From 93f1996dccc8c5f356ffaf07a3721226d1533742 Mon Sep 17 00:00:00 2001 From: Johnny Pham Date: Thu, 10 Feb 2022 11:40:54 -0800 Subject: [PATCH 1/3] replace AlwaysEncryptedAttestationException --- .../src/Microsoft.Data.SqlClient.csproj | 3 --- .../Microsoft/Data/SqlClient/SqlCommand.cs | 5 ++-- .../src/Microsoft/Data/SqlClient/SqlUtil.cs | 19 +++++++++++++-- .../netfx/src/Microsoft.Data.SqlClient.csproj | 3 --- .../AlwaysEncryptedAttestationException.cs | 17 ------------- .../AzureAttestationBasedEnclaveProvider.cs | 24 +++++++++---------- .../NoneAttestationEnclaveProvider.cs | 2 +- .../VirtualSecureModeEnclaveProvider.cs | 2 +- .../VirtualSecureModeEnclaveProviderBase.cs | 6 ++--- 9 files changed, 36 insertions(+), 45 deletions(-) delete mode 100644 src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AlwaysEncryptedAttestationException.cs diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj index e1483a26a8..a01ff68827 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj @@ -468,9 +468,6 @@ - - Microsoft\Data\SqlClient\AlwaysEncryptedAttestationException.cs - Microsoft\Data\SqlClient\AlwaysEncryptedEnclaveProviderUtils.cs diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlCommand.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlCommand.cs index 93792a7b62..61b061610f 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlCommand.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlCommand.cs @@ -2015,10 +2015,9 @@ protected override DbDataReader ExecuteDbDataReader(CommandBehavior behavior) } catch (Exception ex) { - if (ex is SqlException) + if (ex is SqlException sqlException) { - SqlException exception = (SqlException)ex; - sqlExceptionNumber = exception.Number; + sqlExceptionNumber = sqlException.Number; } e = ex; diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlUtil.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlUtil.cs index 8e9039a6aa..6c9247b9ef 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlUtil.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlUtil.cs @@ -185,7 +185,7 @@ internal static void ContinueTaskWithState(Task task, completion.SetException(e); } } - }, + }, state: state, scheduler: TaskScheduler.Default ); @@ -228,7 +228,7 @@ internal static void SetTimeoutException(TaskCompletionSource completion } } - internal static void SetTimeoutExceptionWithState(TaskCompletionSource completion, int timeout, object state, Func onFailure, CancellationToken cancellationToken) + internal static void SetTimeoutExceptionWithState(TaskCompletionSource completion, int timeout, object state, Func onFailure, CancellationToken cancellationToken) { if (timeout > 0) { @@ -1643,6 +1643,21 @@ internal static Exception AttestationInfoNotReturnedFromSqlServer(string enclave { return ADP.Argument(StringsHelper.GetString(Strings.TCE_AttestationInfoNotReturnedFromSQLServer, enclaveType, enclaveAttestationUrl)); } + + internal static SqlException AttestationFailed(string errorMessage, Exception innerException = null) + { + SqlErrorCollection errors = new(); + errors.Add(new SqlError( + infoNumber: 0, + errorState: 0, + errorClass: 0, + server: null, + errorMessage, + procedure: string.Empty, + lineNumber: 0)); + return SqlException.CreateException(errors, serverVersion: string.Empty, Guid.Empty, innerException); + } + #endregion Always Encrypted - Errors when performing attestation #region Always Encrypted - Errors when establishing secure channel diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj index a4ecd51c67..85c5ff47b9 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj @@ -441,9 +441,6 @@ Microsoft\Data\SqlClient\Server\SmiTypedGetterSetter.cs - - Microsoft\Data\SqlClient\AlwaysEncryptedAttestationException.cs - Microsoft\Data\SqlClient\EnclaveProviderBase.cs diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AlwaysEncryptedAttestationException.