/// <summary> /// Create a new enclave session /// </summary> /// <param name="attestationProtocol">attestation protocol</param> /// <param name="enclaveType">enclave type</param> /// <param name="serverName">servername</param> /// <param name="attestationUrl">attestation url for attestation service endpoint</param> /// <param name="attestationInfo">attestation info from SQL Server</param> /// <param name="attestationParameters">attestation parameters</param> /// <param name="customData">A set of extra data needed for attestating the enclave.</param> /// <param name="customDataLength">The length of the extra data needed for attestating the enclave.</param> internal void CreateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string serverName, string attestationUrl, byte[] attestationInfo, SqlEnclaveAttestationParameters attestationParameters, byte[] customData, int customDataLength) { lock (_lock) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); long counter; SqlEnclaveSession sqlEnclaveSession = null; byte[] dummyCustomData = null; int dummyCustomDataLength; sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(serverName, attestationUrl, false, out sqlEnclaveSession, out counter, out dummyCustomData, out dummyCustomDataLength); if (sqlEnclaveSession != null) { return; } sqlColumnEncryptionEnclaveProvider.CreateEnclaveSession(attestationInfo, attestationParameters.ClientDiffieHellmanKey, attestationUrl, serverName, customData, customDataLength, out sqlEnclaveSession, out counter); if (sqlEnclaveSession == null) { throw SQL.NullEnclaveSessionReturnedFromProvider(enclaveType, attestationUrl); } } }
public void TestSqlConnectionStringBuilderEquivilantTo_AttestationProtocol() { SqlConnectionAttestationProtocol protocol1 = SqlConnectionAttestationProtocol.AAS; SqlConnectionAttestationProtocol protocol2 = SqlConnectionAttestationProtocol.HGS; SqlConnectionAttestationProtocol protocol3 = SqlConnectionAttestationProtocol.None; SqlConnectionStringBuilder connectionStringBuilder1 = new SqlConnectionStringBuilder(); SqlConnectionStringBuilder connectionStringBuilder2 = new SqlConnectionStringBuilder(); SqlConnectionStringBuilder connectionStringBuilder3 = new SqlConnectionStringBuilder(); // Modify the default value and set the same value on the both the builder objects above. connectionStringBuilder1.AttestationProtocol = protocol1; connectionStringBuilder2.AttestationProtocol = protocol1; connectionStringBuilder3.AttestationProtocol = protocol1; // Use the EquivalentTo function to compare both the builder objects and make sure the result is expected. Assert.True(connectionStringBuilder1.EquivalentTo(connectionStringBuilder2)); Assert.True(connectionStringBuilder1.EquivalentTo(connectionStringBuilder3)); Assert.Equal(connectionStringBuilder1.AttestationProtocol, connectionStringBuilder2.AttestationProtocol); Assert.Equal(connectionStringBuilder1.AttestationProtocol, connectionStringBuilder3.AttestationProtocol); connectionStringBuilder2.AttestationProtocol = protocol2; Assert.True(!connectionStringBuilder1.EquivalentTo(connectionStringBuilder2)); Assert.True(!connectionStringBuilder3.EquivalentTo(connectionStringBuilder2)); Assert.Equal(protocol2, connectionStringBuilder2.AttestationProtocol); connectionStringBuilder3.AttestationProtocol = protocol3; Assert.True(!connectionStringBuilder1.EquivalentTo(connectionStringBuilder3)); Assert.True(!connectionStringBuilder2.EquivalentTo(connectionStringBuilder3)); Assert.Equal(protocol3, connectionStringBuilder3.AttestationProtocol); }
internal static bool IsValidAttestationProtocol(SqlConnectionAttestationProtocol value) { Debug.Assert(Enum.GetNames(typeof(SqlConnectionAttestationProtocol)).Length == 3, "SqlConnectionAttestationProtocol enum has changed, update needed"); return(value == SqlConnectionAttestationProtocol.NotSpecified || value == SqlConnectionAttestationProtocol.HGS || value == SqlConnectionAttestationProtocol.AAS); }
