Skip to content

Commit 86be993

Browse files
thaidnthaidn
authored
Correct comments on associated data. (GoogleCloudPlatform#4901)
Fixes #issue > It's a good idea to open an issue first for discussion. - [ ] I have followed [Sample Format Guide](https://github.com/GoogleCloudPlatform/java-docs-samples/blob/master/SAMPLE_FORMAT.md) - [ ] `pom.xml` parent set to latest `shared-configuration` - [ ] Appropriate changes to README are included in PR - [ ] API's need to be enabled to test (tell us) - [ ] Environment Variables need to be set (ask us to set them) - [ ] **Tests** pass: `mvn clean verify` **required** - [ ] **Lint** passes: `mvn -P lint checkstyle:check` **required** - [ ] **Static Analysis**: `mvn -P lint clean compile pmd:cpd-check spotbugs:check` **advisory only** - [ ] Please **merge** this PR for me once it is approved.
1 parent db5fa38 commit 86be993

6 files changed

Lines changed: 72 additions & 70 deletions

File tree

cloud-sql/mysql/client-side-encryption/src/main/java/cloudsql/tink/EncryptAndInsertData.java

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,8 @@ public static void main(String[] args) throws GeneralSecurityException, SQLExcep
4848

4949
// Initialize database connection pool and create table if it does not exist
5050
// See CloudSqlConnectionPool.java for setup details
51-
DataSource pool = CloudSqlConnectionPool
52-
.createConnectionPool(dbUser, dbPass, dbName, cloudSqlConnectionName);
51+
DataSource pool =
52+
CloudSqlConnectionPool.createConnectionPool(dbUser, dbPass, dbName, cloudSqlConnectionName);
5353
CloudSqlConnectionPool.createTable(pool, tableName);
5454

5555
// Initialize envelope AEAD
@@ -59,21 +59,21 @@ public static void main(String[] args) throws GeneralSecurityException, SQLExcep
5959
encryptAndInsertData(pool, envAead, tableName, team, email);
6060
}
6161

62-
public static void encryptAndInsertData(DataSource pool, Aead envAead, String tableName,
63-
String team, String email)
62+
public static void encryptAndInsertData(
63+
DataSource pool, Aead envAead, String tableName, String team, String email)
6464
throws GeneralSecurityException, SQLException {
6565

6666
try (Connection conn = pool.getConnection()) {
67-
String stmt = String.format(
68-
"INSERT INTO %s (team, time_cast, voter_email) VALUES (?, ?, ?);", tableName);
69-
try (PreparedStatement voteStmt = conn.prepareStatement(stmt);) {
67+
String stmt =
68+
String.format(
69+
"INSERT INTO %s (team, time_cast, voter_email) VALUES (?, ?, ?);", tableName);
70+
try (PreparedStatement voteStmt = conn.prepareStatement(stmt); ) {
7071
voteStmt.setString(1, team);
7172
voteStmt.setTimestamp(2, new Timestamp(new Date().getTime()));
7273

7374
// Use the envelope AEAD primitive to encrypt the email, using the team name as
74-
// associated data. Encryption with associated data ensures authenticity
75-
// (who the sender is) and integrity (the data has not been tampered with) of that
76-
// data, but not its secrecy. (see RFC 5116 for more info)
75+
// associated data. This binds the encryption of the email to the team name, preventing
76+
// associating an encrypted email in one row with a team name in another row.
7777
byte[] encryptedEmail = envAead.encrypt(email.getBytes(), team.getBytes());
7878
voteStmt.setBytes(3, encryptedEmail);
7979

@@ -84,4 +84,4 @@ public static void encryptAndInsertData(DataSource pool, Aead envAead, String ta
8484
}
8585
}
8686
}
87-
// [END cloud_sql_mysql_cse_insert]
87+
// [END cloud_sql_mysql_cse_insert]

cloud-sql/mysql/client-side-encryption/src/main/java/cloudsql/tink/QueryAndDecryptData.java

