java-docs-samples/cloud-sql/sqlserver/client-side-encryption/src/test/java/cloudsql/tink/EncryptInsertDataIT.java at main · Reality2byte/java-docs-samples · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
/*
 * Copyright 2021 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package cloudsql.tink;

import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.Truth.assertWithMessage;

import com.google.crypto.tink.Aead;
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.security.GeneralSecurityException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;
import javax.sql.DataSource;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

public class EncryptInsertDataIT {

  private static final String CLOUD_KMS_URI = System.getenv("CLOUD_KMS_URI");
  private static final String SQLSERVER_USER = System.getenv("SQLSERVER_USER");
  private static final String SQLSERVER_PASS = System.getenv("SQLSERVER_PASS");
  private static final String SQLSERVER_DB = System.getenv("SQLSERVER_DB");
  private static final String SQLSERVER_CONNECTION_NAME = System
      .getenv("SQLSERVER_CONNECTION_NAME");
  private static List<String> requiredEnvVars =
      Arrays
          .asList("SQLSERVER_USER", "SQLSERVER_PASS", "SQLSERVER_DB", "SQLSERVER_CONNECTION_NAME",
              "CLOUD_KMS_URI");
  private static DataSource pool;
  private static String tableName;
  private static Aead envAead;
  private ByteArrayOutputStream bout;
  private PrintStream originalOut = System.out;


  public static void checkEnvVars() {
    // Check that required env vars are set
    requiredEnvVars.forEach((varName) -> {
      assertWithMessage(
          String.format("Environment variable '%s' must be set to perform these tests.", varName))
          .that(System.getenv(varName)).isNotEmpty();
    });
  }

  @BeforeClass
  public static void setUp() throws GeneralSecurityException, SQLException {
    checkEnvVars();
    tableName = String.format("votes_%s", UUID.randomUUID().toString().replace("-", ""));
    pool = CloudSqlConnectionPool
        .createConnectionPool(SQLSERVER_USER, SQLSERVER_PASS, SQLSERVER_DB,
            SQLSERVER_CONNECTION_NAME);
    CloudSqlConnectionPool.createTable(pool, tableName);
    envAead = CloudKmsEnvelopeAead.get(CLOUD_KMS_URI);
  }

  @AfterClass
  public static void tearDown() throws SQLException {
    if (pool != null) {
      try (Connection conn = pool.getConnection()) {
        String stmt = String.format("DROP TABLE %s;", tableName);
        try (PreparedStatement createTableStatement = conn.prepareStatement(stmt);) {
          createTableStatement.execute();
        }
      }
    }
  }

  @Before
  public void captureOutput() {
    bout = new ByteArrayOutputStream();
    System.setOut(new PrintStream(bout));
  }

  @After
  public void resetOutput() {
    System.setOut(originalOut);
    bout.reset();
  }

  @Test
  public void testEncryptAndInsertData() throws GeneralSecurityException, SQLException {
    EncryptAndInsertData
        .encryptAndInsertData(pool, envAead, tableName, "TABS", "hello@example.com");
    String output = bout.toString();
    assertThat(output).contains("Successfully inserted row into table");

    List<String> decryptedEmails = new ArrayList<>();
    try (Connection conn = pool.getConnection()) {
      String stmt = String.format(
          "SELECT TOP(5) team, time_cast, voter_email FROM %s ORDER BY time_cast DESC;",
          tableName);
      try (PreparedStatement voteStmt = conn.prepareStatement(stmt);) {
        ResultSet voteResults = voteStmt.executeQuery();
        while (voteResults.next()) {
          byte[] decryptedEmail = envAead
              .decrypt(voteResults.getBytes(3), voteResults.getString(1).getBytes());
          decryptedEmails.add(new String(decryptedEmail));
        }
      }
    }
    assertThat(decryptedEmails).contains("hello@example.com");
  }

}