initial ae setup

2017-07-19 17:34:04 -07:00 · 2017-07-19 17:34:04 -07:00 · ff63d38799
parent 9e695d2d57
commit ff63d38799
6 changed files with 209 additions and 0 deletions
--- a/test/functional/setup/certificate.ps1
+++ b/test/functional/setup/certificate.ps1
@ -0,0 +1,37 @@
+Param(
+    [Parameter(Mandatory=$True,Position=1)]
+    [string]$serverName,
+    [Parameter(Mandatory=$True,Position=2)]
+    [string]$databaseName,
+    [Parameter(Mandatory=$True,Position=3)]
+    [string]$userName,
+    [Parameter(Mandatory=$True,Position=4)]
+    [string]$password)
+
+# Create a column master key in Windows Certificate Store.
+$cert1 = New-SelfSignedCertificate -Subject "PHPAlwaysEncryptedCert" -CertStoreLocation Cert:CurrentUser\My -KeyExportPolicy Exportable -Type DocumentEncryptionCert -KeyUsage DataEncipherment -KeySpec KeyExchange
+
+# Import the SqlServer module.
+Import-Module "SqlServer"
+
+#For SQL Server Authentication
+Add-Type -AssemblyName "Microsoft.SqlServer.Smo"
+$MySQL = new-object('Microsoft.SqlServer.Management.Smo.Server') $serverName 
+$MySQL.ConnectionContext.LoginSecure = $false
+$MySQL.ConnectionContext.set_Login($userName)
+$MySQL.ConnectionContext.set_Password($password)
+$database = $MySQL.Databases[$databaseName]
+
+# Create a SqlColumnMasterKeySettings object for your column master key. 
+$cmkSettings = New-SqlCertificateStoreColumnMasterKeySettings -CertificateStoreLocation "CurrentUser" -Thumbprint $cert1.Thumbprint
+
+# Create column master key metadata in the database.
+$cmkName = "CMK2"
+New-SqlColumnMasterKey -Name $cmkName -InputObject $database -ColumnMasterKeySettings $cmkSettings
+
+# Generate a column encryption key, encrypt it with the column master key and create column encryption key metadata in the database. 
+$cekName = "CEK2"
+New-SqlColumnEncryptionKey -Name $cekName  -InputObject $database -ColumnMasterKey $cmkName
+
+# Disconnect
+$MySQL.ConnectionContext.Disconnect()
--- a/test/functional/setup/cleanup_dbs.py
+++ b/test/functional/setup/cleanup_dbs.py
@ -27,3 +27,9 @@ if __name__ == '__main__':
    conn_options = ' -S ' + server + ' -U ' + uid + ' -P ' + pwd + ' '  
    
    executeSQLscript( os.path.join( os.path.dirname(os.path.realpath(__file__)), 'drop_db.sql'), conn_options, args.DBNAME)
+
+    # if Windows, remove self signed certificate using ps command
+    if platform.system() == 'Windows':
+        remove_cert_ps = "Get-ChildItem Cert:CurrentUser\My | Where-Object { $_.Subject -match 'PHPAlwaysEncryptedCert' } | Remove-Item"
+        inst_command  = 'powershell -executionPolicy Unrestricted -command ' + remove_cert_ps
+        executeCommmand(inst_command)
--- a/test/functional/setup/setup_dbs.py
+++ b/test/functional/setup/setup_dbs.py
@ -45,6 +45,32 @@ def executeBulkCopy(conn_options, dbname, tblname, datafile):
    inst_command = redirect_string.format(dbname, tblname, datafile) + conn_options 
    executeCommmand(inst_command)
    
+def getmsodbcsql_version( server, uid, pwd ):
+    command = "php -r \"echo sqlsrv_client_info( sqlsrv_connect( '{0}', array( 'UID'=>'{1}', 'PWD'=>'{2}')))['DriverVer'];\""
+    p = subprocess.Popen( command.format( server, uid, pwd ), stdout=subprocess.PIPE, shell = True )
+    out, err = p.communicate()
+    return out.decode('ascii')
+    
+def getserver_version( server, uid, pwd ):
+    command = "php -r \"echo sqlsrv_server_info( sqlsrv_connect( '{0}', array( 'UID'=>'{1}', 'PWD'=>'{2}')))['SQLServerVersion'];\""
+    p = subprocess.Popen( command.format( server, uid, pwd ), stdout=subprocess.PIPE, shell = True )
+    out, err = p.communicate()
+    return out.decode('ascii')
+    
+def is_ae_qualified( server, uid, pwd ):
+    msodbcsql_ver = getmsodbcsql_version( server, uid, pwd );
+    server_ver = getserver_version( server, uid, pwd );
+    msodbcsql_maj = msodbcsql_ver.split()[1]
