[QUESTION] Test column encryption with Azure Keyvault on local database from openjdk:8-jdk-alpine

[RomainWilbert]

Question

Hi !

I am trying to make work column encryption with Azure Keyvault on a local SQL Server 14 database.
The database setup is OK.
I have a Spring data application running on docker from openjdk:8-jdk-alpine image.
connection string is : jdbc:sqlserver://host.docker.internal:1433;databaseName=xxx;columnEncryptionSetting=Enabled;
I have registered the provider with SQLServerColumnEncryptionAzureKeyVaultProvider.
mssql-jdbc version is 6.4.0.jre8.
adal4j version is 1.6.4.
azure-keyvault version is 1.2.2.

When executing the first query, i have an error related to certification path :
%% Invalidated: [Session-11, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] http-nio-8080-exec-2, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown http-nio-8080-exec-2, WRITE: TLSv1.2 Alert, length = 2 http-nio-8080-exec-2, called closeSocket() http-nio-8080-exec-2, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target http-nio-8080-exec-2, called close() http-nio-8080-exec-2, called closeInternal(true) Finalizer, called close() Finalizer, called closeInternal(true) 05:21:47.967 [http-nio-8080-exec-2] ERROR c.c.a.a.e.AltipayApiExceptionHandler - Server Error uuid:5ca68658-1fcc-44d1-ad72-a61dd640a75b java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at rx.exceptions.Exceptions.propagate(Exceptions.java:57) at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:463) at rx.observables.BlockingObservable.single(BlockingObservable.java:340) at com.microsoft.azure.keyvault.implementation.KeyVaultClientBaseImpl.getKey(KeyVaultClientBaseImpl.java:1386) at com.microsoft.azure.keyvault.implementation.KeyVaultClientCustomImpl.getKey(KeyVaultClientCustomImpl.java:621)

How do I make this work ? :)

[ulvii]

Hi @RomainWilbert ,
Please see this page for an AKV sample. Looks like your connection string is missing integratedSecurity property.

[RomainWilbert]

I added integratedSecurity to the connection string but i have a new error
08:57:56.324 [main] WARN c.m.s.j.internals.AuthenticationJNI - Failed to load the sqljdbc_auth.dll cause : no sqljdbc_auth in java.library.path 08:58:26.869 [main] ERROR com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Exception during pool initialization. com.microsoft.sqlserver.jdbc.SQLServerException: This driver is not configured for integrated authentication. ClientConnectionId:f04b98e6-f7e3-42ff-8984-5bcd39cd9b7a at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:2670)

I guess this does not work in a non Windows environment ?

[RomainWilbert]

Weird because this morning it looks to work fine !