diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java
index 60ca4fbc5..25856348b 100644
--- a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java
+++ b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java
@@ -1579,7 +1579,6 @@ void enableSSL(String host,
boolean isFips = false;
String trustStoreType = null;
- String fipsProvider = null;
String sslProtocol = null;
// If anything in here fails, terminate the connection and throw an exception
@@ -1598,12 +1597,11 @@ void enableSSL(String host,
trustStoreType = SQLServerDriverStringProperty.TRUST_STORE_TYPE.getDefaultValue();
}
- fipsProvider = con.activeConnectionProperties.getProperty(SQLServerDriverStringProperty.FIPS_PROVIDER.toString());
isFips = Boolean.valueOf(con.activeConnectionProperties.getProperty(SQLServerDriverBooleanProperty.FIPS.toString()));
sslProtocol = con.activeConnectionProperties.getProperty(SQLServerDriverStringProperty.SSL_PROTOCOL.toString());
if (isFips) {
- validateFips(fipsProvider, trustStoreType, trustStoreFileName);
+ validateFips(trustStoreType, trustStoreFileName);
}
assert TDS.ENCRYPT_OFF == con.getRequestedEncryptionLevel() || // Login only SSL
@@ -1649,12 +1647,8 @@ void enableSSL(String host,
if (logger.isLoggable(Level.FINEST))
logger.finest(toString() + " Finding key store interface");
- if (isFips) {
- ks = KeyStore.getInstance(trustStoreType, fipsProvider);
- }
- else {
- ks = KeyStore.getInstance(trustStoreType);
- }
+
+ ks = KeyStore.getInstance(trustStoreType);
ksProvider = ks.getProvider();
// Next, load up the trust store file from the specified location.
@@ -1828,57 +1822,40 @@ void enableSSL(String host,
* Valid FIPS settings:
* Encrypt should be true
* trustServerCertificate should be false
- * if certificate is not installed FIPSProvider & TrustStoreType should be present.
+ * if certificate is not installed TrustStoreType should be present.
*
- * @param fipsProvider
- * FIPS Provider
* @param trustStoreType
* @param trustStoreFileName
* @throws SQLServerException
* @since 6.1.4
*/
- private void validateFips(final String fipsProvider,
- final String trustStoreType,
+ private void validateFips(final String trustStoreType,
final String trustStoreFileName) throws SQLServerException {
boolean isValid = false;
boolean isEncryptOn;
boolean isValidTrustStoreType;
boolean isValidTrustStore;
boolean isTrustServerCertificate;
- boolean isValidFipsProvider;
String strError = SQLServerException.getErrString("R_invalidFipsConfig");
isEncryptOn = (TDS.ENCRYPT_ON == con.getRequestedEncryptionLevel());
- // Here different FIPS provider supports different KeyStore type along with different JVM Implementation.
- isValidFipsProvider = !StringUtils.isEmpty(fipsProvider);
isValidTrustStoreType = !StringUtils.isEmpty(trustStoreType);
isValidTrustStore = !StringUtils.isEmpty(trustStoreFileName);
isTrustServerCertificate = con.trustServerCertificate();
- if (isEncryptOn && !isTrustServerCertificate) {
- if (logger.isLoggable(Level.FINER))
- logger.finer(toString() + " Found parameters are encrypt is true & trustServerCertificate false");
-
+ if (isEncryptOn && !isTrustServerCertificate) {
isValid = true;
-
if (isValidTrustStore) {
- // In case of valid trust store we need to check fipsProvider and TrustStoreType.
- if (!isValidFipsProvider || !isValidTrustStoreType) {
- isValid = false;
- strError = SQLServerException.getErrString("R_invalidFipsProviderConfig");
-
+ // In case of valid trust store we need to check TrustStoreType.
