/Kilimanjaro_Trunk/Security/Transport/Scripts/1 - Target endpoint setup.sql

# · SQL · 65 lines · 24 code · 13 blank · 28 comment · 0 complexity · 8ff8f75ef3aab0ba652051ac3c6c7eaf MD5 · raw file 

    

  1. --------------------------------------------------------------------

    2. 

  2. -- Script for transport security sample.

    3. 

  3. --

    4. 

  4. -- This file is part of the Microsoft SQL Server Code Samples.

    5. 

  5. -- Copyright (C) Microsoft Corporation. All Rights reserved.

    6. 

  6. -- This source code is intended only as a supplement to Microsoft

    7. 

  7. -- Development Tools and/or on-line documentation. See these other

    8. 

  8. -- materials for detailed information regarding Microsoft code samples.

    9. 

  9. --

    10. 

  10. -- THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF

    11. 

  11. -- ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO

    12. 

  12. -- THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A

    13. 

  13. -- PARTICULAR PURPOSE.

    14. 

  14. --------------------------------------------------------------------

    15. 

  15. 

    16. 

  16. -- This script sets up a the target broker endpoint for transport

    17. 

  17. -- certificate-based security.

    18. 

  18. -- Modify the location of the certificate in script to suit configuration.

    19. 

  19. 

    20. 

  20. USE master;

    21. 

  21. GO

    22. 

  22. 

    23. 

  23. -- A master key is required to use certificates.

    24. 

  24. BEGIN TRANSACTION;

    25. 

  25. IF NOT EXISTS (SELECT * FROM sys.symmetric_keys WHERE name = '##MS_DatabaseMasterKey##')

    26. 

  26. 	CREATE MASTER KEY ENCRYPTION BY PASSWORD ='Password#123'

    27. 

  27. COMMIT;

    28. 

  28. GO

    29. 

  29. 

    30. 

  30. -- Create a certificate to authenticate the endpoint.

    31. 

  31. IF EXISTS (SELECT * FROM sys.certificates WHERE name = 'target_transport_cert')

    32. 

  32. 	DROP CERTIFICATE target_transport_cert;

    33. 

  33. GO

    34. 

  34. 

    35. 

  35. CREATE CERTIFICATE target_transport_cert

    36. 

  36. 	WITH SUBJECT = 'Service broker transport authentication for target';

    37. 

  37. GO

    38. 

  38. 

    39. 

  39. -- Backup to a file to allow the certificate to be given to the initiator.

    40. 

  40. BACKUP CERTIFICATE target_transport_cert

    41. 

  41. 	TO FILE = 'c:\target_transport.cert';

    42. 

  42. GO

    43. 

  43. 

    44. 

  44. -- Create the broker endpoint using the certificate for authentication.

    45. 

  45. IF EXISTS (SELECT * FROM sys.endpoints WHERE name = 'service_broker_endpoint')

    46. 

  46. 	DROP ENDPOINT service_broker_endpoint;

    47. 

  47. GO

    48. 

  48. 

    49. 

  49. CREATE ENDPOINT service_broker_endpoint

    50. 

  50. STATE = STARTED

    51. 

  51. AS TCP (LISTENER_PORT = 4022)

    52. 

  52. FOR SERVICE_BROKER (AUTHENTICATION = CERTIFICATE target_transport_cert);

    53. 

  53. GO

    54. 

  54. 

    55. 

  55. ----------EXCHANGE CERTIFICATES BEFORE PROCEEDING---------------

    56. 

  56. -- The initiator and target certificates must be exchanged in order for them to

    57. 

  57. -- authenticate each other. In a production system, this "out of band" exchange

    58. 

  58. -- should be done with a high level of trust, since a certificate bearer will be 

    59. 

  59. -- able to begin dialogs and send messages to service broker services in the

    60. 

  60. -- authenticating server. However, assuming the sample is being used on a development

    61. 

  61. -- system, the exchange may be simple remote copies.
    62.