private SqlColumnEncryptionEnclaveProvider GetEnclaveProvider(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = null; if (!EnclaveProviders.TryGetValue(attestationProtocol, out sqlColumnEncryptionEnclaveProvider)) { switch (attestationProtocol) { case SqlConnectionAttestationProtocol.AAS: AzureAttestationEnclaveProvider azureAttestationEnclaveProvider = new AzureAttestationEnclaveProvider(); EnclaveProviders[attestationProtocol] = (SqlColumnEncryptionEnclaveProvider)azureAttestationEnclaveProvider; sqlColumnEncryptionEnclaveProvider = EnclaveProviders[attestationProtocol]; break; case SqlConnectionAttestationProtocol.HGS: HostGuardianServiceEnclaveProvider hostGuardianServiceEnclaveProvider = new HostGuardianServiceEnclaveProvider(); EnclaveProviders[attestationProtocol] = (SqlColumnEncryptionEnclaveProvider)hostGuardianServiceEnclaveProvider; sqlColumnEncryptionEnclaveProvider = EnclaveProviders[attestationProtocol]; break; default: break; } } if (sqlColumnEncryptionEnclaveProvider == null) { throw SQL.EnclaveProviderNotFound(enclaveType, ConvertAttestationProtocolToString(attestationProtocol)); } return(sqlColumnEncryptionEnclaveProvider); }
/// <summary> /// Generate the byte package that needs to be sent to the enclave /// </summary> /// <param name="attestationProtocol">attestation protocol</param> /// <param name="keysTobeSentToEnclave">Keys to be sent to enclave</param> /// <param name="queryText"></param> /// <param name="enclaveType">enclave type</param> /// <param name="serverName">server name</param> /// <param name="enclaveAttestationUrl">url for attestation endpoint</param> /// <returns></returns> internal EnclavePackage GenerateEnclavePackage(SqlConnectionAttestationProtocol attestationProtocol, Dictionary <int, SqlTceCipherInfoEntry> keysTobeSentToEnclave, string queryText, string enclaveType, string serverName, string enclaveAttestationUrl) { SqlEnclaveSession sqlEnclaveSession = null; long counter; byte[] dummyCustomData = null; int dummyCustomDataLength; try { GetEnclaveSession(attestationProtocol, enclaveType, serverName, enclaveAttestationUrl, false, out sqlEnclaveSession, out counter, out dummyCustomData, out dummyCustomDataLength, throwIfNull: true); } catch (Exception e) { throw new RetryableEnclaveQueryExecutionException(e.Message, e); } List <ColumnEncryptionKeyInfo> decryptedKeysToBeSentToEnclave = GetDecryptedKeysToBeSentToEnclave(keysTobeSentToEnclave, serverName); byte[] queryStringHashBytes = ComputeQueryStringHash(queryText); byte[] keyBytePackage = GenerateBytePackageForKeys(counter, queryStringHashBytes, decryptedKeysToBeSentToEnclave); byte[] sessionKey = sqlEnclaveSession.GetSessionKey(); byte[] encryptedBytePackage = EncryptBytePackage(keyBytePackage, sessionKey, serverName); byte[] enclaveSessionHandle = BitConverter.GetBytes(sqlEnclaveSession.SessionId); byte[] byteArrayToBeSentToEnclave = CombineByteArrays(new[] { enclaveSessionHandle, encryptedBytePackage }); return(new EnclavePackage(byteArrayToBeSentToEnclave, sqlEnclaveSession)); }
public void TestSqlConnectionStringBuilderAdd(SqlConnectionColumnEncryptionSetting sqlConnectionColumnEncryptionSetting) { SqlConnectionStringBuilder connectionStringBuilder = new SqlConnectionStringBuilder(); // Use the Add function to update the Column Encryption Setting in the dictionary. connectionStringBuilder.Add(@"Column Encryption Setting", sqlConnectionColumnEncryptionSetting); // Query the property to check if the above add was effective. Assert.Equal(sqlConnectionColumnEncryptionSetting, connectionStringBuilder.ColumnEncryptionSetting); //define value for Attestation Url and Attestation Protocol string url = "www.foo.com"; SqlConnectionAttestationProtocol protocol = SqlConnectionAttestationProtocol.HGS; // Use the Add function to update the Enclave Attestation Url in the dictionary. connectionStringBuilder.Add(@"Enclave Attestation Url", url); // Query the property to check if the above add was effective. Assert.Equal(url, connectionStringBuilder.EnclaveAttestationUrl); // Use the Add function to update the Attestation Protocol in the dictionary. connectionStringBuilder.Add(@"Attestation Protocol", protocol); // Query the property to check if the above add was effective. Assert.Equal(protocol, connectionStringBuilder.AttestationProtocol); }
/// <summary> /// Convert a string value to the corresponding SqlConnectionAttestationProtocol /// </summary> /// <param name="value"></param> /// <param name="result"></param> /// <returns></returns> internal static bool TryConvertToAttestationProtocol(string value, out SqlConnectionAttestationProtocol result) { if (StringComparer.InvariantCultureIgnoreCase.Equals(value, AttestationProtocolHGS)) { result = SqlConnectionAttestationProtocol.HGS; return(true); } else if (StringComparer.InvariantCultureIgnoreCase.Equals(value, AttestationProtocolAAS)) { result = SqlConnectionAttestationProtocol.AAS; return(true); } #if ENCLAVE_SIMULATOR else if (StringComparer.InvariantCultureIgnoreCase.Equals(value, AttestationProtocolSIM)) { result = SqlConnectionAttestationProtocol.SIM; return(true); } #endif else { result = DbConnectionStringDefaults.AttestationProtocol; return(false); } }
