forked from microsoft/mssql-jdbc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAE.java
295 lines (246 loc) · 7.67 KB
/
AE.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
/*
* Microsoft JDBC Driver for SQL Server
*
* Copyright(c) Microsoft Corporation All rights reserved.
*
* This program is made available under the terms of the MIT License. See the LICENSE file in the project root for more information.
*/
package com.microsoft.sqlserver.jdbc;
import java.util.Vector;
/**
* Represents a single encrypted value for a CEK. It contains the encrypted CEK,the store type, name,the key path and encryption algorithm.
*/
class EncryptionKeyInfo {
EncryptionKeyInfo(byte[] encryptedKeyVal,
int dbId,
int keyId,
int keyVersion,
byte[] mdVersion,
String keyPathVal,
String keyStoreNameVal,
String algorithmNameVal) {
encryptedKey = encryptedKeyVal;
databaseId = dbId;
cekId = keyId;
cekVersion = keyVersion;
cekMdVersion = mdVersion;
keyPath = keyPathVal;
keyStoreName = keyStoreNameVal;
algorithmName = algorithmNameVal;
}
byte[] encryptedKey; // the encrypted "column encryption key"
int databaseId;
int cekId;
int cekVersion;
byte[] cekMdVersion;
String keyPath;
String keyStoreName;
String algorithmName;
byte normalizationRuleVersion;
}
/**
* Represents a unique CEK as an entry in the CekTable. A unique (plaintext is unique) CEK can have multiple encrypted CEKs when using multiple CMKs.
* These encrypted CEKs are represented by a member vector.
*/
class CekTableEntry {
static final private java.util.logging.Logger aeLogger = java.util.logging.Logger.getLogger("com.microsoft.sqlserver.jdbc.AE");
Vector<EncryptionKeyInfo> columnEncryptionKeyValues;
int ordinal;
int databaseId;
int cekId;
int cekVersion;
byte[] cekMdVersion;
Vector<EncryptionKeyInfo> getColumnEncryptionKeyValues() {
return columnEncryptionKeyValues;
}
int getOrdinal() {
return ordinal;
}
int getDatabaseId() {
return databaseId;
}
int getCekId() {
return cekId;
}
int getCekVersion() {
return cekVersion;
}
byte[] getCekMdVersion() {
return cekMdVersion;
}
CekTableEntry(int ordinalVal) {
ordinal = ordinalVal;
databaseId = 0;
cekId = 0;
cekVersion = 0;
cekMdVersion = null;
columnEncryptionKeyValues = new Vector<EncryptionKeyInfo>();
}
int getSize() {
return columnEncryptionKeyValues.size();
}
void add(byte[] encryptedKey,
int dbId,
int keyId,
int keyVersion,
byte[] mdVersion,
String keyPath,
String keyStoreName,
String algorithmName) {
assert null != columnEncryptionKeyValues : "columnEncryptionKeyValues should already be initialized.";
if (aeLogger.isLoggable(java.util.logging.Level.FINE)) {
aeLogger.fine("Retrieving CEK values");
}
EncryptionKeyInfo encryptionKey = new EncryptionKeyInfo(encryptedKey, dbId, keyId, keyVersion, mdVersion, keyPath, keyStoreName,
algorithmName);
columnEncryptionKeyValues.add(encryptionKey);
if (0 == databaseId) {
databaseId = dbId;
cekId = keyId;
cekVersion = keyVersion;
cekMdVersion = mdVersion;
}
else {
assert (databaseId == dbId);
assert (cekId == keyId);
assert (cekVersion == keyVersion);
assert ((null != cekMdVersion) && (null != mdVersion) && (cekMdVersion.length == mdVersion.length));
}
}
}
/**
* Contains all CEKs, each row represents one unique CEK (represented by CekTableEntry).
*/
class CekTable {
CekTableEntry[] keyList;
CekTable(int tableSize) {
keyList = new CekTableEntry[tableSize];
}
int getSize() {
return keyList.length;
}
CekTableEntry getCekTableEntry(int index) {
return keyList[index];
}
void setCekTableEntry(int index,
CekTableEntry entry) {
keyList[index] = entry;
}
}
/**
* Represents Encryption related information of the cipher data.
