Implement NRTs on both providers

Author: edwardneal

src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj

@@ -978,6 +978,9 @@
     <Compile Include="$(CommonSourceRoot)System\Buffers\ArrayBufferWriter.netfx.cs">
       <Link>System\Buffers\ArrayBufferWriter.netfx.cs</Link>
     </Compile>
+    <Compile Include="$(CommonSourceRoot)System\Diagnostics\CodeAnalysis.cs">
+      <Link>System\Diagnostics\CodeAnalysis.cs</Link>
+    </Compile>
     <Compile Include="$(CommonSourceRoot)System\IO\StreamExtensions.netfx.cs">
       <Link>System\IO\StreamExtensions.netfx.cs</Link>
     </Compile>

src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlColumnEncryptionCngProvider.Windows.cs

@@ -4,6 +4,7 @@
 
 using Microsoft.Data.SqlClient.AlwaysEncrypted;
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Security.Cryptography;
 
 #nullable enable
@@ -33,7 +34,7 @@ public class SqlColumnEncryptionCngProvider : SqlColumnEncryptionKeyStoreProvide
         private const string RSAEncryptionAlgorithmWithOAEP = @"RSA_OAEP";
 
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCngProvider.xml' path='docs/members[@name="SqlColumnEncryptionCngProvider"]/DecryptColumnEncryptionKey/*' />
-        public override byte[] DecryptColumnEncryptionKey(string masterKeyPath, string encryptionAlgorithm, byte[] encryptedColumnEncryptionKey)
+        public override byte[] DecryptColumnEncryptionKey(string? masterKeyPath, string? encryptionAlgorithm, byte[]? encryptedColumnEncryptionKey)
         {
             // Validate the input parameters
             ValidateNonEmptyKeyPath(masterKeyPath, isSystemOp: true);
@@ -52,14 +53,14 @@ public override byte[] DecryptColumnEncryptionKey(string masterKeyPath, string e
             ValidateEncryptionAlgorithm(encryptionAlgorithm, isSystemOp: true);
 
             // Create RSA Provider with the given CNG name and key name
-            RSA rsaCngProvider = CreateRSACngProvider(masterKeyPath, isSystemOp: true);
-            using EncryptedColumnEncryptionKeyParameters cekDecryptionParameters = new(rsaCngProvider, masterKeyPath, MasterKeyType, KeyPathReference);
+            RSA rsaProvider = CreateRSACngProvider(masterKeyPath, isSystemOp: true);
+            using EncryptedColumnEncryptionKeyParameters cekDecryptionParameters = new(rsaProvider, masterKeyPath, MasterKeyType, KeyPathReference);
 
             return cekDecryptionParameters.Decrypt(encryptedColumnEncryptionKey);
         }
 
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCngProvider.xml' path='docs/members[@name="SqlColumnEncryptionCngProvider"]/EncryptColumnEncryptionKey/*' />
-        public override byte[] EncryptColumnEncryptionKey(string masterKeyPath, string encryptionAlgorithm, byte[] columnEncryptionKey)
+        public override byte[] EncryptColumnEncryptionKey(string? masterKeyPath, string? encryptionAlgorithm, byte[]? columnEncryptionKey)
         {
             // Validate the input parameters
             ValidateNonEmptyKeyPath(masterKeyPath, isSystemOp: false);
@@ -77,21 +78,21 @@ public override byte[] EncryptColumnEncryptionKey(string masterKeyPath, string e
             // Validate encryptionAlgorithm
             ValidateEncryptionAlgorithm(encryptionAlgorithm, isSystemOp: false);
 
-            // CreateCNGProviderWithKey
-            RSA rsaCngProvider = CreateRSACngProvider(masterKeyPath, isSystemOp: false);
-            using EncryptedColumnEncryptionKeyParameters cekEncryptionParameters = new(rsaCngProvider, masterKeyPath, MasterKeyType, KeyPathReference);
+            // Create RSACNGProviderWithKey
+            RSA rsaProvider = CreateRSACngProvider(masterKeyPath, isSystemOp: false);
+            using EncryptedColumnEncryptionKeyParameters cekEncryptionParameters = new(rsaProvider, masterKeyPath, MasterKeyType, KeyPathReference);
 
             return cekEncryptionParameters.Encrypt(columnEncryptionKey);
         }
 
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCngProvider.xml' path='docs/members[@name="SqlColumnEncryptionCngProvider"]/SignColumnMasterKeyMetadata/*' />
-        public override byte[] SignColumnMasterKeyMetadata(string masterKeyPath, bool allowEnclaveComputations)
+        public override byte[] SignColumnMasterKeyMetadata(string? masterKeyPath, bool allowEnclaveComputations)
         {
             throw new NotSupportedException();
         }
 
