From 4dbaeee08d7a0753c5ab6737e2050841160000bd Mon Sep 17 00:00:00 2001 From: machavan Date: Fri, 7 Feb 2025 11:07:59 +0530 Subject: [PATCH 1/2] Set appropriate value to requestedEncryptionLevel for encrypt=STRICT --- .../com/microsoft/sqlserver/jdbc/SQLServerConnection.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java index f5e6bc3173..c5d8a8a8e4 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java @@ -4147,7 +4147,11 @@ void prelogin(String serverName, int portNumber) throws SQLServerException { final byte fedAuthOffset; if (fedAuthRequiredByUser) { messageLength = TDS.B_PRELOGIN_MESSAGE_LENGTH_WITH_FEDAUTH; - requestedEncryptionLevel = TDS.ENCRYPT_ON; + if (encryptOption.compareToIgnoreCase(EncryptOption.STRICT.toString()) == 0) { + requestedEncryptionLevel = TDS.ENCRYPT_NOT_SUP; + } else { + requestedEncryptionLevel = TDS.ENCRYPT_ON; + } // since we added one more line for prelogin option with fedauth, // we also needed to modify the offsets above, by adding 5 to each offset, From 89c99111320c0fc53c1a26d7483c8ee73b3aef1c Mon Sep 17 00:00:00 2001 From: Muskan Gupta Date: Thu, 13 Feb 2025 14:17:48 +0530 Subject: [PATCH 2/2] Added test case testManagedIdentityWithEncryptStrict --- .../jdbc/SQLServerConnectionTest.java | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/SQLServerConnectionTest.java b/src/test/java/com/microsoft/sqlserver/jdbc/SQLServerConnectionTest.java index 787c8151ea..7f481e974e 100644 --- a/src/test/java/com/microsoft/sqlserver/jdbc/SQLServerConnectionTest.java +++ b/src/test/java/com/microsoft/sqlserver/jdbc/SQLServerConnectionTest.java @@ -5,6 +5,7 @@ package com.microsoft.sqlserver.jdbc; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.fail; @@ -1370,4 +1371,35 @@ public void testGetSqlFedAuthTokenFailureNagativeWaiting() throws SQLException { } } + @Test + @Tag(Constants.xAzureSQLDW) + @Tag(Constants.xAzureSQLMI) + @Tag(Constants.xSQLv11) + @Tag(Constants.xSQLv12) + @Tag(Constants.xSQLv14) + @Tag(Constants.xSQLv15) + @Tag(Constants.xSQLv16) + public void testManagedIdentityWithEncryptStrict() { + SQLServerDataSource ds = new SQLServerDataSource(); + + String connectionUrl = connectionString; + if (connectionUrl.contains("user=")) { + connectionUrl = TestUtils.removeProperty(connectionUrl, "user"); + } + if (connectionUrl.contains("password=")) { + connectionUrl = TestUtils.removeProperty(connectionUrl, "password"); + } + + ds.setURL(connectionUrl); + ds.setAuthentication("ActiveDirectoryMSI"); + ds.setEncrypt("strict"); + ds.setHostNameInCertificate("*.database.windows.net"); + + try (Connection con = ds.getConnection()) { + assertNotNull(con); + } catch (SQLException e) { + fail("Connection failed: " + e.getMessage()); + } + } + }