Fix fetching signature verification result from cache

[cheenamalhotra]

Fixes AB#45439

Problem
GetSignatureVerificationResult returned the boolean from MemoryCache.TryGetValue(whether the key existed in cache) instead of the cached value itself. Once a CMK signature verification failure was cached result: false, subsequent lookups returned true, causing the caller to skip re-verification and treat the column master key as having a valid signature.

Fix
Return the actual cached value:

return _cache.TryGetValue<bool>(cacheLookupKey, out bool value) && value;

Tests
Added SignatureVerificationCacheTests covering both cached true and cached false cases (regression test for the bug).

[Copilot]

Pull request overview

Fixes a correctness bug in the Always Encrypted column master key (CMK) signature verification cache where GetSignatureVerificationResult previously returned the cache hit flag (from MemoryCache.TryGetValue) instead of the cached boolean result, which could incorrectly treat a cached verification failure (false) as a success.

Changes:

• Correct GetSignatureVerificationResult to return true only when the cached value exists and is true.
• Add unit tests to cover both cached-success (true) and cached-failure (false) scenarios to prevent regression.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SignatureVerificationCache.cs	Fixes cache lookup logic to return the cached verification result (not just presence).
src/Microsoft.Data.SqlClient/tests/UnitTests/Microsoft/Data/SqlClient/SignatureVerificationCacheTests.cs	Adds regression tests validating correct behavior for cached true and cached false.

[codecov]

Codecov Report

❌ Patch coverage is 63.46154% with 19 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.67%. Comparing base (bfbdd30) to head (d8f8b7a).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...osoft/Data/SqlClient/SignatureVerificationCache.cs	75.00%	11 Missing ⚠️
...src/Microsoft/Data/SqlClient/SqlSecurityUtility.cs	0.00%	8 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4339      +/-   ##
==========================================
- Coverage   66.69%   64.67%   -2.02%     
==========================================
  Files         284      279       -5     
  Lines       43238    66067   +22829     
==========================================
+ Hits        28836    42732   +13896     
- Misses      14402    23335    +8933     

Flag	Coverage Δ
CI-SqlClient	?
PR-SqlClient-Project	64.67% <63.46%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

[paulmedynski]

This is an existing bug that should have its own PR. Can you make a work item to track it?