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AlwaysEncryptedAttestationException.cs deleted file mode 100644 index cc652a2e1a..0000000000 --- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AlwaysEncryptedAttestationException.cs +++ /dev/null @@ -1,17 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -using System; - -namespace Microsoft.Data.SqlClient -{ - internal class AlwaysEncryptedAttestationException : Exception - { - public AlwaysEncryptedAttestationException(string message, Exception innerException) : base(message, innerException) { } - - public AlwaysEncryptedAttestationException(string message) : base(message) { } - - public AlwaysEncryptedAttestationException() : base() { } - } -} diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs index 0e891924fb..433347ef10 100644 --- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs +++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs @@ -109,7 +109,7 @@ internal override void CreateEnclaveSession(byte[] attestationInfo, ECDiffieHell } else { - throw new AlwaysEncryptedAttestationException(Strings.FailToCreateEnclaveSession); + throw SQL.AttestationFailed(Strings.FailToCreateEnclaveSession); } } } @@ -213,7 +213,7 @@ public AzureAttestationInfo(byte[] attestationInfo) } catch (Exception exception) { - throw new AlwaysEncryptedAttestationException(string.Format(Strings.FailToParseAttestationInfo, exception.Message)); + throw SQL.AttestationFailed(string.Format(Strings.FailToParseAttestationInfo, exception.Message)); } } } @@ -275,7 +275,7 @@ internal byte[] PrepareAttestationParameters(string attestationUrl, byte[] attes } else { - throw new AlwaysEncryptedAttestationException(Strings.FailToCreateEnclaveSession); + throw SQL.AttestationFailed(Strings.FailToCreateEnclaveSession); } } @@ -311,7 +311,7 @@ private void VerifyAzureAttestationInfo(string attestationUrl, EnclaveType encla if (!isSignatureValid) { - throw new AlwaysEncryptedAttestationException(string.Format(Strings.AttestationTokenSignatureValidationFailed, exceptionMessage)); + throw SQL.AttestationFailed(string.Format(Strings.AttestationTokenSignatureValidationFailed, exceptionMessage)); } // Validate claims in the token @@ -347,7 +347,7 @@ private OpenIdConnectConfiguration GetOpenIdConfigForSigningKeys(string url, boo } catch (Exception exception) { - throw new AlwaysEncryptedAttestationException(string.Format(Strings.GetAttestationTokenSigningKeysFailed, GetInnerMostExceptionMessage(exception)), exception); + throw SQL.AttestationFailed(string.Format(Strings.GetAttestationTokenSigningKeysFailed, GetInnerMostExceptionMessage(exception)), exception); } OpenIdConnectConfigurationCache.Add(url, openIdConnectConfig, DateTime.UtcNow.AddDays(1)); @@ -414,7 +414,7 @@ private bool VerifyTokenSignature(string attestationToken, string tokenIssuerUrl } catch (SecurityTokenExpiredException securityException) { - throw new AlwaysEncryptedAttestationException(Strings.ExpiredAttestationToken, securityException); + throw SQL.AttestationFailed(Strings.ExpiredAttestationToken, securityException); } catch (SecurityTokenValidationException securityTokenException) { @@ -426,7 +426,7 @@ private bool VerifyTokenSignature(string attestationToken, string tokenIssuerUrl } catch (Exception exception) { - throw new AlwaysEncryptedAttestationException(string.Format(Strings.InvalidAttestationToken, GetInnerMostExceptionMessage(exception))); + throw SQL.AttestationFailed(string.Format(Strings.InvalidAttestationToken, GetInnerMostExceptionMessage(exception))); } return isSignatureValid; @@ -445,7 +445,7 @@ private byte[] ComputeSHA256(byte[] data) } catch (Exception argumentException) { - throw new AlwaysEncryptedAttestationException(Strings.InvalidArgumentToSHA256, argumentException); + throw SQL.AttestationFailed(Strings.InvalidArgumentToSHA256, argumentException); } return result; } @@ -462,7 +462,7 @@ private void ValidateAttestationClaims(EnclaveType enclaveType, string attestati } catch (ArgumentException argumentException) { - throw new AlwaysEncryptedAttestationException(string.Format(Strings.FailToParseAttestationToken, argumentException.Message)); + throw SQL.AttestationFailed(string.Format(Strings.FailToParseAttestationToken, argumentException.Message)); } // Get