Adding TDS8 support to netcore

Author: JRahnama

doc/snippets/Microsoft.Data.SqlClient/SqlConnectionEncryptionOption.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<docs>
+  <members name="SqlConnectionEncryptionOption">
+    <SqlConnectionEncryptionOption>
+      <summary>
+        Note that these settings cannot be used to bypass encryption and gain access to plaintext data. For details, see <see href="https://docs.microsoft.com/sql/relational-databases/security/encryption/always-encrypted-database-engine">Always Encrypted (Database Engine)</see>.
+      </summary>
+      <remarks>To be added.</remarks>
+    </SqlConnectionEncryptionOption>
+    <False>
+      <summary>Specifies the connection does not use Always Encrypted. Should be used if no queries sent over the connection access encrypted columns.</summary>
+    </False>
+    <No>
+      <summary>Enables Always Encrypted functionality for the connection. Query parameters that correspond to encrypted columns will be transparently encrypted and query results from encrypted columns will be transparently decrypted.</summary>
+    </No>
+    <Optional>
+      <summary>Enables Always Encrypted functionality for the connection. Query parameters that correspond to encrypted columns will be transparently encrypted and query results from encrypted columns will be transparently decrypted.</summary>
+    </Optional>
+    <True>
+      <summary>Enables Always Encrypted functionality for the connection. Query parameters that correspond to encrypted columns will be transparently encrypted and query results from encrypted columns will be transparently decrypted.</summary>
+    </True>
+    <Mandatory>
+      <summary>Enables Always Encrypted functionality for the connection. Query parameters that correspond to encrypted columns will be transparently encrypted and query results from encrypted columns will be transparently decrypted.</summary>
+    </Mandatory>
+    <Strict>
+      <summary>Enables Always Encrypted functionality for the connection. Query parameters that correspond to encrypted columns will be transparently encrypted and query results from encrypted columns will be transparently decrypted.</summary>
+    </Strict>
+  </members>
+</docs>

src/Microsoft.Data.SqlClient.sln

@@ -120,6 +120,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Microsoft.Data.SqlClient",
 		..\doc\snippets\Microsoft.Data.SqlClient\SqlConnection.xml = ..\doc\snippets\Microsoft.Data.SqlClient\SqlConnection.xml
 		..\doc\snippets\Microsoft.Data.SqlClient\SqlConnectionAttestationProtocol.xml = ..\doc\snippets\Microsoft.Data.SqlClient\SqlConnectionAttestationProtocol.xml
 		..\doc\snippets\Microsoft.Data.SqlClient\SqlConnectionColumnEncryptionSetting.xml = ..\doc\snippets\Microsoft.Data.SqlClient\SqlConnectionColumnEncryptionSetting.xml
+		SqlConnectionEncryptionOption.xml = SqlConnectionEncryptionOption.xml
 		..\doc\snippets\Microsoft.Data.SqlClient\SqlConnectionStringBuilder.xml = ..\doc\snippets\Microsoft.Data.SqlClient\SqlConnectionStringBuilder.xml
 		..\doc\snippets\Microsoft.Data.SqlClient\SqlCredential.xml = ..\doc\snippets\Microsoft.Data.SqlClient\SqlCredential.xml
 		..\doc\snippets\Microsoft.Data.SqlClient\SqlDataAdapter.xml = ..\doc\snippets\Microsoft.Data.SqlClient\SqlDataAdapter.xml
@@ -204,6 +205,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4F3CD363-B1E
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.SqlServer.Server", "Microsoft.SqlServer.Server\Microsoft.SqlServer.Server.csproj", "{A314812A-7820-4565-A2A8-ABBE391C11E4}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TestTDSS", "..\TestTDSS\TestTDSS.csproj", "{78129850-6C89-471C-884A-CEDB48A1B15F}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -488,6 +491,18 @@ Global
 		{A314812A-7820-4565-A2A8-ABBE391C11E4}.Release|x64.Build.0 = Release|Any CPU
 		{A314812A-7820-4565-A2A8-ABBE391C11E4}.Release|x86.ActiveCfg = Release|Any CPU
 		{A314812A-7820-4565-A2A8-ABBE391C11E4}.Release|x86.Build.0 = Release|Any CPU
+		{78129850-6C89-471C-884A-CEDB48A1B15F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{78129850-6C89-471C-884A-CEDB48A1B15F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{78129850-6C89-471C-884A-CEDB48A1B15F}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{78129850-6C89-471C-884A-CEDB48A1B15F}.Debug|x64.Build.0 = Debug|Any CPU
+		{78129850-6C89-471C-884A-CEDB48A1B15F}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{78129850-6C89-471C-884A-CEDB48A1B15F}.Debug|x86.Build.0 = Debug|Any CPU
+		{78129850-6C89-471C-884A-CEDB48A1B15F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{78129850-6C89-471C-884A-CEDB48A1B15F}.Release|Any CPU.Build.0 = Release|Any CPU
+		{78129850-6C89-471C-884A-CEDB48A1B15F}.Release|x64.ActiveCfg = Release|Any CPU
+		{78129850-6C89-471C-884A-CEDB48A1B15F}.Release|x64.Build.0 = Release|Any CPU
+		{78129850-6C89-471C-884A-CEDB48A1B15F}.Release|x86.ActiveCfg = Release|Any CPU
+		{78129850-6C89-471C-884A-CEDB48A1B15F}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.cs

