Feature | client certificate authentication#1284
Merged
peterbae merged 61 commits intomicrosoft:devfrom Mar 27, 2020
Merged
Conversation
…ed by default (microsoft#1254) * skip AKV test properly * removed enclave properties string to failed errors as enclave tests could be skipped
Add support for PKCS8 and PKCS1 private keys
change logic for decryptprovider
Fix pkcs8 and add tests
… into clientcertauth # Conflicts: # src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java
Clientcertauth
ulvii
reviewed
Mar 26, 2020
ulvii
reviewed
Mar 27, 2020
ulvii
reviewed
Mar 27, 2020
| + ";"; | ||
| try (Connection conn = DriverManager.getConnection(conStr)) { | ||
| } catch (SQLServerException e) { | ||
| assertTrue(e.getMessage().contains(TestResource.getResource("R_invalidPath"))); |
Contributor
There was a problem hiding this comment.
You can use R_clientCertError from SQLServerResource.
Contributor
Author
There was a problem hiding this comment.
SQLServerResource is not visible in this package, we can just use the TestResource for test related texts.
Contributor
There was a problem hiding this comment.
See SQLServerConnectionTest.executeInvalidFmt() for example use.
assertTrue(e.getMessage().matches(TestUtils.formatErrorMsg("R_invalidArgument")));
ulvii
reviewed
Mar 27, 2020
ulvii
reviewed
Mar 27, 2020
|
|
||
| @Test | ||
| public void testDataSource() throws Exception { | ||
| String conStr = connectionString + ";clientCertificate=" + clientCertificate + ".pem;" + "clientKey=" |
Contributor
There was a problem hiding this comment.
Why aren't you using new DataSource APIs? setClientCertificate(), setClientKey(), setClientKeyPassword
ulvii
reviewed
Mar 27, 2020
String match provider name
rene-ye
approved these changes
Mar 27, 2020
ulvii
approved these changes
Mar 27, 2020
lilgreenbird
approved these changes
Mar 27, 2020
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The JDBC driver will add three connection properties for this feature:
clientCertificate – specifies the certificate to be used for authentication. The JDBC driver will support PFX, PEM, DER and CER file extensions. Format:
• clientCertificate=<file_location>
The driver uses a certificate file. For certificates in PEM, DER and CER formats clientKey attribute is required.
clientKey – specifies a file location of the private key for PEM, DER and CER certificates specified by the clientCertificate attribute. Format:
• clientKey=<file_location>
Specifies location of the private key file. In case if private key file is password protected then password keyword is required.
clientKeyPassword – optional password string provided to access the clientKey file’s private key.