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -46,8 +46,8 @@ public static void main(String[] args) throws GeneralSecurityException, SQLExcep
4646

4747
// Initialize database connection pool and create table if it does not exist
4848
// See CloudSqlConnectionPool.java for setup details
49-
DataSource pool = CloudSqlConnectionPool
50-
.createConnectionPool(dbUser, dbPass, dbName, cloudSqlConnectionName);
49+
DataSource pool =
50+
CloudSqlConnectionPool.createConnectionPool(dbUser, dbPass, dbName, cloudSqlConnectionName);
5151
CloudSqlConnectionPool.createTable(pool, tableName);
5252

5353
// Initialize envelope AEAD
@@ -56,8 +56,8 @@ public static void main(String[] args) throws GeneralSecurityException, SQLExcep
5656

5757
// Insert row into table to test
5858
// See EncryptAndInsert.java for setup details
59-
EncryptAndInsertData
60-
.encryptAndInsertData(pool, envAead, tableName, "SPACES", "hello@example.com");
59+
EncryptAndInsertData.encryptAndInsertData(
60+
pool, envAead, tableName, "SPACES", "hello@example.com");
6161

6262
queryAndDecryptData(pool, envAead, tableName);
6363
}
@@ -66,20 +66,21 @@ public static void queryAndDecryptData(DataSource pool, Aead envAead, String tab
6666
throws GeneralSecurityException, SQLException {
6767

6868
try (Connection conn = pool.getConnection()) {
69-
String stmt = String.format(
70-
"SELECT team, time_cast, voter_email FROM %s ORDER BY time_cast DESC LIMIT 5", tableName);
71-
try (PreparedStatement voteStmt = conn.prepareStatement(stmt);) {
69+
String stmt =
70+
String.format(
71+
"SELECT team, time_cast, voter_email FROM %s ORDER BY time_cast DESC LIMIT 5",
72+
tableName);
73+
try (PreparedStatement voteStmt = conn.prepareStatement(stmt); ) {
7274
ResultSet voteResults = voteStmt.executeQuery();
7375

7476
System.out.println("Team\tTime Cast\tEmail");
7577
while (voteResults.next()) {
7678
String team = voteResults.getString(1);
7779
Timestamp timeCast = voteResults.getTimestamp(2);
7880

79-
// Use the envelope AEAD primitive to decrypt the email, using the team name as
80-
// associated data. Encryption with associated data ensures authenticity
81-
// (who the sender is) and integrity (the data has not been tampered with) of that
82-
// data, but not its secrecy. (see RFC 5116 for more info)
81+
// Use the envelope AEAD primitive to encrypt the email, using the team name as
82+
// associated data. This binds the encryption of the email to the team name, preventing
83+
// associating an encrypted email in one row with a team name in another row.
8384
String email = new String(envAead.decrypt(voteResults.getBytes(3), team.getBytes()));
8485

8586
System.out.println(String.format("%s\t%s\t%s", team, timeCast, email));
@@ -88,4 +89,4 @@ public static void queryAndDecryptData(DataSource pool, Aead envAead, String tab
8889
}
8990
}
9091
}
91-
// [END cloud_sql_mysql_cse_query]
92+
// [END cloud_sql_mysql_cse_query]

cloud-sql/postgres/client-side-encryption/src/main/java/cloudsql/tink/EncryptAndInsertData.java

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,8 @@ public static void main(String[] args) throws GeneralSecurityException, SQLExcep
4848

4949
// Initialize database connection pool and create table if it does not exist
5050
// See CloudSqlConnectionPool.java for setup details
51-
DataSource pool = CloudSqlConnectionPool
52-
.createConnectionPool(dbUser, dbPass, dbName, cloudSqlConnectionName);
51+
DataSource pool =
52+
CloudSqlConnectionPool.createConnectionPool(dbUser, dbPass, dbName, cloudSqlConnectionName);
5353
CloudSqlConnectionPool.createTable(pool, tableName);
5454

