mysql-net
diff --git a/‎.ci/config/config.compression+ssl.json
Lines changed: 1 addition & 1 deletion b/‎.ci/config/config.compression+ssl.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎.ci/config/config.compression.json
Lines changed: 1 addition & 1 deletion b/‎.ci/config/config.compression.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎.ci/config/config.json
Lines changed: 1 addition & 1 deletion b/‎.ci/config/config.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎.ci/config/config.ssl.json
Lines changed: 1 addition & 1 deletion b/‎.ci/config/config.ssl.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎azure-pipelines.yml
Lines changed: 9 additions & 9 deletions b/‎azure-pipelines.yml
Lines changed: 9 additions & 9 deletions
diff --git a/‎src/MySqlConnector.Authentication.Ed25519/Ed25519AuthenticationPlugin.cs
Lines changed: 23 additions & 7 deletions b/‎src/MySqlConnector.Authentication.Ed25519/Ed25519AuthenticationPlugin.cs
Lines changed: 23 additions & 7 deletions
diff --git a/‎src/MySqlConnector/Authentication/IAuthenticationPlugin.cs
Lines changed: 16 additions & 0 deletions b/‎src/MySqlConnector/Authentication/IAuthenticationPlugin.cs
Lines changed: 16 additions & 0 deletions
diff --git a/‎src/MySqlConnector/Core/ConnectionPool.cs
Lines changed: 12 additions & 78 deletions b/‎src/MySqlConnector/Core/ConnectionPool.cs
Lines changed: 12 additions & 78 deletions
diff --git a/‎src/MySqlConnector/Core/ConnectionSettings.cs
Lines changed: 6 additions & 2 deletions b/‎src/MySqlConnector/Core/ConnectionSettings.cs
Lines changed: 6 additions & 2 deletions
diff --git a/‎src/MySqlConnector/Core/IConnectionPoolMetadata.cs
Lines changed: 26 additions & 0 deletions b/‎src/MySqlConnector/Core/IConnectionPoolMetadata.cs
Lines changed: 26 additions & 0 deletions
@@ -4,7 +4,7 @@
       "SocketPath": "./../../../../.ci/run/mysql/mysqld.sock",
       "PasswordlessUser": "no_password",
       "SecondaryDatabase": "testdb2",
-      "UnsupportedFeatures": "RsaEncryption,CachingSha2Password,Tls12,Tls13,UuidToBin",
+      "UnsupportedFeatures": "CachingSha2Password,Redirection,RsaEncryption,Tls12,Tls13,TlsFingerprintValidation,UuidToBin",
       "MySqlBulkLoaderLocalCsvFile": "../../../TestData/LoadData_UTF8_BOM_Unix.CSV",
       "MySqlBulkLoaderLocalTsvFile": "../../../TestData/LoadData_UTF8_BOM_Unix.TSV",
       "CertificatesPath": "../../../../.ci/server/certs"
 
@@ -4,7 +4,7 @@
       "SocketPath": "./../../../../.ci/run/mysql/mysqld.sock",
       "PasswordlessUser": "no_password",
       "SecondaryDatabase": "testdb2",
-      "UnsupportedFeatures": "Ed25519,QueryAttributes,StreamingResults,Tls11,UnixDomainSocket,ZeroDateTime",
+      "UnsupportedFeatures": "Ed25519,QueryAttributes,Redirection,StreamingResults,Tls11,TlsFingerprintValidation,UnixDomainSocket,ZeroDateTime",
       "MySqlBulkLoaderLocalCsvFile": "../../../../tests/TestData/LoadData_UTF8_BOM_Unix.CSV",
       "MySqlBulkLoaderLocalTsvFile": "../../../../tests/TestData/LoadData_UTF8_BOM_Unix.TSV"
     }
 
