Replace AlwaysEncryptedAttestationException with SqlException

src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj

@@ -505,9 +505,6 @@
  <Compile Include="Microsoft\Data\SqlClient\TdsParser.NetStandard.cs" />
  </ItemGroup>
  <ItemGroup Condition="'$(OSGroup)' != 'AnyOS' AND '$(TargetFramework)' != 'netstandard2.0'">
- <Compile Include="..\..\src\Microsoft\Data\SqlClient\AlwaysEncryptedAttestationException.cs">
- <Link>Microsoft\Data\SqlClient\AlwaysEncryptedAttestationException.cs</Link>
- </Compile>
  <Compile Include="..\..\src\Microsoft\Data\SqlClient\AlwaysEncryptedEnclaveProviderUtils.cs">
  <Link>Microsoft\Data\SqlClient\AlwaysEncryptedEnclaveProviderUtils.cs</Link>
  </Compile>

src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlCommand.cs

@@ -2015,10 +2015,9 @@ protected override DbDataReader ExecuteDbDataReader(CommandBehavior behavior)
  }
  catch (Exception ex)
  {
- if (ex is SqlException)
+ if (ex is SqlException sqlException)
  {
- SqlException exception = (SqlException)ex;
- sqlExceptionNumber = exception.Number;
+ sqlExceptionNumber = sqlException.Number;
  }
 
  e = ex;

src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlUtil.cs

@@ -185,7 +185,7 @@ internal static void ContinueTaskWithState(Task task,
  completion.SetException(e);
  }
  }
- }, 
+ },
  state: state,
  scheduler: TaskScheduler.Default
  );
@@ -228,7 +228,7 @@ internal static void SetTimeoutException(TaskCompletionSource<object> completion
  }
  }
 
- internal static void SetTimeoutExceptionWithState(TaskCompletionSource<object> completion, int timeout, object state, Func<object,Exception> onFailure, CancellationToken cancellationToken)
+ internal static void SetTimeoutExceptionWithState(TaskCompletionSource<object> completion, int timeout, object state, Func<object, Exception> onFailure, CancellationToken cancellationToken)
  {
  if (timeout > 0)
  {
@@ -1643,6 +1643,21 @@ internal static Exception AttestationInfoNotReturnedFromSqlServer(string enclave
  {
  return ADP.Argument(StringsHelper.GetString(Strings.TCE_AttestationInfoNotReturnedFromSQLServer, enclaveType, enclaveAttestationUrl));
  }
+
+ internal static SqlException AttestationFailed(string errorMessage, Exception innerException = null)
+ {
+ SqlErrorCollection errors = new();
+ errors.Add(new SqlError(
+ infoNumber: 0,
+ errorState: 0,
+ errorClass: 0,
+ server: null,
+ errorMessage,
+ procedure: string.Empty,
+ lineNumber: 0));
+ return SqlException.CreateException(errors, serverVersion: string.Empty, Guid.Empty, innerException);
+ }
+
  #endregion Always Encrypted - Errors when performing attestation
 
  #region Always Encrypted - Errors when establishing secure channel

src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj

@@ -167,9 +167,6 @@
  <Compile Include="..\..\src\Microsoft\Data\SqlClient\ActiveDirectoryAuthenticationProvider.cs">
  <Link>Microsoft\Data\SqlClient\ActiveDirectoryAuthenticationProvider.cs</Link>
  </Compile>
- <Compile Include="..\..\src\Microsoft\Data\SqlClient\AlwaysEncryptedAttestationException.cs">
- <Link>Microsoft\Data\SqlClient\AlwaysEncryptedAttestationException.cs</Link>
- </Compile>
  <Compile Include="..\..\src\Microsoft\Data\SqlClient\AlwaysEncryptedEnclaveProviderUtils.cs">
  <Link>Microsoft\Data\SqlClient\AlwaysEncryptedEnclaveProviderUtils.cs</Link>
  </Compile>
@@ -509,7 +506,7 @@
  <Compile Include="..\..\src\Microsoft\Data\SqlClient\SqlSequentialStream.cs">
  <Link>Microsoft\Data\SqlClient\SqlSequentialStream.cs</Link>
  </Compile>
-  <Compile Include="..\..\src\Microsoft\Data\SqlClient\SqlStream.cs">
+ <Compile Include="..\..\src\Microsoft\Data\SqlClient\SqlStream.cs">
  <Link>Microsoft\Data\SqlClient\SqlStream.cs</Link>
  </Compile>
  <Compile Include="..\..\src\Microsoft\Data\SqlClient\SqlStatistics.cs">

