Set ColumnEncryptionKeyCacheTtl to zero when key store provider is re…

…gistered and used globally (#1078)

src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlConnection.cs

@@ -98,8 +98,6 @@ private static readonly Dictionary<string, SqlColumnEncryptionKeyStoreProvider>
         /// </summary>
         private static IReadOnlyDictionary<string, SqlColumnEncryptionKeyStoreProvider> s_globalCustomColumnEncryptionKeyStoreProviders;
 
-        private static string s_akvProviderName = "AZURE_KEY_VAULT";
-
         /// <summary>
         /// Dictionary object holding trusted key paths for various SQL Servers.
         /// Key to the dictionary is a SQL Server Name
@@ -314,9 +312,10 @@ public static void RegisterColumnEncryptionKeyStoreProviders(IDictionary<string,
                     throw SQL.CanOnlyCallOnce();
                 }
 
-                if (customProviders.ContainsKey(s_akvProviderName))
+                // to prevent conflicts between CEK caches, global providers should not use their own CEK caches
+                foreach (SqlColumnEncryptionKeyStoreProvider provider in customProviders.Values)
                 {
-                    customProviders[s_akvProviderName].ColumnEncryptionKeyCacheTtl = new TimeSpan(0);
+                    provider.ColumnEncryptionKeyCacheTtl = new TimeSpan(0);
                 }
 
                 // Create a temporary dictionary and then add items from the provided dictionary.

src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnection.cs

@@ -67,8 +67,6 @@ private static Dictionary<string, SqlColumnEncryptionKeyStoreProvider> s_systemC
         /// </summary>
         private static IReadOnlyDictionary<string, SqlColumnEncryptionKeyStoreProvider> s_globalCustomColumnEncryptionKeyStoreProviders;
 
-        private static string s_akvProviderName = "AZURE_KEY_VAULT";
-
         /// Instance-level list of custom key store providers. It can be set more than once by the user.
         private IReadOnlyDictionary<string, SqlColumnEncryptionKeyStoreProvider> _customColumnEncryptionKeyStoreProviders;
 
@@ -149,9 +147,10 @@ static public void RegisterColumnEncryptionKeyStoreProviders(IDictionary<string,
                     throw SQL.CanOnlyCallOnce();
                 }
 
-                if (customProviders.ContainsKey(s_akvProviderName))
+                // to prevent conflicts between CEK caches, global providers should not use their own CEK caches
+                foreach (SqlColumnEncryptionKeyStoreProvider provider in customProviders.Values)
                 {
-                    customProviders[s_akvProviderName].ColumnEncryptionKeyCacheTtl = new TimeSpan(0);
+                    provider.ColumnEncryptionKeyCacheTtl = new TimeSpan(0);
                 }
 
                 // Create a temporary dictionary and then add items from the provided dictionary.

src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlSymmetricKeyCache.cs

@@ -74,6 +74,8 @@ internal SqlClientSymmetricKey GetKey(SqlEncryptionKeyInfo keyInfo, SqlConnectio
                 byte[] plaintextKey;
                 try
                 {
+                    // to prevent conflicts between CEK caches, global providers should not use their own CEK caches
+                    provider.ColumnEncryptionKeyCacheTtl = new TimeSpan(0);
                     plaintextKey = provider.DecryptColumnEncryptionKey(keyInfo.keyPath, keyInfo.algorithmName, keyInfo.encryptedKey);
                 }
                 catch (Exception e)

src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVUnitTests.cs

@@ -175,7 +175,7 @@ public static void CekCacheEntryIsEvictedAfterTtlExpires()
         }
 
         [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.IsAKVSetupAvailable))]
-        public static void CekCacheShouldBeDisabledWhenAkvProviderIsRegisteredGlobally()
+        public static void CekCacheShouldBeDisabledWhenCustomProviderIsRegisteredGlobally()
         {
             if (SQLSetupStrategyAzureKeyVault.IsAKVProviderRegistered)
             {