+ if (!isValidTrustStoreType) {
+ isValid = false;
if (logger.isLoggable(Level.FINER))
- logger.finer(toString() + " FIPS provider & TrustStoreType should pass with TrustStore.");
+ logger.finer(toString() + "TrustStoreType is required alongside with TrustStore.");
}
- if (logger.isLoggable(Level.FINER))
- logger.finer(toString() + " Found FIPS parameters seems to be valid.");
}
}
- else {
- strError = SQLServerException.getErrString("R_invalidFipsEncryptConfig");
- }
if (!isValid) {
throw new SQLServerException(strError, null, 0, null);
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java
index abb54db84..16891f3f0 100644
--- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java
+++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java
@@ -585,14 +585,6 @@ public boolean getFIPS() {
return getBooleanProperty(connectionProps, SQLServerDriverBooleanProperty.FIPS.toString(),
SQLServerDriverBooleanProperty.FIPS.getDefaultValue());
}
-
- public void setFIPSProvider(String fipsProvider) {
- setStringProperty(connectionProps, SQLServerDriverStringProperty.FIPS_PROVIDER.toString(), fipsProvider);
- }
-
- public String getFIPSProvider() {
- return getStringProperty(connectionProps, SQLServerDriverStringProperty.FIPS_PROVIDER.toString(), null);
- }
public void setSSLProtocol(String sslProtocol) {
setStringProperty(connectionProps, SQLServerDriverStringProperty.SSL_PROTOCOL.toString(), sslProtocol);
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java
index 25a0032b4..290be39ae 100644
--- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java
+++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java
@@ -286,7 +286,6 @@ enum SQLServerDriverStringProperty
KEY_STORE_AUTHENTICATION ("keyStoreAuthentication", ""),
KEY_STORE_SECRET ("keyStoreSecret", ""),
KEY_STORE_LOCATION ("keyStoreLocation", ""),
- FIPS_PROVIDER ("fipsProvider", ""),
SSL_PROTOCOL ("sslProtocol", SSLProtocol.TLS.toString()),
;
@@ -418,7 +417,6 @@ public final class SQLServerDriver implements java.sql.Driver {
new SQLServerDriverPropertyInfo(SQLServerDriverBooleanProperty.XOPEN_STATES.toString(), Boolean.toString(SQLServerDriverBooleanProperty.XOPEN_STATES.getDefaultValue()), false, TRUE_FALSE),
new SQLServerDriverPropertyInfo(SQLServerDriverStringProperty.AUTHENTICATION_SCHEME.toString(), SQLServerDriverStringProperty.AUTHENTICATION_SCHEME.getDefaultValue(), false, new String[] {AuthenticationScheme.javaKerberos.toString(),AuthenticationScheme.nativeAuthentication.toString()}),
new SQLServerDriverPropertyInfo(SQLServerDriverStringProperty.AUTHENTICATION.toString(), SQLServerDriverStringProperty.AUTHENTICATION.getDefaultValue(), false, new String[] {SqlAuthentication.NotSpecified.toString(),SqlAuthentication.SqlPassword.toString(),SqlAuthentication.ActiveDirectoryPassword.toString(),SqlAuthentication.ActiveDirectoryIntegrated.toString()}),
- new SQLServerDriverPropertyInfo(SQLServerDriverStringProperty.FIPS_PROVIDER.toString(), SQLServerDriverStringProperty.FIPS_PROVIDER.getDefaultValue(), false, null),
new SQLServerDriverPropertyInfo(SQLServerDriverIntProperty.SOCKET_TIMEOUT.toString(), Integer.toString(SQLServerDriverIntProperty.SOCKET_TIMEOUT.getDefaultValue()), false, null),
new SQLServerDriverPropertyInfo(SQLServerDriverBooleanProperty.FIPS.toString(), Boolean.toString(SQLServerDriverBooleanProperty.FIPS.getDefaultValue()), false, TRUE_FALSE),
new SQLServerDriverPropertyInfo(SQLServerDriverBooleanProperty.ENABLE_PREPARE_ON_FIRST_PREPARED_STATEMENT.toString(), Boolean.toString(SQLServerDriverBooleanProperty.ENABLE_PREPARE_ON_FIRST_PREPARED_STATEMENT.getDefaultValue()), false,TRUE_FALSE),
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java
index 4683e17cd..0276af73b 100644
--- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java
+++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java
@@ -363,7 +363,6 @@ protected Object[][] getContents() {
{"R_keyStoreAuthenticationPropertyDescription", "The name that identifies a key store."},
{"R_keyStoreSecretPropertyDescription", "The authentication secret or information needed to locate the secret."},
{"R_keyStoreLocationPropertyDescription", "The key store location."},
- {"R_fipsProviderPropertyDescription", "FIPS Provider."},
{"R_keyStoreAuthenticationNotSet", "\"keyStoreAuthentication\" connection string keyword must be specified, if \"{0}\" is specified."},
{"R_keyStoreSecretOrLocationNotSet", "Both \"keyStoreSecret\" and \"keyStoreLocation\" must be set, if \"keyStoreAuthentication=JavaKeyStorePassword\" has been specified in the connection string."},
{"R_certificateStoreInvalidKeyword", "Cannot set \"keyStoreSecret\", if \"keyStoreAuthentication=CertificateStore\" has been specified in the connection string."},
@@ -375,10 +374,8 @@ protected Object[][] getContents() {
{"R_TVPnotWorkWithSetObjectResultSet", "setObject() with ResultSet is not supported for Table-Valued Parameter. Please use setStructured()."},
{"R_invalidQueryTimeout", "The queryTimeout {0} is not valid."},
