Removed hardcoded references to CertificateUtilityWin

These were mostly related to generating CSP keys.

Author: edwardneal

src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/CspProviderExt.cs

@@ -5,10 +5,9 @@
 using System;
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
-using Microsoft.Data.SqlClient.ManualTesting.Tests.AlwaysEncrypted.Setup;
 using Xunit;
-using System.Collections.Generic;
-using static Microsoft.Data.SqlClient.ManualTesting.Tests.AlwaysEncrypted.CertificateUtilityWin;
+using System.Security.Cryptography;
+using Microsoft.Data.SqlClient.TestUtilities.Fixtures;
 #if !NETFRAMEWORK
 using System.Runtime.Versioning;
 #endif
@@ -25,184 +24,48 @@ namespace Microsoft.Data.SqlClient.ManualTesting.Tests.AlwaysEncrypted
     [PlatformSpecific(TestPlatforms.Windows)]
     public class CspProviderExt
     {
-        [ConditionalTheory(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringSetupForAE))]
-        [ClassData(typeof(AEConnectionStringProvider))]
-        public void TestKeysFromCertificatesCreatedWithMultipleCryptoProviders(string connectionString)
-        {
-            const string providersRegistryKeyPath = @"SOFTWARE\Microsoft\Cryptography\Defaults\Provider";
-            Microsoft.Win32.RegistryKey defaultCryptoProvidersRegistryKey = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(providersRegistryKeyPath);
-
-            foreach (string subKeyName in defaultCryptoProvidersRegistryKey.GetSubKeyNames())
-            {
-                // NOTE: RSACryptoServiceProvider.SignData() fails for other providers when testing locally
-                if (!subKeyName.Contains(@"RSA and AES"))
-                {
-                    Console.WriteLine(@"INFO: Skipping Certificate creation for {0}.", subKeyName);
-                    continue;
-                }
-                string providerName;
-                string providerType;
-                string certificateName;
-                using (Microsoft.Win32.RegistryKey providerKey = defaultCryptoProvidersRegistryKey.OpenSubKey(subKeyName))
-                {
-                    // Get Provider Name and its type
-                    providerName = providerKey.Name.Substring(providerKey.Name.LastIndexOf(@"\", StringComparison.Ordinal) + 1);
-                    providerType = providerKey.GetValue(@"Type").ToString();
-
-                    // Create a certificate from that provider
-                    certificateName = string.Format(@"AETest - {0}", providerName);
-                }
-
-                var extensions = new List<Tuple<string, string, string>>();
-                CertificateOption certOption = new()
-                {
-                    Subject = certificateName,
-                    KeyExportPolicy = "Exportable",
-                    CertificateStoreLocation = $"{StoreLocation.CurrentUser}\\My",
-                    Provider = providerName,
-                    Type = providerType,
-                };
-                CreateCertificate(certOption);
-                SQLSetupStrategyCspExt sqlSetupStrategyCsp = null;
-                try
-                {
-                    if (false == CertificateUtilityWin.CertificateExists(certificateName, StoreLocation.CurrentUser))
-                    {
-                        Console.WriteLine(@"INFO: Certificate creation for provider {0} failed so skipping it.", providerName);
-                        continue;
-                    }
-
-                    X509Certificate2 cert = CertificateUtilityWin.GetCertificate(certificateName, StoreLocation.CurrentUser);
-                    string cspPath = CertificateUtilityWin.GetCspPathFromCertificate(cert);
-
-                    if (string.IsNullOrEmpty(cspPath))
-                    {
-                        Console.WriteLine(@"INFO: Certificate provider {0} is not a csp provider so skipping it.", providerName);
-                        continue;
-                    }
-
-                    Console.WriteLine("CSP path is {0}", cspPath);
-
-                    sqlSetupStrategyCsp = new SQLSetupStrategyCspExt(cspPath);
-                    string tableName = sqlSetupStrategyCsp.CspProviderTable.Name;
-
-                    using SqlConnection sqlConn = new(connectionString);
-                    sqlConn.Open();
-
-                    Table.DeleteData(tableName, sqlConn);
-
-                    // insert 1 row data
-                    Customer customer = new Customer(45, "Microsoft", "Corporation");
-
-                    DatabaseHelper.InsertCustomerData(sqlConn, null, tableName, customer);
-
-                    // Test INPUT parameter on an encrypted parameter
-                    using SqlCommand sqlCommand = new(@$"SELECT CustomerId, FirstName, LastName FROM [{tableName}] WHERE FirstName = @firstName",
-                                                                sqlConn, null, SqlCommandColumnEncryptionSetting.Enabled);
-                    SqlParameter customerFirstParam = sqlCommand.Parameters.AddWithValue(@"firstName", @"Microsoft");
-                    customerFirstParam.Direction = System.Data.ParameterDirection.Input;
-
-                    using SqlDataReader sqlDataReader = sqlCommand.ExecuteReader();
-                    ValidateResultSet(sqlDataReader);
-                    Console.WriteLine(@"INFO: Successfully validated using a certificate using provider:{0}", providerName);
-                }
-                finally
-                {
-                    CertificateUtilityWin.RemoveCertificate(certificateName, StoreLocation.CurrentUser);
-                    // clean up database resources
-                    sqlSetupStrategyCsp?.Dispose();
-                }
-
-            }
-        }
-
         // [Fact(Skip="Run this in non-parallel mode")] or [ConditionalFact()]
         [Fact(Skip = "Failing in TCE")]
         public void TestRoundTripWithCSPAndCertStoreProvider()
         {
-            const string providerName = "Microsoft Enhanced RSA and AES Cryptographic Provider";
-            string providerType = "24";
-
-            string certificateName = string.Format(@"AETest - {0}", providerName);
-            CertificateOption options = new()
-            {
-                Subject = certificateName,
-                CertificateStoreLocation = StoreLocation.CurrentUser.ToString(),
-                Provider = providerName,
-                Type = providerType
-            };
-            CertificateUtilityWin.CreateCertificate(options);
-            try
-            {
-                X509Certificate2 cert = CertificateUtilityWin.GetCertificate(certificateName, StoreLocation.CurrentUser);
-                string cspPath = CertificateUtilityWin.GetCspPathFromCertificate(cert);
-                string certificatePath = String.Concat(@"CurrentUser/my/", cert.Thumbprint);
+            using CspCertificateFixture cspCertificateFixture = new CspCertificateFixture();
 