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCngProvider.xml' path='docs/members[@name="SqlColumnEncryptionCngProvider"]/VerifyColumnMasterKeyMetadata/*' />
-        public override bool VerifyColumnMasterKeyMetadata(string masterKeyPath, bool allowEnclaveComputations, byte[] signature)
+        public override bool VerifyColumnMasterKeyMetadata(string? masterKeyPath, bool allowEnclaveComputations, byte[]? signature)
         {
             throw new NotSupportedException();
         }
@@ -100,9 +101,9 @@ public override bool VerifyColumnMasterKeyMetadata(string masterKeyPath, bool al
         /// This function validates that the encryption algorithm is RSA_OAEP and if it is not,
         /// then throws an exception
         /// </summary>
-        /// <param name="encryptionAlgorithm">Asymmetric key encryptio algorithm</param>
+        /// <param name="encryptionAlgorithm">Asymmetric key encryption algorithm</param>
         /// <param name="isSystemOp">Indicates if ADO.NET calls or the customer calls the API</param>
-        private static void ValidateEncryptionAlgorithm(string encryptionAlgorithm, bool isSystemOp)
+        private static void ValidateEncryptionAlgorithm([NotNull] string? encryptionAlgorithm, bool isSystemOp)
         {
             // This validates that the encryption algorithm is RSA_OAEP
             if (encryptionAlgorithm is null)
@@ -121,7 +122,7 @@ private static void ValidateEncryptionAlgorithm(string encryptionAlgorithm, bool
         /// </summary>
         /// <param name="masterKeyPath">keypath containing the CNG provider name and key name</param>
         /// <param name="isSystemOp">Indicates if ADO.NET calls or the customer calls the API</param>
-        private static void ValidateNonEmptyKeyPath(string masterKeyPath, bool isSystemOp)
+        private static void ValidateNonEmptyKeyPath([NotNull] string? masterKeyPath, bool isSystemOp)
         {
             if (masterKeyPath is null)
             {

src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlColumnEncryptionCspProvider.Windows.cs

@@ -5,6 +5,7 @@
 using Microsoft.Data.SqlClient.AlwaysEncrypted;
 using Microsoft.Win32;
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Security.Cryptography;
 
 #nullable enable
@@ -36,7 +37,7 @@ public class SqlColumnEncryptionCspProvider : SqlColumnEncryptionKeyStoreProvide
         private const string RSAEncryptionAlgorithmWithOAEP = @"RSA_OAEP";
 
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCspProvider.xml' path='docs/members[@name="SqlColumnEncryptionCspProvider"]/DecryptColumnEncryptionKey/*' />
-        public override byte[] DecryptColumnEncryptionKey(string masterKeyPath, string encryptionAlgorithm, byte[] encryptedColumnEncryptionKey)
+        public override byte[] DecryptColumnEncryptionKey(string? masterKeyPath, string? encryptionAlgorithm, byte[]? encryptedColumnEncryptionKey)
         {
             // Validate the input parameters
             ValidateNonEmptyCSPKeyPath(masterKeyPath, isSystemOp: true);
@@ -55,14 +56,14 @@ public override byte[] DecryptColumnEncryptionKey(string masterKeyPath, string e
             ValidateEncryptionAlgorithm(encryptionAlgorithm, isSystemOp: true);
 
             // Create RSA Provider with the given CSP name and key name
-            RSACryptoServiceProvider rsaProvider = CreateRSACryptoProvider(masterKeyPath, isSystemOp: true);
+            RSA rsaProvider = CreateRSACryptoProvider(masterKeyPath, isSystemOp: true);
             using EncryptedColumnEncryptionKeyParameters cekDecryptionParameters = new(rsaProvider, masterKeyPath, MasterKeyType, KeyPathReference);
 
             return cekDecryptionParameters.Decrypt(encryptedColumnEncryptionKey);
         }
 
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCspProvider.xml' path='docs/members[@name="SqlColumnEncryptionCspProvider"]/EncryptColumnEncryptionKey/*' />
-        public override byte[] EncryptColumnEncryptionKey(string masterKeyPath, string encryptionAlgorithm, byte[] columnEncryptionKey)
+        public override byte[] EncryptColumnEncryptionKey(string? masterKeyPath, string? encryptionAlgorithm, byte[]? columnEncryptionKey)
         {
             // Validate the input parameters
             ValidateNonEmptyCSPKeyPath(masterKeyPath, isSystemOp: false);
@@ -81,20 +82,20 @@ public override byte[] EncryptColumnEncryptionKey(string masterKeyPath, string e
             ValidateEncryptionAlgorithm(encryptionAlgorithm, isSystemOp: false);
 
