/// <summary>
/// Create a new enclave session
/// </summary>
/// <param name="attestationProtocol">attestation protocol</param>
/// <param name="enclaveType">enclave type</param>
/// <param name="serverName">servername</param>
/// <param name="attestationUrl">attestation url for attestation service endpoint</param>
/// <param name="attestationInfo">attestation info from SQL Server</param>
/// <param name="attestationParameters">attestation parameters</param>
/// <param name="customData">A set of extra data needed for attestating the enclave.</param>
/// <param name="customDataLength">The length of the extra data needed for attestating the enclave.</param>
internal void CreateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string serverName, string attestationUrl,
byte[] attestationInfo, SqlEnclaveAttestationParameters attestationParameters, byte[] customData, int customDataLength)
{
lock (_lock)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
long counter;
SqlEnclaveSession sqlEnclaveSession = null;
byte[] dummyCustomData = null;
int dummyCustomDataLength;
sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(serverName, attestationUrl, false, out sqlEnclaveSession, out counter, out dummyCustomData, out dummyCustomDataLength);
if (sqlEnclaveSession != null)
{
return;
}
sqlColumnEncryptionEnclaveProvider.CreateEnclaveSession(attestationInfo, attestationParameters.ClientDiffieHellmanKey, attestationUrl, serverName, customData, customDataLength, out sqlEnclaveSession, out counter);
if (sqlEnclaveSession == null)
{
throw SQL.NullEnclaveSessionReturnedFromProvider(enclaveType, attestationUrl);
}
}
}
public void TestSqlConnectionStringBuilderEquivilantTo_AttestationProtocol()
{
SqlConnectionAttestationProtocol protocol1 = SqlConnectionAttestationProtocol.AAS;
SqlConnectionAttestationProtocol protocol2 = SqlConnectionAttestationProtocol.HGS;
SqlConnectionAttestationProtocol protocol3 = SqlConnectionAttestationProtocol.None;
SqlConnectionStringBuilder connectionStringBuilder1 = new SqlConnectionStringBuilder();
SqlConnectionStringBuilder connectionStringBuilder2 = new SqlConnectionStringBuilder();
SqlConnectionStringBuilder connectionStringBuilder3 = new SqlConnectionStringBuilder();
// Modify the default value and set the same value on the both the builder objects above.
connectionStringBuilder1.AttestationProtocol = protocol1;
connectionStringBuilder2.AttestationProtocol = protocol1;
connectionStringBuilder3.AttestationProtocol = protocol1;
// Use the EquivalentTo function to compare both the builder objects and make sure the result is expected.
Assert.True(connectionStringBuilder1.EquivalentTo(connectionStringBuilder2));
Assert.True(connectionStringBuilder1.EquivalentTo(connectionStringBuilder3));
Assert.Equal(connectionStringBuilder1.AttestationProtocol, connectionStringBuilder2.AttestationProtocol);
Assert.Equal(connectionStringBuilder1.AttestationProtocol, connectionStringBuilder3.AttestationProtocol);
connectionStringBuilder2.AttestationProtocol = protocol2;
Assert.True(!connectionStringBuilder1.EquivalentTo(connectionStringBuilder2));
Assert.True(!connectionStringBuilder3.EquivalentTo(connectionStringBuilder2));
Assert.Equal(protocol2, connectionStringBuilder2.AttestationProtocol);
connectionStringBuilder3.AttestationProtocol = protocol3;
Assert.True(!connectionStringBuilder1.EquivalentTo(connectionStringBuilder3));
Assert.True(!connectionStringBuilder2.EquivalentTo(connectionStringBuilder3));
Assert.Equal(protocol3, connectionStringBuilder3.AttestationProtocol);
}
internal static bool IsValidAttestationProtocol(SqlConnectionAttestationProtocol value)
{
Debug.Assert(Enum.GetNames(typeof(SqlConnectionAttestationProtocol)).Length == 3, "SqlConnectionAttestationProtocol enum has changed, update needed");
return(value == SqlConnectionAttestationProtocol.NotSpecified ||
value == SqlConnectionAttestationProtocol.HGS ||
value == SqlConnectionAttestationProtocol.AAS);
}
private SqlColumnEncryptionEnclaveProvider GetEnclaveProvider(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = null;