@@ -4,7 +4,7 @@
       "SocketPath": "./../../../../.ci/run/mysql/mysqld.sock",
       "PasswordlessUser": "no_password",
       "SecondaryDatabase": "testdb2",
-      "UnsupportedFeatures": "Ed25519,QueryAttributes,StreamingResults,Tls11,UnixDomainSocket,ZeroDateTime",
+      "UnsupportedFeatures": "Ed25519,QueryAttributes,Redirection,StreamingResults,Tls11,TlsFingerprintValidation,UnixDomainSocket,ZeroDateTime",
       "MySqlBulkLoaderLocalCsvFile": "../../../../tests/TestData/LoadData_UTF8_BOM_Unix.CSV",
       "MySqlBulkLoaderLocalTsvFile": "../../../../tests/TestData/LoadData_UTF8_BOM_Unix.TSV"
     }
 
@@ -4,7 +4,7 @@
       "SocketPath": "./../../../../.ci/run/mysql/mysqld.sock",
       "PasswordlessUser": "no_password",
       "SecondaryDatabase": "testdb2",
-      "UnsupportedFeatures": "RsaEncryption,CachingSha2Password,Tls12,Tls13,UuidToBin",
+      "UnsupportedFeatures": "CachingSha2Password,Redirection,RsaEncryption,Tls12,Tls13,TlsFingerprintValidation,UuidToBin",
       "MySqlBulkLoaderLocalCsvFile": "../../../../tests/TestData/LoadData_UTF8_BOM_Unix.CSV",
       "MySqlBulkLoaderLocalTsvFile": "../../../../tests/TestData/LoadData_UTF8_BOM_Unix.TSV",
       "CertificatesPath": "../../../../.ci/server/certs"
 
@@ -51,7 +51,7 @@ jobs:
       arguments: 'tests\IntegrationTests\IntegrationTests.csproj -c MySqlData'
       testRunTitle: 'MySql.Data integration tests'
     env:
-      DATA__UNSUPPORTEDFEATURES: 'Ed25519,QueryAttributes,StreamingResults,UnixDomainSocket'
+      DATA__UNSUPPORTEDFEATURES: 'Ed25519,QueryAttributes,StreamingResults,TlsFingerprintValidation,UnixDomainSocket'
       DATA__CONNECTIONSTRING: 'server=localhost;port=3306;user id=root;password=test;database=mysqltest;ssl mode=none;DefaultCommandTimeout=3600'
       DATA__CERTIFICATESPATH: '$(Build.Repository.LocalPath)\.ci\server\certs\'
       DATA__MYSQLBULKLOADERLOCALCSVFILE: '$(Build.Repository.LocalPath)\tests\TestData\LoadData_UTF8_BOM_Unix.CSV'
@@ -120,7 +120,7 @@ jobs:
       arguments: '-c Release --no-restore -p:TestTfmsInParallel=false'
       testRunTitle: ${{ format('{0}, $(Agent.OS), {1}, {2}', 'mysql:8.0', 'net481/net9.0', 'No SSL') }}
     env:
-      DATA__UNSUPPORTEDFEATURES: 'Ed25519,QueryAttributes,StreamingResults,Tls11,UnixDomainSocket'
+      DATA__UNSUPPORTEDFEATURES: 'Ed25519,QueryAttributes,Redirection,StreamingResults,Tls11,TlsFingerprintValidation,UnixDomainSocket'
       DATA__CONNECTIONSTRING: 'server=localhost;port=3306;user id=mysqltest;password=test;database=mysqltest;ssl mode=none;DefaultCommandTimeout=3600;AllowPublicKeyRetrieval=True;UseCompression=True'
 
 - job: windows_integration_tests_2
@@ -158,7 +158,7 @@ jobs:
       arguments: '-c Release --no-restore -p:TestTfmsInParallel=false'
       testRunTitle: ${{ format('{0}, $(Agent.OS), {1}, {2}', 'mysql:8.0', 'net8.0', 'No SSL') }}
     env:
-      DATA__UNSUPPORTEDFEATURES: 'Ed25519,QueryAttributes,StreamingResults,Tls11,UnixDomainSocket'
+      DATA__UNSUPPORTEDFEATURES: 'Ed25519,QueryAttributes,Redirection,StreamingResults,Tls11,TlsFingerprintValidation,UnixDomainSocket'
       DATA__CONNECTIONSTRING: 'server=localhost;port=3306;user id=mysqltest;password=test;database=mysqltest;ssl mode=none;DefaultCommandTimeout=3600;AllowPublicKeyRetrieval=True'
 