+    msodbcsql_min = msodbcsql_ver.split()[2]
+    if msodbcsql_maj < 13 or ( msodbcsql_maj == 13 and msodbcsql_min == 0 ) or server_ver.split()[1] < 13:
+        return false
+    return true;
+    
+def setupAETestDatabase( server, dbname, uid, pwd):
+    if platform.system() == 'Windows':
+        inst_command  = 'powershell -executionPolicy Unrestricted certificate.ps1 ' + server + ' ' + dbname + ' ' + uid + ' ' + pwd
+        executeCommmand(inst_command)
+    
 if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument('-dbname', '--DBNAME', required=True)
@ -75,5 +101,9 @@ if __name__ == '__main__':
    setupTestDatabase(conn_options, args.DBNAME, args.AZURE)    
    # populate these tables
    populateTables(conn_options, args.DBNAME)
+    
+    if is_ae_qualified( server, uid, pwd ):
+        setupAE(server, args.DBNAME, uid, pwd)
+    
    os.chdir(current_working_dir)
    
--- a/test/functional/sqlsrv/AEData.inc
+++ b/test/functional/sqlsrv/AEData.inc
@ -0,0 +1,55 @@
+<?php
+
+// exact numerics
+$bigint_params = array(2147483648, -922337203685477580, 922337203685477580, -2147583649, 461168601735364608, -461168601735364608);
+$int_params = array(32768, -2147483647, 2147483647, -32769, 1073725440, -1073725440);
+$smallint_params = array(256, -32767, 32767, -1, 16256, -16256);
+$tinyint_params = array(128, 0, 255, 96, 64, 162);
+$decimal_params = array(21474.83648, -9223372036854.77580, 9223372036854.77580, -21475.83649, -4611686017353.64608, -4611686017353.64608);
+$numeric_params = array(0.32768, -21474.83647, 21474.83647, -0.32769, 10737.25440, -10737.25440);
+$money_params = array(214748.3648, -92233720368547.5807, 92233720368547.5807, -214758.3649, 46116860173536.608, -46116860173536.608);
+$smallmoney_params = array(0, -214748.3647, 214748.3647, 161061.2736, 107374.1824, -107374.1824);
+$bit_params = array(0, FALSE, 0, 1, TRUE, 1);
+
+// approximate numerics
+$float_params = array(21474.83648, -9223372036.85477, 9223372036.85477, -21475, 4611686017, -4611686017);
+$real_params = array(0, -2147.483, 2147.483, 1610, 1073, -1073);
+
+// date and time
+$date_params = array('1900-01-01', '0001-01-01', '9999-12-31', '5000-07-15', '2500-04-08', '7500-10-23');
+$datetime2_params = array('1900-01-01 00:00:00', '0001-01-01 00:00:00', '9999-12-31 23:59:59.9999999', '5000-07-15 12:30:30.5555', '2500-04-08 06:15:15.33', '7500-10-23 18:45:45.888888');
+$datetime_params = array('1900-01-01 00:00:00', '1753-01-01 00:00:00', '9999-12-31 23:59:59.997', '5000-07-15 12:30:30.5', '2500-04-08 06:15:15.33', '7500-10-23 18:45:45.888');
+$datetimeoffset_params = array('1900-01-01 00:00:00 +01:00', '0001-01-01 00:00:00 -14:00', '9999-12-31 23:59:59.9999999 +14:00', '5000-07-15 12:30:30.55 -03:00', '2500-04-08 06:15:15.3333 -07:00', '7500-10-23 18:45:45.888888 +07:00');
+$smalldatetime_params = array('1900-01-01 00:00:00', '1900-01-01 00:00:00', '2079-06-06 23:59:59', '1990-07-15 12:30:30', '1945-04-08 06:15:15', '2500-10-23 18:45:45');
+$time_params = array('00:00:00', '00:00:00.0000000', '23:59:59.9999999', '12:30:30.5555', '06:15:15.33', '18:45:45.888888');
+
+// character strings
+$char_params = array('Fixed', '-leng', 'th, n', 'on-Un', 'icode', 'strin');
+$varchar_params = array('Variable-length, non-', 'Unicode string data. n', 'defines the string length', 'and can be a value from 1', 'through 8,000.', 'The storage size is the');
+$varcharmax_params = array('max indicates that the maximum storage size is 2^31-1 bytes (2 GB)',
+                           'Use varchar(max) when the sizes of the column data entries vary considerably, and the size might exceed 8,000 bytes.',
+                           'Each non-null varchar(max) or nvarchar(max) column requires 24 bytes of additional fixed allocation which counts against the 8,060 byte row limit during a sort operation.',