/// <summary> /// Generate the byte package that needs to be sent to the enclave /// </summary> /// <param name="attestationProtocol">attestation protocol</param> /// <param name="keysToBeSentToEnclave">Keys to be sent to enclave</param> /// <param name="queryText"></param> /// <param name="enclaveType">enclave type</param> /// <param name="enclaveSessionParameters">The set of parameters required for enclave session.</param> /// <param name="connection">connection executing the query</param> /// <param name="command">command executing the query</param> /// <returns></returns> internal EnclavePackage GenerateEnclavePackage(SqlConnectionAttestationProtocol attestationProtocol, ConcurrentDictionary <int, SqlTceCipherInfoEntry> keysToBeSentToEnclave, string queryText, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, SqlConnection connection, SqlCommand command) { SqlEnclaveSession sqlEnclaveSession; long counter; try { GetEnclaveSession( attestationProtocol, enclaveType, enclaveSessionParameters, generateCustomData: false, sqlEnclaveSession: out sqlEnclaveSession, counter: out counter, customData: out _, customDataLength: out _, throwIfNull: true ); } catch (Exception e) { throw new RetryableEnclaveQueryExecutionException(e.Message, e); } List <ColumnEncryptionKeyInfo> decryptedKeysToBeSentToEnclave = GetDecryptedKeysToBeSentToEnclave(keysToBeSentToEnclave, enclaveSessionParameters.ServerName, connection, command); byte[] queryStringHashBytes = ComputeQueryStringHash(queryText); byte[] keyBytePackage = GenerateBytePackageForKeys(counter, queryStringHashBytes, decryptedKeysToBeSentToEnclave); byte[] sessionKey = sqlEnclaveSession.GetSessionKey(); byte[] encryptedBytePackage = EncryptBytePackage(keyBytePackage, sessionKey, enclaveSessionParameters.ServerName); byte[] enclaveSessionHandle = BitConverter.GetBytes(sqlEnclaveSession.SessionId); byte[] byteArrayToBeSentToEnclave = CombineByteArrays(enclaveSessionHandle, encryptedBytePackage); return(new EnclavePackage(byteArrayToBeSentToEnclave, sqlEnclaveSession)); }
public void SetInvalidAttestationProtocol_Throws() { SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(); SqlConnectionAttestationProtocol invalid = (SqlConnectionAttestationProtocol)Enum.GetValues(typeof(SqlConnectionAttestationProtocol)).Length + 1; ArgumentOutOfRangeException ex = Assert.Throws <ArgumentOutOfRangeException>(() => builder.AttestationProtocol = invalid); Assert.Contains("SqlConnectionAttestationProtocol", ex.Message, StringComparison.OrdinalIgnoreCase); }
private void GetEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string serverName, string enclaveAttestationUrl, out SqlEnclaveSession sqlEnclaveSession, out long counter, bool throwIfNull) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(serverName, enclaveAttestationUrl, out sqlEnclaveSession, out counter); if (throwIfNull && sqlEnclaveSession == null) { throw SQL.NullEnclaveSessionDuringQueryExecution(enclaveType, enclaveAttestationUrl); } }
private void GetEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, bool generateCustomData, out SqlEnclaveSession sqlEnclaveSession, out long counter, out byte[] customData, out int customDataLength, bool throwIfNull) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(enclaveSessionParameters, generateCustomData, out sqlEnclaveSession, out counter, out customData, out customDataLength); if (throwIfNull && sqlEnclaveSession == null) { throw SQL.NullEnclaveSessionDuringQueryExecution(enclaveType, enclaveSessionParameters.AttestationUrl); } }
public void TestSqlConnectionStringBuilderAttestationProtocol(SqlConnectionAttestationProtocol protocol) { SqlConnectionStringBuilder connectionStringBuilder = new SqlConnectionStringBuilder(); connectionStringBuilder.DataSource = @"localhost"; // Modify value. connectionStringBuilder.AttestationProtocol = protocol; //Create a connection object with the above builder and verify the expected value. VerifyAttestationProtocol(connectionStringBuilder, protocol); }
