Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option for NONE attestation protocol #1779

Merged
merged 7 commits into from
Apr 1, 2022
Merged

Add option for NONE attestation protocol #1779

merged 7 commits into from
Apr 1, 2022

Conversation

Jeffery-Wasty
Copy link
Member

@Jeffery-Wasty Jeffery-Wasty commented Mar 28, 2022
edited by David-Engel
Loading

Similar to what Microsoft.Data.SqlClient added in their 4.1 release, we need to support no attestation in the JDBC driver. This reduces security but allows users to use VBS secure enclaves in environments where attestation services are unavailable. The driver should consume the information from the server about the secure enclave but not use the attestation service to validate it.

To enable this mode, specify enclaveAttestationProtocol=NONE in the connection string.

Files changed:

  • New SQLNoneEnclaveProvider.java - New filed added for the NONE protcol option. Based off of SQLAASEnclaveProvider.java with token/URL validation removed.
  • SQLServerDriver.java - Added NONE option to protocol options.
  • SQLServerConnection.java - Pointed the driver towards SQLNoneEnclaveProvider in the case of NONE attestation option. As well, added checks for protocol type:
    • A missing attestation URL is only a problem if the protocol is not NONE.
    • A protocol of NONE must use secure enclaves.
  • EnclavePackageTest.java - Pointed NONE protocol to be tested against VBS enclaves, as well as making sure the protocol cannot be none for tests run in this file (will return a false negative).

This PR also removed a build warning by adding a comment missing from a variable in SQLServerConnection

@Jeffery-Wasty Jeffery-Wasty changed the title Option for no attestation Add option for NONE attestation protocol Mar 28, 2022
@Jeffery-Wasty Jeffery-Wasty added the Under Review Used for pull requests under review label Mar 28, 2022
@Jeffery-Wasty Jeffery-Wasty self-assigned this Mar 28, 2022
@Jeffery-Wasty Jeffery-Wasty added this to the 11.1.0 milestone Mar 28, 2022
@Jeffery-Wasty Jeffery-Wasty marked this pull request as ready for review March 29, 2022 16:43
tkyc
tkyc previously approved these changes Mar 30, 2022
View reviewed changes
VeryVerySpicy
VeryVerySpicy previously approved these changes Mar 31, 2022
View reviewed changes
@Jeffery-Wasty Jeffery-Wasty dismissed stale reviews from VeryVerySpicy and tkyc via a653ea3 April 1, 2022 16:06
tkyc
tkyc previously approved these changes Apr 1, 2022
View reviewed changes
@Jeffery-Wasty
Removed the suppression warning (could lead to false negtives), as we…
ba80067 
…ll, added a comment for prepareMethod in SQLServerConnection (to address warnings)
@Jeffery-Wasty Jeffery-Wasty merged commit ef08328 into main Apr 1, 2022
@Jeffery-Wasty Jeffery-Wasty deleted the attestation-none-option branch April 1, 2022 20:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lilgreenbird lilgreenbird lilgreenbird approved these changes

@tkyc tkyc tkyc approved these changes

@VeryVerySpicy VeryVerySpicy VeryVerySpicy approved these changes

Assignees

@Jeffery-Wasty Jeffery-Wasty

Labels
Under Review Used for pull requests under review
Projects
None yet
Milestone
11.1.0
Development

Successfully merging this pull request may close these issues.
4 participants
@Jeffery-Wasty @lilgreenbird @tkyc @VeryVerySpicy