all the claims from the token @@ -490,7 +490,7 @@ private void ValidateClaim(Dictionary claims, string claimName, bool hasClaim = claims.TryGetValue(claimName, out claimData); if (!hasClaim) { - throw new AlwaysEncryptedAttestationException(string.Format(Strings.MissingClaimInAttestationToken, claimName)); + throw SQL.AttestationFailed(string.Format(Strings.MissingClaimInAttestationToken, claimName)); } // Get the Base64Url of the actual data and compare it with claim @@ -501,13 +501,13 @@ private void ValidateClaim(Dictionary claims, string claimName, } catch (Exception) { - throw new AlwaysEncryptedAttestationException(Strings.InvalidArgumentToBase64UrlDecoder); + throw SQL.AttestationFailed(Strings.InvalidArgumentToBase64UrlDecoder); } bool hasValidClaim = string.Equals(encodedActualData, claimData, StringComparison.Ordinal); if (!hasValidClaim) { - throw new AlwaysEncryptedAttestationException(string.Format(Strings.InvalidClaimInAttestationToken, claimName, claimData)); + throw SQL.AttestationFailed(string.Format(Strings.InvalidClaimInAttestationToken, claimName, claimData)); } } diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/NoneAttestationEnclaveProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/NoneAttestationEnclaveProvider.cs index 599f8b5aa3..84aea73940 100644 --- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/NoneAttestationEnclaveProvider.cs +++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/NoneAttestationEnclaveProvider.cs @@ -83,7 +83,7 @@ internal override void CreateEnclaveSession(byte[] attestationInfo, ECDiffieHell if (sqlEnclaveSession is null) { - throw new AlwaysEncryptedAttestationException(Strings.FailToCreateEnclaveSession); + throw SQL.AttestationFailed(Strings.FailToCreateEnclaveSession); } } } diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProvider.cs index fa86cd7954..1ef8541721 100644 --- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProvider.cs +++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProvider.cs @@ -81,7 +81,7 @@ protected override byte[] MakeRequest(string url) } } - throw new AlwaysEncryptedAttestationException(String.Format(Strings.GetAttestationSigningCertificateRequestFailedFormat, url, exception.Message), exception); + throw SQL.AttestationFailed(string.Format(Strings.GetAttestationSigningCertificateRequestFailedFormat, url, exception.Message), exception); } #endregion diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs index 6c940e3749..c4b9987f01 100644 --- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs +++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs @@ -128,7 +128,7 @@ internal override void CreateEnclaveSession(byte[] attestationInfo, ECDiffieHell } else { - throw new AlwaysEncryptedAttestationException(Strings.FailToCreateEnclaveSession); + throw SQL.AttestationFailed(Strings.FailToCreateEnclaveSession); } } } @@ -173,7 +173,7 @@ private void VerifyAttestationInfo(string attestationUrl, HealthReport healthRep } else { - throw new AlwaysEncryptedAttestationException(String.Format(Strings.VerifyHealthCertificateChainFormat, attestationUrl, chainStatus)); + throw SQL.AttestationFailed(string.Format(Strings.VerifyHealthCertificateChainFormat, attestationUrl, chainStatus)); } } } while (shouldRetryValidation); @@ -205,7 +205,7 @@ private X509Certificate2Collection GetSigningCertificate(string attestationUrl, } catch (CryptographicException exception) { - throw new AlwaysEncryptedAttestationException(String.Format(Strings.GetAttestationSigningCertificateFailedInvalidCertificate, attestationUrl), exception); + throw SQL.AttestationFailed(string.Format(Strings.GetAttestationSigningCertificateFailedInvalidCertificate, attestationUrl), exception); } rootSigningCertificateCache.Add(attestationUrl, certificateCollection, DateTime.Now.AddDays(1)); From 33843f08123ccf4dd064e76ffcc07e4ffacacfa7 Mon Sep 17 00:00:00 2001 From: Johnny Pham Date: Fri, 11 Feb 2022 11:24:33 -0800 Subject: [PATCH 2/3] netx sqlutil --- .../src/Microsoft/Data/SqlClient/SqlUtil.cs | 74 ++++++++++++------- 1 file changed, 46 insertions(+), 28 deletions(-) diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlUtil.