
$valuesString .= "?, ?, "; $queryTypes = substr($queryTypes, 0, -2).")";
} $valuesString = substr($valuesString, 0, -2).")";
$queryTypes = substr($queryTypes, 0, -2).")"; $insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
$valuesString = substr($valuesString, 0, -2).")"; }
$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString; // Create the table and insert the data, then retrieve it back and make
} // sure the encrypted and non-encrypted values are identical.
function insertDataAndVerify($conn, $tableName, $dataTypes, $values)
$strsize = 64; {
$columns = array();
$dataTypes = array ("char($strsize)", "varchar($strsize)", "nvarchar($strsize)", $insertQuery = "";
"decimal", "float", "real", "bigint", "int", "bit"
); // Generate the INSERT query
formulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
// Test data insertion and retrieval with username/password
// and client Id/client secret combinations. $stmt = AE\createTable($conn, $tableName, $columns);
$connectionOptions = array("CharacterSet"=>"UTF-8", if (!$stmt) {
"database"=>$databaseName, fatalError("Failed to create table $tableName\n");
"uid"=>$uid, }
"pwd"=>$pwd,
"ConnectionPooling"=>0); // Duplicate all values for insertion - one is encrypted, one is not
$testValues = array();
$tableName = "akv_comparison_table"; for ($n = 0; $n < sizeof($values); ++$n) {
$testValues[] = $values[$n];
$connectionOptions['ColumnEncryption'] = "enabled"; $testValues[] = $values[$n];
$connectionOptions['KeyStoreAuthentication'] = "KeyVaultClientSecret"; }
$connectionOptions['KeyStorePrincipalId'] = $AKVClientID;
$connectionOptions['KeyStoreSecret'] = $AKVSecret; // Prepare the INSERT query
// This is never expected to fail
// Connect to the AE-enabled database $stmt = sqlsrv_prepare($conn, $insertQuery, $testValues);
$conn = sqlsrv_connect($server, $connectionOptions); if ($stmt == false) {
if (!$conn) { print_r(sqlsrv_errors());
$errors = sqlsrv_errors(); fatalError("sqlsrv_prepare failed\n");
fatalError("Connection failed while testing good credentials.\n"); }
} else {
$columns = array(); // Execute the INSERT query
$insertQuery = ""; // This should not fail since our credentials are correct
if (sqlsrv_execute($stmt) == false) {
// Generate the INSERT query $errors = sqlsrv_errors();
formulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery); fatalError("INSERT query execution failed with good credentials.\n");
} else {
$stmt = AE\createTable($conn, $tableName, $columns); // Get the data back and compare encrypted and non-encrypted versions
if (!$stmt) { $selectQuery = "SELECT * FROM $tableName";
fatalError("Failed to create table $tableName\n");
} $stmt1 = sqlsrv_query($conn, $selectQuery);
$data = sqlsrv_fetch_array($stmt1, SQLSRV_FETCH_NUMERIC);
// Duplicate all values for insertion - one is encrypted, one is not
$testValues = array(); if (sizeof($data) != 2*sizeof($dataTypes)) {
for ($n = 0; $n < sizeof($small_values); ++$n) { fatalError("Incorrect number of fields returned.\n");
$testValues[] = $small_values[$n]; }
$testValues[] = $small_values[$n];
} for ($n = 0; $n < sizeof($data); $n += 2) {
if ($data[$n] != $data[$n + 1]) {
// Prepare the INSERT query echo "Failed on field $n: ".$data[$n]." ".$data[$n + 1]."\n";
// This is never expected to fail fatalError("AE and non-AE values do not match.\n");
$stmt = sqlsrv_prepare($conn, $insertQuery, $testValues); }
if ($stmt == false) { }
print_r(sqlsrv_errors());
fatalError("sqlsrv_prepare failed\n"); sqlsrv_free_stmt($stmt);
} sqlsrv_free_stmt($stmt1);
}
// Execute the INSERT query
// This should not fail since our credentials are correct // Drop the table
if (sqlsrv_execute($stmt) == false) { dropTable($conn, $tableName);
$errors = sqlsrv_errors(); }
fatalError("INSERT query execution failed with good credentials.\n"); ?>
} else {
// Get the data back and compare encrypted and non-encrypted versions
$selectQuery = "SELECT * FROM $tableName";
$stmt1 = sqlsrv_query($conn, $selectQuery);
$data = sqlsrv_fetch_array($stmt1, SQLSRV_FETCH_NUMERIC);
if (sizeof($data) != 2*sizeof($dataTypes)) {
fatalError("Incorrect number of fields returned.\n");
}
for ($n = 0; $n < sizeof($data); $n += 2) {
if ($data[$n] != $data[$n + 1]) {
echo "Failed on field $n: ".$data[$n]." ".$data[$n + 1]."\n";
fatalError("AE and non-AE values do not match.\n");
}
}
echo "Successful insertion and retrieval with client ID/secret.\n";
sqlsrv_free_stmt($stmt);
sqlsrv_free_stmt($stmt1);
}
// Free the statement and close the connection
sqlsrv_close($conn);
}
?>
--EXPECT--
Successful insertion and retrieval with client ID/secret.

