Skip to content

Test | Add lock when using ClearSqlConnectionGlobalProvidersk (#1461) #1735

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 30, 2022
Merged

Test | Add lock when using ClearSqlConnectionGlobalProvidersk (#1461) #1735

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 14 additions & 11 deletions ...SqlClient/tests/FunctionalTests/AlwaysEncryptedTests/ExceptionRegisterKeyStoreProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,21 +85,24 @@ public void TestEmptyProviderName()
[Fact]
public void TestCanSetGlobalProvidersOnlyOnce()
{
Utility.ClearSqlConnectionGlobalProviders();
lock (Utility.ClearSqlConnectionGlobalProvidersLock)
{
Utility.ClearSqlConnectionGlobalProviders();

IDictionary<string, SqlColumnEncryptionKeyStoreProvider> customProviders =
new Dictionary<string, SqlColumnEncryptionKeyStoreProvider>()
{
IDictionary<string, SqlColumnEncryptionKeyStoreProvider> customProviders =
new Dictionary<string, SqlColumnEncryptionKeyStoreProvider>()
{
{ DummyKeyStoreProvider.Name, new DummyKeyStoreProvider() }
};
SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders);
};
SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders);

InvalidOperationException e = Assert.Throws<InvalidOperationException>(
() => SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders));
string expectedMessage = SystemDataResourceManager.Instance.TCE_CanOnlyCallOnce;
Assert.Contains(expectedMessage, e.Message);
InvalidOperationException e = Assert.Throws<InvalidOperationException>(
() => SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders));
string expectedMessage = SystemDataResourceManager.Instance.TCE_CanOnlyCallOnce;
Assert.Contains(expectedMessage, e.Message);

Utility.ClearSqlConnectionGlobalProviders();
Utility.ClearSqlConnectionGlobalProviders();
}
}

[Fact]
Expand Down
74 changes: 40 additions & 34 deletions ...ft.Data.SqlClient/tests/FunctionalTests/AlwaysEncryptedTests/ExceptionsAlgorithmErrors.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ public void TestInvalidCipherText()
[PlatformSpecific(TestPlatforms.Windows)]
public void TestInvalidAlgorithmVersion()
{
string expectedMessage = string.Format(SystemDataResourceManager.Instance.TCE_InvalidAlgorithmVersion,
string expectedMessage = string.Format(SystemDataResourceManager.Instance.TCE_InvalidAlgorithmVersion,
40, "01");
byte[] plainText = Encoding.Unicode.GetBytes("Hello World");
byte[] cipherText = EncryptDataUsingAED(plainText, CertFixture.cek, CColumnEncryptionType.Deterministic);
Expand Down Expand Up @@ -112,7 +112,7 @@ public void TestInvalidAuthenticationTag()
[PlatformSpecific(TestPlatforms.Windows)]
public void TestNullColumnEncryptionAlgorithm()
{
string expectedMessage = string.Format(SystemDataResourceManager.Instance.TCE_NullColumnEncryptionAlgorithm,
string expectedMessage = string.Format(SystemDataResourceManager.Instance.TCE_NullColumnEncryptionAlgorithm,
"'AEAD_AES_256_CBC_HMAC_SHA256'");
Object cipherMD = GetSqlCipherMetadata(0, 0, null, 1, 0x01);
AddEncryptionKeyToCipherMD(cipherMD, CertFixture.encryptedCek, 0, 0, 0, new byte[] { 0x01, 0x02, 0x03 }, CertFixture.certificatePath, "MSSQL_CERTIFICATE_STORE", "RSA_OAEP");
Expand Down Expand Up @@ -148,32 +148,35 @@ public void TestUnknownEncryptionAlgorithmId()
[PlatformSpecific(TestPlatforms.Windows)]
public void TestUnknownCustomKeyStoreProvider()
{
// Clear out the existing providers (to ensure test reliability)
ClearSqlConnectionGlobalProviders();

