microsoft · lilgreenbird · May 31, 2023 · May 9, 2023 · May 9, 2023 · May 11, 2023
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java
@@ -127,14 +127,18 @@ final class TDS {
     static final int TDS_FEDAUTH_LIBRARY_SECURITYTOKEN = 0x01;
     static final int TDS_FEDAUTH_LIBRARY_ADAL = 0x02;
     static final int TDS_FEDAUTH_LIBRARY_RESERVED = 0x7F;
+
+    // workflows
     static final byte ADALWORKFLOW_ACTIVEDIRECTORYPASSWORD = 0x01;
     static final byte ADALWORKFLOW_ACTIVEDIRECTORYINTEGRATED = 0x02;
     static final byte ADALWORKFLOW_ACTIVEDIRECTORYMANAGEDIDENTITY = 0x03;
     static final byte ADALWORKFLOW_ACTIVEDIRECTORYINTERACTIVE = 0x03;
     static final byte ADALWORKFLOW_ACTIVEDIRECTORYDEFAULT = 0x03;
     static final byte ADALWORKFLOW_ACCESSTOKENCALLBACK = 0x03;
     static final byte ADALWORKFLOW_ACTIVEDIRECTORYSERVICEPRINCIPAL = 0x01; // Using the Password byte as that is the
-                                                                           // closest we have.
+                                                                           // closest we have
+    static final byte ADALWORKFLOW_ACTIVEDIRECTORYSERVICEPRINCIPALCERTIFICATE = 0x01;
+
     static final byte FEDAUTH_INFO_ID_STSURL = 0x01; // FedAuthInfoData is token endpoint URL from which to acquire fed
                                                      // auth token
     static final byte FEDAUTH_INFO_ID_SPN = 0x02; // FedAuthInfoData is the SPN to use for acquiring fed auth token
@@ -1799,7 +1803,7 @@ else if (con.getTrustManagerClass() != null) {
             if (logger.isLoggable(Level.FINEST))
                 logger.finest(toString() + " Getting TLS or better SSL context");
 
-            KeyManager[] km = (null != clientCertificate && clientCertificate.length() > 0) ? SQLServerCertificateUtils
+            KeyManager[] km = (null != clientCertificate && !clientCertificate.isEmpty()) ? SQLServerCertificateUtils
                     .getKeyManagerFromFile(clientCertificate, clientKey, clientKeyPassword) : null;
 
             sslContext = SSLContext.getInstance(sslProtocol);

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerCertificateUtils.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerCertificateUtils.java
@@ -284,7 +284,7 @@ static void validateServerCerticate(X509Certificate cert, String certFile) throw
             if (!CertificateFactory.getInstance("X509").generateCertificate(is).getPublicKey()
                     .equals(cert.getPublicKey())) {
                 MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_publicKeyMismatch"));
-                Object[] msgArgs = {certFile.toString()};
+                Object[] msgArgs = {certFile};
                 throw new CertificateException(form.format(msgArgs));
             }
         } catch (Exception e) {
@@ -325,20 +325,18 @@ private static void logSuccessMessage(String nameInCert, String hostName) {
     private static final String RC4_ALG = "RC4";
     private static final String RSA_ALG = "RSA";
 
-    private static KeyManager[] readPKCS12Certificate(String certPath,
-            String keyPassword) throws NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, KeyStoreException, SQLServerException {
-        KeyStore keystore = KeyStore.getInstance(PKCS12_ALG);
+    static KeyStore loadPKCS12KeyStore(String certPath,
+            String keyPassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, SQLServerException {
+        KeyStore keyStore = KeyStore.getInstance(PKCS12_ALG);
         try (FileInputStream certStream = new FileInputStream(certPath)) {
-            keystore.load(certStream, keyPassword.toCharArray());
+            keyStore.load(certStream, (keyPassword != null) ? keyPassword.toCharArray() : null);
         } catch (FileNotFoundException e) {
-            throw new SQLServerException(SQLServerException.getErrString("R_clientCertError"), null, 0, null);
+            throw new SQLServerException(SQLServerException.getErrString("R_readCertError"), null, 0, null);
         }
-        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(SUN_X_509);
-        keyManagerFactory.init(keystore, keyPassword.toCharArray());
-        return keyManagerFactory.getKeyManagers();
+        return keyStore;
     }
 
-    private static KeyManager[] readPKCS8Certificate(String certPath, String keyPath,
+    static KeyManager[] readPKCS8Certificate(String certPath, String keyPath,
             String keyPassword) throws IOException, GeneralSecurityException, SQLServerException {
         Certificate clientCertificate = loadCertificate(certPath);
         ((X509Certificate) clientCertificate).checkValidity();
@@ -354,6 +352,16 @@ private static KeyManager[] readPKCS8Certificate(String certPath, String keyPath
         return kmf.getKeyManagers();
     }
 
+    private static KeyManager[] readPKCS12Certificate(String certPath,
+            String keyPassword) throws NoSuchAlgorithmException, CertificateException, IOException, 
+                UnrecoverableKeyException, KeyStoreException, SQLServerException {
+
+        KeyStore keyStore = loadPKCS12KeyStore(certPath, keyPassword);
+        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(SUN_X_509);
+        keyManagerFactory.init(keyStore, (keyPassword != null) ? keyPassword.toCharArray() : null);
+        return keyManagerFactory.getKeyManagers();
+    }
+
     private static PrivateKey loadPrivateKeyFromPKCS8(
             String key) throws NoSuchAlgorithmException, InvalidKeySpecException {
         StringBuilder sb = new StringBuilder(key);
@@ -445,15 +453,15 @@ private static PrivateKey loadPrivateKeyFromPVK(String keyPath,
         }
     }
 
-    private static Certificate loadCertificate(
+    static Certificate loadCertificate(
             String certificatePem) throws IOException, GeneralSecurityException, SQLServerException {
         CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
         try (InputStream certStream = fileToStream(certificatePem)) {
             return certificateFactory.generateCertificate(certStream);
         }
     }
 
-    private static PrivateKey loadPrivateKey(String privateKeyPemPath,
+    static PrivateKey loadPrivateKey(String privateKeyPemPath,
             String privateKeyPassword) throws GeneralSecurityException, IOException, SQLServerException {
         String privateKeyPem = getStringFromFile(privateKeyPemPath);
 
@@ -517,7 +525,7 @@ private static InputStream fileToStream(String fname) throws IOException, SQLSer
             dis.readFully(bytes);
             return new ByteArrayInputStream(bytes);
         } catch (FileNotFoundException e) {
-            throw new SQLServerException(SQLServerException.getErrString("R_clientCertError"), null, 0, null);
+            throw new SQLServerException(SQLServerException.getErrString("R_readCertError"), null, 0, null);
         }
     }