Merge branch 'master' into users/juraj-blazek/encryption-array-pooling

Azure · Oct 6, 2024 · 8ea5879 · 8ea5879
2 parents 4f2f072 + 1e150b6
commit 8ea5879
Show file tree

Hide file tree

Showing 14 changed files with 113 additions and 49 deletions.
diff --git a/Microsoft.Azure.Cosmos.Encryption.Custom/src/CosmosDataEncryptionKeyProvider.cs b/Microsoft.Azure.Cosmos.Encryption.Custom/src/CosmosDataEncryptionKeyProvider.cs
@@ -192,17 +192,17 @@ private async Task<DataEncryptionKey> FetchDekAsync(string id, string encryption
                 cancellationToken: cancellationToken);
 
             // supports Encryption with MDE based algorithm using Legacy Encryption Algorithm Configured DEK.
-            if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized) &&
-                string.Equals(dataEncryptionKeyProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized))
+            if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, StringComparison.Ordinal) &&
+                string.Equals(dataEncryptionKeyProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, StringComparison.Ordinal))
             {
                 return await this.dataEncryptionKeyContainerCore.FetchUnWrappedMdeSupportedLegacyDekAsync(
                     dataEncryptionKeyProperties,
                     cancellationToken);
             }
 
             // supports Encryption with Legacy based algorithm using Mde Encryption Algorithm Configured DEK.
-            if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized) &&
-                string.Equals(dataEncryptionKeyProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized))
+            if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, StringComparison.Ordinal) &&
+                string.Equals(dataEncryptionKeyProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, StringComparison.Ordinal))
             {
                 return await this.dataEncryptionKeyContainerCore.FetchUnWrappedLegacySupportedMdeDekAsync(
                     dataEncryptionKeyProperties,

diff --git a/Microsoft.Azure.Cosmos.Encryption.Custom/src/CosmosEncryptionAlgorithm.cs b/Microsoft.Azure.Cosmos.Encryption.Custom/src/CosmosEncryptionAlgorithm.cs
@@ -31,8 +31,8 @@ public static class CosmosEncryptionAlgorithm
         /// <returns> Returns True if the Algorithm is supported. </returns>
         internal static bool VerifyIfSupportedAlgorithm(string encryptionAlgorithm)
         {
-            if (!string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized) &&
-                !string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized))
+            if (!string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, StringComparison.Ordinal) &&
+                !string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, StringComparison.Ordinal))
             {
                 return false;
             }

diff --git a/Microsoft.Azure.Cosmos.Encryption.Custom/src/DataEncryptionKeyContainerCore.cs b/Microsoft.Azure.Cosmos.Encryption.Custom/src/DataEncryptionKeyContainerCore.cs
@@ -78,7 +78,7 @@ public override async Task<ItemResponse<DataEncryptionKeyProperties>> CreateData
             EncryptionKeyWrapMetadata updatedMetadata = null;
             InMemoryRawDek inMemoryRawDek = null;
 
-            if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized))
+            if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, StringComparison.Ordinal))
             {
                 (wrappedDek, updatedMetadata, inMemoryRawDek) = await this.GenerateAndWrapRawDekForLegacyEncAlgoAsync(
                 id,
@@ -87,7 +87,7 @@ public override async Task<ItemResponse<DataEncryptionKeyProperties>> CreateData
                 diagnosticsContext,
                 cancellationToken);
             }
-            else if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized))
+            else if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, StringComparison.Ordinal))
             {
                 (wrappedDek, updatedMetadata) = this.GenerateAndWrapPdekForMdeEncAlgo(id, encryptionKeyWrapMetadata);
             }
@@ -118,7 +118,7 @@ public override async Task<ItemResponse<DataEncryptionKeyProperties>> CreateData
 
             this.DekProvider.DekCache.SetDekProperties(id, dekProperties);
 
-            if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized))
+            if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, StringComparison.Ordinal))
             {
                 this.DekProvider.DekCache.SetRawDek(id, inMemoryRawDek);
             }
@@ -165,7 +165,7 @@ public override async Task<ItemResponse<DataEncryptionKeyProperties>> RewrapData
 
             byte[] rawkey = null;
 