             // Create RSA Provider with the given CSP name and key name
-            RSACryptoServiceProvider rsaProvider = CreateRSACryptoProvider(masterKeyPath, isSystemOp: false);
+            RSA rsaProvider = CreateRSACryptoProvider(masterKeyPath, isSystemOp: false);
             using EncryptedColumnEncryptionKeyParameters cekEncryptionParameters = new(rsaProvider, masterKeyPath, MasterKeyType, KeyPathReference);
 
             return cekEncryptionParameters.Encrypt(columnEncryptionKey);
         }
 
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCspProvider.xml' path='docs/members[@name="SqlColumnEncryptionCspProvider"]/SignColumnMasterKeyMetadata/*' />
-        public override byte[] SignColumnMasterKeyMetadata(string masterKeyPath, bool allowEnclaveComputations)
+        public override byte[] SignColumnMasterKeyMetadata(string? masterKeyPath, bool allowEnclaveComputations)
         {
             throw new NotSupportedException();
         }
 
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCspProvider.xml' path='docs/members[@name="SqlColumnEncryptionCspProvider"]/VerifyColumnMasterKeyMetadata/*' />
-        public override bool VerifyColumnMasterKeyMetadata(string masterKeyPath, bool allowEnclaveComputations, byte[] signature)
+        public override bool VerifyColumnMasterKeyMetadata(string? masterKeyPath, bool allowEnclaveComputations, byte[]? signature)
         {
             throw new NotSupportedException();
         }
@@ -105,7 +106,7 @@ public override bool VerifyColumnMasterKeyMetadata(string masterKeyPath, bool al
         /// </summary>
         /// <param name="encryptionAlgorithm">Asymmetric key encryption algorithm</param>
         /// <param name="isSystemOp">Indicates if ADO.NET calls or the customer calls the API</param>
-        private static void ValidateEncryptionAlgorithm(string encryptionAlgorithm, bool isSystemOp)
+        private static void ValidateEncryptionAlgorithm([NotNull] string? encryptionAlgorithm, bool isSystemOp)
         {
             // This validates that the encryption algorithm is RSA_OAEP
             if (encryptionAlgorithm is null)
@@ -124,7 +125,7 @@ private static void ValidateEncryptionAlgorithm(string encryptionAlgorithm, bool
         /// </summary>
         /// <param name="masterKeyPath">CSP key path.</param>
         /// <param name="isSystemOp">Indicates if ADO.NET calls or the customer calls the API</param>
-        private static void ValidateNonEmptyCSPKeyPath(string masterKeyPath, bool isSystemOp)
+        private static void ValidateNonEmptyCSPKeyPath([NotNull] string? masterKeyPath, bool isSystemOp)
         {
             if (masterKeyPath is null)
             {
@@ -153,12 +154,11 @@ private static RSACryptoServiceProvider CreateRSACryptoProvider(string keyPath,
 
             // Create a new instance of CspParameters for an RSA container.
             CspParameters cspParams = new(providerType, cspProviderName, keyName) { Flags = CspProviderFlags.UseExistingKey };
-            RSACryptoServiceProvider rscp;
 
             try
             {
                 // Create a new instance of RSACryptoServiceProvider
-                rscp = new RSACryptoServiceProvider(cspParams);
+                return new RSACryptoServiceProvider(cspParams);
             }
             catch (CryptographicException e)
             {
@@ -174,8 +174,6 @@ private static RSACryptoServiceProvider CreateRSACryptoProvider(string keyPath,
                     throw;
                 }
             }
-
-            return rscp;
         }
 
         /// <summary>

src/Microsoft.Data.SqlClient/src/System/Diagnostics/CodeAnalysis.cs

@@ -38,5 +38,10 @@ public MemberNotNullWhenAttribute(bool returnValue, params string[] members)
 
         public string[] Members { get; }
     }
+
+    [AttributeUsage(AttributeTargets.Field | AttributeTargets.Parameter | AttributeTargets.Property | AttributeTargets.ReturnValue, Inherited = false)]
+    internal sealed class NotNullAttribute : Attribute
+    {
+    }
 #endif
 }