From 2c3db8121c518f4a59b51cae07279d0eca600f33 Mon Sep 17 00:00:00 2001 From: Mahendra Chavan Date: Wed, 19 Feb 2025 11:23:55 +0530 Subject: [PATCH] Set appropriate value to requestedEncryptionLevel for encrypt=STRICT (#2597) * Set appropriate value to requestedEncryptionLevel for encrypt=STRICT * Added test case testManagedIdentityWithEncryptStrict --------- Co-authored-by: Muskan Gupta --- .../sqlserver/jdbc/SQLServerConnection.java | 6 +++- .../jdbc/SQLServerConnectionTest.java | 32 +++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java index f5e6bc317..c5d8a8a8e 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java @@ -4147,7 +4147,11 @@ void prelogin(String serverName, int portNumber) throws SQLServerException { final byte fedAuthOffset; if (fedAuthRequiredByUser) { messageLength = TDS.B_PRELOGIN_MESSAGE_LENGTH_WITH_FEDAUTH; - requestedEncryptionLevel = TDS.ENCRYPT_ON; + if (encryptOption.compareToIgnoreCase(EncryptOption.STRICT.toString()) == 0) { + requestedEncryptionLevel = TDS.ENCRYPT_NOT_SUP; + } else { + requestedEncryptionLevel = TDS.ENCRYPT_ON; + } // since we added one more line for prelogin option with fedauth, // we also needed to modify the offsets above, by adding 5 to each offset, diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/SQLServerConnectionTest.java b/src/test/java/com/microsoft/sqlserver/jdbc/SQLServerConnectionTest.java index 787c8151e..7f481e974 100644 --- a/src/test/java/com/microsoft/sqlserver/jdbc/SQLServerConnectionTest.java +++ b/src/test/java/com/microsoft/sqlserver/jdbc/SQLServerConnectionTest.java @@ -5,6 +5,7 @@ package com.microsoft.sqlserver.jdbc; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.fail; @@ -1370,4 +1371,35 @@ public void testGetSqlFedAuthTokenFailureNagativeWaiting() throws SQLException { } } + @Test + @Tag(Constants.xAzureSQLDW) + @Tag(Constants.xAzureSQLMI) + @Tag(Constants.xSQLv11) + @Tag(Constants.xSQLv12) + @Tag(Constants.xSQLv14) + @Tag(Constants.xSQLv15) + @Tag(Constants.xSQLv16) + public void testManagedIdentityWithEncryptStrict() { + SQLServerDataSource ds = new SQLServerDataSource(); + + String connectionUrl = connectionString; + if (connectionUrl.contains("user=")) { + connectionUrl = TestUtils.removeProperty(connectionUrl, "user"); + } + if (connectionUrl.contains("password=")) { + connectionUrl = TestUtils.removeProperty(connectionUrl, "password"); + } + + ds.setURL(connectionUrl); + ds.setAuthentication("ActiveDirectoryMSI"); + ds.setEncrypt("strict"); + ds.setHostNameInCertificate("*.database.windows.net"); + + try (Connection con = ds.getConnection()) { + assertNotNull(con); + } catch (SQLException e) { + fail("Connection failed: " + e.getMessage()); + } + } + }