dpapi: add unit tests of DPAPI cred store

mjcheetham · mjcheetham · commit aa0d913af51f · 2021-09-27T16:28:24.000+01:00
diff --git a/src/shared/Microsoft.Git.CredentialManager.Tests/Interop/Windows/DpapiCredentialStoreTests.cs b/src/shared/Microsoft.Git.CredentialManager.Tests/Interop/Windows/DpapiCredentialStoreTests.cs
@@ -0,0 +1,113 @@
+using System;
+using Xunit;
+using Microsoft.Git.CredentialManager.Interop.Windows;
+using Microsoft.Git.CredentialManager.Tests.Objects;
+using System.IO;
+using System.Text;
+using System.Security.Cryptography;
+
+namespace Microsoft.Git.CredentialManager.Tests.Interop.Windows
+{
+    public class DpapiCredentialStoreTests
+    {
+        private const string TestStoreRoot = @"C:\dpapi_store";
+        private const string TestNamespace = "git-test";
+
+        [PlatformFact(Platforms.Windows)]
+        public void DpapiCredentialStore_AddOrUpdate_CreatesUTF8ProtectedFile()
+        {
+            var fs = new TestFileSystem();
+            var store = new DpapiCredentialStore(fs, TestStoreRoot, TestNamespace);
+
+            string service = "https://example.com";
+            const string userName = "john.doe";
+            const string password = "letmein123"; // [SuppressMessage("Microsoft.Security", "CS001:SecretInline", Justification="Fake credential")]
+
+            string expectedServiceSlug = Path.Combine(TestNamespace, "https", "example.com");
+            string expectedFileName = $"{userName}.credential";
+            string expectedFilePath = Path.Combine(TestStoreRoot, expectedServiceSlug, expectedFileName);
+
+            store.AddOrUpdate(service, userName, password);
+
+            Assert.True(fs.Directories.Contains(Path.Combine(TestStoreRoot, expectedServiceSlug)));
+            Assert.True(fs.Files.TryGetValue(expectedFilePath, out byte[] data));
+
+            string contents = Encoding.UTF8.GetString(data);
+            Assert.False(string.IsNullOrWhiteSpace(contents));
+
+            string[] lines = contents.Split(Environment.NewLine);
+
+            Assert.Equal(4, lines.Length);
+
+            byte[] cryptoData = Convert.FromBase64String(lines[0]);
+            byte[] plainData = ProtectedData.Unprotect(cryptoData, null, DataProtectionScope.CurrentUser);
+            string plainLine0 = Encoding.UTF8.GetString(plainData);
+
+            Assert.Equal(password, plainLine0);
+            Assert.Equal($"service={service}", lines[1]);
+            Assert.Equal($"account={userName}", lines[2]);
+            Assert.True(string.IsNullOrWhiteSpace(lines[3]));
+        }
+
+        [PlatformFact(Platforms.Windows)]
+        public void DpapiCredentialStore_Get_KeyNotFound_ReturnsNull()
+        {
+            var fs = new TestFileSystem();
+            var store = new DpapiCredentialStore(fs, TestStoreRoot, TestNamespace);
+
+            // Unique service; guaranteed not to exist!
+            string service = Guid.NewGuid().ToString("N");
+
+            ICredential credential = store.Get(service, account: null);
+            Assert.Null(credential);
+        }
+
+        [PlatformFact(Platforms.Windows)]
+        public void DpapiCredentialStore_Get_ReadProtectedFile()
+        {
+            var fs = new TestFileSystem();
+            var store = new DpapiCredentialStore(fs, TestStoreRoot, TestNamespace);
+
+            string service = "https://example.com";
+            const string userName = "john.doe";
+            const string password = "letmein123"; // [SuppressMessage("Microsoft.Security", "CS001:SecretInline", Justification="Fake credential")]
+
+            string serviceSlug = Path.Combine(TestNamespace, "https", "example.com");
+            string fileName = $"{userName}.credential";
+            string filePath = Path.Combine(TestStoreRoot, serviceSlug, fileName);
+
+            byte[] plainData = Encoding.UTF8.GetBytes(password);
+            byte[] cryptoData = ProtectedData.Protect(plainData, null, DataProtectionScope.CurrentUser);
+            string cryptoLine0 = Convert.ToBase64String(cryptoData);
+
+            var contents = new StringBuilder();
+            contents.AppendLine(cryptoLine0);
+            contents.AppendLine($"service={service}");
+            contents.AppendLine($"account={userName}");
+            contents.AppendLine();
+
+            byte[] data = Encoding.UTF8.GetBytes(contents.ToString());
+
+            fs.Directories.Add(Path.Combine(TestStoreRoot, serviceSlug));
+            fs.Files[filePath] = data;
+
+            ICredential credential = store.Get(service, userName);
+
+            Assert.Equal(password, credential.Password);
+            Assert.Equal(userName, credential.Account);
+        }
+
+        [PlatformFact(Platforms.Windows)]
+        public void DpapiCredentialStore_Remove_KeyNotFound_ReturnsFalse()
+        {
+            var fs = new TestFileSystem();
+            var store = new DpapiCredentialStore(fs, TestStoreRoot, TestNamespace);
+
+            // Unique service; guaranteed not to exist!
+            string service = Guid.NewGuid().ToString("N");
+
+            bool result = store.Remove(service, account: null);
+            Assert.False(result);
+        }
+    }
+}
diff --git a/src/shared/TestInfrastructure/Objects/TestFileSystem.cs b/src/shared/TestInfrastructure/Objects/TestFileSystem.cs
@@ -37,7 +37,7 @@ bool IFileSystem.FileExists(string path)
 
