Module com.microsoft.sqlserver.jdbc
Package com.microsoft.sqlserver.jdbc
Class SQLServerColumnEncryptionKeyStoreProvider
- java.lang.Object
-
- com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider
-
- Direct Known Subclasses:
SQLServerColumnEncryptionAzureKeyVaultProvider,SQLServerColumnEncryptionCertificateStoreProvider,SQLServerColumnEncryptionJavaKeyStoreProvider
public abstract class SQLServerColumnEncryptionKeyStoreProvider extends Object
Defines the abstract class for a SQL Server Column Encryption key store provider Extend this class to implement a custom key store provider.
-
-
Constructor Summary
Constructors Constructor Description SQLServerColumnEncryptionKeyStoreProvider()default constructor
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description abstract byte[]decryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] encryptedColumnEncryptionKey)Decrypts the specified encrypted value of a column encryption key.abstract byte[]encryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] columnEncryptionKey)Encrypts a column encryption key using the column master key with the specified key path and using the specified algorithm.DurationgetColumnEncryptionKeyCacheTtl()Returns the time-to-live for items in the cache of column encryption keys, as implemented in the key store provider.abstract StringgetName()Returns the name of this key store provider.voidsetColumnEncryptionCacheTtl(Duration duration)Sets the the time-to-live for items in the cache of column encryption keys in the key store provider.abstract voidsetName(String name)Sets the name of this key store provider.abstract booleanverifyColumnMasterKeyMetadata(String masterKeyPath, boolean allowEnclaveComputations, byte[] signature)Verify the signature is valid for the column master key
-
-
-
Method Detail
-
setName
public abstract void setName(String name)
Sets the name of this key store provider.- Parameters:
name- value to be set for the key store provider.
-
getName
public abstract String getName()
Returns the name of this key store provider.- Returns:
- the name of this key store provider.
-
decryptColumnEncryptionKey
public abstract byte[] decryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] encryptedColumnEncryptionKey) throws SQLServerException
Decrypts the specified encrypted value of a column encryption key. The encrypted value is expected to be encrypted using the column master key with the specified key path and using the specified algorithm.- Parameters:
masterKeyPath- The column master key path.encryptionAlgorithm- the specific encryption algorithm.encryptedColumnEncryptionKey- the encrypted column encryption key- Returns:
- the decrypted value of column encryption key.
- Throws:
SQLServerException- when an error occurs while decrypting the CEK
-
encryptColumnEncryptionKey
public abstract byte[] encryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] columnEncryptionKey) throws SQLServerException
Encrypts a column encryption key using the column master key with the specified key path and using the specified algorithm.- Parameters:
masterKeyPath- The column master key path.encryptionAlgorithm- the specific encryption algorithm.columnEncryptionKey- column encryption key to be encrypted.- Returns:
- the encrypted column encryption key.
- Throws:
SQLServerException- when an error occurs while encrypting the CEK
-
verifyColumnMasterKeyMetadata
public abstract boolean verifyColumnMasterKeyMetadata(String masterKeyPath, boolean allowEnclaveComputations, byte[] signature) throws SQLServerException
Verify the signature is valid for the column master key- Parameters:
masterKeyPath- column master key pathallowEnclaveComputations- indicates whether the column master key supports enclave computationssignature- signature of the column master key metadata- Returns:
- whether the signature is valid for the column master key
- Throws:
SQLServerException- when an error occurs while verifying the signature
-
getColumnEncryptionKeyCacheTtl
public Duration getColumnEncryptionKeyCacheTtl()
Returns the time-to-live for items in the cache of column encryption keys, as implemented in the key store provider.- Returns:
- the time-to-live for items in the cache.
-
setColumnEncryptionCacheTtl
public void setColumnEncryptionCacheTtl(Duration duration)
Sets the the time-to-live for items in the cache of column encryption keys in the key store provider.- Parameters:
duration- value to be set for the time-to-live for items in the cache in the key store provider.
-
-