*/
class CryptoMetadata
{
TypeInfo baseTypeInfo;
CekTableEntry cekTableEntry;
byte cipherAlgorithmId;
String cipherAlgorithmName;
SQLServerEncryptionType encryptionType;
byte normalizationRuleVersion;
SQLServerEncryptionAlgorithm cipherAlgorithm = null;
EncryptionKeyInfo encryptionKeyInfo;
short ordinal;
CekTableEntry getCekTableEntry() {
return cekTableEntry;
}
void setCekTableEntry(CekTableEntry cekTableEntryObj) {
cekTableEntry = cekTableEntryObj;
}
TypeInfo getBaseTypeInfo() {
return baseTypeInfo;
}
void setBaseTypeInfo(TypeInfo baseTypeInfoObj) {
baseTypeInfo = baseTypeInfoObj;
}
SQLServerEncryptionAlgorithm getEncryptionAlgorithm() {
return cipherAlgorithm;
}
void setEncryptionAlgorithm(SQLServerEncryptionAlgorithm encryptionAlgorithmObj) {
cipherAlgorithm = encryptionAlgorithmObj;
}
EncryptionKeyInfo getEncryptionKeyInfo() {
return encryptionKeyInfo;
}
void setEncryptionKeyInfo(EncryptionKeyInfo encryptionKeyInfoObj) {
encryptionKeyInfo = encryptionKeyInfoObj;
}
byte getEncryptionAlgorithmId() {
return cipherAlgorithmId;
}
String getEncryptionAlgorithmName() {
return cipherAlgorithmName;
}
SQLServerEncryptionType getEncryptionType() {
return encryptionType;
}
byte getNormalizationRuleVersion() {
return normalizationRuleVersion;
}
short getOrdinal() {
return ordinal;
}
CryptoMetadata(CekTableEntry cekTableEntryObj,
short ordinalVal,
byte cipherAlgorithmIdVal,
String cipherAlgorithmNameVal,
byte encryptionTypeVal,
byte normalizationRuleVersionVal) throws SQLServerException
{
cekTableEntry = cekTableEntryObj;
ordinal = ordinalVal;
cipherAlgorithmId = cipherAlgorithmIdVal;
cipherAlgorithmName = cipherAlgorithmNameVal;
encryptionType = SQLServerEncryptionType.of(encryptionTypeVal);
normalizationRuleVersion = normalizationRuleVersionVal;
encryptionKeyInfo = null;
}
boolean IsAlgorithmInitialized() {
return (null != cipherAlgorithm) ? true : false;
}
}
// Fields in the first resultset of "sp_describe_parameter_encryption"
// We expect the server to return the fields in the resultset in the same order as mentioned below.
// If the server changes the below order, then transparent parameter encryption will break.
enum DescribeParameterEncryptionResultSet1 {
KeyOrdinal,
DbId,
KeyId,
KeyVersion,
KeyMdVersion,
EncryptedKey,
ProviderName,
KeyPath,
KeyEncryptionAlgorithm;
private int value;
// Column indexing starts from 1;
static {
for (int i = 0; i < values().length; ++i) {
values()[i].value = i + 1;
}
}
int value() {
return value;
}
}
// Fields in the second resultset of "sp_describe_parameter_encryption"
// We expect the server to return the fields in the resultset in the same order as mentioned below.
// If the server changes the below order, then transparent parameter encryption will break.
enum DescribeParameterEncryptionResultSet2 {
ParameterOrdinal,
ParameterName,
ColumnEncryptionAlgorithm,
ColumnEncrytionType,
ColumnEncryptionKeyOrdinal,
NormalizationRuleVersion;
private int value;
// Column indexing starts from 1;
static {
for (int i = 0; i < values().length; ++i) {
values()[i].value = i + 1;
}
}
int value() {
return value;
}
}