@@ -383,6 +383,8 @@ public void Remove(SqlBulkCopyColumnOrderHint columnOrderHint) { }
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlBulkCopyColumnOrderHintCollection.xml' path='docs/members[@name="SqlBulkCopyColumnOrderHintCollection"]/RemoveAt/*'/>
         public new void RemoveAt(int index) { }
     }
+
+
     /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlBulkCopyOptions.xml' path='docs/members[@name="SqlBulkCopyOptions"]/SqlBulkCopyOptions/*'/>
     [System.FlagsAttribute]
     public enum SqlBulkCopyOptions
@@ -500,6 +502,17 @@ public enum SqlConnectionIPAddressPreference
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionIPAddressPreference.xml' path='docs/members[@name="SqlConnectionIPAddressPreference"]/UsePlatformDefault/*' />
         UsePlatformDefault = 2
     }
+    /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionEncryptionOption.xml' path='docs/members[@name="SqlConnectionEncryptionOption"]/SqlConnectionEncryptionOption/*'/>
+    public enum SqlConnectionEncryptionOption
+    {
+        /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionEncryptionOption.xml' path='docs/members[@name="SqlConnectionEncryptionOption"]/Optional/*' />
+        Optional = 0,
+        /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionEncryptionOption.xml' path='docs/members[@name="SqlConnectionEncryptionOption"]/Mandatory/*' />
+        Mandatory = 1,
+        /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionEncryptionOption.xml' path='docs/members[@name="SqlConnectionEncryptionOption"]/Strict/*' />
+        Strict =2
+    }
+
     /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCertificateStoreProvider.xml' path='docs/members[@name="SqlColumnEncryptionCertificateStoreProvider"]/SqlColumnEncryptionCertificateStoreProvider/*'/>
     public partial class SqlColumnEncryptionCertificateStoreProvider : Microsoft.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider
     {
@@ -994,7 +1007,15 @@ public SqlConnectionStringBuilder(string connectionString) { }
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionStringBuilder.xml' path='docs/members[@name="SqlConnectionStringBuilder"]/Encrypt/*'/>
         [System.ComponentModel.DisplayNameAttribute("Encrypt")]
         [System.ComponentModel.RefreshPropertiesAttribute(System.ComponentModel.RefreshProperties.All)]
-        public bool Encrypt { get { throw null; } set { } }
+        public SqlConnectionEncryptionOption Encrypt { get { throw null; } set { } }
+        /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionStringBuilder.xml' path='docs/members[@name="SqlConnectionStringBuilder"]/IsTDS8/*'/>
+        [System.ComponentModel.DisplayNameAttribute("IsTDS8")]
+        [System.ComponentModel.RefreshPropertiesAttribute(System.ComponentModel.RefreshProperties.All)]
+        public bool IsTDS8 { get { throw null; } set { } }
+        /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionStringBuilder.xml' path='docs/members[@name="SqlConnectionStringBuilder"]/HostNameInCertificate/*'/>
+        [System.ComponentModel.DisplayNameAttribute("Host Name In Certificate")]
+        [System.ComponentModel.RefreshPropertiesAttribute(System.ComponentModel.RefreshProperties.All)]
+        public string HostNameInCertificate { get { throw null; } set { } }
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionStringBuilder.xml' path='docs/members[@name="SqlConnectionStringBuilder"]/Enlist/*'/>
         [System.ComponentModel.DisplayNameAttribute("Enlist")]
         [System.ComponentModel.RefreshPropertiesAttribute(System.ComponentModel.RefreshProperties.All)]

src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNINpHandle.cs

@@ -3,6 +3,7 @@
 // See the LICENSE file in the project root for more information.
 