5555
// Initialize envelope AEAD
@@ -59,21 +59,21 @@ public static void main(String[] args) throws GeneralSecurityException, SQLExcep
5959
encryptAndInsertData(pool, envAead, tableName, team, email);
6060
}
6161

62-
public static void encryptAndInsertData(DataSource pool, Aead envAead, String tableName,
63-
String team, String email)
62+
public static void encryptAndInsertData(
63+
DataSource pool, Aead envAead, String tableName, String team, String email)
6464
throws GeneralSecurityException, SQLException {
6565

6666
try (Connection conn = pool.getConnection()) {
67-
String stmt = String.format(
68-
"INSERT INTO %s (team, time_cast, voter_email) VALUES (?, ?, ?);", tableName);
69-
try (PreparedStatement voteStmt = conn.prepareStatement(stmt);) {
67+
String stmt =
68+
String.format(
69+
"INSERT INTO %s (team, time_cast, voter_email) VALUES (?, ?, ?);", tableName);
70+
try (PreparedStatement voteStmt = conn.prepareStatement(stmt); ) {
7071
voteStmt.setString(1, team);
7172
voteStmt.setTimestamp(2, new Timestamp(new Date().getTime()));
7273

7374
// Use the envelope AEAD primitive to encrypt the email, using the team name as
74-
// associated data. Encryption with associated data ensures authenticity
75-
// (who the sender is) and integrity (the data has not been tampered with) of that
76-
// data, but not its secrecy. (see RFC 5116 for more info)
75+
// associated data. This binds the encryption of the email to the team name, preventing
76+
// associating an encrypted email in one row with a team name in another row.
7777
byte[] encryptedEmail = envAead.encrypt(email.getBytes(), team.getBytes());
7878
voteStmt.setBytes(3, encryptedEmail);
7979

@@ -84,4 +84,4 @@ public static void encryptAndInsertData(DataSource pool, Aead envAead, String ta
8484
}
8585
}
8686
}
87-
// [END cloud_sql_postgres_cse_insert]
87+
// [END cloud_sql_postgres_cse_insert]

cloud-sql/postgres/client-side-encryption/src/main/java/cloudsql/tink/QueryAndDecryptData.java

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -46,8 +46,8 @@ public static void main(String[] args) throws GeneralSecurityException, SQLExcep
4646

4747
// Initialize database connection pool and create table if it does not exist
4848
// See CloudSqlConnectionPool.java for setup details
49-
DataSource pool = CloudSqlConnectionPool
50-
.createConnectionPool(dbUser, dbPass, dbName, cloudSqlConnectionName);
49+
DataSource pool =
50+
CloudSqlConnectionPool.createConnectionPool(dbUser, dbPass, dbName, cloudSqlConnectionName);
5151
CloudSqlConnectionPool.createTable(pool, tableName);
5252

5353
// Initialize envelope AEAD
@@ -56,8 +56,8 @@ public static void main(String[] args) throws GeneralSecurityException, SQLExcep
5656

5757
// Insert row into table to test
5858
// See EncryptAndInsert.java for setup details
59-
EncryptAndInsertData
60-
.encryptAndInsertData(pool, envAead, tableName, "SPACES", "hello@example.com");
59+
EncryptAndInsertData.encryptAndInsertData(
60+
pool, envAead, tableName, "SPACES", "hello@example.com");
6161

6262
queryAndDecryptData(pool, envAead, tableName);
6363
}
@@ -66,9 +66,11 @@ public static void queryAndDecryptData(DataSource pool, Aead envAead, String tab
6666
throws GeneralSecurityException, SQLException {
6767