// This c-tor is used to create SSE and user instance connection strings when user instance is set to true // BUG (VSTFDevDiv) 479687: Using TransactionScope with Linq2SQL against user instances fails with "connection has been broken" message internal SqlConnectionString(SqlConnectionString connectionOptions, string dataSource, bool userInstance, bool?setEnlistValue) : base(connectionOptions) { _integratedSecurity = connectionOptions._integratedSecurity; _encrypt = connectionOptions._encrypt; _tdss = connectionOptions._tdss; if (setEnlistValue.HasValue) { _enlist = setEnlistValue.Value; } else { _enlist = connectionOptions._enlist; } _mars = connectionOptions._mars; _persistSecurityInfo = connectionOptions._persistSecurityInfo; _pooling = connectionOptions._pooling; _replication = connectionOptions._replication; _userInstance = userInstance; _commandTimeout = connectionOptions._commandTimeout; _connectTimeout = connectionOptions._connectTimeout; _loadBalanceTimeout = connectionOptions._loadBalanceTimeout; #if NETCOREAPP _poolBlockingPeriod = connectionOptions._poolBlockingPeriod; #endif _maxPoolSize = connectionOptions._maxPoolSize; _minPoolSize = connectionOptions._minPoolSize; _multiSubnetFailover = connectionOptions._multiSubnetFailover; _packetSize = connectionOptions._packetSize; _applicationName = connectionOptions._applicationName; _attachDBFileName = connectionOptions._attachDBFileName; _currentLanguage = connectionOptions._currentLanguage; _dataSource = dataSource; _localDBInstance = LocalDBAPI.GetLocalDbInstanceNameFromServerName(_dataSource); _failoverPartner = connectionOptions._failoverPartner; _initialCatalog = connectionOptions._initialCatalog; _password = connectionOptions._password; _userID = connectionOptions._userID; _workstationId = connectionOptions._workstationId; _expandedAttachDBFilename = connectionOptions._expandedAttachDBFilename; _typeSystemVersion = connectionOptions._typeSystemVersion; _transactionBinding = connectionOptions._transactionBinding; _applicationIntent = connectionOptions._applicationIntent; _connectRetryCount = connectionOptions._connectRetryCount; _connectRetryInterval = connectionOptions._connectRetryInterval; _authType = connectionOptions._authType; _columnEncryptionSetting = connectionOptions._columnEncryptionSetting; _enclaveAttestationUrl = connectionOptions._enclaveAttestationUrl; _attestationProtocol = connectionOptions._attestationProtocol; ValidateValueLength(_dataSource, TdsEnums.MAXLEN_SERVERNAME, KEY.Data_Source); }
/// <summary> /// Verifies expected Attestation Protocol value for SqlConnectionColumnEncryptionSetting. /// </summary> /// <param name="connectionStringBuilder"></param> /// <param name="expectedAttestationProtocol"></param> private void VerifyAttestationProtocol(SqlConnectionStringBuilder connectionStringBuilder, SqlConnectionAttestationProtocol expectedAttestationProtocol) { string connectionString = connectionStringBuilder.ToString(); using (SqlConnection sqlConnection = new SqlConnection(connectionString)) { SqlConnectionAttestationProtocol currentAttestationProtocol = (SqlConnectionAttestationProtocol)typeof(SqlConnection) .GetProperty(@"AttestationProtocol", BindingFlags.Instance | BindingFlags.NonPublic) .GetValue(sqlConnection); Assert.Equal(expectedAttestationProtocol, currentAttestationProtocol); } }
private string ConvertAttestationProtocolToString(SqlConnectionAttestationProtocol attestationProtocol) { switch (attestationProtocol) { case SqlConnectionAttestationProtocol.AAS: return("AAS"); case SqlConnectionAttestationProtocol.HGS: return("HGS"); default: return("NotSpecified"); } }
internal static bool IsValidAttestationProtocol(SqlConnectionAttestationProtocol value) { #if ENCLAVE_SIMULATOR Debug.Assert(Enum.GetNames(typeof(SqlConnectionAttestationProtocol)).Length == 4, "SqlConnectionAttestationProtocol enum has changed, update needed"); return(value == SqlConnectionAttestationProtocol.NotSpecified || value == SqlConnectionAttestationProtocol.HGS || value == SqlConnectionAttestationProtocol.AAS || value == SqlConnectionAttestationProtocol.SIM); #else Debug.Assert(Enum.GetNames(typeof(SqlConnectionAttestationProtocol)).Length == 3, "SqlConnectionAttestationProtocol enum has changed, update needed"); return(value == SqlConnectionAttestationProtocol.NotSpecified || value == SqlConnectionAttestationProtocol.HGS || value == SqlConnectionAttestationProtocol.AAS); #endif }
