dotnet · paulmedynski · Jul 23, 2025 · Jul 23, 2025
@@ -9,24 +9,16 @@ internal static class Constants
         /// <summary>
         /// Azure Key Vault Domain Name
         /// </summary>
-        internal static readonly string[] AzureKeyVaultPublicDomainNames =
-        [
-            // Azure Key Vaults
-            "vault.azure.net",                 // Default
-            "vault.azure.cn",                  // China
-            "vault.usgovcloudapi.net",         // US Government
-            "vault.microsoftazure.de",         // Azure Germany
-            "vault.sovcloud-api.fr",           // France (Bleu)
-            "vault.sovcloud-api.de",           // Germany (Delos)
-
-            // Managed High Security Modules (HSM) Vaults
-            "managedhsm.azure.net",
-            "managedhsm.azure.cn",
-            "managedhsm.usgovcloudapi.net",
-            "managedhsm.microsoftazure.de",
-            "managedhsm.sovcloud-api.fr",
-            "managedhsm.sovcloud-api.de"
-        ];
+        internal static readonly string[] AzureKeyVaultPublicDomainNames = new string[] {
+            @"vault.azure.net", // default
+            @"vault.azure.cn", // Azure China
+            @"vault.usgovcloudapi.net", // US Government
+            @"vault.microsoftazure.de", // Azure Germany
+            @"managedhsm.azure.net", // public HSM vault
+            @"managedhsm.azure.cn", // Azure China HSM vault
+            @"managedhsm.usgovcloudapi.net", // US Government HSM vault
+            @"managedhsm.microsoftazure.de" // Azure Germany HSM vault
+        };
 
         /// <summary>
         /// Always Encrypted Parameter names for exec handling

@@ -141,7 +141,7 @@ internal static ArgumentException InvalidAKVPath(string masterKeyPath, bool isSy
         internal static ArgumentException InvalidAKVUrl(string masterKeyPath) =>
             new(string.Format(CultureInfo.InvariantCulture, Strings.InvalidAkvUrlTemplate, masterKeyPath), Constants.AeParamMasterKeyPath);
 
-        internal static ArgumentException InvalidAKVUrlTrustedEndpoints(string masterKeyPath, string endpoints) =>
+        internal static Exception InvalidAKVUrlTrustedEndpoints(string masterKeyPath, string endpoints) =>
             new ArgumentException(string.Format(CultureInfo.InvariantCulture, Strings.InvalidAkvKeyPathTrustedTemplate, masterKeyPath, endpoints),
                 Constants.AeParamMasterKeyPath);
     }

@@ -182,22 +182,23 @@ public void InvalidCertificatePath()
             string dummyPathWithOnlyHost = @"https://www.microsoft.com";
             string invalidUrlErrorMessage = $@"Invalid url specified: '{dummyPathWithOnlyHost}'";
             string dummyPathWithInvalidKey = @"https://www.microsoft.vault.azure.com/keys/dummykey/dummykeyid";
+            string invalidTrustedEndpointErrorMessage = $@"Invalid Azure Key Vault key path specified: '{dummyPathWithInvalidKey}'. Valid trusted endpoints: vault.azure.net, vault.azure.cn, vault.usgovcloudapi.net, vault.microsoftazure.de, managedhsm.azure.net, managedhsm.azure.cn, managedhsm.usgovcloudapi.net, managedhsm.microsoftazure.de.\s+\(?Parameter (name: )?'?masterKeyPath('\))?";
 