if (!EnclaveProviders.TryGetValue(attestationProtocol, out sqlColumnEncryptionEnclaveProvider))
{
switch (attestationProtocol)
{
case SqlConnectionAttestationProtocol.AAS:
AzureAttestationEnclaveProvider azureAttestationEnclaveProvider = new AzureAttestationEnclaveProvider();
EnclaveProviders[attestationProtocol] = (SqlColumnEncryptionEnclaveProvider)azureAttestationEnclaveProvider;
sqlColumnEncryptionEnclaveProvider = EnclaveProviders[attestationProtocol];
break;
case SqlConnectionAttestationProtocol.HGS:
HostGuardianServiceEnclaveProvider hostGuardianServiceEnclaveProvider = new HostGuardianServiceEnclaveProvider();
EnclaveProviders[attestationProtocol] = (SqlColumnEncryptionEnclaveProvider)hostGuardianServiceEnclaveProvider;
sqlColumnEncryptionEnclaveProvider = EnclaveProviders[attestationProtocol];
break;
default:
break;
}
}
if (sqlColumnEncryptionEnclaveProvider == null)
{
throw SQL.EnclaveProviderNotFound(enclaveType, ConvertAttestationProtocolToString(attestationProtocol));
}
return(sqlColumnEncryptionEnclaveProvider);
}
/// <summary>
/// Generate the byte package that needs to be sent to the enclave
/// </summary>
/// <param name="attestationProtocol">attestation protocol</param>
/// <param name="keysTobeSentToEnclave">Keys to be sent to enclave</param>
/// <param name="queryText"></param>
/// <param name="enclaveType">enclave type</param>
/// <param name="serverName">server name</param>
/// <param name="enclaveAttestationUrl">url for attestation endpoint</param>
/// <returns></returns>
internal EnclavePackage GenerateEnclavePackage(SqlConnectionAttestationProtocol attestationProtocol, Dictionary <int, SqlTceCipherInfoEntry> keysTobeSentToEnclave, string queryText, string enclaveType, string serverName, string enclaveAttestationUrl)
{
SqlEnclaveSession sqlEnclaveSession = null;
long counter;
byte[] dummyCustomData = null;
int dummyCustomDataLength;
try
{
GetEnclaveSession(attestationProtocol, enclaveType, serverName, enclaveAttestationUrl, false, out sqlEnclaveSession, out counter, out dummyCustomData, out dummyCustomDataLength, throwIfNull: true);
}
catch (Exception e)
{
throw new RetryableEnclaveQueryExecutionException(e.Message, e);
}
List <ColumnEncryptionKeyInfo> decryptedKeysToBeSentToEnclave = GetDecryptedKeysToBeSentToEnclave(keysTobeSentToEnclave, serverName);
byte[] queryStringHashBytes = ComputeQueryStringHash(queryText);
byte[] keyBytePackage = GenerateBytePackageForKeys(counter, queryStringHashBytes, decryptedKeysToBeSentToEnclave);
byte[] sessionKey = sqlEnclaveSession.GetSessionKey();
byte[] encryptedBytePackage = EncryptBytePackage(keyBytePackage, sessionKey, serverName);
byte[] enclaveSessionHandle = BitConverter.GetBytes(sqlEnclaveSession.SessionId);
byte[] byteArrayToBeSentToEnclave = CombineByteArrays(new[] { enclaveSessionHandle, encryptedBytePackage });
return(new EnclavePackage(byteArrayToBeSentToEnclave, sqlEnclaveSession));
}
public void TestSqlConnectionStringBuilderAdd(SqlConnectionColumnEncryptionSetting sqlConnectionColumnEncryptionSetting)
{
SqlConnectionStringBuilder connectionStringBuilder = new SqlConnectionStringBuilder();
// Use the Add function to update the Column Encryption Setting in the dictionary.
connectionStringBuilder.Add(@"Column Encryption Setting", sqlConnectionColumnEncryptionSetting);
// Query the property to check if the above add was effective.
Assert.Equal(sqlConnectionColumnEncryptionSetting, connectionStringBuilder.ColumnEncryptionSetting);
//define value for Attestation Url and Attestation Protocol
string url = "www.foo.com";
SqlConnectionAttestationProtocol protocol = SqlConnectionAttestationProtocol.HGS;
// Use the Add function to update the Enclave Attestation Url in the dictionary.
connectionStringBuilder.Add(@"Enclave Attestation Url", url);
// Query the property to check if the above add was effective.
Assert.Equal(url, connectionStringBuilder.EnclaveAttestationUrl);
// Use the Add function to update the Attestation Protocol in the dictionary.
connectionStringBuilder.Add(@"Attestation Protocol", protocol);
// Query the property to check if the above add was effective.