33
test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_keywords.phpt
View file

@ -4,8 +4,7 @@ Test connection keywords for Azure Key Vault for Always Encrypted.
<?php require('skipif_versions_old.inc'); ?> <?php require('skipif_versions_old.inc'); ?>
--FILE-- --FILE--
<?php <?php
require_once('MsCommon.inc'); require_once('sqlsrv_ae_azure_key_vault_common.php');
require_once('values.php');
// We will test the direct product (set of all possible combinations) of the following // We will test the direct product (set of all possible combinations) of the following
$columnEncryption = ['enabled', 'disabled', 'notvalid', '']; $columnEncryption = ['enabled', 'disabled', 'notvalid', ''];
@ -13,8 +12,6 @@ $keyStoreAuthentication = ['KeyVaultPassword', 'KeyVaultClientSecret', 'KeyVault
$keyStorePrincipalId = [$AKVPrincipalName, $AKVClientID, 'notaname', '']; $keyStorePrincipalId = [$AKVPrincipalName, $AKVClientID, 'notaname', ''];
$keyStoreSecret = [$AKVPassword, $AKVSecret, 'notasecret', '']; $keyStoreSecret = [$AKVPassword, $AKVSecret, 'notasecret', ''];
$is_win = (strtoupper(substr(php_uname('s'), 0, 3)) === 'WIN');
function checkErrors($errors, ...$codes) function checkErrors($errors, ...$codes)
{ {
$codeFound = false; $codeFound = false;
@ -35,32 +32,6 @@ function checkErrors($errors, ...$codes)
} }
} }
// Set up the columns and build the insert query. Each data type has an
// AE-encrypted and a non-encrypted column side by side in the table.
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
{
$columns = array();
$queryTypes = "(";
$queryTypesAE = "(";
$valuesString = "VALUES (";
$numTypes = sizeof($dataTypes);
for ($i = 0; $i < $numTypes; ++$i) {
// Replace parentheses for column names
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE");
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname, null, true, true);
$queryTypes .= "c_"."$colname, ";
$queryTypes .= "c_"."$colname"."_AE, ";
$valuesString .= "?, ?, ";
}
$queryTypes = substr($queryTypes, 0, -2).")";
$valuesString = substr($valuesString, 0, -2).")";
$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
}
$strsize = 64; $strsize = 64;
$dataTypes = array("char($strsize)", "varchar($strsize)", "nvarchar($strsize)", $dataTypes = array("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
@ -114,7 +85,7 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
checkErrors( checkErrors(
$errors, $errors,
array('08001','0'), array('08001','0'),
array('08001','-1'), // SSL error occurs in Ubuntu array('08001','-1'), // SSL error on some Linuxes
array('IMSSP','-110'), array('IMSSP','-110'),
array('IMSSP','-111'), array('IMSSP','-111'),
array('IMSSP','-112'), array('IMSSP','-112'),

45
test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_username_password.phpt Normal file
View file

@ -0,0 +1,45 @@
--TEST--
Test username/password credentials for Azure Key Vault for Always Encrypted.
--SKIPIF--
<?php require('skipif_versions_old.inc'); ?>
--FILE--
<?php
require_once('sqlsrv_ae_azure_key_vault_common.php');
$strsize = 64;
$dataTypes = array ("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
"decimal", "float", "real", "bigint", "int", "bit"
);
// Test data insertion and retrieval with username/password
// and client Id/client secret combinations.
$connectionOptions = array("CharacterSet"=>"UTF-8",
"database"=>$databaseName,
"uid"=>$uid,
"pwd"=>$pwd,
"ConnectionPooling"=>0);
$connectionOptions['ColumnEncryption'] = "enabled";
$connectionOptions['KeyStoreAuthentication'] = "KeyVaultPassword";
$connectionOptions['KeyStorePrincipalId'] = $AKVPrincipalName;
$connectionOptions['KeyStoreSecret'] = $AKVPassword;
$tableName = "akv_comparison_table";
// Connect to the AE-enabled database, insert the data, and verify
$conn = sqlsrv_connect($server, $connectionOptions);
if (!$conn) {
$errors = sqlsrv_errors();
fatalError("Connection failed while testing good credentials.\n");
} else {
insertDataAndVerify($conn, $tableName, $dataTypes, $small_values);
echo "Successful insertion and retrieval with username/password.\n";
sqlsrv_close($conn);
}
?>
--EXPECT--
Successful insertion and retrieval with username/password.

