From 9cd4cc0df6fd31e00cca4a4a742b6430c426e98d Mon Sep 17 00:00:00 2001 From: ulvii Date: Thu, 3 Aug 2017 14:06:15 -0700 Subject: [PATCH 1/4] Removing connection property - fipsProvider --- .../microsoft/sqlserver/jdbc/IOBuffer.java | 23 ++++--------------- .../sqlserver/jdbc/SQLServerDataSource.java | 7 ------ .../sqlserver/jdbc/SQLServerDriver.java | 2 -- .../sqlserver/jdbc/SQLServerResource.java | 1 - 4 files changed, 5 insertions(+), 28 deletions(-) diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java index 01ad48256..f8262089e 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java @@ -1579,7 +1579,6 @@ void enableSSL(String host, boolean isFips = false; String trustStoreType = null; - String fipsProvider = null; // If anything in here fails, terminate the connection and throw an exception try { @@ -1597,11 +1596,10 @@ void enableSSL(String host, trustStoreType = SQLServerDriverStringProperty.TRUST_STORE_TYPE.getDefaultValue(); } - fipsProvider = con.activeConnectionProperties.getProperty(SQLServerDriverStringProperty.FIPS_PROVIDER.toString()); isFips = Boolean.valueOf(con.activeConnectionProperties.getProperty(SQLServerDriverBooleanProperty.FIPS.toString())); if (isFips) { - validateFips(fipsProvider, trustStoreType, trustStoreFileName); + validateFips(trustStoreType, trustStoreFileName); } assert TDS.ENCRYPT_OFF == con.getRequestedEncryptionLevel() || // Login only SSL @@ -1647,12 +1645,8 @@ void enableSSL(String host, if (logger.isLoggable(Level.FINEST)) logger.finest(toString() + " Finding key store interface"); - if (isFips) { - ks = KeyStore.getInstance(trustStoreType, fipsProvider); - } - else { - ks = KeyStore.getInstance(trustStoreType); - } + + ks = KeyStore.getInstance(trustStoreType); ksProvider = ks.getProvider(); // Next, load up the trust store file from the specified location. @@ -1829,29 +1823,23 @@ void enableSSL(String host, *
  • trustServerCertificate should be false *
  • if certificate is not installed FIPSProvider & TrustStoreType should be present. * - * @param fipsProvider - * FIPS Provider * @param trustStoreType * @param trustStoreFileName * @throws SQLServerException * @since 6.1.4 */ - private void validateFips(final String fipsProvider, - final String trustStoreType, - final String trustStoreFileName) throws SQLServerException { + private void validateFips(final String trustStoreType,final String trustStoreFileName) throws SQLServerException { boolean isValid = false; boolean isEncryptOn; boolean isValidTrustStoreType; boolean isValidTrustStore; boolean isTrustServerCertificate; - boolean isValidFipsProvider; String strError = SQLServerException.getErrString("R_invalidFipsConfig"); isEncryptOn = (TDS.ENCRYPT_ON == con.getRequestedEncryptionLevel()); // Here different FIPS provider supports different KeyStore type along with different JVM Implementation. - isValidFipsProvider = !StringUtils.isEmpty(fipsProvider); isValidTrustStoreType = !StringUtils.isEmpty(trustStoreType); isValidTrustStore = !StringUtils.isEmpty(trustStoreFileName); isTrustServerCertificate = con.trustServerCertificate(); @@ -1863,8 +1851,7 @@ private void validateFips(final String fipsProvider, isValid = true; if (isValidTrustStore) { - // In case of valid trust store we need to check fipsProvider and TrustStoreType. - if (!isValidFipsProvider || !isValidTrustStoreType) { + if (!isValidTrustStoreType) { isValid = false; strError = SQLServerException.getErrString("R_invalidFipsProviderConfig"); diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java index 25c269f83..e72c31fdc 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java @@ -586,13 +586,6 @@ public boolean getFIPS() { SQLServerDriverBooleanProperty.FIPS.getDefaultValue()); } - public