Assert.Equal(protocol, connectionStringBuilder.AttestationProtocol);
}
/// <summary>
/// Convert a string value to the corresponding SqlConnectionAttestationProtocol
/// </summary>
/// <param name="value"></param>
/// <param name="result"></param>
/// <returns></returns>
internal static bool TryConvertToAttestationProtocol(string value, out SqlConnectionAttestationProtocol result)
{
if (StringComparer.InvariantCultureIgnoreCase.Equals(value, AttestationProtocolHGS))
{
result = SqlConnectionAttestationProtocol.HGS;
return(true);
}
else if (StringComparer.InvariantCultureIgnoreCase.Equals(value, AttestationProtocolAAS))
{
result = SqlConnectionAttestationProtocol.AAS;
return(true);
}
#if ENCLAVE_SIMULATOR
else if (StringComparer.InvariantCultureIgnoreCase.Equals(value, AttestationProtocolSIM))
{
result = SqlConnectionAttestationProtocol.SIM;
return(true);
}
#endif
else
{
result = DbConnectionStringDefaults.AttestationProtocol;
return(false);
}
}
/// <summary>
/// Generate the byte package that needs to be sent to the enclave
/// </summary>
/// <param name="attestationProtocol">attestation protocol</param>
/// <param name="keysToBeSentToEnclave">Keys to be sent to enclave</param>
/// <param name="queryText"></param>
/// <param name="enclaveType">enclave type</param>
/// <param name="enclaveSessionParameters">The set of parameters required for enclave session.</param>
/// <param name="connection">connection executing the query</param>
/// <param name="command">command executing the query</param>
/// <returns></returns>
internal EnclavePackage GenerateEnclavePackage(SqlConnectionAttestationProtocol attestationProtocol, ConcurrentDictionary <int, SqlTceCipherInfoEntry> keysToBeSentToEnclave, string queryText, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, SqlConnection connection, SqlCommand command)
{
SqlEnclaveSession sqlEnclaveSession;
long counter;
try
{
GetEnclaveSession(
attestationProtocol,
enclaveType,
enclaveSessionParameters,
generateCustomData: false,
sqlEnclaveSession: out sqlEnclaveSession,
counter: out counter,
customData: out _,
customDataLength: out _,
throwIfNull: true
);
}
catch (Exception e)
{
throw new RetryableEnclaveQueryExecutionException(e.Message, e);
}
List <ColumnEncryptionKeyInfo> decryptedKeysToBeSentToEnclave = GetDecryptedKeysToBeSentToEnclave(keysToBeSentToEnclave, enclaveSessionParameters.ServerName, connection, command);
byte[] queryStringHashBytes = ComputeQueryStringHash(queryText);
byte[] keyBytePackage = GenerateBytePackageForKeys(counter, queryStringHashBytes, decryptedKeysToBeSentToEnclave);
byte[] sessionKey = sqlEnclaveSession.GetSessionKey();
byte[] encryptedBytePackage = EncryptBytePackage(keyBytePackage, sessionKey, enclaveSessionParameters.ServerName);
byte[] enclaveSessionHandle = BitConverter.GetBytes(sqlEnclaveSession.SessionId);
byte[] byteArrayToBeSentToEnclave = CombineByteArrays(enclaveSessionHandle, encryptedBytePackage);
return(new EnclavePackage(byteArrayToBeSentToEnclave, sqlEnclaveSession));
}
public void SetInvalidAttestationProtocol_Throws()
{
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();
SqlConnectionAttestationProtocol invalid = (SqlConnectionAttestationProtocol)Enum.GetValues(typeof(SqlConnectionAttestationProtocol)).Length + 1;
ArgumentOutOfRangeException ex = Assert.Throws <ArgumentOutOfRangeException>(() => builder.AttestationProtocol = invalid);
Assert.Contains("SqlConnectionAttestationProtocol", ex.Message, StringComparison.OrdinalIgnoreCase);
}
private void GetEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string serverName, string enclaveAttestationUrl, out SqlEnclaveSession sqlEnclaveSession, out long counter, bool throwIfNull)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(serverName, enclaveAttestationUrl, out sqlEnclaveSession, out counter);
if (throwIfNull && sqlEnclaveSession == null)
{
throw SQL.NullEnclaveSessionDuringQueryExecution(enclaveType, enclaveAttestationUrl);
}
}
private void GetEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, bool generateCustomData, out SqlEnclaveSession sqlEnclaveSession, out long counter, out byte[] customData, out int customDataLength, bool throwIfNull)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(enclaveSessionParameters, generateCustomData, out sqlEnclaveSession, out counter, out customData, out customDataLength);
if (throwIfNull && sqlEnclaveSession == null)
{
throw SQL.NullEnclaveSessionDuringQueryExecution(enclaveType, enclaveSessionParameters.AttestationUrl);
}
}
public void TestSqlConnectionStringBuilderAttestationProtocol(SqlConnectionAttestationProtocol protocol)
{
SqlConnectionStringBuilder connectionStringBuilder = new SqlConnectionStringBuilder();
connectionStringBuilder.DataSource = @"localhost";
// Modify value.
connectionStringBuilder.AttestationProtocol = protocol;
//Create a connection object with the above builder and verify the expected value.
