Skip to content

Commit

Permalink
Fixed two column encryption tests to encrypt columns (#1236)
Browse files Browse the repository at this point in the history
  • Loading branch information
yitam authored Feb 17, 2021
1 parent 3da8418 commit f7e24bd
Show file tree
Hide file tree
Showing 4 changed files with 95 additions and 12 deletions.
4 changes: 2 additions & 2 deletions appveyor.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ environment:
SQL_INSTANCE: SQL2019
PHP_VC: vs16
PHP_MAJOR_VER: 8.0
PHP_MINOR_VER: 0RC2
PHP_MINOR_VER: latest
PHP_EXE_PATH: Release
THREAD: nts
platform: x86
Expand Down Expand Up @@ -79,7 +79,7 @@ install:
}
- echo Downloading MSODBCSQL 17
# AppVeyor build works are x64 VMs and 32-bit ODBC driver cannot be installed on it
- ps: (new-object net.webclient).DownloadFile('https://download.microsoft.com/download/6/b/3/6b3dd05c-678c-4e6b-b503-1d66e16ef23d/en-US/17.6.1.1/x64/msodbcsql.msi', 'c:\projects\msodbcsql.msi')
- ps: (new-object net.webclient).DownloadFile('https://download.microsoft.com/download/2/c/c/2cc12eab-a3aa-45d6-95bb-13f968fb6cd6/en-US/17.7.1.1/x64/msodbcsql.msi', 'c:\projects\msodbcsql.msi')
- cmd /c start /wait msiexec /i "c:\projects\msodbcsql.msi" /q IACCEPTMSODBCSQLLICENSETERMS=YES ADDLOCAL=ALL
- echo Checking the version of MSODBCSQL
- reg query "HKLM\SOFTWARE\ODBC\odbcinst.ini\ODBC Driver 17 for SQL Server"
Expand Down
18 changes: 17 additions & 1 deletion test/functional/sqlsrv/MsHelper.inc
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ class ColumnMeta
public $options; // a string that is null by default (e.g. NOT NULL Identity (1,1) )

protected $encryptable; // whether Always Encrypted supports this column
protected $forcedEncrypt; // force column encryption regardless, default to 'false'

public function __construct($dataType, $colName = null, $options = null, $deterministic = true, $noEncrypt = false)
{
Expand All @@ -41,6 +42,8 @@ class ColumnMeta
} else {
$this->colName = $colName;
}

$this->forcedEncrypt = false;

$this->encType = ($deterministic ? "deterministic" : "randomized");
if (empty($dataType)) {
Expand Down Expand Up @@ -79,16 +82,29 @@ class ColumnMeta
$this->encryptable = true;
}
}

/**
* force column to be encrypted regardless of the current settings
* @return void
*/
public function forceEncryption($forceEncryption)
{
$this->forcedEncrypt = $forceEncryption;
}

/**
* @return string column definition for creating a table
*/
public function getColDef()
{
$append = " ";

if ($this->encryptable && isDataEncrypted()) {
if (($this->encryptable && isDataEncrypted()) || $this->forcedEncrypt) {

$cekName = getCekName();
if ($this->forcedEncrypt && empty($cekName)) {
$cekName = 'AEColumnKey'; // Use Windows AE key by default
}
if (stripos($this->dataType, "char") !== false) {
$append .= "COLLATE Latin1_General_BIN2 ";
}
Expand Down
28 changes: 24 additions & 4 deletions test/functional/sqlsrv/sqlsrv_ae_fetch_phptypes.phpt
Original file line number Diff line number Diff line change
@@ -1,9 +1,24 @@
--TEST--
Test insert data and fetch as all possible php types
--DESCRIPTION--
Test insert data of most common column types and fetch them all as possible php types
Test insert data of most common column types and fetch them all as possible php types.
This test requires the Always Encrypted feature.
--SKIPIF--
<?php require('skipif_versions_old.inc'); ?>
<?php
if (! extension_loaded("sqlsrv")) {
die("Skip extension not loaded");
}

require_once('MsCommon.inc');
$options = array("Database" => $database, "UID" => $userName, "PWD" => $userPassword);
$conn = sqlsrv_connect($server, $options);
if (! $conn) {
die("Skip Could not connect during SKIPIF!");
}
if (!AE\isQualified($conn)) {
die("skip AE feature not supported in the current environment.");
}
?>
--FILE--
<?php
require_once('MsCommon.inc');
Expand All @@ -13,6 +28,9 @@ require_once('values.php');
// AE-encrypted and a non-encrypted column side by side in the table.
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
{
// Only force encryption in Windows
$forceEncryption = strtoupper(substr(PHP_OS, 0, 3)) === 'WIN';