void setFIPSProvider(String fipsProvider) { - setStringProperty(connectionProps, SQLServerDriverStringProperty.FIPS_PROVIDER.toString(), fipsProvider); - } - - public String getFIPSProvider() { - return getStringProperty(connectionProps, SQLServerDriverStringProperty.FIPS_PROVIDER.toString(), null); - } // The URL property is exposed for backwards compatibility reasons. Also, several // Java Application servers expect a setURL function on the DataSource and set it diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java index bfe961220..e681dfd9b 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java @@ -246,7 +246,6 @@ enum SQLServerDriverStringProperty KEY_STORE_AUTHENTICATION ("keyStoreAuthentication", ""), KEY_STORE_SECRET ("keyStoreSecret", ""), KEY_STORE_LOCATION ("keyStoreLocation", ""), - FIPS_PROVIDER ("fipsProvider", ""), ; private final String name; @@ -377,7 +376,6 @@ public final class SQLServerDriver implements java.sql.Driver { new SQLServerDriverPropertyInfo(SQLServerDriverBooleanProperty.XOPEN_STATES.toString(), Boolean.toString(SQLServerDriverBooleanProperty.XOPEN_STATES.getDefaultValue()), false, TRUE_FALSE), new SQLServerDriverPropertyInfo(SQLServerDriverStringProperty.AUTHENTICATION_SCHEME.toString(), SQLServerDriverStringProperty.AUTHENTICATION_SCHEME.getDefaultValue(), false, new String[] {AuthenticationScheme.javaKerberos.toString(),AuthenticationScheme.nativeAuthentication.toString()}), new SQLServerDriverPropertyInfo(SQLServerDriverStringProperty.AUTHENTICATION.toString(), SQLServerDriverStringProperty.AUTHENTICATION.getDefaultValue(), false, new String[] {SqlAuthentication.NotSpecified.toString(),SqlAuthentication.SqlPassword.toString(),SqlAuthentication.ActiveDirectoryPassword.toString(),SqlAuthentication.ActiveDirectoryIntegrated.toString()}), - new SQLServerDriverPropertyInfo(SQLServerDriverStringProperty.FIPS_PROVIDER.toString(), SQLServerDriverStringProperty.FIPS_PROVIDER.getDefaultValue(), false, null), new SQLServerDriverPropertyInfo(SQLServerDriverIntProperty.SOCKET_TIMEOUT.toString(), Integer.toString(SQLServerDriverIntProperty.SOCKET_TIMEOUT.getDefaultValue()), false, null), new SQLServerDriverPropertyInfo(SQLServerDriverBooleanProperty.FIPS.toString(), Boolean.toString(SQLServerDriverBooleanProperty.FIPS.getDefaultValue()), false, TRUE_FALSE), new SQLServerDriverPropertyInfo(SQLServerDriverBooleanProperty.ENABLE_PREPARE_ON_FIRST_PREPARED_STATEMENT.toString(), Boolean.toString(SQLServerDriverBooleanProperty.ENABLE_PREPARE_ON_FIRST_PREPARED_STATEMENT.getDefaultValue()), false,TRUE_FALSE), diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java index 3945a2096..6d5d46873 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java @@ -363,7 +363,6 @@ protected Object[][] getContents() { {"R_keyStoreAuthenticationPropertyDescription", "The name that identifies a key store."}, {"R_keyStoreSecretPropertyDescription", "The authentication secret or information needed to locate the secret."}, {"R_keyStoreLocationPropertyDescription", "The key store location."}, - {"R_fipsProviderPropertyDescription", "FIPS Provider."}, {"R_keyStoreAuthenticationNotSet", "\"keyStoreAuthentication\" connection string keyword must be specified, if \"{0}\" is specified."}, {"R_keyStoreSecretOrLocationNotSet", "Both \"keyStoreSecret\" and \"keyStoreLocation\" must be set, if \"keyStoreAuthentication=JavaKeyStorePassword\" has been specified in the connection string."}, {"R_certificateStoreInvalidKeyword", "Cannot set \"keyStoreSecret\", if \"keyStoreAuthentication=CertificateStore\" has been specified in the connection string."