VerifyAttestationProtocol(connectionStringBuilder, protocol);
}
// This c-tor is used to create SSE and user instance connection strings when user instance is set to true
// BUG (VSTFDevDiv) 479687: Using TransactionScope with Linq2SQL against user instances fails with "connection has been broken" message
internal SqlConnectionString(SqlConnectionString connectionOptions, string dataSource, bool userInstance, bool?setEnlistValue) : base(connectionOptions)
{
_integratedSecurity = connectionOptions._integratedSecurity;
_encrypt = connectionOptions._encrypt;
_tdss = connectionOptions._tdss;
if (setEnlistValue.HasValue)
{
_enlist = setEnlistValue.Value;
}
else
{
_enlist = connectionOptions._enlist;
}
_mars = connectionOptions._mars;
_persistSecurityInfo = connectionOptions._persistSecurityInfo;
_pooling = connectionOptions._pooling;
_replication = connectionOptions._replication;
_userInstance = userInstance;
_commandTimeout = connectionOptions._commandTimeout;
_connectTimeout = connectionOptions._connectTimeout;
_loadBalanceTimeout = connectionOptions._loadBalanceTimeout;
#if NETCOREAPP
_poolBlockingPeriod = connectionOptions._poolBlockingPeriod;
#endif
_maxPoolSize = connectionOptions._maxPoolSize;
_minPoolSize = connectionOptions._minPoolSize;
_multiSubnetFailover = connectionOptions._multiSubnetFailover;
_packetSize = connectionOptions._packetSize;
_applicationName = connectionOptions._applicationName;
_attachDBFileName = connectionOptions._attachDBFileName;
_currentLanguage = connectionOptions._currentLanguage;
_dataSource = dataSource;
_localDBInstance = LocalDBAPI.GetLocalDbInstanceNameFromServerName(_dataSource);
_failoverPartner = connectionOptions._failoverPartner;
_initialCatalog = connectionOptions._initialCatalog;
_password = connectionOptions._password;
_userID = connectionOptions._userID;
_workstationId = connectionOptions._workstationId;
_expandedAttachDBFilename = connectionOptions._expandedAttachDBFilename;
_typeSystemVersion = connectionOptions._typeSystemVersion;
_transactionBinding = connectionOptions._transactionBinding;
_applicationIntent = connectionOptions._applicationIntent;
_connectRetryCount = connectionOptions._connectRetryCount;
_connectRetryInterval = connectionOptions._connectRetryInterval;
_authType = connectionOptions._authType;
_columnEncryptionSetting = connectionOptions._columnEncryptionSetting;
_enclaveAttestationUrl = connectionOptions._enclaveAttestationUrl;
_attestationProtocol = connectionOptions._attestationProtocol;
ValidateValueLength(_dataSource, TdsEnums.MAXLEN_SERVERNAME, KEY.Data_Source);
}
/// <summary>
/// Verifies expected Attestation Protocol value for SqlConnectionColumnEncryptionSetting.
/// </summary>
/// <param name="connectionStringBuilder"></param>
/// <param name="expectedAttestationProtocol"></param>
private void VerifyAttestationProtocol(SqlConnectionStringBuilder connectionStringBuilder, SqlConnectionAttestationProtocol expectedAttestationProtocol)
{
string connectionString = connectionStringBuilder.ToString();
using (SqlConnection sqlConnection = new SqlConnection(connectionString))
{
SqlConnectionAttestationProtocol currentAttestationProtocol = (SqlConnectionAttestationProtocol)typeof(SqlConnection)
.GetProperty(@"AttestationProtocol", BindingFlags.Instance | BindingFlags.NonPublic)
.GetValue(sqlConnection);
Assert.Equal(expectedAttestationProtocol, currentAttestationProtocol);
}
}
private string ConvertAttestationProtocolToString(SqlConnectionAttestationProtocol attestationProtocol)
{
switch (attestationProtocol)
{
case SqlConnectionAttestationProtocol.AAS:
return("AAS");
case SqlConnectionAttestationProtocol.HGS:
return("HGS");
default:
return("NotSpecified");
}
}
internal static bool IsValidAttestationProtocol(SqlConnectionAttestationProtocol value)
{
#if ENCLAVE_SIMULATOR
Debug.Assert(Enum.GetNames(typeof(SqlConnectionAttestationProtocol)).Length == 4, "SqlConnectionAttestationProtocol enum has changed, update needed");
return(value == SqlConnectionAttestationProtocol.NotSpecified ||
value == SqlConnectionAttestationProtocol.HGS ||
value == SqlConnectionAttestationProtocol.AAS ||
value == SqlConnectionAttestationProtocol.SIM);
#else
Debug.Assert(Enum.GetNames(typeof(SqlConnectionAttestationProtocol)).Length == 3, "SqlConnectionAttestationProtocol enum has changed, update needed");
return(value == SqlConnectionAttestationProtocol.NotSpecified ||
value == SqlConnectionAttestationProtocol.HGS ||
value == SqlConnectionAttestationProtocol.AAS);
#endif
}
public void TestSqlConnectionStringBuilderRemove(SqlConnectionColumnEncryptionSetting sqlConnectionColumnEncryptionSetting)
{
SqlConnectionStringBuilder connectionStringBuilder = new SqlConnectionStringBuilder();
// Use the Add function to update the Column Encryption Setting in the dictionary.
connectionStringBuilder.Add(@"Column Encryption Setting", sqlConnectionColumnEncryptionSetting);
// Query the property to check if the above add was effective.