{"R_invalidSocketTimeout", "The socketTimeout {0} is not valid."},
- {"R_fipsPropertyDescription", "Determines if enable FIPS compliant SSL connection between the client and the server."},
- {"R_invalidFipsConfig", "Could not enable FIPS."},
- {"R_invalidFipsEncryptConfig", "Could not enable FIPS due to either encrypt is not true or using trusted certificate settings."},
- {"R_invalidFipsProviderConfig", "Could not enable FIPS due to invalid FIPSProvider or TrustStoreType."},
+ {"R_fipsPropertyDescription", "Determines if FIPS mode is enabled."},
+ {"R_invalidFipsConfig", "Unable to verify FIPS mode settings."},
{"R_serverPreparedStatementDiscardThreshold", "The serverPreparedStatementDiscardThreshold {0} is not valid."},
{"R_statementPoolingCacheSize", "The statementPoolingCacheSize {0} is not valid."},
{"R_kerberosLoginFailedForUsername", "Cannot login with Kerberos principal {0}, check your credentials. {1}"},
diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/fips/FipsTest.java b/src/test/java/com/microsoft/sqlserver/jdbc/fips/FipsTest.java
index 83f8a9f71..3a257328a 100644
--- a/src/test/java/com/microsoft/sqlserver/jdbc/fips/FipsTest.java
+++ b/src/test/java/com/microsoft/sqlserver/jdbc/fips/FipsTest.java
@@ -52,7 +52,7 @@ public void fipsTrustServerCertificateTest() throws Exception {
}
catch (SQLServerException e) {
Assertions.assertTrue(
- e.getMessage().contains("Could not enable FIPS due to either encrypt is not true or using trusted certificate settings."),
+ e.getMessage().contains("Unable to verify FIPS mode settings."),
"Should create exception for invalid TrustServerCertificate value");
}
}
@@ -72,31 +72,11 @@ public void fipsEncryptTest() throws Exception {
}
catch (SQLServerException e) {
Assertions.assertTrue(
- e.getMessage().contains("Could not enable FIPS due to either encrypt is not true or using trusted certificate settings."),
+ e.getMessage().contains("Unable to verify FIPS mode settings."),
"Should create exception for invalid encrypt value");
}
}
- /**
- * Test after removing FIPS PROVIDER
- *
- * @throws Exception
- */
- @Test
- public void fipsProviderTest() throws Exception {
- try {
- Properties props = buildConnectionProperties();
- props.remove("fipsProvider");
- props.setProperty("trustStore", "/SOME_PATH");
- Connection con = PrepUtil.getConnection(connectionString, props);
- Assertions.fail("It should fail as we are not passing appropriate params");
- }
- catch (SQLServerException e) {
- Assertions.assertTrue(e.getMessage().contains("Could not enable FIPS due to invalid FIPSProvider or TrustStoreType"),
- "Should create exception for invalid FIPSProvider");
- }
- }
-
/**
* Test after removing fips, encrypt & trustStore it should work appropriately.
*
@@ -124,7 +104,6 @@ public void fipsDataSourcePropertyTest() throws Exception {
SQLServerDataSource ds = new SQLServerDataSource();
setDataSourceProperties(ds);
ds.setFIPS(false);
- ds.setFIPSProvider("");
ds.setEncrypt(false);
ds.setTrustStoreType("JKS");
Connection con = ds.getConnection();
@@ -148,32 +127,11 @@ public void fipsDatSourceEncrypt() {
}
catch (SQLServerException e) {
Assertions.assertTrue(
- e.getMessage().contains("Could not enable FIPS due to either encrypt is not true or using trusted certificate settings."),
+ e.getMessage().contains("Unable to verify FIPS mode settings."),
"Should create exception for invalid encrypt value");
}
}
- /**
- * Test after removing FIPS PROVIDER
- *
- * @throws Exception
- */
- @Test
- public void fipsDataSourceProviderTest() throws Exception {
- try {
- SQLServerDataSource ds = new SQLServerDataSource();
- setDataSourceProperties(ds);
- ds.setFIPSProvider("");
- ds.setTrustStore("/SOME_PATH");
- Connection con = ds.getConnection();
- Assertions.fail("It should fail as we are not passing appropriate params");
- }
- catch (SQLServerException e) {
- Assertions.assertTrue(e.getMessage().contains("Could not enable FIPS due to invalid FIPSProvider or TrustStoreType"),
- "Should create exception for invalid FIPSProvider");
- }
- }
-
/**
* Test after setting TrustServerCertificate as true.
*
@@ -190,7 +148,7 @@ public void fipsDataSourceTrustServerCertificateTest() throws Exception {
}
catch (SQLServerException e) {
Assertions.assertTrue(
- e.getMessage().contains("Could not enable FIPS due to either encrypt is not true or using trusted certificate settings."),
+ e.getMessage().contains("Unable to verify FIPS mode settings."),
"Should create exception for invalid TrustServerCertificate value");
}
}
@@ -216,7 +174,6 @@ private void setDataSourceProperties(SQLServerDataSource ds) {
ds.setTrustServerCertificate(false);
ds.setIntegratedSecurity(false);
ds.setTrustStoreType("PKCS12");
- ds.setFIPSProvider("BCFIPS");
}
/**
@@ -235,7 +192,6 @@ private Properties buildConnectionProperties() {
// For New Code
connectionProps.setProperty("trustStoreType", "PKCS12");
- connectionProps.setProperty("fipsProvider", "BCFIPS");
connectionProps.setProperty("fips", "true");
return connectionProps;