         bool IFileSystem.DirectoryExists(string path)
         {
-            return Directories.Contains(path);
+            return Directories.Contains(TrimSlash(path));
         }
 
         string IFileSystem.GetCurrentDirectory()
@@ -59,7 +59,7 @@ Stream IFileSystem.OpenFileStream(string path, FileMode fileMode, FileAccess fil
 
         void IFileSystem.CreateDirectory(string path)
         {
-            Directories.Add(path);
+            Directories.Add(TrimSlash(path));
         }
 
         void IFileSystem.DeleteFile(string path)
@@ -93,6 +93,19 @@ bool IsPatternMatch(string s, string p)
         }
 
         #endregion
+
+        /// <summary>
+        /// Trim trailing slashes from a path.
+        /// </summary>
+        public static string TrimSlash(string path)
+        {
+            if (path.Length > 0 && path[path.Length - 1] == Path.DirectorySeparatorChar)
+            {
+                return path.Substring(0, path.Length - 1);
+            }
+
+            return path;
+        }
     }
 
     public class TestFileStream : MemoryStream

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ bool IFileSystem.FileExists(string path)`
`37`	`37`
`38`	`38`	`bool IFileSystem.DirectoryExists(string path)`
`39`	`39`	`{`
`40`		`- return Directories.Contains(path);`
	`40`	`+ return Directories.Contains(TrimSlash(path));`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`string IFileSystem.GetCurrentDirectory()`
`@@ -59,7 +59,7 @@ Stream IFileSystem.OpenFileStream(string path, FileMode fileMode, FileAccess fil`
`59`	`59`
`60`	`60`	`void IFileSystem.CreateDirectory(string path)`
`61`	`61`	`{`
`62`		`- Directories.Add(path);`
	`62`	`+ Directories.Add(TrimSlash(path));`
`63`	`63`	`}`
`64`	`64`
`65`	`65`	`void IFileSystem.DeleteFile(string path)`
`@@ -93,6 +93,19 @@ bool IsPatternMatch(string s, string p)`
`93`	`93`	`}`
`94`	`94`
`95`	`95`	`#endregion`
	`96`	`+`
	`97`	`+ /// <summary>`
	`98`	`+ /// Trim trailing slashes from a path.`
	`99`	`+ /// </summary>`
	`100`	`+ public static string TrimSlash(string path)`
	`101`	`+ {`
	`102`	`+ if (path.Length > 0 && path[path.Length - 1] == Path.DirectorySeparatorChar)`
	`103`	`+ {`
	`104`	`+ return path.Substring(0, path.Length - 1);`
	`105`	`+ }`
	`106`	`+`
	`107`	`+ return path;`
	`108`	`+ }`
`96`	`109`	`}`
`97`	`110`
`98`	`111`	`public class TestFileStream : MemoryStream`