Assert.Equal(sqlConnectionColumnEncryptionSetting, connectionStringBuilder.ColumnEncryptionSetting);
// Use the Remove function to remove the Column Encryption Setting from the dictionary.
connectionStringBuilder.Remove(@"Column Encryption Setting");
// Query the property to check if the above add was effective.
object outputValue;
connectionStringBuilder.TryGetValue(@"Column Encryption Setting", out outputValue);
Assert.Equal(SqlConnectionColumnEncryptionSetting.Disabled, outputValue);
// Use the Add function to update the Enclave Attestation URL in the dictionary.
string url = "www.foo.com";
connectionStringBuilder.Add(@"Enclave Attestation Url", url);
// Query the property to check if the above add was effective.
Assert.Equal(url, connectionStringBuilder.EnclaveAttestationUrl);
// Use the Remove function to remove the Enclave Attestation URL from the dictionary.
connectionStringBuilder.Remove(@"Enclave Attestation Url");
// Query the property to check if the above remove was effective.
connectionStringBuilder.TryGetValue(@"Enclave Attestation Url", out outputValue);
Assert.Equal(string.Empty, outputValue);
// Use Add function to update the Attestation Protocol in the dictionary.
SqlConnectionAttestationProtocol protocol = SqlConnectionAttestationProtocol.AAS;
connectionStringBuilder.Add(@"Attestation Protocol", protocol);
// Query the property ti check if the above Add was effective.
Assert.Equal(protocol, connectionStringBuilder.AttestationProtocol);
// Use Remove function to remove the Attestation Protocol.
connectionStringBuilder.Remove(@"Attestation Protocol");
// Query the property to check if above Remove was effective.
Assert.Equal(SqlConnectionAttestationProtocol.NotSpecified, connectionStringBuilder.AttestationProtocol);
}
internal static string AttestationProtocolToString(SqlConnectionAttestationProtocol value)
{
Debug.Assert(IsValidAttestationProtocol(value), "value is not a valid attestation protocol");
switch (value)
{
case SqlConnectionAttestationProtocol.HGS:
return(AttestationProtocolHGS);
case SqlConnectionAttestationProtocol.AAS:
return(AttestationProtocolAAS);
default:
return(null);
}
}
private string ConvertAttestationProtocolToString(SqlConnectionAttestationProtocol attestationProtocol)
{
switch (attestationProtocol)
{
case SqlConnectionAttestationProtocol.AAS:
return("AAS");
case SqlConnectionAttestationProtocol.HGS:
return("HGS");
#if ENCLAVE_SIMULATOR
case SqlConnectionAttestationProtocol.SIM:
return("SIM");
#endif
default:
return("NotSpecified");
}
}
private SqlColumnEncryptionEnclaveProvider GetEnclaveProvider(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType)
{
if (!s_enclaveProviders.TryGetValue(attestationProtocol, out SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider))
{
switch (attestationProtocol)
{
case SqlConnectionAttestationProtocol.AAS:
AzureAttestationEnclaveProvider azureAttestationEnclaveProvider = new AzureAttestationEnclaveProvider();
s_enclaveProviders[attestationProtocol] = azureAttestationEnclaveProvider;
sqlColumnEncryptionEnclaveProvider = s_enclaveProviders[attestationProtocol];
break;
case SqlConnectionAttestationProtocol.HGS:
HostGuardianServiceEnclaveProvider hostGuardianServiceEnclaveProvider = new HostGuardianServiceEnclaveProvider();
s_enclaveProviders[attestationProtocol] = hostGuardianServiceEnclaveProvider;
sqlColumnEncryptionEnclaveProvider = s_enclaveProviders[attestationProtocol];
break;
#if ENCLAVE_SIMULATOR
case SqlConnectionAttestationProtocol.SIM:
SimulatorEnclaveProvider simulatorEnclaveProvider = new SimulatorEnclaveProvider();
s_enclaveProviders[attestationProtocol] = (SqlColumnEncryptionEnclaveProvider)simulatorEnclaveProvider;
sqlColumnEncryptionEnclaveProvider = s_enclaveProviders[attestationProtocol];
break;
#endif
default:
break;
}
}
if (sqlColumnEncryptionEnclaveProvider == null)
{
throw SQL.EnclaveProviderNotFound(enclaveType, ConvertAttestationProtocolToString(attestationProtocol));
}
return(sqlColumnEncryptionEnclaveProvider);
}
/// <summary>
/// Create a new enclave session
/// </summary>
/// <param name="attestationProtocol">attestation protocol</param>
/// <param name="enclaveType">enclave type</param>
/// <param name="enclaveSessionParameters">The set of parameters required for enclave session.</param>