-            if (string.Equals(dekProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized))
+            if (string.Equals(dekProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, StringComparison.Ordinal))
             {
                 InMemoryRawDek inMemoryRawDek = await this.FetchUnwrappedAsync(
                     dekProperties,
@@ -174,7 +174,7 @@ public override async Task<ItemResponse<DataEncryptionKeyProperties>> RewrapData
 
                 rawkey = inMemoryRawDek.DataEncryptionKey.RawKey;
             }
-            else if (string.Equals(dekProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized))
+            else if (string.Equals(dekProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, StringComparison.Ordinal))
             {
                 EncryptionKeyUnwrapResult encryptionKeyUnwrapResult = await this.DekProvider.MdeKeyWrapProvider.UnwrapKeyAsync(
                     dekProperties.WrappedDataEncryptionKey,
@@ -186,8 +186,8 @@ public override async Task<ItemResponse<DataEncryptionKeyProperties>> RewrapData
 
             if (!string.IsNullOrEmpty(encryptionAlgorithm))
             {
-                if (string.Equals(dekProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized)
-                    && string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized))
+                if (string.Equals(dekProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, StringComparison.Ordinal)
+                    && string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, StringComparison.Ordinal))
                 {
                     throw new InvalidOperationException($"Rewrap operation with EncryptionAlgorithm '{encryptionAlgorithm}' is not supported on Data Encryption Keys" +
                         $" which are configured with '{CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized}'. ");
@@ -264,7 +264,7 @@ await this.ReadDataEncryptionKeyAsync(
 
             this.DekProvider.DekCache.SetDekProperties(id, dekProperties);
 
-            if (string.Equals(newDekProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized))
+            if (string.Equals(newDekProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, StringComparison.Ordinal))
             {
                 this.DekProvider.DekCache.SetRawDek(id, updatedRawDek);
             }
@@ -384,7 +384,7 @@ internal async Task<InMemoryRawDek> FetchUnwrappedAsync(
         {
             try
             {
-                if (string.Equals(dekProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized))
+                if (string.Equals(dekProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, StringComparison.Ordinal))
                 {
                     DataEncryptionKey dek = this.InitMdeEncryptionAlgorithm(dekProperties, withRawKey);
 
@@ -419,11 +419,11 @@ internal async Task<InMemoryRawDek> FetchUnwrappedAsync(
 
             using (diagnosticsContext.CreateScope("WrapDataEncryptionKey"))
             {
-                if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized) && this.DekProvider.EncryptionKeyWrapProvider != null)
+                if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, StringComparison.Ordinal) && this.DekProvider.EncryptionKeyWrapProvider != null)
                 {
                     keyWrapResponse = await this.DekProvider.EncryptionKeyWrapProvider.WrapKeyAsync(key, metadata, cancellationToken);
                 }
-                else if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized) && this.DekProvider.MdeKeyWrapProvider != null)
+                else if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, StringComparison.Ordinal) && this.DekProvider.MdeKeyWrapProvider != null)
                 {
                     keyWrapResponse = await this.DekProvider.MdeKeyWrapProvider.WrapKeyAsync(key, metadata, cancellationToken);
                 }
@@ -446,12 +446,12 @@ internal async Task<InMemoryRawDek> FetchUnwrappedAsync(
 
             byte[] rawKey = null;
             InMemoryRawDek roundTripResponse = null;
-            if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized))
+            if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, StringComparison.Ordinal))
             {
                 roundTripResponse = await this.UnwrapAsync(tempDekProperties, diagnosticsContext, cancellationToken);
                 rawKey = roundTripResponse.DataEncryptionKey.RawKey;
             }
-            else if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized))
+            else if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, StringComparison.Ordinal))
             {
                 EncryptionKeyUnwrapResult unwrapResult = await this.UnWrapDekMdeEncAlgoAsync(
                     tempDekProperties,

diff --git a/Microsoft.Azure.Cosmos.Encryption.Custom/src/EncryptionProcessor.cs b/Microsoft.Azure.Cosmos.Encryption.Custom/src/EncryptionProcessor.cs
@@ -61,26 +61,26 @@ public static async Task<Stream> EncryptAsync(
                 return input;
             }
 
-            if (!encryptionOptions.PathsToEncrypt.Distinct().SequenceEqual(encryptionOptions.PathsToEncrypt))
+            if (encryptionOptions.PathsToEncrypt.Distinct().Count() != encryptionOptions.PathsToEncrypt.Count())
             {
                 throw new InvalidOperationException("Duplicate paths in PathsToEncrypt passed via EncryptionOptions.");
             }
 
             foreach (string path in encryptionOptions.PathsToEncrypt)
             {
-                if (string.IsNullOrWhiteSpace(path) || path[0] != '/' || path.LastIndexOf('/') != 0)
+                if (string.IsNullOrWhiteSpace(path) || path[0] != '/' || path.IndexOf('/', 1) != -1)
                 {
                     throw new InvalidOperationException($"Invalid path {path ?? string.Empty}, {nameof(encryptionOptions.PathsToEncrypt)}");
                 }
 
-                if (string.Equals(path.Substring(1), "id"))
+                if (path.AsSpan(1).Equals("id".AsSpan(), StringComparison.Ordinal))
                 {
                     throw new InvalidOperationException($"{nameof(encryptionOptions.PathsToEncrypt)} includes a invalid path: '{path}'.");
                 }
             }
 
