Changes according to PR review comments

2018-05-08 14:12:14 -07:00 · 2018-05-08 14:12:14 -07:00 · fb1a2ecb70
--- a/source/pdo_sqlsrv/pdo_util.cpp
+++ b/source/pdo_sqlsrv/pdo_util.cpp
@ -419,11 +419,15 @@ pdo_error PDO_ERRORS[] = {
    },
    {
        SQLSRV_ERROR_AKV_NAME_MISSING,
-        { IMSSP, (SQLCHAR*) "ID for Azure Key Vault is missing. A username or client Id is required.", -87, false }
+        { IMSSP, (SQLCHAR*) "The username or client Id for Azure Key Vault is missing.", -87, false }
    },
    {
        SQLSRV_ERROR_AKV_SECRET_MISSING,
-        { IMSSP, (SQLCHAR*) "Secret for Azure Key Vault is missing. A password or client secret is required.", -88, false }
+        { IMSSP, (SQLCHAR*) "The password or client secret for Azure Key Vault is missing.", -88, false }
+    },
+    {
+        SQLSRV_ERROR_KEYSTORE_INVALID_VALUE,
+        { IMSSP, (SQLCHAR*) "Invalid value for loading Azure Key Vault.", -89, false}
    },
    { UINT_MAX, {} }
 };
--- a/source/shared/core_conn.cpp
+++ b/source/shared/core_conn.cpp
@ -945,15 +945,15 @@ void load_azure_key_vault( _Inout_ sqlsrv_conn* conn TSRMLS_DC )
    if ( ! conn->ce_option.enabled || ! conn->ce_option.akv_required )
        return;
    
-    CHECK_CUSTOM_ERROR( conn->ce_option.akv_auth == NULL || Z_STRLEN_P(conn->ce_option.akv_auth) <= 0, conn, SQLSRV_ERROR_AKV_AUTH_MISSING) {
+    CHECK_CUSTOM_ERROR( conn->ce_option.akv_auth == NULL, conn, SQLSRV_ERROR_AKV_AUTH_MISSING) {
        throw core::CoreException();
    }

-    CHECK_CUSTOM_ERROR( conn->ce_option.akv_id == NULL || Z_STRLEN_P(conn->ce_option.akv_id) <= 0, conn, SQLSRV_ERROR_AKV_NAME_MISSING) {
+    CHECK_CUSTOM_ERROR( conn->ce_option.akv_id == NULL, conn, SQLSRV_ERROR_AKV_NAME_MISSING) {
        throw core::CoreException();
    }

-    CHECK_CUSTOM_ERROR( conn->ce_option.akv_secret == NULL || Z_STRLEN_P(conn->ce_option.akv_secret) <= 0, conn, SQLSRV_ERROR_AKV_SECRET_MISSING) {
+    CHECK_CUSTOM_ERROR( conn->ce_option.akv_secret == NULL, conn, SQLSRV_ERROR_AKV_SECRET_MISSING) {
        throw core::CoreException();
    }
    
@ -963,15 +963,7 @@ void load_azure_key_vault( _Inout_ sqlsrv_conn* conn TSRMLS_DC )
    unsigned int id_len = static_cast<unsigned int>( Z_STRLEN_P( conn->ce_option.akv_id ));
    unsigned int key_size = static_cast<unsigned int>( Z_STRLEN_P( conn->ce_option.akv_secret ));    

-    if ( !stricmp(akv_auth, "KeyVaultPassword") )
-    {
-        configure_azure_key_vault( conn, AKV_CONFIG_FLAGS, AKVCFG_AUTHMODE_PASSWORD, 0 );
-    }
-    else if ( !stricmp(akv_auth, "KeyVaultClientSecret") )
-    {
-        configure_azure_key_vault( conn, AKV_CONFIG_FLAGS, AKVCFG_AUTHMODE_CLIENTKEY, 0 );
-    }
-    
+    configure_azure_key_vault( conn, AKV_CONFIG_FLAGS, conn->ce_option.akv_mode, 0 );
    configure_azure_key_vault( conn, AKV_CONFIG_PRINCIPALID, akv_id, id_len );
    configure_azure_key_vault( conn, AKV_CONFIG_AUTHSECRET, akv_secret, key_size );
 }
@ -1078,6 +1070,12 @@ void ce_akv_str_set_func::func( _In_ connection_option const* option, _In_ zval*
 {
    SQLSRV_ASSERT( Z_TYPE_P( value ) == IS_STRING, "Azure Key Vault keywords accept only strings." );
        