/// <param name="attestationInfo">attestation info from SQL Server</param>
/// <param name="attestationParameters">attestation parameters</param>
/// <param name="customData">A set of extra data needed for attestating the enclave.</param>
/// <param name="customDataLength">The length of the extra data needed for attestating the enclave.</param>
internal void CreateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters,
byte[] attestationInfo, SqlEnclaveAttestationParameters attestationParameters, byte[] customData, int customDataLength)
{
lock (_lock)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(
enclaveSessionParameters,
generateCustomData: false,
sqlEnclaveSession: out SqlEnclaveSession sqlEnclaveSession,
counter: out _,
customData: out _,
customDataLength: out _
);
if (sqlEnclaveSession != null)
{
return;
}
sqlColumnEncryptionEnclaveProvider.CreateEnclaveSession(
attestationInfo,
attestationParameters.ClientDiffieHellmanKey,
enclaveSessionParameters,
customData,
customDataLength,
out sqlEnclaveSession,
counter: out _
);
if (sqlEnclaveSession == null)
{
throw SQL.NullEnclaveSessionReturnedFromProvider(enclaveType, enclaveSessionParameters.AttestationUrl);
}
}
}
internal SqlEnclaveAttestationParameters GetAttestationParameters(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string attestationUrl, byte[] customData, int customDataLength)
{
throw new PlatformNotSupportedException();
}
internal void InvalidateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, SqlEnclaveSession enclaveSession)
{
throw new PlatformNotSupportedException();
}
internal EnclavePackage GenerateEnclavePackage(SqlConnectionAttestationProtocol attestationProtocol, Dictionary <int, SqlTceCipherInfoEntry> keysTobeSentToEnclave, string queryText, string enclaveType, EnclaveSessionParameters enclaveSessionParameters)
{
throw new PlatformNotSupportedException();
}
internal void GetEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, bool generateCustomData, out SqlEnclaveSession sqlEnclaveSession, out byte[] customData, out int customDataLength)
{
throw new PlatformNotSupportedException();
}
/// <summary>
/// Create a new enclave session
/// </summary>
/// <param name="attestationProtocol">attestation protocol</param>
/// <param name="enclaveType">enclave type</param>
/// <param name="enclaveSessionParameters">The set of parameters required for enclave session.</param>
/// <param name="attestationInfo">attestation info from SQL Server</param>
/// <param name="attestationParameters">attestation parameters</param>
/// <param name="customData">A set of extra data needed for attestating the enclave.</param>
/// <param name="customDataLength">The length of the extra data needed for attestating the enclave.</param>
internal void CreateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters,
byte[] attestationInfo, SqlEnclaveAttestationParameters attestationParameters, byte[] customData, int customDataLength)
{
throw new PlatformNotSupportedException();
}
private readonly string _expandedAttachDBFilename; // expanded during construction so that CreatePermissionSet & Expand are consistent
internal SqlConnectionString(string connectionString) : base(connectionString, GetParseSynonyms())
{
ThrowUnsupportedIfKeywordSet(KEY.AsynchronousProcessing);
ThrowUnsupportedIfKeywordSet(KEY.Connection_Reset);
ThrowUnsupportedIfKeywordSet(KEY.Context_Connection);
// Network Library has its own special error message
if (ContainsKey(KEY.Network_Library))
{
throw SQL.NetworkLibraryKeywordNotSupported();
}
_integratedSecurity = ConvertValueToIntegratedSecurity();
#if netcoreapp
_poolBlockingPeriod = ConvertValueToPoolBlockingPeriod();
#endif
_encrypt = ConvertValueToBoolean(KEY.Encrypt, DEFAULT.Encrypt);
_enlist = ConvertValueToBoolean(KEY.Enlist, DEFAULT.Enlist);
_mars = ConvertValueToBoolean(KEY.MARS, DEFAULT.MARS);
_persistSecurityInfo = ConvertValueToBoolean(KEY.Persist_Security_Info, DEFAULT.Persist_Security_Info);
_pooling = ConvertValueToBoolean(KEY.Pooling, DEFAULT.Pooling);
_replication = ConvertValueToBoolean(KEY.Replication, DEFAULT.Replication);
_userInstance = ConvertValueToBoolean(KEY.User_Instance, DEFAULT.User_Instance);