+                           'This can create an implicit limit to the number of non-null varchar(max) or nvarchar(max) columns that can be created in a table.',
+                           'No special error is provided when the table is created (beyond the usual warning that the maximum row size exceeds the allowed maximum of 8060 bytes) or at the time of data insertion.',
+                           'This large row size can cause errors (such as error 512) during some normal operations, such as a clustered index key update, or sorts of the full column set, which users cannot anticipate until performing an operation.');
+                           
+// unicode character strings
+$nchar_params = array('Fixed', '-leng', 'th Un', 'icode', 'strin', 'g dat');
+$nvarchar_params = array('Variable-length Unicode', 'string data. n defines', 'the string length and can', 'be a value from 1 through', '4,000.', 'The storage size, in');
+$nvarcharmax_params = array('max indicates that the maximum storage size is 2^31-1 bytes (2 GB).',
+                            'When prefixing a string constant with the letter N, the implicit conversion will result in a Unicode string if the constant to convert does not exceed the max length for a Unicode string data type (4,000).',
+                            'Otherwise, the implicit conversion will result in a Unicode large-value (max).',
+                            'Each non-null varchar(max) or nvarchar(max) column requires 24 bytes of additional fixed allocation which counts against the 8,060 byte row limit during a sort operation.',
+                            'This can create an implicit limit to the number of non-null varchar(max) or nvarchar(max) columns that can be created in a table.',
+                            'No special error is provided when the table is created (beyond the usual warning that the maximum row size exceeds the allowed maximum of 8060 bytes) or at the time of data insertion.');
+                            
+// binary strings
+$binary_params = array('Fixed', '-leng', 'th, n', 'on-Un', 'icode', 'strin');
+$varbinary_params = array('Variable-length, non-', 'Unicode string data. n', 'defines the string length', 'and can be a value from 1', 'through 8,000.', 'The storage size is the');
+$varbinarymax_params = array('max indicates that the maximum storage size is 2^31-1 bytes (2 GB)',
+                             'Use varchar(max) when the sizes of the column data entries vary considerably, and the size might exceed 8,000 bytes.',
+                             'Each non-null varchar(max) or nvarchar(max) column requires 24 bytes of additional fixed allocation which counts against the 8,060 byte row limit during a sort operation.',
+                             'This can create an implicit limit to the number of non-null varchar(max) or nvarchar(max) columns that can be created in a table.',
+                             'No special error is provided when the table is created (beyond the usual warning that the maximum row size exceeds the allowed maximum of 8060 bytes) or at the time of data insertion.', 'This large row size can cause errors (such as error 512) during some normal operations, such as a clustered index key update, or sorts of the full column set, which users cannot anticipate until performing an operation.');
+
+?>
--- a/test/functional/sqlsrv/encrypttable.ps1
+++ b/test/functional/sqlsrv/encrypttable.ps1
@ -0,0 +1,43 @@
+Param(
+    [Parameter(Mandatory=$True,Position=1)]
+    [string]$serverName,
+    [Parameter(Mandatory=$True,Position=2)]
+    [string]$databaseName,
+    [Parameter(Mandatory=$True,Position=3)]
+    [string]$userName,
+    [Parameter(Mandatory=$True,Position=4)]
+    [string]$password,
+    [Parameter(Mandatory=$True,Position=5)]
+    [string]$tableName,
+    [Parameter(Mandatory=$True,Position=6)]
+    [string]$columnNames)
+
+# Import the SqlServer module.