+    size_t value_len = Z_STRLEN_P( value );
+
+    CHECK_CUSTOM_ERROR( value_len <= 0, conn, SQLSRV_ERROR_KEYSTORE_INVALID_VALUE ) {
+        throw core::CoreException();
+    }
+    
    switch( option->conn_option_key )
    {
        case SQLSRV_CONN_OPTION_KEYSTORE_AUTHENTICATION: 
@ -1088,6 +1086,7 @@ void ce_akv_str_set_func::func( _In_ connection_option const* option, _In_ zval*
                throw core::CoreException();
            }
            conn->ce_option.akv_auth = value;
+            conn->ce_option.akv_mode = stricmp( value_str, "KeyVaultPassword" ) ? AKVCFG_AUTHMODE_CLIENTKEY : AKVCFG_AUTHMODE_PASSWORD;
            conn->ce_option.akv_required = true;
            break;
        }
--- a/source/shared/core_sqlsrv.h
+++ b/source/shared/core_sqlsrv.h
@ -1055,6 +1055,7 @@ struct stmt_option;
 // This holds the various details of column encryption. 
 struct col_encryption_option {
    bool            enabled;            // column encryption enabled, false by default
+    SQLINTEGER      akv_mode;
    zval_auto_ptr   akv_auth;
    zval_auto_ptr   akv_id;
    zval_auto_ptr   akv_secret;
@ -1717,6 +1718,7 @@ enum SQLSRV_ERROR_CODES {
    SQLSRV_ERROR_AKV_AUTH_MISSING,
    SQLSRV_ERROR_AKV_NAME_MISSING,
    SQLSRV_ERROR_AKV_SECRET_MISSING,
+    SQLSRV_ERROR_KEYSTORE_INVALID_VALUE,
    SQLSRV_ERROR_ENCRYPTED_STREAM_FETCH,

    // Driver specific error codes starts from here.
--- a/source/sqlsrv/util.cpp
+++ b/source/sqlsrv/util.cpp
@ -410,11 +410,15 @@ ss_error SS_ERRORS[] = {
    },
    {
        SQLSRV_ERROR_AKV_NAME_MISSING,
-        { IMSSP, (SQLCHAR*) "ID for Azure Key Vault is missing. A username or client Id is required.", -112, false }
+        { IMSSP, (SQLCHAR*) "The username or client Id for Azure Key Vault is missing.", -112, false }
    },
    {
        SQLSRV_ERROR_AKV_SECRET_MISSING,
-        { IMSSP, (SQLCHAR*) "Secret for Azure Key Vault is missing. A password or client secret is required.", -113, false }
+        { IMSSP, (SQLCHAR*) "The password or client secret for Azure Key Vault is missing.", -113, false }
+    },
+    {
+        SQLSRV_ERROR_KEYSTORE_INVALID_VALUE,
+        { IMSSP, (SQLCHAR*) "Invalid value for loading Azure Key Vault.", -114, false}
    },

    // terminate the list of errors/warnings
--- a/test/functional/pdo_sqlsrv/MsSetup.inc
+++ b/test/functional/pdo_sqlsrv/MsSetup.inc
@ -45,10 +45,10 @@ $keystore = "none";         // key store provider, acceptable values are none, w
 $dataEncrypted = false;     // whether data is to be encrypted

 // for Azure Key Vault
-$keyStoreAuthentication = 'KeyVaultPassword';   // can be KeyVaultPassword or KeyVaultClientSecret
-$principalName = 'name';                        // for use with KeyVaultPassword
-$AKVPassword = 'password';                      // for use with KeyVaultPassword
-$clientID = 'clientid';                         // for use with KeyVaultClientSecret
-$AKVSecret = 'secret';                          // for use with KeyVaultClientSecret
+$AKVKeyStoreAuthentication = 'TARGET_AKV_AUTH';   // can be KeyVaultPassword or KeyVaultClientSecret
+$AKVPrincipalName = 'TARGET_AKV_PRINCIPAL_NAME';  // for use with KeyVaultPassword
+$AKVPassword = 'TARGET_AKV_PASSWORD';             // for use with KeyVaultPassword
+$AKVClientID = 'TARGET_AKV_CLIENT_ID';            // for use with KeyVaultClientSecret
+$AKVSecret = 'TARGET_AKV_CLIENT_SECRET';          // for use with KeyVaultClientSecret

 ?>
--- a/test/functional/sqlsrv/MsSetup.inc
+++ b/test/functional/sqlsrv/MsSetup.inc
@ -45,10 +45,10 @@ $keystore = "none";         // key store provider, acceptable values are none, w
 $dataEncrypted = false;     // whether data is to be encrypted

 // for Azure Key Vault
-$keyStoreAuthentication = 'KeyVaultPassword';   // can be KeyVaultPassword or KeyVaultClientSecret
-$principalName = 'name';                        // for use with KeyVaultPassword
-$AKVPassword = 'password';                      // for use with KeyVaultPassword
-$clientID = 'clientid';                         // for use with KeyVaultClientSecret
-$AKVSecret = 'secret';                          // for use with KeyVaultClientSecret
+$AKVKeyStoreAuthentication = 'TARGET_AKV_AUTH';   // can be KeyVaultPassword or KeyVaultClientSecret
+$AKVPrincipalName = 'TARGET_AKV_PRINCIPAL_NAME';  // for use with KeyVaultPassword
+$AKVPassword = 'TARGET_AKV_PASSWORD';             // for use with KeyVaultPassword
+$AKVClientID = 'TARGET_AKV_CLIENT_ID';            // for use with KeyVaultClientSecret
+$AKVSecret = 'TARGET_AKV_CLIENT_SECRET';          // for use with KeyVaultClientSecret

 ?>