src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlUtil.cs

@@ -108,13 +108,15 @@ internal static void ContinueTask(Task task,
 #if DEBUG
  TdsParser.ReliabilitySection tdsReliabilitySection = new TdsParser.ReliabilitySection();
  RuntimeHelpers.PrepareConstrainedRegions();
- try {
+ try
+ {
  tdsReliabilitySection.Start();
 #endif //DEBUG
- onSuccess();
+  onSuccess();
 #if DEBUG
  }
- finally {
+ finally
+ {
  tdsReliabilitySection.Stop();
  }
 #endif //DEBUG
@@ -300,7 +302,7 @@ internal static void ContinueTaskWithState(Task task,
  }
  }
  }
- }, 
+ },
  state: state,
  scheduler: TaskScheduler.Default
  );
@@ -670,37 +672,39 @@ static internal ArgumentOutOfRangeException NotSupportedEnumerationValue(Type ty
  static internal ArgumentOutOfRangeException NotSupportedCommandType(CommandType value)
  {
 #if DEBUG
- switch(value) {
- case CommandType.Text:
- case CommandType.StoredProcedure:
- Debug.Fail("valid CommandType " + value.ToString());
- break;
- case CommandType.TableDirect:
- break;
- default:
- Debug.Fail("invalid CommandType " + value.ToString());
- break;
+ switch (value)
+ {
+ case CommandType.Text:
+ case CommandType.StoredProcedure:
+ Debug.Fail("valid CommandType " + value.ToString());
+ break;
+ case CommandType.TableDirect:
+ break;
+ default:
+ Debug.Fail("invalid CommandType " + value.ToString());
+ break;
  }
 #endif
  return NotSupportedEnumerationValue(typeof(CommandType), (int)value);
  }
  static internal ArgumentOutOfRangeException NotSupportedIsolationLevel(IsolationLevel value)
  {
 #if DEBUG
- switch(value) {
- case IsolationLevel.Unspecified:
- case IsolationLevel.ReadCommitted:
- case IsolationLevel.ReadUncommitted:
- case IsolationLevel.RepeatableRead:
- case IsolationLevel.Serializable:
- case IsolationLevel.Snapshot:
- Debug.Fail("valid IsolationLevel " + value.ToString());
- break;
- case IsolationLevel.Chaos:
- break;
- default:
- Debug.Fail("invalid IsolationLevel " + value.ToString());
- break;
+ switch (value)
+ {
+ case IsolationLevel.Unspecified:
+ case IsolationLevel.ReadCommitted:
+ case IsolationLevel.ReadUncommitted:
+ case IsolationLevel.RepeatableRead:
+ case IsolationLevel.Serializable:
+ case IsolationLevel.Snapshot:
+ Debug.Fail("valid IsolationLevel " + value.ToString());
+ break;
+ case IsolationLevel.Chaos:
+ break;
+ default:
+ Debug.Fail("invalid IsolationLevel " + value.ToString());
+ break;
  }
 #endif
  return NotSupportedEnumerationValue(typeof(IsolationLevel), (int)value);
@@ -1763,6 +1767,20 @@ static internal Exception ColumnEncryptionKeysNotFound()
  return ADP.Argument(StringsHelper.GetString(Strings.TCE_ColumnEncryptionKeysNotFound));
  }
 
