diff --git a/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Constants.cs b/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Constants.cs
index b5f8016f50..6e26ac8539 100644
--- a/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Constants.cs
+++ b/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Constants.cs
@@ -9,24 +9,16 @@ internal static class Constants
///
/// Azure Key Vault Domain Name
///
- internal static readonly string[] AzureKeyVaultPublicDomainNames =
- [
- // Azure Key Vaults
- "vault.azure.net", // Default
- "vault.azure.cn", // China
- "vault.usgovcloudapi.net", // US Government
- "vault.microsoftazure.de", // Azure Germany
- "vault.sovcloud-api.fr", // France (Bleu)
- "vault.sovcloud-api.de", // Germany (Delos)
-
- // Managed High Security Modules (HSM) Vaults
- "managedhsm.azure.net",
- "managedhsm.azure.cn",
- "managedhsm.usgovcloudapi.net",
- "managedhsm.microsoftazure.de",
- "managedhsm.sovcloud-api.fr",
- "managedhsm.sovcloud-api.de"
- ];
+ internal static readonly string[] AzureKeyVaultPublicDomainNames = new string[] {
+ @"vault.azure.net", // default
+ @"vault.azure.cn", // Azure China
+ @"vault.usgovcloudapi.net", // US Government
+ @"vault.microsoftazure.de", // Azure Germany
+ @"managedhsm.azure.net", // public HSM vault
+ @"managedhsm.azure.cn", // Azure China HSM vault
+ @"managedhsm.usgovcloudapi.net", // US Government HSM vault
+ @"managedhsm.microsoftazure.de" // Azure Germany HSM vault
+ };
///
/// Always Encrypted Parameter names for exec handling
diff --git a/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Utils.cs b/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Utils.cs
index d2eeb09420..0eb4dc1c9b 100644
--- a/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Utils.cs
+++ b/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Utils.cs
@@ -141,7 +141,7 @@ internal static ArgumentException InvalidAKVPath(string masterKeyPath, bool isSy
internal static ArgumentException InvalidAKVUrl(string masterKeyPath) =>
new(string.Format(CultureInfo.InvariantCulture, Strings.InvalidAkvUrlTemplate, masterKeyPath), Constants.AeParamMasterKeyPath);
- internal static ArgumentException InvalidAKVUrlTrustedEndpoints(string masterKeyPath, string endpoints) =>
+ internal static Exception InvalidAKVUrlTrustedEndpoints(string masterKeyPath, string endpoints) =>
new ArgumentException(string.Format(CultureInfo.InvariantCulture, Strings.InvalidAkvKeyPathTrustedTemplate, masterKeyPath, endpoints),
Constants.AeParamMasterKeyPath);
}
diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/ExceptionTestAKVStore.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/ExceptionTestAKVStore.cs
index 6ea31d9d57..15679176ac 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/ExceptionTestAKVStore.cs
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/ExceptionTestAKVStore.cs
@@ -182,6 +182,7 @@ public void InvalidCertificatePath()
string dummyPathWithOnlyHost = @"https://www.microsoft.com";
string invalidUrlErrorMessage = $@"Invalid url specified: '{dummyPathWithOnlyHost}'";
string dummyPathWithInvalidKey = @"https://www.microsoft.vault.azure.com/keys/dummykey/dummykeyid";
+ string invalidTrustedEndpointErrorMessage = $@"Invalid Azure Key Vault key path specified: '{dummyPathWithInvalidKey}'. Valid trusted endpoints: vault.azure.net, vault.azure.cn, vault.usgovcloudapi.net, vault.microsoftazure.de, managedhsm.azure.net, managedhsm.azure.cn, managedhsm.usgovcloudapi.net, managedhsm.microsoftazure.de.\s+\(?Parameter (name: )?'?masterKeyPath('\))?";
Exception ex = Assert.Throws(
() => _fixture.AkvStoreProvider.EncryptColumnEncryptionKey(dummyPathWithOnlyHost, MasterKeyEncAlgo, cek));
@@ -189,7 +190,7 @@ public void InvalidCertificatePath()
ex = Assert.Throws(
() => _fixture.AkvStoreProvider.EncryptColumnEncryptionKey(dummyPathWithInvalidKey, MasterKeyEncAlgo, cek));
- Assert.Matches(TrustedUrlsTest.MakeInvalidVaultErrorMessage(dummyPathWithInvalidKey), ex.Message);
+ Assert.Matches(invalidTrustedEndpointErrorMessage, ex.Message);
ex = Assert.Throws(
() => _fixture.AkvStoreProvider.DecryptColumnEncryptionKey(dummyPathWithOnlyHost, MasterKeyEncAlgo, encryptedCek));
@@ -197,7 +198,7 @@ public void InvalidCertificatePath()
ex = Assert.Throws(
() => _fixture.AkvStoreProvider.DecryptColumnEncryptionKey(dummyPathWithInvalidKey, MasterKeyEncAlgo, encryptedCek));
- Assert.Matches(TrustedUrlsTest.MakeInvalidVaultErrorMessage(dummyPathWithInvalidKey), ex.Message);
+ Assert.Matches(invalidTrustedEndpointErrorMessage, ex.Message);
}
[InlineData(true)]
diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TrustedUrlsTest.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TrustedUrlsTest.cs
deleted file mode 100644
index 1e65f13ad8..0000000000
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TrustedUrlsTest.cs
+++ /dev/null
@@ -1,101 +0,0 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-// See the LICENSE file in the project root for more information.