6868
try (Connection conn = pool.getConnection()) {
69-
String stmt = String.format(
70-
"SELECT team, time_cast, voter_email FROM %s ORDER BY time_cast DESC LIMIT 5", tableName);
71-
try (PreparedStatement voteStmt = conn.prepareStatement(stmt);) {
69+
String stmt =
70+
String.format(
71+
"SELECT team, time_cast, voter_email FROM %s ORDER BY time_cast DESC LIMIT 5",
72+
tableName);
73+
try (PreparedStatement voteStmt = conn.prepareStatement(stmt); ) {
7274
ResultSet voteResults = voteStmt.executeQuery();
7375

7476
System.out.println("Team\tTime Cast\tEmail");
@@ -80,10 +82,9 @@ public static void queryAndDecryptData(DataSource pool, Aead envAead, String tab
8082
// decrypting.
8183
String aad = voteResults.getString(1).trim();
8284

83-
// Use the envelope AEAD primitive to decrypt the email, using the team name as
84-
// associated data. Encryption with associated data ensures authenticity
85-
// (who the sender is) and integrity (the data has not been tampered with) of that
86-
// data, but not its secrecy. (see RFC 5116 for more info)
85+
// Use the envelope AEAD primitive to encrypt the email, using the team name as
86+
// associated data. This binds the encryption of the email to the team name, preventing
87+
// associating an encrypted email in one row with a team name in another row.
8788
String email = new String(envAead.decrypt(voteResults.getBytes(3), aad.getBytes()));
8889

8990
System.out.println(String.format("%s\t%s\t%s", team, timeCast, email));
@@ -92,4 +93,4 @@ public static void queryAndDecryptData(DataSource pool, Aead envAead, String tab
9293
}
9394
}
9495
}
95-
// [END cloud_sql_postgres_cse_query]
96+
// [END cloud_sql_postgres_cse_query]

cloud-sql/sqlserver/client-side-encryption/src/main/java/cloudsql/tink/EncryptAndInsertData.java

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,8 @@ public static void main(String[] args) throws GeneralSecurityException, SQLExcep
4848

4949
// Initialize database connection pool and create table if it does not exist
5050
// See CloudSqlConnectionPool.java for setup details
51-
DataSource pool = CloudSqlConnectionPool
52-
.createConnectionPool(dbUser, dbPass, dbName, cloudSqlConnectionName);
51+
DataSource pool =
52+
CloudSqlConnectionPool.createConnectionPool(dbUser, dbPass, dbName, cloudSqlConnectionName);
5353
CloudSqlConnectionPool.createTable(pool, tableName);
5454

5555
// Initialize envelope AEAD
@@ -59,21 +59,21 @@ public static void main(String[] args) throws GeneralSecurityException, SQLExcep
5959
encryptAndInsertData(pool, envAead, tableName, team, email);
6060
}
6161

62-
public static void encryptAndInsertData(DataSource pool, Aead envAead, String tableName,
63-
String team, String email)
62+
public static void encryptAndInsertData(
63+
DataSource pool, Aead envAead, String tableName, String team, String email)
6464
throws GeneralSecurityException, SQLException {
6565

6666
try (Connection conn = pool.getConnection()) {
67-
String stmt = String.format(
68-
"INSERT INTO %s (team, time_cast, voter_email) VALUES (?, ?, ?);", tableName);
69-
try (PreparedStatement voteStmt = conn.prepareStatement(stmt);) {
67+
String stmt =
68+
String.format(
69+
"INSERT INTO %s (team, time_cast, voter_email) VALUES (?, ?, ?);", tableName);
70+
try (PreparedStatement voteStmt = conn.prepareStatement(stmt); ) {
7071
voteStmt.setString(1, team);
7172
voteStmt.setTimestamp(2, new Timestamp(new Date().getTime()));
7273

7374
// Use the envelope AEAD primitive to encrypt the email, using the team name as
74-
// associated data. Encryption with associated data ensures authenticity
75-
// (who the sender is) and integrity (the data has not been tampered with) of that
76-
// data, but not its secrecy. (see RFC 5116 for more info)
75+
// associated data. This binds the encryption of the email to the team name, preventing
76+
// associating an encrypted email in one row with a team name in another row.
7777
byte[] encryptedEmail = envAead.encrypt(email.getBytes(), team.getBytes());
7878
voteStmt.setBytes(3, encryptedEmail);
7979

