update tests

cheenamalhotra · Feb 8, 2021 · d8278f8 · d8278f8
1 parent 0049b64
commit d8278f8
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 23 deletions.
diff --git a/....Data.SqlClient/add-ons/AzureKeyVaultProvider/SqlColumnEncryptionAzureKeyVaultProvider.cs b/....Data.SqlClient/add-ons/AzureKeyVaultProvider/SqlColumnEncryptionAzureKeyVaultProvider.cs
@@ -101,16 +101,16 @@ public SqlColumnEncryptionAzureKeyVaultProvider(TokenCredential tokenCredential,
         /// and an array of trusted endpoints.
         /// </summary>
         /// <param name="tokenCredential">Instance of an implementation of Token Credential that is capable of providing an OAuth Token</param>
-        /// <param name="trustedEndPoints">TrustedEndpoints are used to validate the master key path</param>
-        public SqlColumnEncryptionAzureKeyVaultProvider(TokenCredential tokenCredential, string[] trustedEndPoints)
+        /// <param name="trustedEndpoints">TrustedEndpoints are used to validate the master key path</param>
+        public SqlColumnEncryptionAzureKeyVaultProvider(TokenCredential tokenCredential, string[] trustedEndpoints)
         {
             ValidateNotNull(tokenCredential, nameof(tokenCredential));
-            ValidateNotNull(trustedEndPoints, nameof(trustedEndPoints));
-            ValidateNotEmpty(trustedEndPoints, nameof(trustedEndPoints));
-            ValidateNotNullOrWhitespaceForEach(trustedEndPoints, nameof(trustedEndPoints));
+            ValidateNotNull(trustedEndpoints, nameof(trustedEndpoints));
+            ValidateNotEmpty(trustedEndpoints, nameof(trustedEndpoints));
+            ValidateNotNullOrWhitespaceForEach(trustedEndpoints, nameof(trustedEndpoints));
 
             KeyCryptographer = new AzureSqlKeyCryptographer(tokenCredential);
-            TrustedEndPoints = trustedEndPoints;
+            TrustedEndPoints = trustedEndpoints;
         }
         #endregion
 

diff --git a/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Strings.Designer.cs b/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Strings.Designer.cs
diff --git a/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Strings.resx b/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Strings.resx
@@ -117,8 +117,8 @@
   <resheader name="writer">
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
-  <data name="InvalidTrustedEndpointTemplate" xml:space="preserve">
-    <value>Invalid trusted endpoint specified. A trusted endpoint must have a value.</value>
+  <data name="NullOrWhitespaceForEach" xml:space="preserve">
+    <value>One or more of the elements in {0} are null or empty or consist of only whitespace.</value>
   </data>
   <data name="CipherTextLengthMismatch" xml:space="preserve">
     <value>CipherText length does not match the RSA key size.</value>

diff --git a/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Validator.cs b/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Validator.cs
@@ -38,12 +38,9 @@ internal static void ValidateNotEmpty(IList parameter, string name)
 
         internal static void ValidateNotNullOrWhitespaceForEach(string[] parameters, string name)
         {
-            foreach (var parameter in parameters)
+            if (parameters.Any(s => string.IsNullOrWhiteSpace(s)))
             {
-                if (null == parameter)
-                {
-                    throw new ArgumentException(Strings.InvalidTrustedEndpointTemplate);
-                }
+                throw new ArgumentException(string.Format(Strings.NullOrWhitespaceForEach, name));
             }
         }
 

diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/ExceptionTestAKVStore.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/ExceptionTestAKVStore.cs
@@ -4,6 +4,7 @@
 
 using System;
 using System.Security.Cryptography;
+using Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider;
 using Microsoft.Data.SqlClient.ManualTesting.Tests.AlwaysEncrypted.Setup;
 using Xunit;
 
