Module com.microsoft.sqlserver.jdbc
Package com.microsoft.sqlserver.jdbc

Class SQLServerColumnEncryptionKeyStoreProvider

java.lang.Object
com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider
Direct Known Subclasses:
SQLServerColumnEncryptionAzureKeyVaultProvider, SQLServerColumnEncryptionCertificateStoreProvider, SQLServerColumnEncryptionJavaKeyStoreProvider
public abstract class SQLServerColumnEncryptionKeyStoreProvider extends Object
Defines the abstract class for a SQL Server Column Encryption key store provider Extend this class to implement a custom key store provider.

  • Constructor Details

    • SQLServerColumnEncryptionKeyStoreProvider

      public SQLServerColumnEncryptionKeyStoreProvider()
      default constructor

  • Method Details

    • setName

      public abstract void setName(String name)
      Sets the name of this key store provider.
      Parameters:
      name - value to be set for the key store provider.

    • getName

      public abstract String getName()
      Returns the name of this key store provider.
      Returns:
      the name of this key store provider.

    • decryptColumnEncryptionKey

      public abstract byte[] decryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] encryptedColumnEncryptionKey) throws SQLServerException
      Decrypts the specified encrypted value of a column encryption key. The encrypted value is expected to be encrypted using the column master key with the specified key path and using the specified algorithm.
      Parameters:
      masterKeyPath - The column master key path.
      encryptionAlgorithm - the specific encryption algorithm.
      encryptedColumnEncryptionKey - the encrypted column encryption key
      Returns:
      the decrypted value of column encryption key.
      Throws:
      SQLServerException - when an error occurs while decrypting the CEK

    • encryptColumnEncryptionKey

      public abstract byte[] encryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] columnEncryptionKey) throws SQLServerException
      Encrypts a column encryption key using the column master key with the specified key path and using the specified algorithm.
      Parameters:
      masterKeyPath - The column master key path.
      encryptionAlgorithm - the specific encryption algorithm.
      columnEncryptionKey - column encryption key to be encrypted.
      Returns:
      the encrypted column encryption key.
      Throws:
      SQLServerException - when an error occurs while encrypting the CEK

    • verifyColumnMasterKeyMetadata

      public abstract boolean verifyColumnMasterKeyMetadata(String masterKeyPath, boolean allowEnclaveComputations, byte[] signature) throws SQLServerException
      Verify the signature is valid for the column master key
      Parameters:
      masterKeyPath - column master key path
      allowEnclaveComputations - indicates whether the column master key supports enclave computations
      signature - signature of the column master key metadata
      Returns:
      whether the signature is valid for the column master key
      Throws:
      SQLServerException - when an error occurs while verifying the signature

    • getColumnEncryptionKeyCacheTtl

      public Duration getColumnEncryptionKeyCacheTtl()
      Returns the time-to-live for items in the cache of column encryption keys, as implemented in the key store provider.
      Returns:
      the time-to-live for items in the cache.

    • setColumnEncryptionCacheTtl

      public void setColumnEncryptionCacheTtl(Duration duration)
      Sets the the time-to-live for items in the cache of column encryption keys in the key store provider.
      Parameters:
      duration - value to be set for the time-to-live for items in the cache in the key store provider.