_multiSubnetFailover = ConvertValueToBoolean(KEY.MultiSubnetFailover, DEFAULT.MultiSubnetFailover);
_connectTimeout = ConvertValueToInt32(KEY.Connect_Timeout, DEFAULT.Connect_Timeout);
_loadBalanceTimeout = ConvertValueToInt32(KEY.Load_Balance_Timeout, DEFAULT.Load_Balance_Timeout);
_maxPoolSize = ConvertValueToInt32(KEY.Max_Pool_Size, DEFAULT.Max_Pool_Size);
_minPoolSize = ConvertValueToInt32(KEY.Min_Pool_Size, DEFAULT.Min_Pool_Size);
_packetSize = ConvertValueToInt32(KEY.Packet_Size, DEFAULT.Packet_Size);
_connectRetryCount = ConvertValueToInt32(KEY.Connect_Retry_Count, DEFAULT.Connect_Retry_Count);
_connectRetryInterval = ConvertValueToInt32(KEY.Connect_Retry_Interval, DEFAULT.Connect_Retry_Interval);
_applicationIntent = ConvertValueToApplicationIntent();
_applicationName = ConvertValueToString(KEY.Application_Name, DEFAULT.Application_Name);
_attachDBFileName = ConvertValueToString(KEY.AttachDBFilename, DEFAULT.AttachDBFilename);
_currentLanguage = ConvertValueToString(KEY.Current_Language, DEFAULT.Current_Language);
_dataSource = ConvertValueToString(KEY.Data_Source, DEFAULT.Data_Source);
_localDBInstance = LocalDBAPI.GetLocalDbInstanceNameFromServerName(_dataSource);
_failoverPartner = ConvertValueToString(KEY.FailoverPartner, DEFAULT.FailoverPartner);
_initialCatalog = ConvertValueToString(KEY.Initial_Catalog, DEFAULT.Initial_Catalog);
_password = ConvertValueToString(KEY.Password, DEFAULT.Password);
_trustServerCertificate = ConvertValueToBoolean(KEY.TrustServerCertificate, DEFAULT.TrustServerCertificate);
_authType = ConvertValueToAuthenticationType();
_columnEncryptionSetting = ConvertValueToColumnEncryptionSetting();
_enclaveAttestationUrl = ConvertValueToString(KEY.EnclaveAttestationUrl, DEFAULT.EnclaveAttestationUrl);
_attestationProtocol = ConvertValueToAttestationProtocol();
// Temporary string - this value is stored internally as an enum.
string typeSystemVersionString = ConvertValueToString(KEY.Type_System_Version, null);
string transactionBindingString = ConvertValueToString(KEY.TransactionBinding, null);
_userID = ConvertValueToString(KEY.User_ID, DEFAULT.User_ID);
_workstationId = ConvertValueToString(KEY.Workstation_Id, null);
if (_loadBalanceTimeout < 0)
{
throw ADP.InvalidConnectionOptionValue(KEY.Load_Balance_Timeout);
}
if (_connectTimeout < 0)
{
throw ADP.InvalidConnectionOptionValue(KEY.Connect_Timeout);
}
if (_maxPoolSize < 1)
{
throw ADP.InvalidConnectionOptionValue(KEY.Max_Pool_Size);
}
if (_minPoolSize < 0)
{
throw ADP.InvalidConnectionOptionValue(KEY.Min_Pool_Size);
}
if (_maxPoolSize < _minPoolSize)
{
throw ADP.InvalidMinMaxPoolSizeValues();
}
if ((_packetSize < TdsEnums.MIN_PACKET_SIZE) || (TdsEnums.MAX_PACKET_SIZE < _packetSize))
{
throw SQL.InvalidPacketSizeValue();
}
ValidateValueLength(_applicationName, TdsEnums.MAXLEN_APPNAME, KEY.Application_Name);
ValidateValueLength(_currentLanguage, TdsEnums.MAXLEN_LANGUAGE, KEY.Current_Language);
ValidateValueLength(_dataSource, TdsEnums.MAXLEN_SERVERNAME, KEY.Data_Source);
ValidateValueLength(_failoverPartner, TdsEnums.MAXLEN_SERVERNAME, KEY.FailoverPartner);
ValidateValueLength(_initialCatalog, TdsEnums.MAXLEN_DATABASE, KEY.Initial_Catalog);
ValidateValueLength(_password, TdsEnums.MAXLEN_CLIENTSECRET, KEY.Password);
ValidateValueLength(_userID, TdsEnums.MAXLEN_CLIENTID, KEY.User_ID);
if (null != _workstationId)
{
ValidateValueLength(_workstationId, TdsEnums.MAXLEN_HOSTNAME, KEY.Workstation_Id);
}
if (!string.Equals(DEFAULT.FailoverPartner, _failoverPartner, StringComparison.OrdinalIgnoreCase))
{
// fail-over partner is set
if (_multiSubnetFailover)
{
throw SQL.MultiSubnetFailoverWithFailoverPartner(serverProvidedFailoverPartner: false, internalConnection: null);
}
if (string.Equals(DEFAULT.Initial_Catalog, _initialCatalog, StringComparison.OrdinalIgnoreCase))
{
throw ADP.MissingConnectionOptionValue(KEY.FailoverPartner, KEY.Initial_Catalog);
}
}
// expand during construction so that CreatePermissionSet and Expand are consistent
_expandedAttachDBFilename = ExpandDataDirectory(KEY.AttachDBFilename, _attachDBFileName);
if (null != _expandedAttachDBFilename)
{
if (0 <= _expandedAttachDBFilename.IndexOf('|'))
{
throw ADP.InvalidConnectionOptionValue(KEY.AttachDBFilename);
}
ValidateValueLength(_expandedAttachDBFilename, TdsEnums.MAXLEN_ATTACHDBFILE, KEY.AttachDBFilename);
