Module com.microsoft.sqlserver.jdbc
Package com.microsoft.sqlserver.jdbc
Class SQLServerColumnEncryptionKeyStoreProvider
java.lang.Object
com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider
- Direct Known Subclasses:
SQLServerColumnEncryptionAzureKeyVaultProvider
,SQLServerColumnEncryptionCertificateStoreProvider
,SQLServerColumnEncryptionJavaKeyStoreProvider
Defines the abstract class for a SQL Server Column Encryption key store provider Extend this class to implement a
custom key store provider.
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionabstract byte[]
decryptColumnEncryptionKey
(String masterKeyPath, String encryptionAlgorithm, byte[] encryptedColumnEncryptionKey) Decrypts the specified encrypted value of a column encryption key.abstract byte[]
encryptColumnEncryptionKey
(String masterKeyPath, String encryptionAlgorithm, byte[] columnEncryptionKey) Encrypts a column encryption key using the column master key with the specified key path and using the specified algorithm.Returns the time-to-live for items in the cache of column encryption keys, as implemented in the key store provider.abstract String
getName()
Returns the name of this key store provider.void
setColumnEncryptionCacheTtl
(Duration duration) Sets the the time-to-live for items in the cache of column encryption keys in the key store provider.abstract void
Sets the name of this key store provider.abstract boolean
verifyColumnMasterKeyMetadata
(String masterKeyPath, boolean allowEnclaveComputations, byte[] signature) Verify the signature is valid for the column master key
-
Constructor Details
-
SQLServerColumnEncryptionKeyStoreProvider
public SQLServerColumnEncryptionKeyStoreProvider()default constructor
-
-
Method Details
-
setName
Sets the name of this key store provider.- Parameters:
name
- value to be set for the key store provider.
-
getName
Returns the name of this key store provider.- Returns:
- the name of this key store provider.
-
decryptColumnEncryptionKey
public abstract byte[] decryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] encryptedColumnEncryptionKey) throws SQLServerException Decrypts the specified encrypted value of a column encryption key. The encrypted value is expected to be encrypted using the column master key with the specified key path and using the specified algorithm.- Parameters:
masterKeyPath
- The column master key path.encryptionAlgorithm
- the specific encryption algorithm.encryptedColumnEncryptionKey
- the encrypted column encryption key- Returns:
- the decrypted value of column encryption key.
- Throws:
SQLServerException
- when an error occurs while decrypting the CEK
-
encryptColumnEncryptionKey
public abstract byte[] encryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] columnEncryptionKey) throws SQLServerException Encrypts a column encryption key using the column master key with the specified key path and using the specified algorithm.- Parameters:
masterKeyPath
- The column master key path.encryptionAlgorithm
- the specific encryption algorithm.columnEncryptionKey
- column encryption key to be encrypted.- Returns:
- the encrypted column encryption key.
- Throws:
SQLServerException
- when an error occurs while encrypting the CEK
-
verifyColumnMasterKeyMetadata
public abstract boolean verifyColumnMasterKeyMetadata(String masterKeyPath, boolean allowEnclaveComputations, byte[] signature) throws SQLServerException Verify the signature is valid for the column master key- Parameters:
masterKeyPath
- column master key pathallowEnclaveComputations
- indicates whether the column master key supports enclave computationssignature
- signature of the column master key metadata- Returns:
- whether the signature is valid for the column master key
- Throws:
SQLServerException
- when an error occurs while verifying the signature
-
getColumnEncryptionKeyCacheTtl
Returns the time-to-live for items in the cache of column encryption keys, as implemented in the key store provider.- Returns:
- the time-to-live for items in the cache.
-
setColumnEncryptionCacheTtl
Sets the the time-to-live for items in the cache of column encryption keys in the key store provider.- Parameters:
duration
- value to be set for the time-to-live for items in the cache in the key store provider.
-