Merge SqlColumnEncryptionCertificateStoreProvider #2521
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This also ports support for CNG keys from .NET to .NET Framework.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2521 +/- ##
==========================================
- Coverage 72.80% 72.66% -0.14%
==========================================
Files 311 310 -1
Lines 61709 61547 -162
==========================================
- Hits 44925 44724 -201
- Misses 16784 16823 +39
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
Thank you @edwardneal. This looks good as it is. Just a minor request, while you are working on this, is it possible to address the warnings on SqlColumnEncryptionCertificateStoreProvider.Windows class? Constant names have name rule violation and instead of |
|
Thanks @JRahnama. The coding style changes were small enough that they don't leave the diff looking unreadable; I've rolled them into this PR for simplicity's sake. |
David-Engel
approved these changes
May 28, 2024
saurabh500
approved these changes
Jun 25, 2024
|
@David-Engel @JRahnama I think this is OK to merge. CI is green, no merge conflicts. Changes look good. |
deepaksa1
added a commit
to deepaksa1/SqlClient
that referenced
this pull request
Jul 22, 2024
* Updating Azure.Identity version to 1.11.3 (dotnet#2526) * Fix | Clone of SqlConnection should include AccessTokenCallback (dotnet#2525) * Enhancement | Add trace logs for packet size (dotnet#2522) * Merged PR 4583: eng | Fix policheck errors. Fix policheck errors. Sample pipeline run which did not have policheck errors: https://sqlclientdrivers.visualstudio.com/ADO.Net/_build/results?buildId=88114&view=sariftools.scans.build-tab Related work items: #30279 * Doc | Fix SNI dependencies of 5.1 and 5.2 release notes (dotnet#2537) * Change | Separate tests for NetFx and NetCore - NetFx-Only Connection String Properties (dotnet#2466) * Adding TransparentNetworkIpResolution to list of unsupported on platform connection string error messages Splitting unit test for netfx-only connection string properties such that test does not fail on netcore * Remove DeprecatedSynonymCount since referencing the unsupported array is not possible * Fix | Enhance certificate validation (dotnet#2487) * Hotfix v5.2.1 Release notes (dotnet#2534) * Improve AccessTokenCallback sample code (dotnet#2543) * Merged PR 4621: eng | Fix policheck * Fix | Adjust path for .AssemblyAttributes in obj folder (dotnet#2550) * Fix | Fixed GenerateSspiClientContext to retry negotiation with default port (dotnet#2559) * Strong typed diagnostics (dotnet#2226) * Fix | Replaced System.Runtime.Caching with Microsoft.Extensions.Caching.Memory (dotnet#2493) * Add | Add SourceLink translation (dotnet#2552) * Add | Cache TokenCredential objects to take advantage of token caching (dotnet#2380) * Merged common code base for SqlUtil.cs (dotnet#2533) * Add scope trace for GenerateSspiClientContext (dotnet#2497) * Address conflicts (dotnet#2562) * Addressing conflict (dotnet#2560) * Merge SqlColumnEncryptionCertificateStoreProvider (dotnet#2521) * Add | No-op if engineedition is 6 or 11 due to lack of support for ASSEMBLYPROPERTY function (dotnet#2593) * Change | Remove some unneeded references and update Azure.Identity (dotnet#2577) * Add test for issue 2456 (dotnet#2457) * Merged common code base for AlwaysEncryptedKeyConverter (dotnet#2538) * Merged AlwaysEncryptedKeyConverter.CrossPlatform and AlwaysEncryptedKeyConverter.Cng. * 3 Small Changes (dotnet#2594) * * Port sqlclientx datasource changes * Remove link to missing nuget.config file * Remove root namespaces from sqlclient csproj files * Test to see if namespace changes are breaking the pr build * Reinstate removing the root namespace and fix resource filename generation * Test fixes to accommodate recent infra changes (dotnet#2646) * Test fixes to accomodate recent infra changes * Fix - Don't error when using infinte connect timeout and Entra auth (dotnet#2651) * eng | Add delay signed to official builds (dotnet#2653) * eng | Initial YAML CI pipeline (dotnet#2575) * Fix | Fix decrypt failure to drain data (dotnet#2618) * [Scheduled Run] Localized resource files from OneLocBuild * eng | Add Delay sign to ref csprojs (dotnet#2684) * [Scheduled Run] Localized resource files from OneLocBuild * [Scheduled Run] Localized resource files from OneLocBuild --------- Co-authored-by: Javad Rahnama <v-jarahn@microsoft.com> Co-authored-by: David Engel <v-davidengel@microsoft.com> Co-authored-by: Aris Rellegue <v-arellegue@microsoft.com> Co-authored-by: DavoudEshtehari <61173489+DavoudEshtehari@users.noreply.github.com> Co-authored-by: Benjamin Russell <russellben@microsoft.com> Co-authored-by: Aris Rellegue <134557572+arellegue@users.noreply.github.com> Co-authored-by: dauinsight <145612907+dauinsight@users.noreply.github.com> Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com> Co-authored-by: Daniel Au <v-audaniel@microsoft.com> Co-authored-by: Wraith <wraith2@gmail.com> Co-authored-by: SqlClient Azure DevOps <sqlclient@microsoft.com> Co-authored-by: Edward Neal <55035479+edwardneal@users.noreply.github.com> Co-authored-by: Erik Ejlskov Jensen <ErikEJ@users.noreply.github.com> Co-authored-by: David Engel <davidengel@microsoft.com>
edwardneal
deleted the
issue-1261-certificate-column-encryption-provider
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contributes to #1261.
This sits alongside #2501, and ports the
SqlColumnEncryptionCertificateStoreProviderclass. Once again, this version uses the .NET approach ofSHA256.Create()rather than the .NET Framework approach of constructing a newSHA256Cnginstance.I've separated this class from the other PR because of the slightly different implementation between .NET and .NET Framework. When the .NET Framework code performs encryption, generates signatures and validates signatures, it references the
PrivateKeyproperty and casts it to anRSACryptoServiceProvider. The .NET code uses theGetRSAPrivateKey()method and works with theRSAbase class instead. This means that the unmerged .NET Framework code can't use certificates with CNG keys; the post-merge implementation will be able to do so.