if (_localDBInstance == null)
{
// fail fast to verify LocalHost when using |DataDirectory|
// still must check again at connect time
string host = _dataSource;
VerifyLocalHostAndFixup(ref host, true, false /*don't fix-up*/);
}
}
else if (0 <= _attachDBFileName.IndexOf('|'))
{
throw ADP.InvalidConnectionOptionValue(KEY.AttachDBFilename);
}
else
{
ValidateValueLength(_attachDBFileName, TdsEnums.MAXLEN_ATTACHDBFILE, KEY.AttachDBFilename);
}
_typeSystemAssemblyVersion = constTypeSystemAsmVersion10;
if (true == _userInstance && !string.IsNullOrEmpty(_failoverPartner))
{
throw SQL.UserInstanceFailoverNotCompatible();
}
if (string.IsNullOrEmpty(typeSystemVersionString))
{
typeSystemVersionString = DbConnectionStringDefaults.TypeSystemVersion;
}
if (typeSystemVersionString.Equals(TYPESYSTEMVERSION.Latest, StringComparison.OrdinalIgnoreCase))
{
_typeSystemVersion = TypeSystem.Latest;
}
else if (typeSystemVersionString.Equals(TYPESYSTEMVERSION.SQL_Server_2000, StringComparison.OrdinalIgnoreCase))
{
_typeSystemVersion = TypeSystem.SQLServer2000;
}
else if (typeSystemVersionString.Equals(TYPESYSTEMVERSION.SQL_Server_2005, StringComparison.OrdinalIgnoreCase))
{
_typeSystemVersion = TypeSystem.SQLServer2005;
}
else if (typeSystemVersionString.Equals(TYPESYSTEMVERSION.SQL_Server_2008, StringComparison.OrdinalIgnoreCase))
{
_typeSystemVersion = TypeSystem.SQLServer2008;
}
else if (typeSystemVersionString.Equals(TYPESYSTEMVERSION.SQL_Server_2012, StringComparison.OrdinalIgnoreCase))
{
_typeSystemVersion = TypeSystem.SQLServer2012;
_typeSystemAssemblyVersion = constTypeSystemAsmVersion11;
}
else
{
throw ADP.InvalidConnectionOptionValue(KEY.Type_System_Version);
}
if (string.IsNullOrEmpty(transactionBindingString))
{
transactionBindingString = DbConnectionStringDefaults.TransactionBinding;
}
if (transactionBindingString.Equals(TRANSACTIONBINDING.ImplicitUnbind, StringComparison.OrdinalIgnoreCase))
{
_transactionBinding = TransactionBindingEnum.ImplicitUnbind;
}
else if (transactionBindingString.Equals(TRANSACTIONBINDING.ExplicitUnbind, StringComparison.OrdinalIgnoreCase))
{
_transactionBinding = TransactionBindingEnum.ExplicitUnbind;
}
else
{
throw ADP.InvalidConnectionOptionValue(KEY.TransactionBinding);
}
if (_applicationIntent == ApplicationIntent.ReadOnly && !string.IsNullOrEmpty(_failoverPartner))
{
throw SQL.ROR_FailoverNotSupportedConnString();
}
if ((_connectRetryCount < 0) || (_connectRetryCount > 255))
{
throw ADP.InvalidConnectRetryCountValue();
}
if ((_connectRetryInterval < 1) || (_connectRetryInterval > 60))
{
throw ADP.InvalidConnectRetryIntervalValue();
}
if (Authentication != SqlAuthenticationMethod.NotSpecified && _integratedSecurity == true)
{
throw SQL.AuthenticationAndIntegratedSecurity();
}
if (Authentication == SqlClient.SqlAuthenticationMethod.ActiveDirectoryIntegrated && HasPasswordKeyword)
{
throw SQL.IntegratedWithPassword();
}
if (Authentication == SqlAuthenticationMethod.ActiveDirectoryInteractive && HasPasswordKeyword)
{
throw SQL.InteractiveWithPassword();
}
if (Authentication == SqlAuthenticationMethod.ActiveDirectoryDeviceCodeFlow && (HasUserIdKeyword || HasPasswordKeyword))
{
throw SQL.DeviceFlowWithUsernamePassword();
}
}
internal void InvalidateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, SqlEnclaveSession enclaveSession)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
sqlColumnEncryptionEnclaveProvider.InvalidateEnclaveSession(enclaveSessionParameters, enclaveSession);
}
internal void GetEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, bool generateCustomData, out SqlEnclaveSession sqlEnclaveSession, out byte[] customData, out int customDataLength)
{
GetEnclaveSession(attestationProtocol, enclaveType, enclaveSessionParameters, generateCustomData, out sqlEnclaveSession, out _, out customData, out customDataLength, throwIfNull: false);
}
internal SqlEnclaveAttestationParameters GetAttestationParameters(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string attestationUrl, byte[] customData, int customDataLength)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
return(sqlColumnEncryptionEnclaveProvider.GetAttestationParameters(attestationUrl, customData, customDataLength));
}