}, From 24ffa097ed18586621ac6627f85e4e0c05204c3c Mon Sep 17 00:00:00 2001 From: ulvii Date: Thu, 3 Aug 2017 14:16:42 -0700 Subject: [PATCH 2/4] Minor formatting changes --- src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java index f8262089e..93f5f9a25 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java @@ -1828,7 +1828,8 @@ void enableSSL(String host, * @throws SQLServerException * @since 6.1.4 */ - private void validateFips(final String trustStoreType,final String trustStoreFileName) throws SQLServerException { + private void validateFips(final String trustStoreType, + final String trustStoreFileName) throws SQLServerException { boolean isValid = false; boolean isEncryptOn; boolean isValidTrustStoreType; @@ -1856,10 +1857,10 @@ private void validateFips(final String trustStoreType,final String trustStoreFil strError = SQLServerException.getErrString("R_invalidFipsProviderConfig"); if (logger.isLoggable(Level.FINER)) - logger.finer(toString() + " FIPS provider & TrustStoreType should pass with TrustStore."); + logger.finer(toString() + "TrustStoreType is required alongside with TrustStore."); } if (logger.isLoggable(Level.FINER)) - logger.finer(toString() + " Found FIPS parameters seems to be valid."); + logger.finer(toString() + "Found FIPS parameters seem to be valid."); } } else { From 8f82d4672e855dc663754640aaf853eec75c920d Mon Sep 17 00:00:00 2001 From: ulvii Date: Thu, 3 Aug 2017 14:53:07 -0700 Subject: [PATCH 3/4] Removing fipsProvider from the test --- .../sqlserver/jdbc/fips/FipsTest.java | 44 ------------------- 1 file changed, 44 deletions(-) diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/fips/FipsTest.java b/src/test/java/com/microsoft/sqlserver/jdbc/fips/FipsTest.java index 83f8a9f71..ecfa268ab 100644 --- a/src/test/java/com/microsoft/sqlserver/jdbc/fips/FipsTest.java +++ b/src/test/java/com/microsoft/sqlserver/jdbc/fips/FipsTest.java @@ -77,26 +77,6 @@ public void fipsEncryptTest() throws Exception { } } - /** - * Test after removing FIPS PROVIDER - * - * @throws Exception - */ - @Test - public void fipsProviderTest() throws Exception { - try { - Properties props = buildConnectionProperties(); - props.remove("fipsProvider"); - props.setProperty("trustStore", "/SOME_PATH"); - Connection con = PrepUtil.getConnection(connectionString, props); - Assertions.fail("It should fail as we are not passing appropriate params"); - } - catch (SQLServerException e) { - Assertions.assertTrue(e.getMessage().contains("Could not enable FIPS due to invalid FIPSProvider or TrustStoreType"), - "Should create exception for invalid FIPSProvider"); - } - } - /** * Test after removing fips, encrypt & trustStore it should work appropriately. * @@ -124,7 +104,6 @@ public void fipsDataSourcePropertyTest() throws Exception { SQLServerDataSource ds = new SQLServerDataSource(); setDataSourceProperties(ds); ds.setFIPS(false); - ds.setFIPSProvider(""); ds.setEncrypt(false); ds.setTrustStoreType("JKS"); Connection con = ds.getConnection(); @@ -153,27 +132,6 @@ public void fipsDatSourceEncrypt() { } } - /** - * Test after removing FIPS PROVIDER - * - * @throws Exception - */ - @Test - public void fipsDataSourceProviderTest() throws Exception { - try { - SQLServerDataSource ds = new SQLServerDataSource(); - setDataSourceProperties(ds); - ds.setFIPSProvider(""); - ds.setTrustStore("/SOME_PATH"); - Connection con = ds.getConnection(); - Assertions.fail("It should fail as we are not passing appropriate params"); - } - catch (SQLServerException e) { - Assertions.assertTrue(e.getMessage().contains("Could not enable FIPS due to invalid FIPSProvider or TrustStoreType"), - "Should create exception for invalid FIPSProvider"); - } - } - /** * Test after setting TrustServerCertificate as true. * @@ -216,7 +174,6 @@ private void setDataSourceProperties(SQLServerDataSource