public void TestSqlConnectionStringBuilderRemove(SqlConnectionColumnEncryptionSetting sqlConnectionColumnEncryptionSetting) { SqlConnectionStringBuilder connectionStringBuilder = new SqlConnectionStringBuilder(); // Use the Add function to update the Column Encryption Setting in the dictionary. connectionStringBuilder.Add(@"Column Encryption Setting", sqlConnectionColumnEncryptionSetting); // Query the property to check if the above add was effective. Assert.Equal(sqlConnectionColumnEncryptionSetting, connectionStringBuilder.ColumnEncryptionSetting); // Use the Remove function to remove the Column Encryption Setting from the dictionary. connectionStringBuilder.Remove(@"Column Encryption Setting"); // Query the property to check if the above add was effective. object outputValue; connectionStringBuilder.TryGetValue(@"Column Encryption Setting", out outputValue); Assert.Equal(SqlConnectionColumnEncryptionSetting.Disabled, outputValue); // Use the Add function to update the Enclave Attestation URL in the dictionary. string url = "www.foo.com"; connectionStringBuilder.Add(@"Enclave Attestation Url", url); // Query the property to check if the above add was effective. Assert.Equal(url, connectionStringBuilder.EnclaveAttestationUrl); // Use the Remove function to remove the Enclave Attestation URL from the dictionary. connectionStringBuilder.Remove(@"Enclave Attestation Url"); // Query the property to check if the above remove was effective. connectionStringBuilder.TryGetValue(@"Enclave Attestation Url", out outputValue); Assert.Equal(string.Empty, outputValue); // Use Add function to update the Attestation Protocol in the dictionary. SqlConnectionAttestationProtocol protocol = SqlConnectionAttestationProtocol.AAS; connectionStringBuilder.Add(@"Attestation Protocol", protocol); // Query the property ti check if the above Add was effective. Assert.Equal(protocol, connectionStringBuilder.AttestationProtocol); // Use Remove function to remove the Attestation Protocol. connectionStringBuilder.Remove(@"Attestation Protocol"); // Query the property to check if above Remove was effective. Assert.Equal(SqlConnectionAttestationProtocol.NotSpecified, connectionStringBuilder.AttestationProtocol); }
internal static string AttestationProtocolToString(SqlConnectionAttestationProtocol value) { Debug.Assert(IsValidAttestationProtocol(value), "value is not a valid attestation protocol"); switch (value) { case SqlConnectionAttestationProtocol.HGS: return(AttestationProtocolHGS); case SqlConnectionAttestationProtocol.AAS: return(AttestationProtocolAAS); default: return(null); } }
private string ConvertAttestationProtocolToString(SqlConnectionAttestationProtocol attestationProtocol) { switch (attestationProtocol) { case SqlConnectionAttestationProtocol.AAS: return("AAS"); case SqlConnectionAttestationProtocol.HGS: return("HGS"); #if ENCLAVE_SIMULATOR case SqlConnectionAttestationProtocol.SIM: return("SIM"); #endif default: return("NotSpecified"); } }
private SqlColumnEncryptionEnclaveProvider GetEnclaveProvider(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType) { if (!s_enclaveProviders.TryGetValue(attestationProtocol, out SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider)) { switch (attestationProtocol) { case SqlConnectionAttestationProtocol.AAS: AzureAttestationEnclaveProvider azureAttestationEnclaveProvider = new AzureAttestationEnclaveProvider(); s_enclaveProviders[attestationProtocol] = azureAttestationEnclaveProvider; sqlColumnEncryptionEnclaveProvider = s_enclaveProviders[attestationProtocol]; break; case SqlConnectionAttestationProtocol.HGS: HostGuardianServiceEnclaveProvider hostGuardianServiceEnclaveProvider = new HostGuardianServiceEnclaveProvider(); s_enclaveProviders[attestationProtocol] = hostGuardianServiceEnclaveProvider; sqlColumnEncryptionEnclaveProvider = s_enclaveProviders[attestationProtocol]; break; #if ENCLAVE_SIMULATOR case SqlConnectionAttestationProtocol.SIM: SimulatorEnclaveProvider simulatorEnclaveProvider = new SimulatorEnclaveProvider(); s_enclaveProviders[attestationProtocol] = (SqlColumnEncryptionEnclaveProvider)simulatorEnclaveProvider; sqlColumnEncryptionEnclaveProvider = s_enclaveProviders[attestationProtocol]; break; #endif default: break; } } if (sqlColumnEncryptionEnclaveProvider == null) { throw SQL.EnclaveProviderNotFound(enclaveType, ConvertAttestationProtocolToString(attestationProtocol)); } return(sqlColumnEncryptionEnclaveProvider); }