+Import-Module "SqlServer"
+
+#For SQL Server Authentication
+Add-Type -AssemblyName "Microsoft.SqlServer.Smo"
+$MySQL = new-object('Microsoft.SqlServer.Management.Smo.Server') $serverName 
+$MySQL.ConnectionContext.LoginSecure = $false
+$MySQL.ConnectionContext.set_Login($userName)
+$MySQL.ConnectionContext.set_Password($password)
+$database = $MySQL.Databases[$databaseName]
+
+#split the column names into an array
+$column_arr = $columnNames.Split(",")
+
+# Encrypt the selected columns (or re-encrypt, if they are already encrypted using keys/encrypt types, different than the specified keys/types.
+$ces = @()
+foreach($col_name in $column_arr){
+    $col_full_name = "$tableName.$col_name"
+    if($col_name -like '*det*'){
+        $ces += New-SqlColumnEncryptionSettings -ColumnName $col_full_name -EncryptionType "Deterministic" -EncryptionKey "CEK1"
+    }
+    elseif($col_name -like '*rand*'){
+        $ces += New-SqlColumnEncryptionSettings -ColumnName $col_full_name -EncryptionType "Randomized" -EncryptionKey "CEK1"
+    }
+}
+Set-SqlColumnEncryption -InputObject $database -ColumnEncryptionSettings $ces
+
+# Disconnect
+$MySQL.ConnectionContext.Disconnect()
--- a/test/functional/sqlsrv/sqlsrv_fetch_ae_int.php
+++ b/test/functional/sqlsrv/sqlsrv_fetch_ae_int.php
@ -0,0 +1,38 @@
+<?php
+include 'MsCommon.inc';
+include 'AEData.inc';
+include 'MsSetup.inc';
+
+try{
+    $conn = Connect( array("ColumnEncryption"=>"Enabled"));
+
+    // create table
+    $tbname = GetTempTableName("", false);
+    $dataTypes = array("bigint", "int", "smallint");
+    $encTypes = array("norm", "det", "rand");
+    $dataTypes_str = "";
+    $col_names = array();
+    foreach ($dataType in $dataTypes){
+        foreach ($encType in $encTypes) {
+            $col_name = $encType + $dataType;
+            $dataTypes_str = $dataTypes_str + "[" + $col_name + "] " + $dataTypes + ", ";
+            array_push($col_names, $col_name);
+        }
+    }
+    $dataTypes_str = rtrim($dataTypes_str, ", ");
+    CreateTableEx( $conn, $tbname, $dataTypes_str);
+    
+    // populate table
+    $data_arr = array_merge( array_slice($bigint_params, 0, 3), array_slice($int_params, 0, 3), array_slice($smallint_params, 0, 3) );
+    $data_str = implode(", ", $data_arr);
+    sqlsrv_query( $conn, "INSERT INTO $tbname VALUES ( $data_str )");
+    
+    // encrypt columns
+    $col_name_str = implode($col_names);
+    $runCMD = "powershell -executionPolicy Unrestricted encrypttable.ps1 " . $server . " " . $database . " " . $userName . " " . $userPassword . " " . $tbname . " " . $col_name_str;
+    shell_exec($runCMD);
+
+    DropTable($conn, $tbname);
+    sqlsrv_close($conn);
+}
+?>