$columns = array();
$queryTypes = "(";
$valuesString = "VALUES (";
Expand All @@ -21,7 +39,9 @@ function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
for ($i = 0; $i < $numTypes; ++$i) {
// Replace parentheses for column names
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE");
$anAEcolumn = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE");
$anAEcolumn->forceEncryption($forceEncryption);
$columns[] = $anAEcolumn;
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname, null, true, true);
$queryTypes .= "c_"."$colname, ";
$queryTypes .= "c_"."$colname"."_AE, ";
Expand Down Expand Up @@ -66,7 +86,7 @@ set_time_limit(0);
sqlsrv_configure('WarningsReturnAsErrors', 1);

// Connect
$connectionInfo = array("CharacterSet"=>"UTF-8");
$connectionInfo = array('CharacterSet'=>'UTF-8', 'ColumnEncryption' => 'Enabled');
$conn = AE\connect($connectionInfo);
if (!$conn) {
fatalError("Could not connect.\n");
Expand Down
57 changes: 52 additions & 5 deletions test/functional/sqlsrv/sqlsrv_ae_type_conversion_select.phpt
Original file line number Diff line number Diff line change
@@ -1,13 +1,30 @@
--TEST--
Test fetching data by conversion with CAST in the SELECT statement
--DESCRIPTION--
This test checks the allowed data type conversions in SELECT statements under Always Encrypted and non-encrypted
This test requires the Always Encrypted feature and checks the allowed data type conversions in
SELECT statements under Always Encrypted and non-encrypted
Reference chart for conversions found at https://www.microsoft.com/en-us/download/details.aspx?id=35834
--SKIPIF--
<?php require('skipif_versions_old.inc'); ?>
<?php
if (! extension_loaded("sqlsrv")) {
die("Skip extension not loaded");
}

require_once('MsCommon.inc');

$options = array("Database" => $database, "UID" => $userName, "PWD" => $userPassword);
$conn = sqlsrv_connect($server, $options);
if (! $conn) {
die("Skip Could not connect during SKIPIF!");
}
if (!AE\isQualified($conn)) {
die("skip AE feature not supported in the current environment.");
}
?>
--FILE--
<?php
require_once('sqlsrv_ae_azure_key_vault_common.php');
require_once('MsHelper.inc');
require_once('values.php');

// These are the errors we expect to see if a conversion fails.
// 22001 String data is right-truncated
Expand All @@ -34,7 +51,37 @@ function checkErrors(&$convError)

return true;
}


// Set up the columns and build the insert query. Each data type has an
// AE-encrypted and a non-encrypted column side by side in the table.
function formulateSetupQuery($tableName, &$dataTypes, &$columns, &$insertQuery)
{
// Only force encryption in Windows
$forceEncryption = strtoupper(substr(PHP_OS, 0, 3)) === 'WIN';

$columns = array();
$queryTypes = "(";
$valuesString = "VALUES (";
$numTypes = sizeof($dataTypes);

for ($i = 0; $i < $numTypes; ++$i) {
// Replace parentheses for column names
$colname = str_replace(array("(", ",", ")"), array("_", "_", ""), $dataTypes[$i]);
$anAEcolumn = new AE\ColumnMeta($dataTypes[$i], "c_".$colname."_AE");
$anAEcolumn->forceEncryption($forceEncryption);
$columns[] = $anAEcolumn;
$columns[] = new AE\ColumnMeta($dataTypes[$i], "c_".$colname, null, true, true);
$queryTypes .= "c_"."$colname, ";
$queryTypes .= "c_"."$colname"."_AE, ";
$valuesString .= "?, ?, ";
}

$queryTypes = substr($queryTypes, 0, -2).")";
$valuesString = substr($valuesString, 0, -2).")";

$insertQuery = "INSERT INTO $tableName ".$queryTypes." ".$valuesString;
}

// Build the select queries. We want every combination of types for conversion
// testing, so the matrix of queries selects every type from every column
// and convert using CAST.
Expand Down Expand Up @@ -154,7 +201,7 @@ $conversionMatrixAE = array(array('y','y','y','x','x','x','x','x','x','x','x','x
set_time_limit(0);
sqlsrv_configure('WarningsReturnAsErrors', 1);

$connectionInfo = array("CharacterSet"=>"UTF-8");
$connectionInfo = array('CharacterSet'=>'UTF-8', 'ColumnEncryption' => 'Enabled');
$conn = AE\connect($connectionInfo);
if (!$conn) {
fatalError("Could not connect.\n");
Expand Down

0 comments on commit f7e24bd

Please sign in to comment.