-
Notifications
You must be signed in to change notification settings - Fork 281
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge SqlColumnEncryptionCertificateStoreProvider #2521
Merge SqlColumnEncryptionCertificateStoreProvider #2521
Conversation
This also ports support for CNG keys from .NET to .NET Framework.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2521 +/- ##
==========================================
- Coverage 72.80% 72.66% -0.14%
==========================================
Files 311 310 -1
Lines 61709 61547 -162
==========================================
- Hits 44925 44724 -201
- Misses 16784 16823 +39
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Thank you @edwardneal. This looks good as it is. Just a minor request, while you are working on this, is it possible to address the warnings on SqlColumnEncryptionCertificateStoreProvider.Windows class? Constant names have name rule violation and instead of |
Thanks @JRahnama. The coding style changes were small enough that they don't leave the diff looking unreadable; I've rolled them into this PR for simplicity's sake. |
@David-Engel @JRahnama I think this is OK to merge. CI is green, no merge conflicts. Changes look good. |
* Updating Azure.Identity version to 1.11.3 (dotnet#2526) * Fix | Clone of SqlConnection should include AccessTokenCallback (dotnet#2525) * Enhancement | Add trace logs for packet size (dotnet#2522) * Merged PR 4583: eng | Fix policheck errors. Fix policheck errors. Sample pipeline run which did not have policheck errors: https://sqlclientdrivers.visualstudio.com/ADO.Net/_build/results?buildId=88114&view=sariftools.scans.build-tab Related work items: #30279 * Doc | Fix SNI dependencies of 5.1 and 5.2 release notes (dotnet#2537) * Change | Separate tests for NetFx and NetCore - NetFx-Only Connection String Properties (dotnet#2466) * Adding TransparentNetworkIpResolution to list of unsupported on platform connection string error messages Splitting unit test for netfx-only connection string properties such that test does not fail on netcore * Remove DeprecatedSynonymCount since referencing the unsupported array is not possible * Fix | Enhance certificate validation (dotnet#2487) * Hotfix v5.2.1 Release notes (dotnet#2534) * Improve AccessTokenCallback sample code (dotnet#2543) * Merged PR 4621: eng | Fix policheck * Fix | Adjust path for .AssemblyAttributes in obj folder (dotnet#2550) * Fix | Fixed GenerateSspiClientContext to retry negotiation with default port (dotnet#2559) * Strong typed diagnostics (dotnet#2226) * Fix | Replaced System.Runtime.Caching with Microsoft.Extensions.Caching.Memory (dotnet#2493) * Add | Add SourceLink translation (dotnet#2552) * Add | Cache TokenCredential objects to take advantage of token caching (dotnet#2380) * Merged common code base for SqlUtil.cs (dotnet#2533) * Add scope trace for GenerateSspiClientContext (dotnet#2497) * Address conflicts (dotnet#2562) * Addressing conflict (dotnet#2560) * Merge SqlColumnEncryptionCertificateStoreProvider (dotnet#2521) * Add | No-op if engineedition is 6 or 11 due to lack of support for ASSEMBLYPROPERTY function (dotnet#2593) * Change | Remove some unneeded references and update Azure.Identity (dotnet#2577) * Add test for issue 2456 (dotnet#2457) * Merged common code base for AlwaysEncryptedKeyConverter (dotnet#2538) * Merged AlwaysEncryptedKeyConverter.CrossPlatform and AlwaysEncryptedKeyConverter.Cng. * 3 Small Changes (dotnet#2594) * * Port sqlclientx datasource changes * Remove link to missing nuget.config file * Remove root namespaces from sqlclient csproj files * Test to see if namespace changes are breaking the pr build * Reinstate removing the root namespace and fix resource filename generation * Test fixes to accommodate recent infra changes (dotnet#2646) * Test fixes to accomodate recent infra changes * Fix - Don't error when using infinte connect timeout and Entra auth (dotnet#2651) * eng | Add delay signed to official builds (dotnet#2653) * eng | Initial YAML CI pipeline (dotnet#2575) * Fix | Fix decrypt failure to drain data (dotnet#2618) * [Scheduled Run] Localized resource files from OneLocBuild * eng | Add Delay sign to ref csprojs (dotnet#2684) * [Scheduled Run] Localized resource files from OneLocBuild * [Scheduled Run] Localized resource files from OneLocBuild --------- Co-authored-by: Javad Rahnama <v-jarahn@microsoft.com> Co-authored-by: David Engel <v-davidengel@microsoft.com> Co-authored-by: Aris Rellegue <v-arellegue@microsoft.com> Co-authored-by: DavoudEshtehari <61173489+DavoudEshtehari@users.noreply.github.com> Co-authored-by: Benjamin Russell <russellben@microsoft.com> Co-authored-by: Aris Rellegue <134557572+arellegue@users.noreply.github.com> Co-authored-by: dauinsight <145612907+dauinsight@users.noreply.github.com> Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com> Co-authored-by: Daniel Au <v-audaniel@microsoft.com> Co-authored-by: Wraith <wraith2@gmail.com> Co-authored-by: SqlClient Azure DevOps <sqlclient@microsoft.com> Co-authored-by: Edward Neal <55035479+edwardneal@users.noreply.github.com> Co-authored-by: Erik Ejlskov Jensen <ErikEJ@users.noreply.github.com> Co-authored-by: David Engel <davidengel@microsoft.com>
Contributes to #1261.
This sits alongside #2501, and ports the
SqlColumnEncryptionCertificateStoreProvider
class. Once again, this version uses the .NET approach ofSHA256.Create()
rather than the .NET Framework approach of constructing a newSHA256Cng
instance.I've separated this class from the other PR because of the slightly different implementation between .NET and .NET Framework. When the .NET Framework code performs encryption, generates signatures and validates signatures, it references the
PrivateKey
property and casts it to anRSACryptoServiceProvider
. The .NET code uses theGetRSAPrivateKey()
method and works with theRSA
base class instead. This means that the unmerged .NET Framework code can't use certificates with CNG keys; the post-merge implementation will be able to do so.