Module com.microsoft.sqlserver.jdbc
Package com.microsoft.sqlserver.jdbc
Class SQLServerColumnEncryptionKeyStoreProvider
- java.lang.Object
-
- com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider
-
- Direct Known Subclasses:
SQLServerColumnEncryptionAzureKeyVaultProvider
,SQLServerColumnEncryptionCertificateStoreProvider
,SQLServerColumnEncryptionJavaKeyStoreProvider
public abstract class SQLServerColumnEncryptionKeyStoreProvider extends Object
Defines the abstract class for a SQL Server Column Encryption key store provider Extend this class to implement a custom key store provider.
-
-
Constructor Summary
Constructors Constructor Description SQLServerColumnEncryptionKeyStoreProvider()
default constructor
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description abstract byte[]
decryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] encryptedColumnEncryptionKey)
Decrypts the specified encrypted value of a column encryption key.abstract byte[]
encryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] columnEncryptionKey)
Encrypts a column encryption key using the column master key with the specified key path and using the specified algorithm.Duration
getColumnEncryptionKeyCacheTtl()
Returns the time-to-live for items in the cache of column encryption keys, as implemented in the key store provider.abstract String
getName()
Returns the name of this key store provider.void
setColumnEncryptionCacheTtl(Duration duration)
Sets the the time-to-live for items in the cache of column encryption keys in the key store provider.abstract void
setName(String name)
Sets the name of this key store provider.abstract boolean
verifyColumnMasterKeyMetadata(String masterKeyPath, boolean allowEnclaveComputations, byte[] signature)
Verify the signature is valid for the column master key
-
-
-
Method Detail
-
setName
public abstract void setName(String name)
Sets the name of this key store provider.- Parameters:
name
- value to be set for the key store provider.
-
getName
public abstract String getName()
Returns the name of this key store provider.- Returns:
- the name of this key store provider.
-
decryptColumnEncryptionKey
public abstract byte[] decryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] encryptedColumnEncryptionKey) throws SQLServerException
Decrypts the specified encrypted value of a column encryption key. The encrypted value is expected to be encrypted using the column master key with the specified key path and using the specified algorithm.- Parameters:
masterKeyPath
- The column master key path.encryptionAlgorithm
- the specific encryption algorithm.encryptedColumnEncryptionKey
- the encrypted column encryption key- Returns:
- the decrypted value of column encryption key.
- Throws:
SQLServerException
- when an error occurs while decrypting the CEK
-
encryptColumnEncryptionKey
public abstract byte[] encryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] columnEncryptionKey) throws SQLServerException
Encrypts a column encryption key using the column master key with the specified key path and using the specified algorithm.- Parameters:
masterKeyPath
- The column master key path.encryptionAlgorithm
- the specific encryption algorithm.columnEncryptionKey
- column encryption key to be encrypted.- Returns:
- the encrypted column encryption key.
- Throws:
SQLServerException
- when an error occurs while encrypting the CEK
-
verifyColumnMasterKeyMetadata
public abstract boolean verifyColumnMasterKeyMetadata(String masterKeyPath, boolean allowEnclaveComputations, byte[] signature) throws SQLServerException
Verify the signature is valid for the column master key- Parameters:
masterKeyPath
- column master key pathallowEnclaveComputations
- indicates whether the column master key supports enclave computationssignature
- signature of the column master key metadata- Returns:
- whether the signature is valid for the column master key
- Throws:
SQLServerException
- when an error occurs while verifying the signature
-
getColumnEncryptionKeyCacheTtl
public Duration getColumnEncryptionKeyCacheTtl()
Returns the time-to-live for items in the cache of column encryption keys, as implemented in the key store provider.- Returns:
- the time-to-live for items in the cache.
-
setColumnEncryptionCacheTtl
public void setColumnEncryptionCacheTtl(Duration duration)
Sets the the time-to-live for items in the cache of column encryption keys in the key store provider.- Parameters:
duration
- value to be set for the time-to-live for items in the cache in the key store provider.
-
-