@@ -153,20 +154,30 @@ public void NullAKVKeyPath()
         public void InvalidCertificatePath()
         {
             string dummyPathWithOnlyHost = @"https://www.microsoft.com";
+            string invalidUrlErrorMessage = $@"Invalid url specified: '{dummyPathWithOnlyHost}'";
             string dummyPathWithInvalidKey = @"https://www.microsoft.vault.azure.com/keys/dummykey/dummykeyid";
-            string errorMessage = $@"Invalid url specified: '{dummyPathWithOnlyHost}'";
-            string errorMessage2 = $@"Invalid Azure Key Vault key path specified: '{dummyPathWithInvalidKey}'. Valid trusted endpoints: vault.azure.net, vault.azure.cn, vault.usgovcloudapi.net, vault.microsoftazure.de, managedhsm.azure.net, managedhsm.azure.cn, managedhsm.usgovcloudapi.net, managedhsm.microsoftazure.de.\s+\(?Parameter (name: )?'?masterKeyPath('\))?";
-
-            Exception ex1 = Assert.Throws<ArgumentException>(
+            string invalidTrustedEndpointErrorMessage = $@"Invalid Azure Key Vault key path specified: '{dummyPathWithInvalidKey}'. 
+Valid trusted endpoints: vault.azure.net, vault.azure.cn, vault.usgovcloudapi.net, vault.microsoftazure.de, managedhsm.azure.net, 
+managedhsm.azure.cn, managedhsm.usgovcloudapi.net, managedhsm.microsoftazure.de.\s+\(?Parameter (name: )?'?masterKeyPath('\))?";
+
+            Exception ex = Assert.Throws<ArgumentException>(
                 () => fixture.AkvStoreProvider.EncryptColumnEncryptionKey(dummyPathWithOnlyHost, MasterKeyEncAlgo, cek));
-            Assert.Matches(errorMessage, ex1.Message);
+            Assert.Matches(invalidUrlErrorMessage, ex.Message);
 
-            Exception ex2 = Assert.Throws<ArgumentException>(
+            ex = Assert.Throws<ArgumentException>(
+                () => fixture.AkvStoreProvider.EncryptColumnEncryptionKey(dummyPathWithInvalidKey, MasterKeyEncAlgo, cek));
+            Assert.Matches(invalidTrustedEndpointErrorMessage, ex.Message);
+
+           ex = Assert.Throws<ArgumentException>(
+                () => fixture.AkvStoreProvider.DecryptColumnEncryptionKey(dummyPathWithOnlyHost, MasterKeyEncAlgo, encryptedCek));
+            Assert.Matches(invalidUrlErrorMessage, ex.Message);       
+
+           ex = Assert.Throws<ArgumentException>(
                 () => fixture.AkvStoreProvider.DecryptColumnEncryptionKey(dummyPathWithInvalidKey, MasterKeyEncAlgo, encryptedCek));
-            Assert.Matches(errorMessage2, ex2.Message);
+            Assert.Matches(invalidTrustedEndpointErrorMessage, ex.Message);
         }
 
-        [InlineData(true)] 
+        [InlineData(true)]
         [InlineData(false)]
         [ConditionalTheory(typeof(DataTestUtility), nameof(DataTestUtility.IsAKVSetupAvailable))]
         public void AkvStoreProviderVerifyFunctionWithInvalidSignature(bool fEnclaveEnabled)
@@ -209,5 +220,19 @@ public void AkvStoreProviderVerifyFunctionWithInvalidSignature(bool fEnclaveEnab
                 tamperedCmkSignature[startingByteIndex + randomIndexInCipherText[0]] = cmkSignature[startingByteIndex + randomIndexInCipherText[0]];
             }
         }
+
+        [InlineData(new object[] { new string[] { null } })]
+        [InlineData(new object[] { new string[] { "" } })]
+        [InlineData(new object[] { new string[] { " " } })]
+        [ConditionalTheory(typeof(DataTestUtility), nameof(DataTestUtility.IsAKVSetupAvailable))]
+        public void InvalidTrustedEndpoints(string[] trustedEndpoints)
+        {
+            Exception ex = Assert.Throws<ArgumentException>(() =>
+            {
+                SqlColumnEncryptionAzureKeyVaultProvider azureKeyProvider = new SqlColumnEncryptionAzureKeyVaultProvider(
+                    new SqlClientCustomTokenCredential(), trustedEndpoints);
+            });
+            Assert.Matches("One or more of the elements in trustedEndpoints are null or empty or consist of only whitespace.", ex.Message);
+        }
     }
 }