 - job: linux_integration_tests
@@ -171,27 +171,27 @@ jobs:
       'MySQL 8.0':
         image: 'mysql:8.0'
         connectionStringExtra: 'AllowPublicKeyRetrieval=True'
-        unsupportedFeatures: 'Ed25519,StreamingResults,Tls11,ZeroDateTime'
+        unsupportedFeatures: 'Ed25519,Redirection,StreamingResults,Tls11,TlsFingerprintValidation,ZeroDateTime'
       'MySQL 8.4':
         image: 'mysql:8.4'
         connectionStringExtra: 'AllowPublicKeyRetrieval=True'
-        unsupportedFeatures: 'Ed25519,StreamingResults,Tls11,ZeroDateTime'
+        unsupportedFeatures: 'Ed25519,Redirection,StreamingResults,Tls11,TlsFingerprintValidation,ZeroDateTime'
       'MySQL 9.0':
         image: 'mysql:9.0'
         connectionStringExtra: 'AllowPublicKeyRetrieval=True'
-        unsupportedFeatures: 'Ed25519,StreamingResults,Tls11,ZeroDateTime'
+        unsupportedFeatures: 'Ed25519,Redirection,StreamingResults,Tls11,TlsFingerprintValidation,ZeroDateTime'
       'MariaDB 10.6':
         image: 'mariadb:10.6'
         connectionStringExtra: ''
-        unsupportedFeatures: 'CachingSha2Password,CancelSleepSuccessfully,Json,RoundDateTime,QueryAttributes,Sha256Password,Tls11,UuidToBin'
+        unsupportedFeatures: 'CachingSha2Password,CancelSleepSuccessfully,Json,RoundDateTime,QueryAttributes,Redirection,Sha256Password,Tls11,TlsFingerprintValidation,UuidToBin'
       'MariaDB 10.11':
         image: 'mariadb:10.11'
         connectionStringExtra: ''
-        unsupportedFeatures: 'CachingSha2Password,CancelSleepSuccessfully,Json,RoundDateTime,QueryAttributes,Sha256Password,Tls11,UuidToBin'
+        unsupportedFeatures: 'CachingSha2Password,CancelSleepSuccessfully,Json,RoundDateTime,QueryAttributes,Redirection,Sha256Password,Tls11,TlsFingerprintValidation,UuidToBin'
       'MariaDB 11.4':
         image: 'mariadb:11.4'
         connectionStringExtra: ''
-        unsupportedFeatures: 'CachingSha2Password,CancelSleepSuccessfully,Json,RoundDateTime,QueryAttributes,Sha256Password,Tls11,UuidToBin'
+        unsupportedFeatures: 'CachingSha2Password,CancelSleepSuccessfully,Json,RoundDateTime,QueryAttributes,Sha256Password,Tls11,UuidToBin,Redirection'
   steps:
   - template: '.ci/integration-tests-steps.yml'
     parameters:
 
@@ -1,6 +1,7 @@
 using System;
 using System.Security.Cryptography;
 using System.Text;
+using System.Threading;
 using Chaos.NaCl.Internal.Ed25519Ref10;
 
 namespace MySqlConnector.Authentication.Ed25519;
@@ -9,19 +10,16 @@ namespace MySqlConnector.Authentication.Ed25519;
 /// Provides an implementation of the <c>client_ed25519</c> authentication plugin for MariaDB.
 /// </summary>
 /// <remarks>See <a href="https://mariadb.com/kb/en/library/authentication-plugin-ed25519/">Authentication Plugin - ed25519</a>.</remarks>
-public sealed class Ed25519AuthenticationPlugin : IAuthenticationPlugin
+public sealed class Ed25519AuthenticationPlugin : IAuthenticationPlugin2
 {
 	/// <summary>
 	/// Registers the Ed25519 authentication plugin with MySqlConnector. You must call this method once before
 	/// opening a connection that uses Ed25519 authentication.
 	/// </summary>
 	public static void Install()
 	{
-		if (!s_isInstalled)
-		{
+		if (Interlocked.CompareExchange(ref s_isInstalled, 1, 0) == 0)
 			AuthenticationPlugins.Register(new Ed25519AuthenticationPlugin());
-			s_isInstalled = true;
-		}
 	}
 