             JObject itemJObj = EncryptionProcessor.BaseSerializer.FromStream<JObject>(input);
-            List<string> pathsEncrypted = new List<string>();
+            List<string> pathsEncrypted = new List<string>(encryptionOptions.PathsToEncrypt.Count());
             EncryptionProperties encryptionProperties = null;
             byte[] plainText = null;
             byte[] cipherText = null;

diff --git a/....Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/Query/NonStreamingOrderByQueryTests.cs b/....Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/Query/NonStreamingOrderByQueryTests.cs
@@ -324,9 +324,9 @@ private sealed class Document
 
         private static class DebugTraceHelpers
         {
+#pragma warning disable CS0162, CS0649 // Unreachable code detected
             private const bool Enabled = false;
 
-#pragma warning disable CS0162 // Unreachable code detected
             public static void TraceSupportedFeaturesString(string supportedQueryFeatures)
             {
                 if (Enabled)

diff --git a/...crosoft.Azure.Cosmos.Tests/ChangeFeed/ChangeFeedPartitionKeyResultSetIteratorCoreTests.cs b/...crosoft.Azure.Cosmos.Tests/ChangeFeed/ChangeFeedPartitionKeyResultSetIteratorCoreTests.cs
@@ -40,6 +40,7 @@ public async Task EtagPassesContinuation()
 
             Mock<ContainerInternal> containerMock = new Mock<ContainerInternal>();
             Mock<CosmosClientContext> mockContext = new Mock<CosmosClientContext>();
+#pragma warning disable CA1416 // 'ResourceType' is only supported on: 'windows'
             mockContext.Setup(x => x.OperationHelperAsync<ResponseMessage>(
                 It.Is<string>(str => str.Contains("Change Feed Processor")),
                 It.IsAny<string>(),
@@ -59,6 +60,7 @@ public async Task EtagPassesContinuation()
                         return func(trace);
                     }
                 });
+#pragma warning restore CA1416
 
             mockContext.Setup(c => c.ProcessResourceOperationStreamAsync(
                 It.IsAny<string>(),
@@ -121,6 +123,7 @@ public async Task NextReadHasUpdatedContinuation()
 
             Mock<ContainerInternal> containerMock = new Mock<ContainerInternal>();
             Mock<CosmosClientContext> mockContext = new Mock<CosmosClientContext>();
+#pragma warning disable CA1416 // 'ResourceType' is only supported on: 'windows'
             mockContext.Setup(x => x.OperationHelperAsync<ResponseMessage>(
                 It.Is<string>(str => str.Contains("Change Feed Processor")),
                 It.IsAny<string>(),
@@ -140,6 +143,7 @@ public async Task NextReadHasUpdatedContinuation()
                         return func(trace);
                     }
                 });
+#pragma warning restore CA1416
 
             mockContext.SetupSequence(c => c.ProcessResourceOperationStreamAsync(
                 It.IsAny<string>(),
@@ -192,6 +196,7 @@ public async Task ShouldSetFeedRangePartitionKeyRange()
 
             Mock<ContainerInternal> containerMock = new Mock<ContainerInternal>();
             Mock<CosmosClientContext> mockContext = new Mock<CosmosClientContext>();
+#pragma warning disable CA1416 // 'ResourceType' is only supported on: 'windows'
             mockContext.Setup(x => x.OperationHelperAsync<ResponseMessage>(
                 It.Is<string>(str => str.Contains("Change Feed Processor")),
                 It.IsAny<string>(),
@@ -211,6 +216,7 @@ public async Task ShouldSetFeedRangePartitionKeyRange()
                         return func(trace);
                     }
                 });
+#pragma warning restore CA1416
 
             mockContext.Setup(c => c.ProcessResourceOperationStreamAsync(
                 It.IsAny<string>(),

diff --git a/Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.Tests/ClientRetryPolicyTests.cs b/Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.Tests/ClientRetryPolicyTests.cs
@@ -270,54 +270,54 @@ public void HttpRequestExceptionHandelingTests(
         }
 
         [TestMethod]
-        public Task ClientRetryPolicy_Retry_SingleMaster_Read_PreferredLocations()
+        public async Task ClientRetryPolicy_Retry_SingleMaster_Read_PreferredLocationsAsync()
         {
-            return this.ValidateConnectTimeoutTriggersClientRetryPolicy(isReadRequest: true, useMultipleWriteLocations: false, usesPreferredLocations: true, shouldHaveRetried: true);
+            await this.ValidateConnectTimeoutTriggersClientRetryPolicyAsync(isReadRequest: true, useMultipleWriteLocations: false, usesPreferredLocations: true, shouldHaveRetried: true);
         }
 
