Fixed two column encryption tests to encrypt columns (#1236)

This commit is contained in:
Jenny Tam 2021-02-17 15:48:11 -08:00 committed by GitHub
parent 3da84185c1
commit f7e24bd098
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 95 additions and 12 deletions

View file

@ -30,7 +30,7 @@ environment:
SQL_INSTANCE: SQL2019
PHP_VC: vs16
PHP_MAJOR_VER: 8.0
PHP_MINOR_VER: 0RC2
PHP_MINOR_VER: latest
PHP_EXE_PATH: Release
THREAD: nts
platform: x86
@ -79,7 +79,7 @@ install:
}
- echo Downloading MSODBCSQL 17
# AppVeyor build works are x64 VMs and 32-bit ODBC driver cannot be installed on it
- ps: (new-object net.webclient).DownloadFile('https://download.microsoft.com/download/6/b/3/6b3dd05c-678c-4e6b-b503-1d66e16ef23d/en-US/17.6.1.1/x64/msodbcsql.msi', 'c:\projects\msodbcsql.msi')
- ps: (new-object net.webclient).DownloadFile('https://download.microsoft.com/download/2/c/c/2cc12eab-a3aa-45d6-95bb-13f968fb6cd6/en-US/17.7.1.1/x64/msodbcsql.msi', 'c:\projects\msodbcsql.msi')
- cmd /c start /wait msiexec /i "c:\projects\msodbcsql.msi" /q IACCEPTMSODBCSQLLICENSETERMS=YES ADDLOCAL=ALL
- echo Checking the version of MSODBCSQL
- reg query "HKLM\SOFTWARE\ODBC\odbcinst.ini\ODBC Driver 17 for SQL Server"

View file

@ -33,6 +33,7 @@ class ColumnMeta
public $options; // a string that is null by default (e.g. NOT NULL Identity (1,1) )
protected $encryptable; // whether Always Encrypted supports this column
protected $forcedEncrypt; // force column encryption regardless, default to 'false'
public function __construct($dataType, $colName = null, $options = null, $deterministic = true, $noEncrypt = false)
{
@ -41,6 +42,8 @@ class ColumnMeta
} else {
$this->colName = $colName;
}
$this->forcedEncrypt = false;
$this->encType = ($deterministic ? "deterministic" : "randomized");
if (empty($dataType)) {
@ -79,6 +82,16 @@ class ColumnMeta
$this->encryptable = true;
}
}
/**
* force column to be encrypted regardless of the current settings
* @return void
*/
public function forceEncryption($forceEncryption)
{
$this->forcedEncrypt = $forceEncryption;
}
/**
* @return string column definition for creating a table
*/
@ -86,9 +99,12 @@ class ColumnMeta
{
$append = " ";
if ($this->encryptable && isDataEncrypted()) {
if (($this->encryptable && isDataEncrypted()) || $this->forcedEncrypt) {
$cekName = getCekName();
if ($this->forcedEncrypt && empty($cekName)) {
$cekName = 'AEColumnKey'; // Use Windows AE key by default
}
if (stripos($this->dataType, "char") !== false) {
$append .= "COLLATE Latin1_General_BIN2 ";
}