-                SqlColumnEncryptionCertificateStoreProvider certProvider = new SqlColumnEncryptionCertificateStoreProvider();
-                SqlColumnEncryptionCspProvider cspProvider = new SqlColumnEncryptionCspProvider();
-                byte[] columnEncryptionKey = DatabaseHelper.GenerateRandomBytes(32);
+            X509Certificate2 cert = cspCertificateFixture.CspCertificate;
+            string cspPath = cspCertificateFixture.CspKeyPath;
+            string certificatePath = cspCertificateFixture.CspCertificatePath;
 
-                byte[] encryptedColumnEncryptionKeyUsingCert = certProvider.EncryptColumnEncryptionKey(certificatePath, @"RSA_OAEP", columnEncryptionKey);
-                byte[] columnEncryptionKeyReturnedCert2CSP = cspProvider.DecryptColumnEncryptionKey(cspPath, @"RSA_OAEP", encryptedColumnEncryptionKeyUsingCert);
-                Assert.True(columnEncryptionKey.SequenceEqual(columnEncryptionKeyReturnedCert2CSP));
+            SqlColumnEncryptionCertificateStoreProvider certProvider = new SqlColumnEncryptionCertificateStoreProvider();
+            SqlColumnEncryptionCspProvider cspProvider = new SqlColumnEncryptionCspProvider();
+            byte[] columnEncryptionKey = DatabaseHelper.GenerateRandomBytes(32);
 
-                byte[] encryptedColumnEncryptionKeyUsingCSP = cspProvider.EncryptColumnEncryptionKey(cspPath, @"RSA_OAEP", columnEncryptionKey);
-                byte[] columnEncryptionKeyReturnedCSP2Cert = certProvider.DecryptColumnEncryptionKey(certificatePath, @"RSA_OAEP", encryptedColumnEncryptionKeyUsingCSP);
-                Assert.True(columnEncryptionKey.SequenceEqual(columnEncryptionKeyReturnedCSP2Cert));
+            byte[] encryptedColumnEncryptionKeyUsingCert = certProvider.EncryptColumnEncryptionKey(certificatePath, @"RSA_OAEP", columnEncryptionKey);
+            byte[] columnEncryptionKeyReturnedCert2CSP = cspProvider.DecryptColumnEncryptionKey(cspPath, @"RSA_OAEP", encryptedColumnEncryptionKeyUsingCert);
+            Assert.True(columnEncryptionKey.SequenceEqual(columnEncryptionKeyReturnedCert2CSP));
 
-            }
-            finally
-            {
-                CertificateUtilityWin.RemoveCertificate(certificateName, StoreLocation.CurrentUser);
-            }
+            byte[] encryptedColumnEncryptionKeyUsingCSP = cspProvider.EncryptColumnEncryptionKey(cspPath, @"RSA_OAEP", columnEncryptionKey);
+            byte[] columnEncryptionKeyReturnedCSP2Cert = certProvider.DecryptColumnEncryptionKey(certificatePath, @"RSA_OAEP", encryptedColumnEncryptionKeyUsingCSP);
+            Assert.True(columnEncryptionKey.SequenceEqual(columnEncryptionKeyReturnedCSP2Cert));
         }
 
