ckaczor/sqltoolsservice
1
0
Fork 0
mirror of https://github.com/ckaczor/sqltoolsservice.git synced 2026-01-14 01:25:40 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improve secure enclaves error handling (#1880)

Browse Source
This commit is contained in:
Cheena Malhotra
2023-02-28 13:31:40 -08:00
committed by GitHub
parent 7941e871d9
commit c83f380b8e
10 changed files with 172 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/Microsoft.SqlTools.ServiceLayer/Connection/ConnectionService.cs
View File

@@ -1349,9 +1349,24 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidColumnEncryptionSetting(connectionDetails.ColumnEncryptionSetting));
}
}
if (!string.IsNullOrEmpty(connectionDetails.SecureEnclaves))
{
// Secure Enclaves is not mapped to SqlConnection, it's only used for throwing validation errors
// when Enclave Attestation Protocol is missing.
switch (connectionDetails.SecureEnclaves.ToUpper())
{
case "ENABLED":
break;
case "DISABLED":
break;
default:
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidSecureEnclaves(connectionDetails.SecureEnclaves));
}
}
if (!string.IsNullOrEmpty(connectionDetails.EnclaveAttestationProtocol))
{
if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED")
if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED"
|| string.IsNullOrEmpty(connectionDetails.SecureEnclaves) || connectionDetails.SecureEnclaves.ToUpper() == "DISABLED")
{
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination);
}
@@ -1364,7 +1379,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
case "HGS":
connectionBuilder.AttestationProtocol = SqlConnectionAttestationProtocol.HGS;
break;
case "None":
case "NONE":
connectionBuilder.AttestationProtocol = SqlConnectionAttestationProtocol.None;
break;
default:
@@ -1373,13 +1388,24 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
}
if (!string.IsNullOrEmpty(connectionDetails.EnclaveAttestationUrl))
{
if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED")
if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED"
|| string.IsNullOrEmpty(connectionDetails.SecureEnclaves) || connectionDetails.SecureEnclaves.ToUpper() == "DISABLED")
{
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination);
}
if(connectionBuilder.AttestationProtocol == SqlConnectionAttestationProtocol.None)
{
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl);
}
connectionBuilder.EnclaveAttestationUrl = connectionDetails.EnclaveAttestationUrl;
}
else if (connectionBuilder.AttestationProtocol == SqlConnectionAttestationProtocol.AAS
|| connectionBuilder.AttestationProtocol == SqlConnectionAttestationProtocol.HGS)
{
throw new ArgumentException(SR.ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol);
}
if (!string.IsNullOrEmpty(connectionDetails.Encrypt))
{