         [TestMethod]
-        public Task ClientRetryPolicy_Retry_MultiMaster_Read_PreferredLocations()
+        public async Task ClientRetryPolicy_Retry_MultiMaster_Read_PreferredLocationsAsync()
         {
-            return this.ValidateConnectTimeoutTriggersClientRetryPolicy(isReadRequest: true, useMultipleWriteLocations: true, usesPreferredLocations: true, shouldHaveRetried: true);
+            await this.ValidateConnectTimeoutTriggersClientRetryPolicyAsync(isReadRequest: true, useMultipleWriteLocations: true, usesPreferredLocations: true, shouldHaveRetried: true);
         }
 
         [TestMethod]
-        public Task ClientRetryPolicy_Retry_MultiMaster_Write_PreferredLocations()
+        public async Task ClientRetryPolicy_Retry_MultiMaster_Write_PreferredLocationsAsync()
         {
-            return this.ValidateConnectTimeoutTriggersClientRetryPolicy(isReadRequest: false, useMultipleWriteLocations: true, usesPreferredLocations: true, shouldHaveRetried: true);
+            await this.ValidateConnectTimeoutTriggersClientRetryPolicyAsync(isReadRequest: false, useMultipleWriteLocations: true, usesPreferredLocations: true, shouldHaveRetried: true);
         }
 
         [TestMethod]
-        public Task ClientRetryPolicy_NoRetry_SingleMaster_Write_PreferredLocations()
+        public async Task ClientRetryPolicy_NoRetry_SingleMaster_Write_PreferredLocationsAsync()
         {
-            return this.ValidateConnectTimeoutTriggersClientRetryPolicy(isReadRequest: false, useMultipleWriteLocations: false, usesPreferredLocations: true, shouldHaveRetried: false);
+            await this.ValidateConnectTimeoutTriggersClientRetryPolicyAsync(isReadRequest: false, useMultipleWriteLocations: false, usesPreferredLocations: true, shouldHaveRetried: false);
         }
 
         [TestMethod]
-        public Task ClientRetryPolicy_NoRetry_SingleMaster_Read_NoPreferredLocations()
+        public async Task ClientRetryPolicy_NoRetry_SingleMaster_Read_NoPreferredLocationsAsync()
         {
-            return this.ValidateConnectTimeoutTriggersClientRetryPolicy(isReadRequest: true, useMultipleWriteLocations: false, usesPreferredLocations: false, shouldHaveRetried: false);
+            await this.ValidateConnectTimeoutTriggersClientRetryPolicyAsync(isReadRequest: true, useMultipleWriteLocations: false, usesPreferredLocations: false, shouldHaveRetried: false);
         }
 
         [TestMethod]
-        public Task ClientRetryPolicy_NoRetry_SingleMaster_Write_NoPreferredLocations()
+        public async Task ClientRetryPolicy_NoRetry_SingleMaster_Write_NoPreferredLocationsAsync()
         {
-            return this.ValidateConnectTimeoutTriggersClientRetryPolicy(isReadRequest: false, useMultipleWriteLocations: false, usesPreferredLocations: false, shouldHaveRetried: false);
+            await this.ValidateConnectTimeoutTriggersClientRetryPolicyAsync(isReadRequest: false, useMultipleWriteLocations: false, usesPreferredLocations: false, shouldHaveRetried: false);
         }
 
         [TestMethod]
-        public Task ClientRetryPolicy_NoRetry_MultiMaster_Read_NoPreferredLocations()
+        public async Task ClientRetryPolicy_NoRetry_MultiMaster_Read_NoPreferredLocationsAsync()
         {
-            return this.ValidateConnectTimeoutTriggersClientRetryPolicy(isReadRequest: true, useMultipleWriteLocations: true, usesPreferredLocations: false, false);
+            await this.ValidateConnectTimeoutTriggersClientRetryPolicyAsync(isReadRequest: true, useMultipleWriteLocations: true, usesPreferredLocations: false, false);
         }
 
         [TestMethod]
-        public Task ClientRetryPolicy_NoRetry_MultiMaster_Write_NoPreferredLocations()
+        public async Task ClientRetryPolicy_NoRetry_MultiMaster_Write_NoPreferredLocationsAsync()
         {
-            return this.ValidateConnectTimeoutTriggersClientRetryPolicy(isReadRequest: false, useMultipleWriteLocations: true, usesPreferredLocations: false, false);
+            await this.ValidateConnectTimeoutTriggersClientRetryPolicyAsync(isReadRequest: false, useMultipleWriteLocations: true, usesPreferredLocations: false, false);
         }
 
-        private async Task ValidateConnectTimeoutTriggersClientRetryPolicy(
+        private async Task ValidateConnectTimeoutTriggersClientRetryPolicyAsync(
             bool isReadRequest,
             bool useMultipleWriteLocations,
             bool usesPreferredLocations,