ds) { ds.setTrustServerCertificate(false); ds.setIntegratedSecurity(false); ds.setTrustStoreType("PKCS12"); - ds.setFIPSProvider("BCFIPS"); } /** @@ -235,7 +192,6 @@ private Properties buildConnectionProperties() { // For New Code connectionProps.setProperty("trustStoreType", "PKCS12"); - connectionProps.setProperty("fipsProvider", "BCFIPS"); connectionProps.setProperty("fips", "true"); return connectionProps; From ec72a94818b127c8b21a55337ad0436d50b407c8 Mon Sep 17 00:00:00 2001 From: ulvii Date: Fri, 4 Aug 2017 17:48:27 -0700 Subject: [PATCH 4/4] Removing connetion properties fipsProvider and fips --- .../microsoft/sqlserver/jdbc/IOBuffer.java | 79 +---------- .../sqlserver/jdbc/SQLServerDataSource.java | 10 -- .../sqlserver/jdbc/SQLServerDriver.java | 2 - .../sqlserver/jdbc/SQLServerResource.java | 4 - .../sqlserver/jdbc/fips/FipsTest.java | 124 ------------------ 5 files changed, 6 insertions(+), 213 deletions(-) diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java index 93f5f9a25..ad1f348fa 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java @@ -1577,7 +1577,6 @@ void enableSSL(String host, String tmfDefaultAlgorithm = null; // Default algorithm (typically X.509) used by the TrustManagerFactory SSLHandhsakeState handshakeState = SSLHandhsakeState.SSL_HANDHSAKE_NOT_STARTED; - boolean isFips = false; String trustStoreType = null; // If anything in here fails, terminate the connection and throw an exception @@ -1596,12 +1595,6 @@ void enableSSL(String host, trustStoreType = SQLServerDriverStringProperty.TRUST_STORE_TYPE.getDefaultValue(); } - isFips = Boolean.valueOf(con.activeConnectionProperties.getProperty(SQLServerDriverBooleanProperty.FIPS.toString())); - - if (isFips) { - validateFips(trustStoreType, trustStoreFileName); - } - assert TDS.ENCRYPT_OFF == con.getRequestedEncryptionLevel() || // Login only SSL TDS.ENCRYPT_ON == con.getRequestedEncryptionLevel(); // Full SSL @@ -1704,14 +1697,12 @@ void enableSSL(String host, tmf.init(ks); tm = tmf.getTrustManagers(); - // if the host name in cert provided use it or use the host name Only if it is not FIPS - if (!isFips) { - if (null != hostNameInCertificate) { - tm = new TrustManager[] {new HostNameOverrideX509TrustManager(this, (X509TrustManager) tm[0], hostNameInCertificate)}; - } - else { - tm = new TrustManager[] {new HostNameOverrideX509TrustManager(this, (X509TrustManager) tm[0], host)}; - } + // if the host name in cert provided use it or use the host name + if (null != hostNameInCertificate) { + tm = new TrustManager[] {new HostNameOverrideX509TrustManager(this, (X509TrustManager) tm[0], hostNameInCertificate)}; + } + else { + tm = new TrustManager[] {new HostNameOverrideX509TrustManager(this, (X509TrustManager) tm[0], host)}; } } // end if (!con.trustServerCertificate()) @@ -1815,64 +1806,6 @@ void enableSSL(String host, } } - /** - * Validate FIPS if fips set as true - * - * Valid FIPS settings: - *
  • Encrypt should be true - *
  • trustServerCertificate should be false - *
  • if certificate is not installed FIPSProvider & TrustStoreType should be present. - * - * @param trustStoreType - * @param trustStoreFileName - * @throws SQLServerException - * @since 6.1.4 - */ - private void validateFips(final String trustStoreType, - final String trustStoreFileName) throws SQLServerException { - boolean isValid = false; - boolean isEncryptOn; - boolean isValidTrustStoreType; - boolean isValidTrustStore; - boolean isTrustServerCertificate; - - String strError = SQLServerException.getErrString("R_invalidFipsConfig"); - - isEncryptOn = (TDS.ENCRYPT_ON == con.getRequestedEncryptionLevel()); - - // Here different FIPS provider supports different KeyStore type along with different JVM Implementation. - isValidTrustStoreType = !StringUtils.isEmpty(trustStoreType); - isValidTrustStore = !StringUtils.isEmpty(trustStoreFileName); - isTrustServerCertificate = con.trustServerCertificate(); - - if (isEncryptOn && !isTrustServerCertificate) { - if (logger.isLoggable(Level.FINER)) - logger.finer(toString() + " Found parameters are encrypt is true & trustServerCertificate false"); - - isValid = true; - - if (isValidTrustStore) { - if (!isValidTrustStoreType) { - isValid = false; - strError = SQLServerException.getErrString("R_invalidFipsProviderConfig"); - - if (logger.isLoggable(Level.FINER)) - logger.finer(toString() + "TrustStoreType is required alongside with TrustStore."); - } - if (logger.isLoggable(Level.FINER)) - logger.finer(toString() + "Found FIPS parameters seem to be valid."); - } - } - else { - strError = SQLServerException.getErrString("R_invalidFipsEncryptConfig"); - } - - if (!isValid) { - throw new SQLServerException(strError, null, 0, null); - } - - } - private final static String SEPARATOR = System.getProperty("file.separator"); private final static String JAVA_HOME = System.getProperty("java.home"); private final static String JAVA_SECURITY = JAVA_HOME + SEPARATOR + "lib" + SEPARATOR + "security"; diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java index e72c31fdc..ab46861cd 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java @@ -576,16 +576,6 @@ public boolean getXopenStates() { return getBooleanProperty(connectionProps, SQLServerDriverBooleanProperty.XOPEN_STATES.toString(), SQLServerDriverBooleanProperty.XOPEN_STATES.getDefaultValue()); } - - public void setFIPS(boolean fips) { - setBooleanProperty(connectionProps, SQLServerDriverBooleanProperty.FIPS.toString(), fips); - } - - public boolean getFIPS() { - return getBooleanProperty(connectionProps, SQLServerDriverBooleanProperty.FIPS.toString(), - SQLServerDriverBooleanProperty.FIPS.getDefaultValue()); - } - // The URL property is exposed for backwards compatibility reasons. Also, several // Java Application servers expect a setURL function on the DataSource and set it diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java index e681dfd9b..c9ff88ebe 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java @@ -308,7 +308,6 @@ enum SQLServerDriverBooleanProperty TRANSPARENT_NETWORK_IP_RESOLUTION ("TransparentNetworkIPResolution", true), TRUST_SERVER_CERTIFICATE ("trustServerCertificate", false), XOPEN_STATES ("xopenStates", false), - FIPS ("fips", false), ENABLE_PREPARE_ON_FIRST_PREPARED_STATEMENT("enablePrepareOnFirstPreparedStatementCall", SQLServerConnection.DEFAULT_ENABLE_PREPARE_ON_FIRST_PREPARED_STATEMENT_CALL); private final String name; @@ -377,7 +376,6 @@ public final class SQLServerDriver implements java.sql.Driver { new SQLServerDriverPropertyInfo(SQLServerDriverStringProperty.AUTHENTICATION_SCHEME.toString(), SQLServerDriverStringProperty.AUTHENTICATION_SCHEME.getDefaultValue(), false, new String[] {AuthenticationScheme.javaKerberos.toString(),AuthenticationScheme.nativeAuthentication.toString()}), new SQLServerDriverPropertyInfo(SQLServerDriverStringProperty.AUTHENTICATION.toString(), SQLServerDriverStringProperty.AUTHENTICATION.getDefaultValue(), false, new String[] {SqlAuthentication.NotSpecified.toString(),SqlAuthentication.SqlPassword.toString(),SqlAuthentication.ActiveDirectoryPassword.toString(),SqlAuthentication.ActiveDirectoryIntegrated.toString()}), new SQLServerDriverPropertyInfo(SQLServerDriverIntProperty.SOCKET_TIMEOUT.toString(), Integer.toString(SQLServerDriverIntProperty.SOCKET_TIMEOUT.getDefaultValue()), false, null), - new SQLServerDriverPropertyInfo(SQLServerDriverBooleanProperty.FIPS.toString(), Boolean.toString(SQLServerDriverBooleanProperty.FIPS.getDefaultValue()), false, TRUE_FALSE), new