const string invalidProviderName = "Dummy_Provider";
string expectedMessage = string.Format(SystemDataResourceManager.Instance.TCE_UnrecognizedKeyStoreProviderName,
invalidProviderName, "'MSSQL_CERTIFICATE_STORE', 'MSSQL_CNG_STORE', 'MSSQL_CSP_PROVIDER'", "");
Object cipherMD = GetSqlCipherMetadata(0, 1, null, 1, 0x03);
AddEncryptionKeyToCipherMD(cipherMD, CertFixture.encryptedCek, 0, 0, 0, new byte[] { 0x01, 0x02, 0x03 }, CertFixture.certificatePath, invalidProviderName, "RSA_OAEP");
byte[] plainText = Encoding.Unicode.GetBytes("HelloWorld");
byte[] cipherText = EncryptDataUsingAED(plainText, CertFixture.cek, CColumnEncryptionType.Deterministic);
lock (Utility.ClearSqlConnectionGlobalProvidersLock)
{
// Clear out the existing providers (to ensure test reliability)
ClearSqlConnectionGlobalProviders();

Exception decryptEx = Assert.Throws<TargetInvocationException>(() => DecryptWithKey(plainText, cipherMD));
Assert.Contains(expectedMessage, decryptEx.InnerException.Message);
const string invalidProviderName = "Dummy_Provider";
string expectedMessage = string.Format(SystemDataResourceManager.Instance.TCE_UnrecognizedKeyStoreProviderName,
invalidProviderName, "'MSSQL_CERTIFICATE_STORE', 'MSSQL_CNG_STORE', 'MSSQL_CSP_PROVIDER'", "");
Object cipherMD = GetSqlCipherMetadata(0, 1, null, 1, 0x03);
AddEncryptionKeyToCipherMD(cipherMD, CertFixture.encryptedCek, 0, 0, 0, new byte[] { 0x01, 0x02, 0x03 }, CertFixture.certificatePath, invalidProviderName, "RSA_OAEP");
byte[] plainText = Encoding.Unicode.GetBytes("HelloWorld");
byte[] cipherText = EncryptDataUsingAED(plainText, CertFixture.cek, CColumnEncryptionType.Deterministic);

Exception encryptEx = Assert.Throws<TargetInvocationException>(() => EncryptWithKey(plainText, cipherMD));
Assert.Contains(expectedMessage, encryptEx.InnerException.Message);
Exception decryptEx = Assert.Throws<TargetInvocationException>(() => DecryptWithKey(plainText, cipherMD));
Assert.Contains(expectedMessage, decryptEx.InnerException.Message);

Exception encryptEx = Assert.Throws<TargetInvocationException>(() => EncryptWithKey(plainText, cipherMD));
Assert.Contains(expectedMessage, encryptEx.InnerException.Message);

ClearSqlConnectionGlobalProviders();
ClearSqlConnectionGlobalProviders();
}
}

[Fact]
[PlatformSpecific(TestPlatforms.Windows)]
public void TestTceUnknownEncryptionAlgorithm()
{
const string unknownEncryptionAlgorithm = "Dummy";
string expectedMessage = string.Format(SystemDataResourceManager.Instance.TCE_UnknownColumnEncryptionAlgorithm,
string expectedMessage = string.Format(SystemDataResourceManager.Instance.TCE_UnknownColumnEncryptionAlgorithm,
unknownEncryptionAlgorithm, "'AEAD_AES_256_CBC_HMAC_SHA256'");
Object cipherMD = GetSqlCipherMetadata(0, 0, "Dummy", 1, 0x01);
AddEncryptionKeyToCipherMD(cipherMD, CertFixture.encryptedCek, 0, 0, 0, new byte[] { 0x01, 0x02, 0x03 }, CertFixture.certificatePath, "MSSQL_CERTIFICATE_STORE", "RSA_OAEP");
Expand All @@ -193,7 +196,7 @@ public void TestExceptionsFromCertStore()
{
byte[] corruptedCek = GenerateInvalidEncryptedCek(CertFixture.cek, ECEKCorruption.SIGNATURE);

string expectedMessage = string.Format(SystemDataResourceManager.Instance.TCE_KeyDecryptionFailedCertStore,
string expectedMessage = string.Format(SystemDataResourceManager.Instance.TCE_KeyDecryptionFailedCertStore,
"MSSQL_CERTIFICATE_STORE", BitConverter.ToString(corruptedCek, corruptedCek.Length - 10, 10));