124
test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_usernamepassword.phpt
View file

@ -1,124 +0,0 @@
--TEST--
Test username/password credentials for Azure Key Vault for Always Encrypted.
--SKIPIF--
<?php require('skipif_versions_old.inc'); ?>
--FILE--
<?php
require_once('MsCommon.inc');
require_once('values.php');
// Set up the columns and build the insert query. Each data type has an
// AE-encrypted and a non-encrypted column side by side in the table.
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
{
$columns = array();
$queryTypes = "(";
$queryTypesAE = "(";
$valuesString = "VALUES (";
$numTypes = sizeof($dataTypes);
for ($i = 0; $i < $numTypes; ++$i) {
// Replace parentheses for column names
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE");
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname, null, true, true);
$queryTypes .= "c_"."$colname, ";
$queryTypes .= "c_"."$colname"."_AE, ";
$valuesString .= "?, ?, ";
}
$queryTypes = substr($queryTypes, 0, -2).")";
$valuesString = substr($valuesString, 0, -2).")";
$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
}
$strsize = 64;
$dataTypes = array ("char($strsize)", "varchar($strsize)", "nvarchar($strsize)",
"decimal", "float", "real", "bigint", "int", "bit"
);
// Test data insertion and retrieval with username/password
// and client Id/client secret combinations.
$connectionOptions = array("CharacterSet"=>"UTF-8",
"database"=>$databaseName,
"uid"=>$uid,
"pwd"=>$pwd,
"ConnectionPooling"=>0);
$connectionOptions['ColumnEncryption'] = "enabled";
$connectionOptions['KeyStoreAuthentication'] = "KeyVaultPassword";
$connectionOptions['KeyStorePrincipalId'] = $AKVPrincipalName;
$connectionOptions['KeyStoreSecret'] = $AKVPassword;
$tableName = "akv_comparison_table";
// Connect to the AE-enabled database
$conn = sqlsrv_connect($server, $connectionOptions);
if (!$conn) {
$errors = sqlsrv_errors();
fatalError("Connection failed while testing good credentials.\n");
} else {
$columns = array();
$insertQuery = "";
// Generate the INSERT query
formulateSetupQuery($tableName, $dataTypes, $columns, $insertQuery);
$stmt = AE\createTable($conn, $tableName, $columns);
if (!$stmt) {
fatalError("Failed to create table $tableName\n");
}
// Duplicate all values for insertion - one is encrypted, one is not
$testValues = array();
for ($n = 0; $n < sizeof($small_values); ++$n) {
$testValues[] = $small_values[$n];
$testValues[] = $small_values[$n];
}
// Prepare the INSERT query
// This is never expected to fail
$stmt = sqlsrv_prepare($conn, $insertQuery, $testValues);
if ($stmt == false) {
print_r(sqlsrv_errors());
fatalError("sqlsrv_prepare failed\n");
}
// Execute the INSERT query
// This should not fail since our credentials are correct
if (sqlsrv_execute($stmt) == false) {
$errors = sqlsrv_errors();
fatalError("INSERT query failed with good credentials.\n");
} else {
// Get the data back and compare encrypted and non-encrypted versions
$selectQuery = "SELECT * FROM $tableName";
$stmt1 = sqlsrv_query($conn, $selectQuery);
$data = sqlsrv_fetch_array($stmt1, SQLSRV_FETCH_NUMERIC);
if (sizeof($data) != 2*sizeof($dataTypes)) {
fatalError("Incorrect number of fields returned.\n");
}
for ($n = 0; $n < sizeof($data); $n += 2) {
if ($data[$n] != $data[$n + 1]) {
echo "Failed on field $n: ".$data[$n]." ".$data[$n + 1]."\n";
fatalError("AE and non-AE values do not match.\n");
}
}
echo "Successful insertion and retrieval with username/password.\n";
sqlsrv_free_stmt($stmt);
sqlsrv_free_stmt($stmt1);
}
// Free the statement and close the connection
sqlsrv_close($conn);
}
?>
--EXPECT--
Successful insertion and retrieval with username/password.

6
test/functional/sqlsrv/values.php
View file

@ -3,10 +3,12 @@
// This file holds different data of many different types for testing // This file holds different data of many different types for testing
// Always Encrypted. Currently, the tests that use this data are: // Always Encrypted. Currently, the tests that use this data are:
// pdo__ae_azure_key_vault_keywords.phpt ($small_values) // pdo__ae_azure_key_vault_keywords.phpt ($small_values)
// pdo_ae_azure_key_vault_verification.phpt ($small_values) // pdo_ae_azure_key_vault_username_password.phpt ($small_values)
// pdo_ae_azure_key_vault_client_secret.phpt ($small_values)
// sqlsrv_ae_fetch_phptypes.phpt ($values) // sqlsrv_ae_fetch_phptypes.phpt ($values)
// sqlsrv_ae_azure_key_vault_keywords.phpt ($small_values) // sqlsrv_ae_azure_key_vault_keywords.phpt ($small_values)
// sqlsrv_ae_azure_key_vault_verification.phpt ($small_values) // sqlsrv_ae_azure_key_vault_username_password.phpt ($small_values)
// sqlsrv_ae_azure_key_vault_client_secret.phpt ($small_values)
$values = array(); $values = array();
$values[] = array(array(("BA3EA123EA8FFF46A01"), null, SQLSRV_PHPTYPE_STRING(SQLSRV_ENC_CHAR), SQLSRV_SQLTYPE_BINARY(256)), $values[] = array(array(("BA3EA123EA8FFF46A01"), null, SQLSRV_PHPTYPE_STRING(SQLSRV_ENC_CHAR), SQLSRV_SQLTYPE_BINARY(256)),