 	/// <summary>
@@ -33,6 +31,21 @@ public static void Install()
 	/// Creates the authentication response.
 	/// </summary>
 	public byte[] CreateResponse(string password, ReadOnlySpan<byte> authenticationData)
+	{
+		CreateResponseAndHash(password, authenticationData, out _, out var authenticationResponse);
+		return authenticationResponse;
+	}
+
+	/// <summary>
+	/// Creates the Ed25519 password hash.
+	/// </summary>
+	public byte[] CreatePasswordHash(string password, ReadOnlySpan<byte> authenticationData)
+	{
+		CreateResponseAndHash(password, authenticationData, out var passwordHash, out _);
+		return passwordHash;
+	}
+
+	private static void CreateResponseAndHash(string password, ReadOnlySpan<byte> authenticationData, out byte[] passwordHash, out byte[] authenticationResponse)
 	{
 		// Java reference: https://github.com/MariaDB/mariadb-connector-j/blob/master/src/main/java/org/mariadb/jdbc/internal/com/send/authentication/Ed25519PasswordPlugin.java
 		// C reference:  https://github.com/MariaDB/server/blob/592fe954ef82be1bc08b29a8e54f7729eb1e1343/plugin/auth_ed25519/ref10/sign.c#L7
@@ -111,6 +124,9 @@ public byte[] CreateResponse(string password, ReadOnlySpan<byte> authenticationD
 		GroupOperations.ge_scalarmult_base(out var A, az, 0);
 		GroupOperations.ge_p3_tobytes(sm, 32, ref A);
 
+		passwordHash = new byte[32];
+		Array.Copy(sm, 32, passwordHash, 0, 32);
+
 		/*** Java
 			nonce = scalar.reduce(nonce);
 			GroupElement elementRvalue = spec.getB().scalarMultiply(nonce);
@@ -154,12 +170,12 @@ public byte[] CreateResponse(string password, ReadOnlySpan<byte> authenticationD
 
 		var result = new byte[64];
 		Buffer.BlockCopy(sm, 0, result, 0, result.Length);
-		return result;
+		authenticationResponse = result;
 	}
 
 	private Ed25519AuthenticationPlugin()
 	{
 	}
 
-	private static bool s_isInstalled;
+	private static int s_isInstalled;
 }
@@ -20,3 +20,19 @@ public interface IAuthenticationPlugin
 	/// <returns>The authentication response.</returns>
 	byte[] CreateResponse(string password, ReadOnlySpan<byte> authenticationData);
 }
+
+/// <summary>
+/// <see cref="IAuthenticationPlugin2"/> is an extension to <see cref="IAuthenticationPlugin"/> that returns a hash of the client's password.
+/// </summary>
+public interface IAuthenticationPlugin2 : IAuthenticationPlugin
+{
+	/// <summary>
+	/// Hashes the client's password (e.g., for TLS certificate fingerprint verification).
+	/// </summary>
+	/// <param name="password">The client's password.</param>
+	/// <param name="authenticationData">The authentication data supplied by the server; this is the <code>auth method data</code>
+	/// from the <a href="https://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::AuthSwitchRequest">Authentication
+	/// Method Switch Request Packet</a>.</param>
+	/// <returns>The authentication-method-specific hash of the client's password.</returns>
+	byte[] CreatePasswordHash(string password, ReadOnlySpan<byte> authenticationData);
+}
@@ -8,10 +8,16 @@
 
 namespace MySqlConnector.Core;
 
-internal sealed class ConnectionPool : IDisposable
+internal sealed class ConnectionPool : IConnectionPoolMetadata, IDisposable
 {
 	public int Id { get; }
 
