Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature | client certificate authentication #1284

Merged
merged 61 commits into from
Mar 27, 2020

Conversation

peterbae
Copy link
Contributor

The JDBC driver will add three connection properties for this feature:

clientCertificate – specifies the certificate to be used for authentication. The JDBC driver will support PFX, PEM, DER and CER file extensions. Format:
• clientCertificate=<file_location>
The driver uses a certificate file. For certificates in PEM, DER and CER formats clientKey attribute is required.

clientKey – specifies a file location of the private key for PEM, DER and CER certificates specified by the clientCertificate attribute. Format:
• clientKey=<file_location>
Specifies location of the private key file. In case if private key file is password protected then password keyword is required.
clientKeyPassword – optional password string provided to access the clientKey file’s private key.

lilgreenbird and others added 27 commits February 5, 2020 11:03
…ed by default (microsoft#1254)

* skip AKV test properly

* removed enclave properties string to failed errors as enclave tests could be skipped
Add support for PKCS8 and PKCS1 private keys
change logic for decryptprovider
+ ";";
try (Connection conn = DriverManager.getConnection(conStr)) {
} catch (SQLServerException e) {
assertTrue(e.getMessage().contains(TestResource.getResource("R_invalidPath")));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can use R_clientCertError from SQLServerResource.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SQLServerResource is not visible in this package, we can just use the TestResource for test related texts.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See SQLServerConnectionTest.executeInvalidFmt() for example use.

assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_invalidArgument")));

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. done.


@Test
public void testDataSource() throws Exception {
String conStr = connectionString + ";clientCertificate=" + clientCertificate + ".pem;" + "clientKey="
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why aren't you using new DataSource APIs? setClientCertificate(), setClientKey(), setClientKeyPassword

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@peterbae peterbae merged commit 9732e1b into microsoft:dev Mar 27, 2020
@ulvii ulvii added the Public API Changes in Public API label Jul 29, 2020
@lilgreenbird lilgreenbird added this to Closed/Merged PRs in MSSQL JDBC Apr 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Public API Changes in Public API
Projects
MSSQL JDBC
  
Closed/Merged PRs
Development

Successfully merging this pull request may close these issues.

None yet

5 participants