View file

@ -1,9 +1,24 @@
--TEST--
Test insert data and fetch as all possible php types
--DESCRIPTION--
Test insert data of most common column types and fetch them all as possible php types
Test insert data of most common column types and fetch them all as possible php types.
This test requires the Always Encrypted feature.
--SKIPIF--
<?php require('skipif_versions_old.inc'); ?>
<?php
if (! extension_loaded("sqlsrv")) {
die("Skip extension not loaded");
}
require_once('MsCommon.inc');
$options = array("Database" => $database, "UID" => $userName, "PWD" => $userPassword);
$conn = sqlsrv_connect($server, $options);
if (! $conn) {
die("Skip Could not connect during SKIPIF!");
}
if (!AE\isQualified($conn)) {
die("skip AE feature not supported in the current environment.");
}
?>
--FILE--
<?php
require_once('MsCommon.inc');
@ -13,6 +28,9 @@ require_once('values.php');
// AE-encrypted and a non-encrypted column side by side in the table.
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
{
// Only force encryption in Windows
$forceEncryption = strtoupper(substr(PHP_OS, 0, 3)) === 'WIN';
$columns = array();
$queryTypes = "(";
$valuesString = "VALUES (";
@ -21,7 +39,9 @@ function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
for ($i = 0; $i < $numTypes; ++$i) {
// Replace parentheses for column names
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE");
$anAEcolumn = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE");
$anAEcolumn->forceEncryption($forceEncryption);
$columns[] = $anAEcolumn;
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname, null, true, true);
$queryTypes .= "c_"."$colname, ";
$queryTypes .= "c_"."$colname"."_AE, ";
@ -66,7 +86,7 @@ set_time_limit(0);
sqlsrv_configure('WarningsReturnAsErrors', 1);
// Connect
$connectionInfo = array("CharacterSet"=>"UTF-8");
$connectionInfo = array('CharacterSet'=>'UTF-8', 'ColumnEncryption' => 'Enabled');
$conn = AE\connect($connectionInfo);
if (!$conn) {
fatalError("Could not connect.\n");

View file

@ -1,13 +1,30 @@
--TEST--
Test fetching data by conversion with CAST in the SELECT statement
--DESCRIPTION--
This test checks the allowed data type conversions in SELECT statements under Always Encrypted and non-encrypted
This test requires the Always Encrypted feature and checks the allowed data type conversions in
SELECT statements under Always Encrypted and non-encrypted
Reference chart for conversions found at https://www.microsoft.com/en-us/download/details.aspx?id=35834
--SKIPIF--
<?php require('skipif_versions_old.inc'); ?>
<?php
if (! extension_loaded("sqlsrv")) {
die("Skip extension not loaded");
}
require_once('MsCommon.inc');
$options = array("Database" => $database, "UID" => $userName, "PWD" => $userPassword);
$conn = sqlsrv_connect($server, $options);
if (! $conn) {
die("Skip Could not connect during SKIPIF!");
}
if (!AE\isQualified($conn)) {
die("skip AE feature not supported in the current environment.");
}
?>
--FILE--
<?php
require_once('sqlsrv_ae_azure_key_vault_common.php');
require_once('MsHelper.inc');
require_once('values.php');
// These are the errors we expect to see if a conversion fails.
// 22001 String data is right-truncated
@ -34,7 +51,37 @@ function checkErrors(&$convError)
return true;
}
// Set up the columns and build the insert query. Each data type has an
// AE-encrypted and a non-encrypted column side by side in the table.
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
{
// Only force encryption in Windows
$forceEncryption = strtoupper(substr(PHP_OS, 0, 3)) === 'WIN';
$columns = array();
$queryTypes = "(";
$valuesString = "VALUES (";
$numTypes = sizeof($dataTypes);
for ($i = 0; $i < $numTypes; ++$i) {
// Replace parentheses for column names
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
$anAEcolumn = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE");
$anAEcolumn->forceEncryption($forceEncryption);
$columns[] = $anAEcolumn;
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname, null, true, true);
$queryTypes .= "c_"."$colname, ";
$queryTypes .= "c_"."$colname"."_AE, ";
$valuesString .= "?, ?, ";
}
$queryTypes = substr($queryTypes, 0, -2).")";
$valuesString = substr($valuesString, 0, -2).")";
$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
}
// Build the select queries. We want every combination of types for conversion
// testing, so the matrix of queries selects every type from every column
// and convert using CAST.
@ -154,7 +201,7 @@ $conversionMatrixAE = array(array('y','y','y','x','x','x','x','x','x','x','x','x
set_time_limit(0);
sqlsrv_configure('WarningsReturnAsErrors', 1);
$connectionInfo = array("CharacterSet"=>"UTF-8");
$connectionInfo = array('CharacterSet'=>'UTF-8', 'ColumnEncryption' => 'Enabled');
$conn = AE\connect($connectionInfo);
if (!$conn) {
fatalError("Could not connect.\n");