From ea2c44ad467e767f2bfa2f24239fd2bd26dee94f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Kubik?= Date: Wed, 14 Aug 2024 11:33:43 +0200 Subject: [PATCH] SNOW-618478: Introduce unified property for private key file and base64 bytes Adds private_key_pwd session property that may be used interchangeably with existing private_key_file_pwd. Marks private_key_file_pwd property as deprecated as in the future it'll be completely replaced with private_key_pwd. Rename usages of privateKeyFilePwd to privateKeyPwd to clarify that from now it may refer not only to the file but also private_key_base64. --- .../java/net/snowflake/client/core/SFSession.java | 8 ++++++-- .../net/snowflake/client/core/SFSessionProperty.java | 5 +++-- .../net/snowflake/client/core/SessionUtilKeyPair.java | 11 +++-------- .../snowflake/client/core/SessionUtilLatestIT.java | 3 +-- 4 files changed, 13 insertions(+), 14 deletions(-) diff --git a/src/main/java/net/snowflake/client/core/SFSession.java b/src/main/java/net/snowflake/client/core/SFSession.java index f7ed48717..3b0890501 100644 --- a/src/main/java/net/snowflake/client/core/SFSession.java +++ b/src/main/java/net/snowflake/client/core/SFSession.java @@ -593,7 +593,9 @@ public synchronized void open() throws SFException, SnowflakeSQLException { SFLoggerUtil.isVariableProvided( (String) connectionPropertiesMap.get(SFSessionProperty.PRIVATE_KEY_BASE64)), SFLoggerUtil.isVariableProvided( - (String) connectionPropertiesMap.getOrDefault(SFSessionProperty.PRIVATE_KEY_PWD, + (String) + connectionPropertiesMap.getOrDefault( + SFSessionProperty.PRIVATE_KEY_PWD, connectionPropertiesMap.get(SFSessionProperty.PRIVATE_KEY_FILE_PWD))), connectionPropertiesMap.get(SFSessionProperty.ENABLE_DIAGNOSTICS), connectionPropertiesMap.get(SFSessionProperty.DIAGNOSTICS_ALLOWLIST_FILE), @@ -645,7 +647,9 @@ public synchronized void open() throws SFException, SnowflakeSQLException { .setPrivateKeyBase64( (String) connectionPropertiesMap.get(SFSessionProperty.PRIVATE_KEY_BASE64)) .setPrivateKeyPwd( - (String) connectionPropertiesMap.getOrDefault(SFSessionProperty.PRIVATE_KEY_PWD, + (String) + connectionPropertiesMap.getOrDefault( + SFSessionProperty.PRIVATE_KEY_PWD, connectionPropertiesMap.get(SFSessionProperty.PRIVATE_KEY_FILE_PWD))) .setApplication((String) connectionPropertiesMap.get(SFSessionProperty.APPLICATION)) .setServiceName(getServiceName()) diff --git a/src/main/java/net/snowflake/client/core/SFSessionProperty.java b/src/main/java/net/snowflake/client/core/SFSessionProperty.java index 5e1c90847..e99466d17 100644 --- a/src/main/java/net/snowflake/client/core/SFSessionProperty.java +++ b/src/main/java/net/snowflake/client/core/SFSessionProperty.java @@ -56,8 +56,9 @@ public enum SFSessionProperty { PRIVATE_KEY_FILE("private_key_file", false, String.class), PRIVATE_KEY_BASE64("private_key_base64", false, String.class), /** - * @deprecated Use {@link #PRIVATE_KEY_PWD} for clarity. The given password will be used to decrypt - * the private key value independent of whether that value is supplied as a file or base64 string + * @deprecated Use {@link #PRIVATE_KEY_PWD} for clarity. The given password will be used to + * decrypt the private key value independent of whether that value is supplied as a file or + * base64 string */ @Deprecated PRIVATE_KEY_FILE_PWD("private_key_file_pwd", false, String.class), diff --git a/src/main/java/net/snowflake/client/core/SessionUtilKeyPair.java b/src/main/java/net/snowflake/client/core/SessionUtilKeyPair.java index 502e4b9d3..50e351cd1 100644 --- a/src/main/java/net/snowflake/client/core/SessionUtilKeyPair.java +++ b/src/main/java/net/snowflake/client/core/SessionUtilKeyPair.java @@ -102,8 +102,7 @@ class SessionUtilKeyPair { } ensurePrivateKeyProvidedInOnlyOneProperty(privateKey, privateKeyFile, privateKeyBase64); - this.privateKey = - buildPrivateKey(privateKey, privateKeyFile, privateKeyBase64, privateKeyPwd); + this.privateKey = buildPrivateKey(privateKey, privateKeyFile, privateKeyBase64, privateKeyPwd); // construct public key from raw bytes if (this.privateKey instanceof RSAPrivateCrtKey) { @@ -143,10 +142,7 @@ private static void ensurePrivateKeyProvidedInOnlyOneProperty( } private PrivateKey buildPrivateKey( - PrivateKey privateKey, - String privateKeyFile, - String privateKeyBase64, - String privateKeyPwd) + PrivateKey privateKey, String privateKeyFile, String privateKeyBase64, String privateKeyPwd) throws SFException { if (!Strings.isNullOrEmpty(privateKeyBase64)) { logger.trace("Reading private key from base64 string"); @@ -279,8 +275,7 @@ public static int getTimeout() { return jwtAuthTimeout; } - private PrivateKey extractPrivateKeyWithBouncyCastle( - byte[] privateKeyBytes, String privateKeyPwd) + private PrivateKey extractPrivateKeyWithBouncyCastle(byte[] privateKeyBytes, String privateKeyPwd) throws IOException, PKCSException, OperatorCreationException { logger.trace("Extracting private key using Bouncy Castle provider"); PrivateKeyInfo privateKeyInfo = null; diff --git a/src/test/java/net/snowflake/client/core/SessionUtilLatestIT.java b/src/test/java/net/snowflake/client/core/SessionUtilLatestIT.java index 07f817efc..be6c03b01 100644 --- a/src/test/java/net/snowflake/client/core/SessionUtilLatestIT.java +++ b/src/test/java/net/snowflake/client/core/SessionUtilLatestIT.java @@ -89,8 +89,7 @@ private SFLoginInput initMockLoginInput() { .thenReturn(ClientAuthnDTO.AuthenticatorType.SNOWFLAKE_JWT.name()); when(loginInput.getPrivateKeyFile()) .thenReturn(systemGetEnv("SNOWFLAKE_TEST_PRIVATE_KEY_FILE")); - when(loginInput.getPrivateKeyPwd()) - .thenReturn(systemGetEnv("SNOWFLAKE_TEST_PRIVATE_KEY_PWD")); + when(loginInput.getPrivateKeyPwd()).thenReturn(systemGetEnv("SNOWFLAKE_TEST_PRIVATE_KEY_PWD")); when(loginInput.getUserName()).thenReturn(systemGetEnv("SNOWFLAKE_TEST_USER")); when(loginInput.getAccountName()).thenReturn("testaccount"); when(loginInput.getAppId()).thenReturn("testid");