Object cipherMD = GetSqlCipherMetadata(0, 1, null, 1, 0x01);
Expand All @@ -209,27 +212,30 @@ public void TestExceptionsFromCertStore()
[PlatformSpecific(TestPlatforms.Windows)]
public void TestExceptionsFromCustomKeyStore()
{
string expectedMessage = "Failed to decrypt a column encryption key";
lock (Utility.ClearSqlConnectionGlobalProvidersLock)
{
string expectedMessage = "Failed to decrypt a column encryption key";

// Clear out the existing providers (to ensure test reliability)
ClearSqlConnectionGlobalProviders();
// Clear out the existing providers (to ensure test reliability)
ClearSqlConnectionGlobalProviders();

IDictionary<string, SqlColumnEncryptionKeyStoreProvider> customProviders = new Dictionary<string, SqlColumnEncryptionKeyStoreProvider>();
customProviders.Add(DummyKeyStoreProvider.Name, new DummyKeyStoreProvider());
SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders);
IDictionary<string, SqlColumnEncryptionKeyStoreProvider> customProviders = new Dictionary<string, SqlColumnEncryptionKeyStoreProvider>();
customProviders.Add(DummyKeyStoreProvider.Name, new DummyKeyStoreProvider());
SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders);

object cipherMD = GetSqlCipherMetadata(0, 1, null, 1, 0x01);
AddEncryptionKeyToCipherMD(cipherMD, CertFixture.encryptedCek, 0, 0, 0, new byte[] { 0x01, 0x02, 0x03 }, CertFixture.certificatePath, "DummyProvider", "DummyAlgo");
byte[] plainText = Encoding.Unicode.GetBytes("HelloWorld");
byte[] cipherText = EncryptDataUsingAED(plainText, CertFixture.cek, CColumnEncryptionType.Deterministic);
object cipherMD = GetSqlCipherMetadata(0, 1, null, 1, 0x01);
AddEncryptionKeyToCipherMD(cipherMD, CertFixture.encryptedCek, 0, 0, 0, new byte[] { 0x01, 0x02, 0x03 }, CertFixture.certificatePath, "DummyProvider", "DummyAlgo");
byte[] plainText = Encoding.Unicode.GetBytes("HelloWorld");
byte[] cipherText = EncryptDataUsingAED(plainText, CertFixture.cek, CColumnEncryptionType.Deterministic);

Exception decryptEx = Assert.Throws<TargetInvocationException>(() => DecryptWithKey(cipherText, cipherMD));
Assert.Contains(expectedMessage, decryptEx.InnerException.Message);
Exception decryptEx = Assert.Throws<TargetInvocationException>(() => DecryptWithKey(cipherText, cipherMD));
Assert.Contains(expectedMessage, decryptEx.InnerException.Message);

Exception encryptEx = Assert.Throws<TargetInvocationException>(() => EncryptWithKey(cipherText, cipherMD));
Assert.Contains(expectedMessage, encryptEx.InnerException.Message);
Exception encryptEx = Assert.Throws<TargetInvocationException>(() => EncryptWithKey(cipherText, cipherMD));
Assert.Contains(expectedMessage, encryptEx.InnerException.Message);

ClearSqlConnectionGlobalProviders();
ClearSqlConnectionGlobalProviders();
}
}
}

Expand Down
97 changes: 44 additions & 53 deletions ...FunctionalTests/AlwaysEncryptedTests/SqlColumnEncryptionCertificateStoreProviderShould.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,11 +92,6 @@ public class SqlColumnEncryptionCertificateStoreProviderWindowsShould : IClassFi
/// </summary>
private const int CipherTextStartIndex = IVStartIndex + IVLengthInBytes;

