Set appropriate value to requestedEncryptionLevel for encrypt=STRICT (#…

…2597) * Set appropriate value to requestedEncryptionLevel for encrypt=STRICT * Added test case testManagedIdentityWithEncryptStrict --------- Co-authored-by: Muskan Gupta <muskgupta@microsoft.com>
microsoft · Feb 19, 2025 · 2c3db81 · 2c3db81
1 parent 4a0a7bc
commit 2c3db81
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 1 deletion.
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java
@@ -4147,7 +4147,11 @@ void prelogin(String serverName, int portNumber) throws SQLServerException {
         final byte fedAuthOffset;
         if (fedAuthRequiredByUser) {
             messageLength = TDS.B_PRELOGIN_MESSAGE_LENGTH_WITH_FEDAUTH;
-            requestedEncryptionLevel = TDS.ENCRYPT_ON;
+            if (encryptOption.compareToIgnoreCase(EncryptOption.STRICT.toString()) == 0) {
+                requestedEncryptionLevel = TDS.ENCRYPT_NOT_SUP;
+            } else {
+                requestedEncryptionLevel = TDS.ENCRYPT_ON;
+            }
 
             // since we added one more line for prelogin option with fedauth,
             // we also needed to modify the offsets above, by adding 5 to each offset,

diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/SQLServerConnectionTest.java b/src/test/java/com/microsoft/sqlserver/jdbc/SQLServerConnectionTest.java
@@ -5,6 +5,7 @@
 package com.microsoft.sqlserver.jdbc;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.fail;
@@ -1370,4 +1371,35 @@ public void testGetSqlFedAuthTokenFailureNagativeWaiting() throws SQLException {
         }        
     }
 
+    @Test
+    @Tag(Constants.xAzureSQLDW)
+    @Tag(Constants.xAzureSQLMI)
+    @Tag(Constants.xSQLv11)
+    @Tag(Constants.xSQLv12)
+    @Tag(Constants.xSQLv14)
+    @Tag(Constants.xSQLv15)
+    @Tag(Constants.xSQLv16)
+    public void testManagedIdentityWithEncryptStrict() {
+        SQLServerDataSource ds = new SQLServerDataSource();
+
+        String connectionUrl = connectionString;
+        if (connectionUrl.contains("user=")) {
+            connectionUrl = TestUtils.removeProperty(connectionUrl, "user");
+        }
+        if (connectionUrl.contains("password=")) {
+            connectionUrl = TestUtils.removeProperty(connectionUrl, "password");
+        }
+
+        ds.setURL(connectionUrl);
+        ds.setAuthentication("ActiveDirectoryMSI");
+        ds.setEncrypt("strict");
+        ds.setHostNameInCertificate("*.database.windows.net"); 
+
+        try (Connection con = ds.getConnection()) {
+            assertNotNull(con);
+        } catch (SQLException e) {
+            fail("Connection failed: " + e.getMessage());
+        }
+    } 
+
 }