/// <summary> /// Create a new enclave session /// </summary> /// <param name="attestationProtocol">attestation protocol</param> /// <param name="enclaveType">enclave type</param> /// <param name="enclaveSessionParameters">The set of parameters required for enclave session.</param> /// <param name="attestationInfo">attestation info from SQL Server</param> /// <param name="attestationParameters">attestation parameters</param> /// <param name="customData">A set of extra data needed for attestating the enclave.</param> /// <param name="customDataLength">The length of the extra data needed for attestating the enclave.</param> internal void CreateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, byte[] attestationInfo, SqlEnclaveAttestationParameters attestationParameters, byte[] customData, int customDataLength) { lock (_lock) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); sqlColumnEncryptionEnclaveProvider.GetEnclaveSession( enclaveSessionParameters, generateCustomData: false, sqlEnclaveSession: out SqlEnclaveSession sqlEnclaveSession, counter: out _, customData: out _, customDataLength: out _ ); if (sqlEnclaveSession != null) { return; } sqlColumnEncryptionEnclaveProvider.CreateEnclaveSession( attestationInfo, attestationParameters.ClientDiffieHellmanKey, enclaveSessionParameters, customData, customDataLength, out sqlEnclaveSession, counter: out _ ); if (sqlEnclaveSession == null) { throw SQL.NullEnclaveSessionReturnedFromProvider(enclaveType, enclaveSessionParameters.AttestationUrl); } } }
internal SqlEnclaveAttestationParameters GetAttestationParameters(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string attestationUrl, byte[] customData, int customDataLength) { throw new PlatformNotSupportedException(); }
internal void InvalidateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, SqlEnclaveSession enclaveSession) { throw new PlatformNotSupportedException(); }
internal EnclavePackage GenerateEnclavePackage(SqlConnectionAttestationProtocol attestationProtocol, Dictionary <int, SqlTceCipherInfoEntry> keysTobeSentToEnclave, string queryText, string enclaveType, EnclaveSessionParameters enclaveSessionParameters) { throw new PlatformNotSupportedException(); }
internal void GetEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, bool generateCustomData, out SqlEnclaveSession sqlEnclaveSession, out byte[] customData, out int customDataLength) { throw new PlatformNotSupportedException(); }
/// <summary> /// Create a new enclave session /// </summary> /// <param name="attestationProtocol">attestation protocol</param> /// <param name="enclaveType">enclave type</param> /// <param name="enclaveSessionParameters">The set of parameters required for enclave session.</param> /// <param name="attestationInfo">attestation info from SQL Server</param> /// <param name="attestationParameters">attestation parameters</param> /// <param name="customData">A set of extra data needed for attestating the enclave.</param> /// <param name="customDataLength">The length of the extra data needed for attestating the enclave.</param> internal void CreateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, byte[] attestationInfo, SqlEnclaveAttestationParameters attestationParameters, byte[] customData, int customDataLength) { throw new PlatformNotSupportedException(); }
private readonly string _expandedAttachDBFilename; // expanded during construction so that CreatePermissionSet & Expand are consistent internal SqlConnectionString(string connectionString) : base(connectionString, GetParseSynonyms()) { ThrowUnsupportedIfKeywordSet(KEY.AsynchronousProcessing); ThrowUnsupportedIfKeywordSet(KEY.Connection_Reset); ThrowUnsupportedIfKeywordSet(KEY.Context_Connection); // Network Library has its own special error message if (ContainsKey(KEY.Network_Library)) { throw SQL.NetworkLibraryKeywordNotSupported(); } _integratedSecurity = ConvertValueToIntegratedSecurity(); #if netcoreapp _poolBlockingPeriod = ConvertValueToPoolBlockingPeriod(); #endif _encrypt = ConvertValueToBoolean(KEY.Encrypt, DEFAULT.Encrypt); _enlist = ConvertValueToBoolean(KEY.Enlist, DEFAULT.Enlist); _mars = ConvertValueToBoolean(KEY.MARS, DEFAULT.MARS); _persistSecurityInfo = ConvertValueToBoolean(KEY.Persist_Security_Info, DEFAULT.Persist_Security_Info); _pooling = ConvertValueToBoolean(KEY.Pooling, DEFAULT.Pooling); _replication = ConvertValueToBoolean(KEY.Replication, DEFAULT.Replication); _userInstance = ConvertValueToBoolean(KEY.User_Instance, DEFAULT.User_Instance); _multiSubnetFailover = ConvertValueToBoolean(KEY.MultiSubnetFailover, DEFAULT.MultiSubnetFailover); _connectTimeout = ConvertValueToInt32(KEY.Connect_Timeout, DEFAULT.Connect_Timeout); _loadBalanceTimeout = ConvertValueToInt32(KEY.Load_Balance_Timeout, DEFAULT.Load_Balance_Timeout); _maxPoolSize = ConvertValueToInt32(KEY.Max_Pool_Size, DEFAULT.Max_Pool_Size); _minPoolSize = ConvertValueToInt32(KEY.Min_Pool_Size, DEFAULT.Min_Pool_Size); _packetSize = ConvertValueToInt32(KEY.Packet_Size, DEFAULT.Packet_Size); _connectRetryCount = ConvertValueToInt32(KEY.Connect_Retry_Count, DEFAULT.Connect_Retry_Count); _connectRetryInterval = ConvertValueToInt32(KEY.Connect_Retry_Interval, DEFAULT.Connect_Retry_Interval); _applicationIntent = ConvertValueToApplicationIntent(); _applicationName = ConvertValueToString(KEY.Application_Name, DEFAULT.Application_Name); _attachDBFileName = ConvertValueToString(KEY.AttachDBFilename, DEFAULT.AttachDBFilename); _currentLanguage = ConvertValueToString(KEY.Current_Language, DEFAULT.Current_Language); _dataSource = ConvertValueToString(KEY.Data_Source, DEFAULT.Data_Source); _localDBInstance = LocalDBAPI.GetLocalDbInstanceNameFromServerName(_dataSource); _failoverPartner = ConvertValueToString(KEY.FailoverPartner, DEFAULT.FailoverPartner); _initialCatalog = ConvertValueToString(KEY.Initial_Catalog, DEFAULT.Initial_Catalog); _password = ConvertValueToString(KEY.Password, DEFAULT.Password); _trustServerCertificate = ConvertValueToBoolean(KEY.TrustServerCertificate, DEFAULT.TrustServerCertificate); _authType = ConvertValueToAuthenticationType(); _columnEncryptionSetting = ConvertValueToColumnEncryptionSetting(); _enclaveAttestationUrl = ConvertValueToString(KEY.EnclaveAttestationUrl, DEFAULT.EnclaveAttestationUrl); _attestationProtocol = ConvertValueToAttestationProtocol(); // Temporary string - this value is stored internally as an enum. string typeSystemVersionString = ConvertValueToString(KEY.Type_System_Version, null); string transactionBindingString = ConvertValueToString(KEY.TransactionBinding, null); _userID = ConvertValueToString(KEY.User_ID, DEFAULT.User_ID); _workstationId = ConvertValueToString(KEY.Workstation_Id, null); if (_loadBalanceTimeout < 0) { throw ADP.InvalidConnectionOptionValue(KEY.Load_Balance_Timeout); } if (_connectTimeout < 0) { throw ADP.InvalidConnectionOptionValue(KEY.Connect_Timeout); } if (_maxPoolSize < 1) { throw ADP.InvalidConnectionOptionValue(KEY.Max_Pool_Size); } if (_minPoolSize < 0) { throw ADP.InvalidConnectionOptionValue(KEY.Min_Pool_Size); } if (_maxPoolSize < _minPoolSize) { throw ADP.InvalidMinMaxPoolSizeValues(); } if ((_packetSize < TdsEnums.MIN_PACKET_SIZE) || (TdsEnums.MAX_PACKET_SIZE < _packetSize)) { throw SQL.InvalidPacketSizeValue(); } ValidateValueLength(_applicationName, TdsEnums.MAXLEN_APPNAME, KEY.Application_Name); ValidateValueLength(_currentLanguage, TdsEnums.MAXLEN_LANGUAGE, KEY.Current_Language); ValidateValueLength(_dataSource, TdsEnums.MAXLEN_SERVERNAME, KEY.Data_Source); ValidateValueLength(_failoverPartner, TdsEnums.MAXLEN_SERVERNAME, KEY.FailoverPartner); ValidateValueLength(_initialCatalog, TdsEnums.MAXLEN_DATABASE, KEY.Initial_Catalog); ValidateValueLength(_password, TdsEnums.MAXLEN_CLIENTSECRET, KEY.Password); ValidateValueLength(_userID, TdsEnums.MAXLEN_CLIENTID, KEY.User_ID); if (null != _workstationId) { ValidateValueLength(_workstationId, TdsEnums.MAXLEN_HOSTNAME, KEY.Workstation_Id); } if (!string.Equals(DEFAULT.FailoverPartner, _failoverPartner, StringComparison.OrdinalIgnoreCase)) { // fail-over partner is set if (_multiSubnetFailover) { throw SQL.MultiSubnetFailoverWithFailoverPartner(serverProvidedFailoverPartner: false, internalConnection: null); } if (string.Equals(DEFAULT.Initial_Catalog, _initialCatalog, StringComparison.OrdinalIgnoreCase)) { throw ADP.MissingConnectionOptionValue(KEY.FailoverPartner, KEY.Initial_Catalog); } } // expand during construction so that CreatePermissionSet and Expand are consistent _expandedAttachDBFilename = ExpandDataDirectory(KEY.AttachDBFilename, _attachDBFileName); if (null != _expandedAttachDBFilename) { if (0 <= _expandedAttachDBFilename.IndexOf('|')) { throw