             Exception ex = Assert.Throws<ArgumentException>(
                 () => _fixture.AkvStoreProvider.EncryptColumnEncryptionKey(dummyPathWithOnlyHost, MasterKeyEncAlgo, cek));
             Assert.Matches(invalidUrlErrorMessage, ex.Message);
 
             ex = Assert.Throws<ArgumentException>(
                 () => _fixture.AkvStoreProvider.EncryptColumnEncryptionKey(dummyPathWithInvalidKey, MasterKeyEncAlgo, cek));
-            Assert.Matches(TrustedUrlsTest.MakeInvalidVaultErrorMessage(dummyPathWithInvalidKey), ex.Message);
+            Assert.Matches(invalidTrustedEndpointErrorMessage, ex.Message);
 
             ex = Assert.Throws<ArgumentException>(
                  () => _fixture.AkvStoreProvider.DecryptColumnEncryptionKey(dummyPathWithOnlyHost, MasterKeyEncAlgo, encryptedCek));
             Assert.Matches(invalidUrlErrorMessage, ex.Message);
 
             ex = Assert.Throws<ArgumentException>(
                  () => _fixture.AkvStoreProvider.DecryptColumnEncryptionKey(dummyPathWithInvalidKey, MasterKeyEncAlgo, encryptedCek));
-            Assert.Matches(TrustedUrlsTest.MakeInvalidVaultErrorMessage(dummyPathWithInvalidKey), ex.Message);
+            Assert.Matches(invalidTrustedEndpointErrorMessage, ex.Message);
         }
 
         [InlineData(true)]

@@ -36,23 +36,22 @@
   <ItemGroup Condition="'$(TestSet)' == '' OR '$(TestSet)' == 'AE'">
     <Compile Include="AlwaysEncrypted\AKVTests.cs" />
     <Compile Include="AlwaysEncrypted\AKVUnitTests.cs" />
+    <Compile Include="AlwaysEncrypted\EnclaveAzureDatabaseTests.cs" />
+    <Compile Include="AlwaysEncrypted\ExceptionTestAKVStore.cs" />
+    <Compile Include="AlwaysEncrypted\TestFixtures\Setup\AKVTestTable.cs" />
+    <Compile Include="AlwaysEncrypted\TestFixtures\Setup\AkvColumnMasterKey.cs" />
+    <Compile Include="AlwaysEncrypted\TestFixtures\SQLSetupStrategyAzureKeyVault.cs" />
     <Compile Include="AlwaysEncrypted\ApiShould.cs" />
     <Compile Include="AlwaysEncrypted\BulkCopyAE.cs" />
     <Compile Include="AlwaysEncrypted\BulkCopyAEErrorMessage.cs" />
     <Compile Include="AlwaysEncrypted\ColumnDecryptErrorTests.cs" />
-    <Compile Include="AlwaysEncrypted\EnclaveAzureDatabaseTests.cs" />
     <Compile Include="AlwaysEncrypted\End2EndSmokeTests.cs" />
-    <Compile Include="AlwaysEncrypted\ExceptionTestAKVStore.cs" />
     <Compile Include="AlwaysEncrypted\SqlBulkCopyTruncation.cs" />
     <Compile Include="AlwaysEncrypted\SqlNullValues.cs" />
-    <Compile Include="AlwaysEncrypted\TrustedUrlsTest.cs" />
     <Compile Include="AlwaysEncrypted\TestFixtures\AzureKeyVaultKeyFixture.cs" />
     <Compile Include="AlwaysEncrypted\TestFixtures\DatabaseHelper.cs" />
     <Compile Include="AlwaysEncrypted\TestFixtures\SQLSetupStrategy.cs" />
-    <Compile Include="AlwaysEncrypted\TestFixtures\SQLSetupStrategyAzureKeyVault.cs" />
     <Compile Include="AlwaysEncrypted\TestFixtures\SQLSetupStrategyCertStoreProvider.cs" />
-    <Compile Include="AlwaysEncrypted\TestFixtures\Setup\AKVTestTable.cs" />
-    <Compile Include="AlwaysEncrypted\TestFixtures\Setup\AkvColumnMasterKey.cs" />
     <Compile Include="AlwaysEncrypted\TestFixtures\Setup\ApiTestTable.cs" />
     <Compile Include="AlwaysEncrypted\TestFixtures\Setup\BulkCopyAETestTable.cs" />
     <Compile Include="AlwaysEncrypted\TestFixtures\Setup\BulkCopyAEErrorMessageTestTable.cs" />