/// <summary>
/// SetCustomColumnEncryptionKeyStoreProvider can be called only once in a process. To workaround that, we use this flag.
/// </summary>
private static bool s_testCustomEncryptioKeyStoreProviderExecutedOnce = false;

[Theory]
[InvalidDecryptionParameters]
[PlatformSpecific(TestPlatforms.Windows)]
Expand Down Expand Up @@ -326,55 +321,51 @@ public void TestAeadEncryptionReversal(string dataType, object data, Utility.CCo
[PlatformSpecific(TestPlatforms.Windows)]
public void TestCustomKeyProviderListSetter()
{
// SqlConnection.RegisterColumnEncryptionKeyStoreProviders can be called only once in a process.
// This is a workaround to ensure re-runnability of the test.
if (s_testCustomEncryptioKeyStoreProviderExecutedOnce)
lock (Utility.ClearSqlConnectionGlobalProvidersLock)
{
return;
string expectedMessage1 = "Column encryption key store provider dictionary cannot be null. Expecting a non-null value.";
// Verify that we are able to set it to null.
ArgumentException e1 = Assert.Throws<ArgumentNullException>(() => SqlConnection.RegisterColumnEncryptionKeyStoreProviders(null));
Assert.Contains(expectedMessage1, e1.Message);

// A dictionary holding custom providers.
IDictionary<string, SqlColumnEncryptionKeyStoreProvider> customProviders = new Dictionary<string, SqlColumnEncryptionKeyStoreProvider>();
customProviders.Add(new KeyValuePair<string, SqlColumnEncryptionKeyStoreProvider>(@"DummyProvider", new DummyKeyStoreProvider()));

// Verify that setting a provider in the list with null value throws an exception.
customProviders.Add(new KeyValuePair<string, SqlColumnEncryptionKeyStoreProvider>(@"CustomProvider", null));
string expectedMessage2 = "Null reference specified for key store provider 'CustomProvider'. Expecting a non-null value.";
ArgumentNullException e2 = Assert.Throws<ArgumentNullException>(() => SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders));
Assert.Contains(expectedMessage2, e2.Message);
customProviders.Remove(@"CustomProvider");

// Verify that setting a provider in the list with an empty provider name throws an exception.
customProviders.Add(new KeyValuePair<string, SqlColumnEncryptionKeyStoreProvider>(@"", new DummyKeyStoreProvider()));
string expectedMessage3 = "Invalid key store provider name specified. Key store provider names cannot be null or empty";
ArgumentNullException e3 = Assert.Throws<ArgumentNullException>(() => SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders));
Assert.Contains(expectedMessage3, e3.Message);

customProviders.Remove(@"");

// Verify that setting a provider in the list with name that starts with 'MSSQL_' throws an exception.
customProviders.Add(new KeyValuePair<string, SqlColumnEncryptionKeyStoreProvider>(@"MSSQL_MyStore", new SqlColumnEncryptionCertificateStoreProvider()));
string expectedMessage4 = "Invalid key store provider name 'MSSQL_MyStore'. 'MSSQL_' prefix is reserved for system key store providers.";
ArgumentException e4 = Assert.Throws<ArgumentException>(() => SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders));
Assert.Contains(expectedMessage4, e4.Message);

customProviders.Remove(@"MSSQL_MyStore");

// Verify that setting a provider in the list with name that starts with 'MSSQL_' but different case throws an exception.
customProviders.Add(new KeyValuePair<string, SqlColumnEncryptionKeyStoreProvider>(@"MsSqL_MyStore", new SqlColumnEncryptionCertificateStoreProvider()));
string expectedMessage5 = "Invalid key store provider name 'MsSqL_MyStore'. 'MSSQL_' prefix is reserved for system key store providers.";
ArgumentException e5 = Assert.Throws<ArgumentException>(() => SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders));
Assert.Contains(expectedMessage5, e5.Message);

customProviders.Remove(@"MsSqL_MyStore");