-
-using System;
-using System.Reflection;
-using Azure.Core;
-using Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider;
-using Xunit;
-
-namespace Microsoft.Data.SqlClient.ManualTesting.Tests.AlwaysEncrypted;
-
-public class TrustedUrlsTest
-{
- private readonly SqlColumnEncryptionAzureKeyVaultProvider _provider;
- private readonly MethodInfo _method;
-
- public TrustedUrlsTest()
- {
- _provider = new(new SqlClientCustomTokenCredential());
-
- var assembly = typeof(SqlColumnEncryptionAzureKeyVaultProvider).Assembly;
- var clazz = assembly.GetType("Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.SqlColumnEncryptionAzureKeyVaultProvider");
- _method = clazz.GetMethod(
- "ValidateNonEmptyAKVPath",
- System.Reflection.BindingFlags.NonPublic |
- System.Reflection.BindingFlags.Instance);
- }
-
- private static string MakeUrl(string vault)
- {
- return $"https://{vault}/keys/dummykey/dummykeyid";
- }
-
- public static string MakeInvalidVaultErrorMessage(string url)
- {
- return
- $"Invalid Azure Key Vault key path specified: '{url}'. " +
- "Valid trusted endpoints: " +
- "vault.azure.net, " +
- "vault.azure.cn, " +
- "vault.usgovcloudapi.net, " +
- "vault.microsoftazure.de, " +
- "vault.sovcloud-api.fr, " +
- "vault.sovcloud-api.de, " +
- "managedhsm.azure.net, " +
- "managedhsm.azure.cn, " +
- "managedhsm.usgovcloudapi.net, " +
- "managedhsm.microsoftazure.de, " +
- "managedhsm.sovcloud-api.fr, " +
- "managedhsm.sovcloud-api.de." +
- @"\s+\(?Parameter (name: )?'?masterKeyPath('\))?";
- }
-
- [Theory]
- [InlineData("www.microsoft.com")]
- [InlineData("www.microsoft.vault.azure.com")]
- [InlineData("vault.azure.net.io")]
- public void InvalidVaults(string vault)
- {
- // Test that invalid key paths throw and contain the expected error
- // message.
- var url = MakeUrl(vault);
-
- try
- {
- _method.Invoke(_provider, new object[] { url, false });
- }
- catch (TargetInvocationException ex)
- {
- // Unwrap the exception to get the actual ArgumentException thrown
- var argEx = ex.InnerException as ArgumentException;
- Assert.NotNull(argEx);
- Assert.Matches(MakeInvalidVaultErrorMessage(url), argEx.Message);
- }
- }
-
- [Theory]
- // Normal vaults.
- [InlineData("vault.azure.net")]
- [InlineData("vault.azure.cn")]
- [InlineData("vault.usgovcloudapi.net")]
- [InlineData("vault.microsoftazure.de")]
- [InlineData("vault.sovcloud-api.fr")]
- [InlineData("vault.sovcloud-api.de")]
- // HSM vaults.
- [InlineData("managedhsm.azure.net")]
- [InlineData("managedhsm.azure.cn")]
- [InlineData("managedhsm.usgovcloudapi.net")]
- [InlineData("managedhsm.microsoftazure.de")]
- [InlineData("managedhsm.sovcloud-api.fr")]
- [InlineData("managedhsm.sovcloud-api.de")]
- // Vaults with prefixes.
- [InlineData("foo.bar.vault.microsoftazure.de")]
- [InlineData("baz.bar.foo.managedhsm.sovcloud-api.fr")]
- public void ValidVaults(string vault)
- {
- // Test that valid vault key paths do not throw exceptions
- _method.Invoke(_provider, new object[] { MakeUrl(vault), false });
- }
-}
diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj b/src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj
index 98f790aac1..7bd503c5b9 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj
@@ -36,23 +36,22 @@
+
+
+
+
+
-
-
-
-
-
-