+ internal static SqlException AttestationFailed(string errorMessage, Exception innerException = null)
+ {
+ SqlErrorCollection errors = new();
+ errors.Add(new SqlError(
+ infoNumber: 0,
+ errorState: 0,
+ errorClass: 0,
+ server: null,
+ errorMessage,
+ procedure: string.Empty,
+ lineNumber: 0));
+ return SqlException.CreateException(errors, serverVersion: string.Empty, Guid.Empty, innerException);
+ }
+
  //
  // TCE - Errors when performing attestation
  //

src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs

@@ -109,7 +109,7 @@ internal override void CreateEnclaveSession(byte[] attestationInfo, ECDiffieHell
  }
  else
  {
- throw new AlwaysEncryptedAttestationException(Strings.FailToCreateEnclaveSession);
+ throw SQL.AttestationFailed(Strings.FailToCreateEnclaveSession);
  }
  }
  }
@@ -213,7 +213,7 @@ public AzureAttestationInfo(byte[] attestationInfo)
  }
  catch (Exception exception)
  {
- throw new AlwaysEncryptedAttestationException(string.Format(Strings.FailToParseAttestationInfo, exception.Message));
+ throw SQL.AttestationFailed(string.Format(Strings.FailToParseAttestationInfo, exception.Message));
  }
  }
  }
@@ -275,7 +275,7 @@ internal byte[] PrepareAttestationParameters(string attestationUrl, byte[] attes
  }
  else
  {
- throw new AlwaysEncryptedAttestationException(Strings.FailToCreateEnclaveSession);
+ throw SQL.AttestationFailed(Strings.FailToCreateEnclaveSession);
  }
  }
 
@@ -311,7 +311,7 @@ private void VerifyAzureAttestationInfo(string attestationUrl, EnclaveType encla
 
  if (!isSignatureValid)
  {
- throw new AlwaysEncryptedAttestationException(string.Format(Strings.AttestationTokenSignatureValidationFailed, exceptionMessage));
+ throw SQL.AttestationFailed(string.Format(Strings.AttestationTokenSignatureValidationFailed, exceptionMessage));
  }
 
  // Validate claims in the token
@@ -347,7 +347,7 @@ private OpenIdConnectConfiguration GetOpenIdConfigForSigningKeys(string url, boo
  }
  catch (Exception exception)
  {
- throw new AlwaysEncryptedAttestationException(string.Format(Strings.GetAttestationTokenSigningKeysFailed, GetInnerMostExceptionMessage(exception)), exception);
+ throw SQL.AttestationFailed(string.Format(Strings.GetAttestationTokenSigningKeysFailed, GetInnerMostExceptionMessage(exception)), exception);
  }
 
  OpenIdConnectConfigurationCache.Add(url, openIdConnectConfig, DateTime.UtcNow.AddDays(1));
@@ -414,7 +414,7 @@ private bool VerifyTokenSignature(string attestationToken, string tokenIssuerUrl
  }
  catch (SecurityTokenExpiredException securityException)
  {
- throw new AlwaysEncryptedAttestationException(Strings.ExpiredAttestationToken, securityException);
+ throw SQL.AttestationFailed(Strings.ExpiredAttestationToken, securityException);
  }
  catch (SecurityTokenValidationException securityTokenException)
  {
@@ -426,7 +426,7 @@ private bool VerifyTokenSignature(string attestationToken, string tokenIssuerUrl
  }
  catch (Exception exception)
  {
- throw new AlwaysEncryptedAttestationException(string.Format(Strings.InvalidAttestationToken, GetInnerMostExceptionMessage(exception)));
+ throw SQL.AttestationFailed(string.Format(Strings.InvalidAttestationToken, GetInnerMostExceptionMessage(exception)));
  }
 
  return isSignatureValid;
@@ -445,7 +445,7 @@ private byte[] ComputeSHA256(byte[] data)
  }
  catch (Exception argumentException)
  {
- throw new AlwaysEncryptedAttestationException(Strings.InvalidArgumentToSHA256, argumentException);
+ throw SQL.AttestationFailed(Strings.InvalidArgumentToSHA256, argumentException);
  }
  return result;
  }
@@ -462,7 +462,7 @@ private void ValidateAttestationClaims(EnclaveType enclaveType, string attestati
  }
  catch (ArgumentException argumentException)
  {
- throw new AlwaysEncryptedAttestationException(string.Format(Strings.FailToParseAttestationToken, argumentException.Message));
+ throw SQL.AttestationFailed(string.Format(Strings.FailToParseAttestationToken, argumentException.Message));
  }
 