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlUtil.cs index 6c60e9e009..26f1e59fe2 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlUtil.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlUtil.cs @@ -108,13 +108,15 @@ internal static void ContinueTask(Task task, #if DEBUG TdsParser.ReliabilitySection tdsReliabilitySection = new TdsParser.ReliabilitySection(); RuntimeHelpers.PrepareConstrainedRegions(); - try { + try + { tdsReliabilitySection.Start(); #endif //DEBUG - onSuccess(); + onSuccess(); #if DEBUG } - finally { + finally + { tdsReliabilitySection.Stop(); } #endif //DEBUG @@ -300,7 +302,7 @@ internal static void ContinueTaskWithState(Task task, } } } - }, + }, state: state, scheduler: TaskScheduler.Default ); @@ -670,16 +672,17 @@ static internal ArgumentOutOfRangeException NotSupportedEnumerationValue(Type ty static internal ArgumentOutOfRangeException NotSupportedCommandType(CommandType value) { #if DEBUG - switch(value) { - case CommandType.Text: - case CommandType.StoredProcedure: - Debug.Fail("valid CommandType " + value.ToString()); - break; - case CommandType.TableDirect: - break; - default: - Debug.Fail("invalid CommandType " + value.ToString()); - break; + switch (value) + { + case CommandType.Text: + case CommandType.StoredProcedure: + Debug.Fail("valid CommandType " + value.ToString()); + break; + case CommandType.TableDirect: + break; + default: + Debug.Fail("invalid CommandType " + value.ToString()); + break; } #endif return NotSupportedEnumerationValue(typeof(CommandType), (int)value); @@ -687,20 +690,21 @@ static internal ArgumentOutOfRangeException NotSupportedCommandType(CommandType static internal ArgumentOutOfRangeException NotSupportedIsolationLevel(IsolationLevel value) { #if DEBUG - switch(value) { - case IsolationLevel.Unspecified: - case IsolationLevel.ReadCommitted: - case IsolationLevel.ReadUncommitted: - case IsolationLevel.RepeatableRead: - case IsolationLevel.Serializable: - case IsolationLevel.Snapshot: - Debug.Fail("valid IsolationLevel " + value.ToString()); - break; - case IsolationLevel.Chaos: - break; - default: - Debug.Fail("invalid IsolationLevel " + value.ToString()); - break; + switch (value) + { + case IsolationLevel.Unspecified: + case IsolationLevel.ReadCommitted: + case IsolationLevel.ReadUncommitted: + case IsolationLevel.RepeatableRead: + case IsolationLevel.Serializable: + case IsolationLevel.Snapshot: + Debug.Fail("valid IsolationLevel " + value.ToString()); + break; + case IsolationLevel.Chaos: + break; + default: + Debug.Fail("invalid IsolationLevel " + value.ToString()); + break; } #endif return NotSupportedEnumerationValue(typeof(IsolationLevel), (int)value); @@ -1763,6 +1767,20 @@ static internal Exception ColumnEncryptionKeysNotFound() return ADP.Argument(StringsHelper.GetString(Strings.TCE_ColumnEncryptionKeysNotFound)); } + internal static SqlException AttestationFailed(string errorMessage, Exception innerException = null) + { + SqlErrorCollection errors = new(); + errors.Add(new SqlError( + infoNumber: 0, + errorState: 0, + errorClass: 0, + server: null, + errorMessage, + procedure: string.Empty, + lineNumber: 0)); + return SqlException.CreateException(errors, serverVersion: string.Empty, Guid.Empty, innerException); + } + // // TCE - Errors when performing attestation // From aa8bb94e84ce679043eca361105dda9c946e60e0 Mon Sep 17 00:00:00 2001 From: Johnny Pham Date: Wed, 16 Mar 2022 13:29:14 -0700 Subject: [PATCH 3/3] Update Microsoft.Data.SqlClient.csproj --- .../netfx/src/Microsoft.Data.SqlClient.csproj | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj index 3c6329890a..fbb15dc375 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj @@ -167,9 +167,6 @@ Microsoft\Data\SqlClient\ActiveDirectoryAuthenticationProvider.cs - - Microsoft\Data\SqlClient\AlwaysEncryptedAttestationException.cs - Microsoft\Data\SqlClient\AlwaysEncryptedEnclaveProviderUtils.cs