         [ConditionalTheory(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringSetupForAE))]
-        [ClassData(typeof(AEConnectionStringProvider))]
-        public void TestEncryptDecryptWithCSP(string connectionString)
+        [ClassData(typeof(AEConnectionStringProviderWithCspParameters))]
+        public void TestEncryptDecryptWithCSP(string connectionString, CspParameters cspParameters)
         {
-            string providerName = @"Microsoft Enhanced RSA and AES Cryptographic Provider";
             string keyIdentifier = DataTestUtility.GetUniqueNameForSqlServer("CSP");
+            CspParameters namedCspParameters = new CspParameters(cspParameters.ProviderType, cspParameters.ProviderName, keyIdentifier);
+            using SQLSetupStrategyCspProvider sqlSetupStrategyCsp = new SQLSetupStrategyCspProvider(namedCspParameters);
 
-            try
-            {
-                CertificateUtilityWin.RSAPersistKeyInCsp(providerName, keyIdentifier);
-                string cspPath = String.Concat(providerName, @"/", keyIdentifier);
-
-                SQLSetupStrategyCspExt sqlSetupStrategyCsp = new SQLSetupStrategyCspExt(cspPath);
-                string tableName = sqlSetupStrategyCsp.CspProviderTable.Name;
-
-                try
-                {
-                    using SqlConnection sqlConn = new(connectionString);
-                    sqlConn.Open();
-
-                    Table.DeleteData(tableName, sqlConn);
-
-                    // insert 1 row data
-                    Customer customer = new Customer(45, "Microsoft", "Corporation");
-
-                    DatabaseHelper.InsertCustomerData(sqlConn, null, tableName, customer);
+            using SqlConnection sqlConn = new(connectionString);
+            sqlConn.Open();
 
-                    // Test INPUT parameter on an encrypted parameter
-                    using SqlCommand sqlCommand = new(@$"SELECT CustomerId, FirstName, LastName FROM [{tableName}] WHERE FirstName = @firstName",
-                                                                sqlConn, null, SqlCommandColumnEncryptionSetting.Enabled);
-                    SqlParameter customerFirstParam = sqlCommand.Parameters.AddWithValue(@"firstName", @"Microsoft");
-                    customerFirstParam.Direction = System.Data.ParameterDirection.Input;
+            // Test INPUT parameter on an encrypted parameter
+            using SqlCommand sqlCommand = new(@$"SELECT CustomerId, FirstName, LastName FROM [{sqlSetupStrategyCsp.ApiTestTable.Name}] WHERE FirstName = @firstName",
+                                                        sqlConn, null, SqlCommandColumnEncryptionSetting.Enabled);
+            SqlParameter customerFirstParam = sqlCommand.Parameters.AddWithValue(@"firstName", @"Microsoft");
+            customerFirstParam.Direction = System.Data.ParameterDirection.Input;
 
-                    using SqlDataReader sqlDataReader = sqlCommand.ExecuteReader();
-                    ValidateResultSet(sqlDataReader);
-                }
-                finally
-                {
-                    // clean up database resources
-                    sqlSetupStrategyCsp.Dispose();
-                }
-            }
-            finally
-            {
-                CertificateUtilityWin.RSADeleteKeyInCsp(providerName, keyIdentifier);
-            }
+            using SqlDataReader sqlDataReader = sqlCommand.ExecuteReader();
+            ValidateResultSet(sqlDataReader);
         }
 
         /// <summary>

src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/DatabaseHelper.cs

@@ -342,4 +342,39 @@ public IEnumerator<object[]> GetEnumerator()
         }
         IEnumerator IEnumerable.GetEnumerator() => GetEnumerator();
     }
+
+    public class AEConnectionStringProviderWithCspParameters : IEnumerable<object[]>
+    {
+        public IEnumerator<object[]> GetEnumerator()
+        {
+            const string ProvidersRegistryKeyPath = @"SOFTWARE\Microsoft\Cryptography\Defaults\Provider";
+            using Microsoft.Win32.RegistryKey defaultCryptoProvidersRegistryKey = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(ProvidersRegistryKeyPath);
+
+            foreach (string subKeyName in defaultCryptoProvidersRegistryKey.GetSubKeyNames())
+            {
+                CspParameters providerCspParameters;
+
+                // NOTE: RSACryptoServiceProvider.SignData() fails for other providers when testing locally
+                if (!subKeyName.Contains(@"RSA and AES"))
+                {
+                    continue;
+                }
+
+                using (Microsoft.Win32.RegistryKey providerKey = defaultCryptoProvidersRegistryKey.OpenSubKey(subKeyName))
+                {
+                    // Get Provider Name and its type
+                    string providerName = providerKey.Name.Substring(providerKey.Name.LastIndexOf(@"\", StringComparison.Ordinal) + 1);
+                    int providerType = (int)providerKey.GetValue(@"Type");
+
+                    providerCspParameters = new CspParameters(providerType, providerName);
+                }
+
+                foreach (string connStrAE in DataTestUtility.AEConnStrings)
+                {
+                    yield return new object[] { connStrAE, providerCspParameters };
+                }
+            }
+        }
+        IEnumerator IEnumerable.GetEnumerator() => GetEnumerator();
+    }
 }