+	ConnectionPool? IConnectionPoolMetadata.ConnectionPool => this;
+
+	int IConnectionPoolMetadata.Generation => m_generation;
+
+	int IConnectionPoolMetadata.GetNewSessionId() => Interlocked.Increment(ref m_lastSessionId); 
+
 	public string? Name { get; }
 
 	public ConnectionSettings ConnectionSettings { get; }
@@ -95,6 +101,7 @@ public async ValueTask<ServerSession> GetSessionAsync(MySqlConnection connection
 						m_leasedSessions.Add(session.Id, session);
 						leasedSessionsCountPooled = m_leasedSessions.Count;
 					}
+
 					MetricsReporter.AddUsed(this);
 					ActivitySourceHelper.CopyTags(session.ActivityTags, activity);
 					Log.ReturningPooledSession(m_logger, Id, session.Id, leasedSessionsCountPooled);
@@ -106,7 +113,8 @@ public async ValueTask<ServerSession> GetSessionAsync(MySqlConnection connection
 			}
 
 			// create a new session
-			session = await ConnectSessionAsync(connection, s_createdNewSession, startingTimestamp, activity, ioBehavior, cancellationToken).ConfigureAwait(false);
+			session = await ServerSession.ConnectAndRedirectAsync(m_connectionLogger, m_logger, this, ConnectionSettings, m_loadBalancer,
+				connection, s_createdNewSession, startingTimestamp, activity, ioBehavior, cancellationToken).ConfigureAwait(false);
 			AdjustHostConnectionCount(session, 1);
 			session.OwningConnection = new(connection);
 			int leasedSessionsCountNew;
@@ -402,7 +410,8 @@ private async Task CreateMinimumPooledSessions(MySqlConnection connection, IOBeh
 
 			try
 			{
-				var session = await ConnectSessionAsync(connection, s_createdToReachMinimumPoolSize, Stopwatch.GetTimestamp(), null, ioBehavior, cancellationToken).ConfigureAwait(false);
+				var session = await ServerSession.ConnectAndRedirectAsync(m_connectionLogger, m_logger, this, ConnectionSettings, m_loadBalancer,
+					connection, s_createdToReachMinimumPoolSize, Stopwatch.GetTimestamp(), null, ioBehavior, cancellationToken).ConfigureAwait(false);
 				AdjustHostConnectionCount(session, 1);
 				lock (m_sessions)
 					_ = m_sessions.AddFirst(session);
@@ -416,81 +425,6 @@ private async Task CreateMinimumPooledSessions(MySqlConnection connection, IOBeh
 		}
 	}
 
-	private async ValueTask<ServerSession> ConnectSessionAsync(MySqlConnection connection, Action<ILogger, int, string, Exception?> logMessage, long startingTimestamp, Activity? activity, IOBehavior ioBehavior, CancellationToken cancellationToken)
-	{
-		var session = new ServerSession(m_connectionLogger, this, m_generation, Interlocked.Increment(ref m_lastSessionId));
-		if (m_logger.IsEnabled(LogLevel.Debug))
-			logMessage(m_logger, Id, session.Id, null);
-		string? statusInfo;
-		try
-		{
-			statusInfo = await session.ConnectAsync(ConnectionSettings, connection, startingTimestamp, m_loadBalancer, activity, ioBehavior, cancellationToken).ConfigureAwait(false);
-		}
-		catch (Exception)
-		{
-			await session.DisposeAsync(ioBehavior, default).ConfigureAwait(false);
-			throw;
-		}
-
-		Exception? redirectionException = null;
-		if (statusInfo is not null && statusInfo.StartsWith("Location: mysql://", StringComparison.Ordinal))
-		{
-			// server redirection string has the format "Location: mysql://{host}:{port}/user={userId}[&ttl={ttl}]"
-			Log.HasServerRedirectionHeader(m_logger, session.Id, statusInfo);
-
-			if (ConnectionSettings.ServerRedirectionMode == MySqlServerRedirectionMode.Disabled)
-			{
-				Log.ServerRedirectionIsDisabled(m_logger, Id);
-			}
-			else if (Utility.TryParseRedirectionHeader(statusInfo, out var host, out var port, out var user))
-			{
-				if (host != ConnectionSettings.HostNames![0] || port != ConnectionSettings.Port || user != ConnectionSettings.UserID)
-				{
-					var redirectedSettings = ConnectionSettings.CloneWith(host, port, user);
-					Log.OpeningNewConnection(m_logger, Id, host, port, user);
-					var redirectedSession = new ServerSession(m_connectionLogger, this, m_generation, Interlocked.Increment(ref m_lastSessionId));
-					try
-					{
-						_ = await redirectedSession.ConnectAsync(redirectedSettings, connection, startingTimestamp, m_loadBalancer, activity, ioBehavior, cancellationToken).ConfigureAwait(false);
-					}
-					catch (Exception ex)
-					{
-						Log.FailedToConnectRedirectedSession(m_logger, ex, Id, redirectedSession.Id);
-						redirectionException = ex;
-					}
-
-					if (redirectionException is null)
-					{
-						Log.ClosingSessionToUseRedirectedSession(m_logger, Id, session.Id, redirectedSession.Id);
-						await session.DisposeAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
-						return redirectedSession;
-					}
-					else
-					{
-						try
-						{
-							await redirectedSession.DisposeAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
-						}
-						catch (Exception)
-						{
-						}
-					}
-				}
-				else
-				{
-					Log.SessionAlreadyConnectedToServer(m_logger, session.Id);
-				}
-			}
-		}
-
-		if (ConnectionSettings.ServerRedirectionMode == MySqlServerRedirectionMode.Required)
-		{
-			Log.RequiresServerRedirection(m_logger, Id);
-			throw new MySqlException(MySqlErrorCode.UnableToConnectToHost, "Server does not support redirection", redirectionException);
-		}
-		return session;
-	}
-
 	public static ConnectionPool? CreatePool(string connectionString, MySqlConnectorLoggingConfiguration loggingConfiguration, string? name)
 	{
 		// parse connection string and check for 'Pooling' setting; return 'null' if pooling is disabled
 
