1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
--
-- Licensed to the Apache Software Foundation (ASF) under one or more
-- contributor license agreements. See the NOTICE file distributed with
-- this work for additional information regarding copyright ownership.
-- The ASF licenses this file to You under the Apache License, Version 2.0
-- (the "License"); you may not use this file except in compliance with
-- the License. You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--
-- This script tests configuring an un-enctypted database for encryption and
-- reencryption of an encrypted database with new enryption key/password.
disconnect;
---test configure the database for encrypion with encryption key.
connect 'wombat_key;create=true';
create table t1(a int ) ;
insert into t1 values(1) ;
insert into t1 values(2) ;
insert into t1 values(3) ;
insert into t1 values(4) ;
insert into t1 values(5) ;
disconnect;
connect 'wombat_key;shutdown=true';
-- configure the database for encrypion with external encryption key.
connect 'jdbc:derby:wombat_key;dataEncryption=true;encryptionKey=6162636465666768';
select * from t1;
insert into t1 values(6);
insert into t1 values(7);
disconnect;
connect 'wombat_key;shutdown=true';
connect 'jdbc:derby:wombat_key;encryptionKey=6162636465666768';
select * from t1 ;
disconnect;
connect 'wombat_key;shutdown=true';
--- reencrypt the database with a different encryption key
connect 'jdbc:derby:wombat_key;encryptionKey=6162636465666768;newEncryptionKey=5666768616263646';
select * from t1;
insert into t1 values(7);
insert into t1 values(8);
disconnect;
connect 'wombat_key;shutdown=true';
--- boot the database with the new encyrption key.
connect 'jdbc:derby:wombat_key;encryptionKey=5666768616263646';
select * from t1;
insert into t1 values(9);
insert into t1 values(10);
disconnect;
connect 'wombat_key;shutdown=true';
--- attempt to boot with the old encrytion key, it should fail.
connect 'jdbc:derby:wombat_key;encryptionKey=6162636465666768';
-- test confugring the database for encrypion with a boot password.
connect 'wombat_pwd;create=true';
create table t2(a int ) ;
insert into t2 values(1) ;
insert into t2 values(2) ;
insert into t2 values(3) ;
insert into t2 values(4) ;
insert into t2 values(5) ;
disconnect;
connect 'wombat_pwd;shutdown=true';
---configure the database for encrypion with a boot password.
connect 'jdbc:derby:wombat_pwd;dataEncryption=true;bootPassword=xyz1234abc';
select * from t2;
insert into t2 values(6);
insert into t2 values(7);
disconnect;
connect 'wombat_pwd;shutdown=true';
connect 'jdbc:derby:wombat_pwd;bootPassword=xyz1234abc';
select * from t2 ;
disconnect;
connect 'wombat_pwd;shutdown=true';
--- reconfigure the database with a different password.
connect 'jdbc:derby:wombat_pwd;bootPassword=xyz1234abc;newBootPassword=new1234xyz';
select * from t2 ;
insert into t2 values(8);
insert into t2 values(9);
insert into t2 values(10);
disconnect;
connect 'wombat_pwd;shutdown=true';
-- boot the database with the new password.
connect 'jdbc:derby:wombat_pwd;bootPassword=new1234xyz';
select * from t2 ;
disconnect;
connect 'wombat_pwd;shutdown=true';
-- attempt to boot the database with the old password, it should fail.
connect 'jdbc:derby:wombat_pwd;bootPassword=xyz1234abc';
|