ADP.InvalidConnectionOptionValue(KEY.AttachDBFilename); } ValidateValueLength(_expandedAttachDBFilename, TdsEnums.MAXLEN_ATTACHDBFILE, KEY.AttachDBFilename); if (_localDBInstance == null) { // fail fast to verify LocalHost when using |DataDirectory| // still must check again at connect time string host = _dataSource; VerifyLocalHostAndFixup(ref host, true, false /*don't fix-up*/); } } else if (0 <= _attachDBFileName.IndexOf('|')) { throw ADP.InvalidConnectionOptionValue(KEY.AttachDBFilename); } else { ValidateValueLength(_attachDBFileName, TdsEnums.MAXLEN_ATTACHDBFILE, KEY.AttachDBFilename); } _typeSystemAssemblyVersion = constTypeSystemAsmVersion10; if (true == _userInstance && !string.IsNullOrEmpty(_failoverPartner)) { throw SQL.UserInstanceFailoverNotCompatible(); } if (string.IsNullOrEmpty(typeSystemVersionString)) { typeSystemVersionString = DbConnectionStringDefaults.TypeSystemVersion; } if (typeSystemVersionString.Equals(TYPESYSTEMVERSION.Latest, StringComparison.OrdinalIgnoreCase)) { _typeSystemVersion = TypeSystem.Latest; } else if (typeSystemVersionString.Equals(TYPESYSTEMVERSION.SQL_Server_2000, StringComparison.OrdinalIgnoreCase)) { _typeSystemVersion = TypeSystem.SQLServer2000; } else if (typeSystemVersionString.Equals(TYPESYSTEMVERSION.SQL_Server_2005, StringComparison.OrdinalIgnoreCase)) { _typeSystemVersion = TypeSystem.SQLServer2005; } else if (typeSystemVersionString.Equals(TYPESYSTEMVERSION.SQL_Server_2008, StringComparison.OrdinalIgnoreCase)) { _typeSystemVersion = TypeSystem.SQLServer2008; } else if (typeSystemVersionString.Equals(TYPESYSTEMVERSION.SQL_Server_2012, StringComparison.OrdinalIgnoreCase)) { _typeSystemVersion = TypeSystem.SQLServer2012; _typeSystemAssemblyVersion = constTypeSystemAsmVersion11; } else { throw ADP.InvalidConnectionOptionValue(KEY.Type_System_Version); } if (string.IsNullOrEmpty(transactionBindingString)) { transactionBindingString = DbConnectionStringDefaults.TransactionBinding; } if (transactionBindingString.Equals(TRANSACTIONBINDING.ImplicitUnbind, StringComparison.OrdinalIgnoreCase)) { _transactionBinding = TransactionBindingEnum.ImplicitUnbind; } else if (transactionBindingString.Equals(TRANSACTIONBINDING.ExplicitUnbind, StringComparison.OrdinalIgnoreCase)) { _transactionBinding = TransactionBindingEnum.ExplicitUnbind; } else { throw ADP.InvalidConnectionOptionValue(KEY.TransactionBinding); } if (_applicationIntent == ApplicationIntent.ReadOnly && !string.IsNullOrEmpty(_failoverPartner)) { throw SQL.ROR_FailoverNotSupportedConnString(); } if ((_connectRetryCount < 0) || (_connectRetryCount > 255)) { throw ADP.InvalidConnectRetryCountValue(); } if ((_connectRetryInterval < 1) || (_connectRetryInterval > 60)) { throw ADP.InvalidConnectRetryIntervalValue(); } if (Authentication != SqlAuthenticationMethod.NotSpecified && _integratedSecurity == true) { throw SQL.AuthenticationAndIntegratedSecurity(); } if (Authentication == SqlClient.SqlAuthenticationMethod.ActiveDirectoryIntegrated && HasPasswordKeyword) { throw SQL.IntegratedWithPassword(); } if (Authentication == SqlAuthenticationMethod.ActiveDirectoryInteractive && HasPasswordKeyword) { throw SQL.InteractiveWithPassword(); } if (Authentication == SqlAuthenticationMethod.ActiveDirectoryDeviceCodeFlow && (HasUserIdKeyword || HasPasswordKeyword)) { throw SQL.DeviceFlowWithUsernamePassword(); } }
internal void InvalidateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, SqlEnclaveSession enclaveSession) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); sqlColumnEncryptionEnclaveProvider.InvalidateEnclaveSession(enclaveSessionParameters, enclaveSession); }
internal void GetEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, bool generateCustomData, out SqlEnclaveSession sqlEnclaveSession, out byte[] customData, out int customDataLength) { GetEnclaveSession(attestationProtocol, enclaveType, enclaveSessionParameters, generateCustomData, out sqlEnclaveSession, out _, out customData, out customDataLength, throwIfNull: false); }
internal SqlEnclaveAttestationParameters GetAttestationParameters(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string attestationUrl, byte[] customData, int customDataLength) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); return(sqlColumnEncryptionEnclaveProvider.GetAttestationParameters(attestationUrl, customData, customDataLength)); }