@@ -270,8 +270,12 @@ public int ConnectionTimeoutMilliseconds
 
 	private ConnectionSettings(ConnectionSettings other, string host, int port, string userId)
 	{
-		ConnectionStringBuilder = other.ConnectionStringBuilder;
-		ConnectionString = other.ConnectionString;
+		ConnectionStringBuilder = new MySqlConnectionStringBuilder(other.ConnectionString);
+		ConnectionStringBuilder.Port = (uint)port;
+		ConnectionStringBuilder.Server = host;
+		ConnectionStringBuilder.UserID = userId;
+
+		ConnectionString = ConnectionStringBuilder.ConnectionString;
 
 		ConnectionProtocol = MySqlConnectionProtocol.Sockets;
 		HostNames = [host];
 
@@ -0,0 +1,26 @@
+namespace MySqlConnector.Core;
+
+internal interface IConnectionPoolMetadata
+{
+	/// <summary>
+	/// Returns the <see cref="ConnectionPool"/> this <see cref="IConnectionPoolMetadata"/> is associated with,
+	/// or <c>null</c> if it represents a non-pooled connection.
+	/// </summary>
+	ConnectionPool? ConnectionPool { get; }
+
+	/// <summary>
+	/// Returns the ID of the connection pool, or 0 if this is a non-pooled connection.
+	/// </summary>
+	int Id { get; }
+
+	/// <summary>
+	/// Returns the generation of the connection pool, or 0 if this is a non-pooled connection.
+	/// </summary>
+	int Generation { get; }
+
+	/// <summary>
+	/// Returns a new session ID.
+	/// </summary>
+	/// <returns>A new session ID.</returns>
+	int GetNewSessionId();
+}
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@`
`4`	`4`	`"SocketPath": "./../../../../.ci/run/mysql/mysqld.sock",`
`5`	`5`	`"PasswordlessUser": "no_password",`
`6`	`6`	`"SecondaryDatabase": "testdb2",`
`7`		`- "UnsupportedFeatures": "Ed25519,QueryAttributes,StreamingResults,Tls11,UnixDomainSocket,ZeroDateTime",`
	`7`	`+ "UnsupportedFeatures": "Ed25519,QueryAttributes,Redirection,StreamingResults,Tls11,TlsFingerprintValidation,UnixDomainSocket,ZeroDateTime",`
`8`	`8`	`"MySqlBulkLoaderLocalCsvFile": "../../../../tests/TestData/LoadData_UTF8_BOM_Unix.CSV",`
`9`	`9`	`"MySqlBulkLoaderLocalTsvFile": "../../../../tests/TestData/LoadData_UTF8_BOM_Unix.TSV"`
`10`	`10`	`}`