// Clear any providers set by other tests.
Utility.ClearSqlConnectionGlobalProviders();
}

string expectedMessage1 = "Column encryption key store provider dictionary cannot be null. Expecting a non-null value.";
// Verify that we are able to set it to null.
ArgumentException e1 = Assert.Throws<ArgumentNullException>(() => SqlConnection.RegisterColumnEncryptionKeyStoreProviders(null));
Assert.Contains(expectedMessage1, e1.Message);

// A dictionary holding custom providers.
IDictionary<string, SqlColumnEncryptionKeyStoreProvider> customProviders = new Dictionary<string, SqlColumnEncryptionKeyStoreProvider>();
customProviders.Add(new KeyValuePair<string, SqlColumnEncryptionKeyStoreProvider>(@"DummyProvider", new DummyKeyStoreProvider()));

// Verify that setting a provider in the list with null value throws an exception.
customProviders.Add(new KeyValuePair<string, SqlColumnEncryptionKeyStoreProvider>(@"CustomProvider", null));
string expectedMessage2 = "Null reference specified for key store provider 'CustomProvider'. Expecting a non-null value.";
ArgumentNullException e2 = Assert.Throws<ArgumentNullException>(() => SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders));
Assert.Contains(expectedMessage2, e2.Message);
customProviders.Remove(@"CustomProvider");

// Verify that setting a provider in the list with an empty provider name throws an exception.
customProviders.Add(new KeyValuePair<string, SqlColumnEncryptionKeyStoreProvider>(@"", new DummyKeyStoreProvider()));
string expectedMessage3 = "Invalid key store provider name specified. Key store provider names cannot be null or empty";
ArgumentNullException e3 = Assert.Throws<ArgumentNullException>(() => SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders));
Assert.Contains(expectedMessage3, e3.Message);

customProviders.Remove(@"");

// Verify that setting a provider in the list with name that starts with 'MSSQL_' throws an exception.
customProviders.Add(new KeyValuePair<string, SqlColumnEncryptionKeyStoreProvider>(@"MSSQL_MyStore", new SqlColumnEncryptionCertificateStoreProvider()));
string expectedMessage4 = "Invalid key store provider name 'MSSQL_MyStore'. 'MSSQL_' prefix is reserved for system key store providers.";
ArgumentException e4 = Assert.Throws<ArgumentException>(() => SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders));
Assert.Contains(expectedMessage4, e4.Message);

customProviders.Remove(@"MSSQL_MyStore");

// Verify that setting a provider in the list with name that starts with 'MSSQL_' but different case throws an exception.
customProviders.Add(new KeyValuePair<string, SqlColumnEncryptionKeyStoreProvider>(@"MsSqL_MyStore", new SqlColumnEncryptionCertificateStoreProvider()));
string expectedMessage5 = "Invalid key store provider name 'MsSqL_MyStore'. 'MSSQL_' prefix is reserved for system key store providers.";
ArgumentException e5 = Assert.Throws<ArgumentException>(() => SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders));
Assert.Contains(expectedMessage5, e5.Message);

customProviders.Remove(@"MsSqL_MyStore");

// Clear any providers set by other tests.
Utility.ClearSqlConnectionGlobalProviders();
}

[Theory]
Expand Down Expand Up @@ -502,7 +493,7 @@ public class CEKEncryptionReversalParameters : DataAttribute
{
public override IEnumerable<Object[]> GetData(MethodInfo testMethod)
{
yield return new object[2] { StoreLocation.CurrentUser , CurrentUserMyPathPrefix };
yield return new object[2] { StoreLocation.CurrentUser, CurrentUserMyPathPrefix };
// use localmachine cert path only when current user is Admin.
if (CertificateFixture.IsAdmin)
{
Expand Down
Loading