SQLServerDriverPropertyInfo(SQLServerDriverBooleanProperty.ENABLE_PREPARE_ON_FIRST_PREPARED_STATEMENT.toString(), Boolean.toString(SQLServerDriverBooleanProperty.ENABLE_PREPARE_ON_FIRST_PREPARED_STATEMENT.getDefaultValue()), false,TRUE_FALSE), new SQLServerDriverPropertyInfo(SQLServerDriverIntProperty.SERVER_PREPARED_STATEMENT_DISCARD_THRESHOLD.toString(), Integer.toString(SQLServerDriverIntProperty.SERVER_PREPARED_STATEMENT_DISCARD_THRESHOLD.getDefaultValue()), false, null), new SQLServerDriverPropertyInfo(SQLServerDriverIntProperty.STATEMENT_POOLING_CACHE_SIZE.toString(), Integer.toString(SQLServerDriverIntProperty.STATEMENT_POOLING_CACHE_SIZE.getDefaultValue()), false, null), diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java index 6d5d46873..4f2fc9a75 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java @@ -374,10 +374,6 @@ protected Object[][] getContents() { {"R_TVPnotWorkWithSetObjectResultSet" , "setObject() with ResultSet is not supported for Table-Valued Parameter. Please use setStructured()."}, {"R_invalidQueryTimeout", "The queryTimeout {0} is not valid."}, {"R_invalidSocketTimeout", "The socketTimeout {0} is not valid."}, - {"R_fipsPropertyDescription", "Determines if enable FIPS compilant SSL connection between the client and the server."}, - {"R_invalidFipsConfig", "Could not enable FIPS."}, - {"R_invalidFipsEncryptConfig", "Could not enable FIPS due to either encrypt is not true or using trusted certificate settings."}, - {"R_invalidFipsProviderConfig", "Could not enable FIPS due to invalid FIPSProvider or TrustStoreType."}, {"R_serverPreparedStatementDiscardThreshold", "The serverPreparedStatementDiscardThreshold {0} is not valid."}, {"R_statementPoolingCacheSize", "The statementPoolingCacheSize {0} is not valid."}, {"R_kerberosLoginFailedForUsername", "Cannot login with Kerberos principal {0}, check your credentials. {1}"}, diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/fips/FipsTest.java b/src/test/java/com/microsoft/sqlserver/jdbc/fips/FipsTest.java index ecfa268ab..812354f26 100644 --- a/src/test/java/com/microsoft/sqlserver/jdbc/fips/FipsTest.java +++ b/src/test/java/com/microsoft/sqlserver/jdbc/fips/FipsTest.java @@ -8,7 +8,6 @@ package com.microsoft.sqlserver.jdbc.fips; import java.sql.Connection; -import java.util.Properties; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeAll; @@ -17,9 +16,7 @@ import org.junit.runner.RunWith; import com.microsoft.sqlserver.jdbc.SQLServerDataSource; -import com.microsoft.sqlserver.jdbc.SQLServerException; import com.microsoft.sqlserver.jdbc.StringUtils; -import com.microsoft.sqlserver.testframework.PrepUtil; import com.microsoft.sqlserver.testframework.Utils; /** @@ -37,63 +34,6 @@ public static void init() { dataSourceProps = getDataSourceProperties(); } - /** - * Test after setting TrustServerCertificate as true. - * - * @throws Exception - */ - @Test - public void fipsTrustServerCertificateTest() throws Exception { - try { - Properties props = buildConnectionProperties(); - props.setProperty("TrustServerCertificate", "true"); - Connection con = PrepUtil.getConnection(connectionString, props); - Assertions.fail("It should fail as we are not passing appropriate params"); - } - catch (SQLServerException e) { - Assertions.assertTrue( - e.getMessage().contains("Could not enable FIPS due to either encrypt is not true or using trusted certificate settings."), - "Should create exception for invalid TrustServerCertificate value"); - } - } - - /** - * Test after passing encrypt as false. - * - * @throws Exception - */ - @Test - public void fipsEncryptTest() throws Exception { - try { - Properties props = buildConnectionProperties(); - props.setProperty("encrypt", "false"); - Connection con = PrepUtil.getConnection(connectionString, props); - Assertions.fail("It should fail as we are not passing appropriate params"); - } - catch (SQLServerException e) { - Assertions.assertTrue( - e.getMessage().contains("Could not enable FIPS due to either encrypt is not true or using trusted certificate settings."), - "Should create exception for invalid encrypt value"); - } - } - - /** - * Test after removing fips, encrypt & trustStore it should work appropriately. - * - * @throws Exception - */ - @Test - public void fipsPropertyTest() throws Exception { - Properties props = buildConnectionProperties(); - props.remove("fips"); - props.remove("trustStoreType"); - props.remove("encrypt"); - Connection con = PrepUtil.getConnection(connectionString, props); - Assertions.assertTrue(!StringUtils.isEmpty(con.getSchema())); - con.close(); - con = null; - } - /** * Tests after removing all FIPS related properties. * @@ -103,7 +43,6 @@ public void fipsPropertyTest() throws Exception { public void fipsDataSourcePropertyTest() throws Exception { SQLServerDataSource ds = new SQLServerDataSource(); setDataSourceProperties(ds); - ds.setFIPS(false); ds.setEncrypt(false); ds.setTrustStoreType("JKS"); Connection con = ds.getConnection(); @@ -112,47 +51,6 @@ public void fipsDataSourcePropertyTest() throws Exception { con = null; } - /** - * Test after removing encrypt in FIPS Data Source. - */ - @Test - public void fipsDatSourceEncrypt() { - try { - SQLServerDataSource ds = new SQLServerDataSource(); - setDataSourceProperties(ds); - ds.setEncrypt(false); - Connection con = ds.getConnection(); - - Assertions.fail("It should fail as we are not passing appropriate params"); - } - catch (SQLServerException e) { - Assertions.assertTrue( - e.getMessage().contains("Could not enable FIPS due to either encrypt is not true or using trusted certificate settings."), - "Should create exception for invalid encrypt value"); - } - } - - /** - * Test after setting TrustServerCertificate as true. - * - * @throws Exception - */ - @Test - public void fipsDataSourceTrustServerCertificateTest() throws Exception { - try { - SQLServerDataSource ds = new SQLServerDataSource(); - setDataSourceProperties(ds); - ds.setTrustServerCertificate(true); - Connection con = ds.getConnection(); - Assertions.fail("It should fail as we are not passing appropriate params"); - } - catch (SQLServerException e) { - Assertions.assertTrue( - e.getMessage().contains("Could not enable FIPS due to either encrypt is not true or using trusted certificate settings."), - "Should create exception for invalid TrustServerCertificate value"); - } - } - /** * Setting appropriate data source properties including FIPS * @param ds @@ -169,34 +67,12 @@ private void setDataSourceProperties(SQLServerDataSource ds) { ds.setDatabaseName(dataSourceProps[4]); // Set all properties for FIPS - ds.setFIPS(true); ds.setEncrypt(true); ds.setTrustServerCertificate(false); ds.setIntegratedSecurity(false); ds.setTrustStoreType("PKCS12"); } - /** - * Build Connection properties for FIPS - * - * @return - */ - private Properties buildConnectionProperties() { - Properties connectionProps = new Properties(); - - connectionProps.setProperty("encrypt", "true"); - connectionProps.setProperty("integratedSecurity", "false"); - - // In case of false we need to pass keystore etc. which is not passing by default. - connectionProps.setProperty("TrustServerCertificate", "false"); - - // For New Code - connectionProps.setProperty("trustStoreType", "PKCS12"); - connectionProps.setProperty("fips", "true"); - - return connectionProps; - } - /** * It will return String array. [dbServer,username,password,dbname/database] *