@@ -84,4 +84,4 @@ public static void encryptAndInsertData(DataSource pool, Aead envAead, String ta
8484
}
8585
}
8686
}
87-
// [END cloud_sql_sqlserver_cse_insert]
87+
// [END cloud_sql_sqlserver_cse_insert]

cloud-sql/sqlserver/client-side-encryption/src/main/java/cloudsql/tink/QueryAndDecryptData.java

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -46,8 +46,8 @@ public static void main(String[] args) throws GeneralSecurityException, SQLExcep
4646

4747
// Initialize database connection pool and create table if it does not exist
4848
// See CloudSqlConnectionPool.java for setup details
49-
DataSource pool = CloudSqlConnectionPool
50-
.createConnectionPool(dbUser, dbPass, dbName, cloudSqlConnectionName);
49+
DataSource pool =
50+
CloudSqlConnectionPool.createConnectionPool(dbUser, dbPass, dbName, cloudSqlConnectionName);
5151
CloudSqlConnectionPool.createTable(pool, tableName);
5252

5353
// Initialize envelope AEAD
@@ -56,8 +56,8 @@ public static void main(String[] args) throws GeneralSecurityException, SQLExcep
5656

5757
// Insert row into table to test
5858
// See EncryptAndInsert.java for setup details
59-
EncryptAndInsertData
60-
.encryptAndInsertData(pool, envAead, tableName, "SPACES", "hello@example.com");
59+
EncryptAndInsertData.encryptAndInsertData(
60+
pool, envAead, tableName, "SPACES", "hello@example.com");
6161

6262
queryAndDecryptData(pool, envAead, tableName);
6363
}
@@ -66,21 +66,21 @@ public static void queryAndDecryptData(DataSource pool, Aead envAead, String tab
6666
throws GeneralSecurityException, SQLException {
6767

6868
try (Connection conn = pool.getConnection()) {
69-
String stmt = String.format(
70-
"SELECT TOP(5) team, time_cast, voter_email FROM %s ORDER BY time_cast DESC;",
71-
tableName);
72-
try (PreparedStatement voteStmt = conn.prepareStatement(stmt);) {
69+
String stmt =
70+
String.format(
71+
"SELECT TOP(5) team, time_cast, voter_email FROM %s ORDER BY time_cast DESC;",
72+
tableName);
73+
try (PreparedStatement voteStmt = conn.prepareStatement(stmt); ) {
7374
ResultSet voteResults = voteStmt.executeQuery();
7475

7576
System.out.println("Team\tTime Cast\tEmail");
7677
while (voteResults.next()) {
7778
String team = voteResults.getString(1);
7879
Timestamp timeCast = voteResults.getTimestamp(2);
7980

80-
// Use the envelope AEAD primitive to decrypt the email, using the team name as
81-
// associated data. Encryption with associated data ensures authenticity
82-
// (who the sender is) and integrity (the data has not been tampered with) of that
83-
// data, but not its secrecy. (see RFC 5116 for more info)
81+
// Use the envelope AEAD primitive to encrypt the email, using the team name as
82+
// associated data. This binds the encryption of the email to the team name, preventing
83+
// associating an encrypted email in one row with a team name in another row.
8484
String email = new String(envAead.decrypt(voteResults.getBytes(3), team.getBytes()));
8585

8686
System.out.println(String.format("%s\t%s\t%s", team, timeCast, email));
@@ -89,4 +89,4 @@ public static void queryAndDecryptData(DataSource pool, Aead envAead, String tab
8989
}
9090
}
9191
}
92-
// [END cloud_sql_sqlserver_cse_query]
92+
// [END cloud_sql_sqlserver_cse_query]

0 commit comments

Comments
 (0)