 using System;
+using System.Collections.Generic;
 using System.ComponentModel;
 using System.IO;
 using System.IO.Pipes;
@@ -22,7 +23,9 @@ internal sealed class SNINpHandle : SNIPhysicalHandle
         // private const int MAX_PIPE_INSTANCES = 255; // TODO: Investigate pipe instance limit.
 
         private readonly string _targetServer;
+        private readonly string _serverNameIndication;
         private readonly object _sendSync;
+        private readonly bool _isTDS8;
 
         private Stream _stream;
         private NamedPipeClientStream _pipeStream;
@@ -37,14 +40,16 @@ internal sealed class SNINpHandle : SNIPhysicalHandle
         private int _bufferSize = TdsEnums.DEFAULT_LOGIN_PACKET_SIZE;
         private readonly Guid _connectionId = Guid.NewGuid();
 
-        public SNINpHandle(string serverName, string pipeName, long timerExpire)
+        public SNINpHandle(string serverName, string pipeName, long timerExpire, bool isTDS8, string serverNameIndication)
         {
             using (TrySNIEventScope.Create(nameof(SNINpHandle)))
             {
                 SqlClientEventSource.Log.TrySNITraceEvent(nameof(SNINpHandle), EventType.INFO, "Connection Id {0}, Setting server name = {1}, pipe name = {2}", args0: _connectionId, args1: serverName, args2: pipeName);
 
                 _sendSync = new object();
                 _targetServer = serverName;
+                _isTDS8 = isTDS8;
+                _serverNameIndication = serverNameIndication;
 
                 try
                 {
@@ -90,8 +95,14 @@ public SNINpHandle(string serverName, string pipeName, long timerExpire)
                     return;
                 }
 
-                _sslOverTdsStream = new SslOverTdsStream(_pipeStream, _connectionId);
-                _sslStream = new SNISslStream(_sslOverTdsStream, true, new RemoteCertificateValidationCallback(ValidateServerCertificate));
+                Stream stream = _pipeStream;
+
+                if (!_isTDS8)
+                {
+                    _sslOverTdsStream = new SslOverTdsStream(_pipeStream, _connectionId);
+                    stream = _sslOverTdsStream;
+                }
+                _sslStream = new SNISslStream(stream, true, new RemoteCertificateValidationCallback(ValidateServerCertificate));
 
                 _stream = _pipeStream;
                 _status = TdsEnums.SNI_SUCCESS;
@@ -312,8 +323,29 @@ public override uint EnableSsl(uint options)
                 _validateCert = (options & TdsEnums.SNI_SSL_VALIDATE_CERTIFICATE) != 0;
                 try
                 {
-                    _sslStream.AuthenticateAsClient(_targetServer, null, SupportedProtocols, false);
-                    _sslOverTdsStream.FinishHandshake();
+                    if (_isTDS8)
+                    {
+#if NETCOREAPP
+                        SslApplicationProtocol TDS8 = new("tds/8.0");
+
+                        SslClientAuthenticationOptions sslClientOptions = new()
+                        {
+                            TargetHost = _serverNameIndication,
+                            ApplicationProtocols = new List<SslApplicationProtocol>() { TDS8 },
+                            EnabledSslProtocols = SupportedProtocols,
+                            ClientCertificates = null,
+                        };
+                        _sslStream.AuthenticateAsClientAsync(sslClientOptions).Wait();
+#endif
+                    }
+                    else
+                    {
+                        _sslStream.AuthenticateAsClient(_targetServer, null, SupportedProtocols, false);
+                    }
+                    if (_sslOverTdsStream is not null)
+                    {
+                        _sslOverTdsStream.FinishHandshake();
+                    }
                 }
                 catch (AuthenticationException aue)
                 {
@@ -334,8 +366,11 @@ public override void DisableSsl()
         {
             _sslStream.Dispose();
             _sslStream = null;
-            _sslOverTdsStream.Dispose();
-            _sslOverTdsStream = null;
+            if (_sslOverTdsStream is not null)
+            {
+                _sslOverTdsStream.Dispose();
+                _sslOverTdsStream = null;
+            }
 
             _stream = _pipeStream;
         }