src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/SQLSetupStrategy.cs

@@ -59,13 +59,13 @@ public class SQLSetupStrategy : ColumnMasterKeyCertificateFixture
         public Dictionary<string, string> sqlBulkTruncationTableNames = new Dictionary<string, string>();
 
         public SQLSetupStrategy()
-            : base()
+            : base(true)
         {
             ColumnMasterKeyPath = string.Concat(StoreLocation.CurrentUser.ToString(), "/", StoreName.My.ToString(), "/", ColumnMasterKeyCertificate.Thumbprint);
         }
 
         protected SQLSetupStrategy(string customKeyPath)
-            : base()
+            : base(false)
         {
             ColumnMasterKeyPath = customKeyPath;
         }
@@ -90,6 +90,14 @@ internal virtual void SetupDatabase()
                 }
 
                 // Insert data for TrustedMasterKeyPaths tests.
+                InsertSampleData(TrustedMasterKeyPathsTestTable.Name);
+            }
+        }
+
+        protected void InsertSampleData(string tableName)
+        {
+            foreach(string value in DataTestUtility.AEConnStringsSetup)
+            {
                 SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(value)
                 {
                     ConnectTimeout = 10000
@@ -98,7 +106,9 @@ internal virtual void SetupDatabase()
                 using (SqlConnection sqlConn = new SqlConnection(builder.ToString()))
                 {
                     sqlConn.Open();
-                    DatabaseHelper.InsertCustomerData(sqlConn, null, TrustedMasterKeyPathsTestTable.Name, customer);
+
+                    Table.DeleteData(tableName, sqlConn);
+                    DatabaseHelper.InsertCustomerData(sqlConn, null, tableName, customer);
                 }
             }
         }
@@ -147,9 +157,12 @@ protected List<Table> CreateTables(IList<ColumnEncryptionKey> columnEncryptionKe
             SqlNullValuesTable = new SqlNullValuesTable(GenerateUniqueName("SqlNullValuesTable"), columnEncryptionKeys[0]);
             tables.Add(SqlNullValuesTable);
 
-            // columnEncryptionKeys[2] is encrypted with DummyCMK. use this encrypted column to test custom key store providers
-            CustomKeyStoreProviderTestTable = new ApiTestTable(GenerateUniqueName("CustomKeyStoreProviderTestTable"), columnEncryptionKeys[2], columnEncryptionKeys[0], useDeterministicEncryption: true);
-            tables.Add(CustomKeyStoreProviderTestTable);
+            if (columnEncryptionKeys.Count > 2)
+            {
+                // columnEncryptionKeys[2] is encrypted with DummyCMK. use this encrypted column to test custom key store providers
+                CustomKeyStoreProviderTestTable = new ApiTestTable(GenerateUniqueName("CustomKeyStoreProviderTestTable"), columnEncryptionKeys[2], columnEncryptionKeys[0], useDeterministicEncryption: true);
+                tables.Add(CustomKeyStoreProviderTestTable);
+            }
 
             TabNVarCharMaxSource = new BulkCopyTruncationTables(GenerateUniqueName("TabNVarCharMaxSource"), columnEncryptionKeys[0]);
             tables.Add(TabNVarCharMaxSource);

src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/SQLSetupStrategyCertStoreProvider.cs

@@ -3,7 +3,6 @@
 // See the LICENSE file in the project root for more information.using System;
 
 using System.Collections.Generic;
-using System.Security.Cryptography.X509Certificates;
 using Microsoft.Data.SqlClient.ManualTesting.Tests.AlwaysEncrypted.Setup;
 
 namespace Microsoft.Data.SqlClient.ManualTesting.Tests.AlwaysEncrypted
@@ -20,9 +19,6 @@ public SQLSetupStrategyCertStoreProvider() : base()
             SetupDatabase();
         }
 
-        protected SQLSetupStrategyCertStoreProvider(string customKeyPath) : base(customKeyPath)
-        { }
-
         internal override void SetupDatabase()
         {
             CspColumnMasterKey = new CspColumnMasterKey(GenerateUniqueName("CMK"), ColumnMasterKeyCertificate.Thumbprint, CertStoreProvider, DataTestUtility.EnclaveEnabled);