  // Get all the claims from the token
@@ -490,7 +490,7 @@ private void ValidateClaim(Dictionary<string, string> claims, string claimName,
  bool hasClaim = claims.TryGetValue(claimName, out claimData);
  if (!hasClaim)
  {
- throw new AlwaysEncryptedAttestationException(string.Format(Strings.MissingClaimInAttestationToken, claimName));
+ throw SQL.AttestationFailed(string.Format(Strings.MissingClaimInAttestationToken, claimName));
  }
 
  // Get the Base64Url of the actual data and compare it with claim
@@ -501,13 +501,13 @@ private void ValidateClaim(Dictionary<string, string> claims, string claimName,
  }
  catch (Exception)
  {
- throw new AlwaysEncryptedAttestationException(Strings.InvalidArgumentToBase64UrlDecoder);
+ throw SQL.AttestationFailed(Strings.InvalidArgumentToBase64UrlDecoder);
  }
 
  bool hasValidClaim = string.Equals(encodedActualData, claimData, StringComparison.Ordinal);
  if (!hasValidClaim)
  {
- throw new AlwaysEncryptedAttestationException(string.Format(Strings.InvalidClaimInAttestationToken, claimName, claimData));
+ throw SQL.AttestationFailed(string.Format(Strings.InvalidClaimInAttestationToken, claimName, claimData));
  }
  }
 

src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/NoneAttestationEnclaveProvider.cs

@@ -83,7 +83,7 @@ internal override void CreateEnclaveSession(byte[] attestationInfo, ECDiffieHell
 
  if (sqlEnclaveSession is null)
  {
- throw new AlwaysEncryptedAttestationException(Strings.FailToCreateEnclaveSession);
+ throw SQL.AttestationFailed(Strings.FailToCreateEnclaveSession);
  }
  }
  }

src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProvider.cs

@@ -81,7 +81,7 @@ protected override byte[] MakeRequest(string url)
  }
  }
 
- throw new AlwaysEncryptedAttestationException(String.Format(Strings.GetAttestationSigningCertificateRequestFailedFormat, url, exception.Message), exception);
+ throw SQL.AttestationFailed(string.Format(Strings.GetAttestationSigningCertificateRequestFailedFormat, url, exception.Message), exception);
  }
 
  #endregion

src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs

@@ -128,7 +128,7 @@ internal override void CreateEnclaveSession(byte[] attestationInfo, ECDiffieHell
  }
  else
  {
- throw new AlwaysEncryptedAttestationException(Strings.FailToCreateEnclaveSession);
+ throw SQL.AttestationFailed(Strings.FailToCreateEnclaveSession);
  }
  }
  }
@@ -173,7 +173,7 @@ private void VerifyAttestationInfo(string attestationUrl, HealthReport healthRep
  }
  else
  {
- throw new AlwaysEncryptedAttestationException(String.Format(Strings.VerifyHealthCertificateChainFormat, attestationUrl, chainStatus));
+ throw SQL.AttestationFailed(string.Format(Strings.VerifyHealthCertificateChainFormat, attestationUrl, chainStatus));
  }
  }
  } while (shouldRetryValidation);
@@ -205,7 +205,7 @@ private X509Certificate2Collection GetSigningCertificate(string attestationUrl,
  }
  catch (CryptographicException exception)
  {
- throw new AlwaysEncryptedAttestationException(String.Format(Strings.GetAttestationSigningCertificateFailedInvalidCertificate, attestationUrl), exception);
+ throw SQL.AttestationFailed(string.Format(Strings.GetAttestationSigningCertificateFailedInvalidCertificate, attestationUrl), exception);
  }
 
  rootSigningCertificateCache.Add(attestationUrl, certificateCollection, DateTime.Now.AddDays(1));