From e90a3de7ec6fe08c4b3be6d4f1138f2381bd1c7f Mon Sep 17 00:00:00 2001 From: Katie Strader Date: Mon, 25 Nov 2024 14:08:18 -0700 Subject: [PATCH] Missed a test for EnterpriseCA. --- test/unit/ACLProcessorTest.cs | 84 +++++++++++++++++------------------ 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/test/unit/ACLProcessorTest.cs b/test/unit/ACLProcessorTest.cs index d38df830..9bb7368e 100644 --- a/test/unit/ACLProcessorTest.cs +++ b/test/unit/ACLProcessorTest.cs @@ -1674,7 +1674,7 @@ public async Task ACLProcessor_ProcessACL_GenericWrite_EnterpriseCA() } [Fact] - public async Task ACLProcessor_ProcessACL_CreateChild_ManageCA() + public async Task ACLProcessor_ProcessACL_EnterpriseCA_ManageCA() { var expectedPrincipalType = Label.EnterpriseCA; var expectedPrincipalSID = "S-1-5-21-3130019616-2776909439-2417379446-512"; @@ -1687,7 +1687,7 @@ public async Task ACLProcessor_ProcessACL_CreateChild_ManageCA() mockRule.Setup(x => x.AccessControlType()).Returns(AccessControlType.Allow); mockRule.Setup(x => x.IsAceInheritedFrom(It.IsAny())).Returns(true); mockRule.Setup(x => x.IdentityReference()).Returns(expectedPrincipalSID); - mockRule.Setup(x => x.ActiveDirectoryRights()).Returns(ActiveDirectoryRights.CreateChild); + mockRule.Setup(x => x.ActiveDirectoryRights()).Returns((ActiveDirectoryRights)CertificationAuthorityRights.ManageCA); mockRule.Setup(x => x.ObjectType()).Returns(new Guid(ACEGuids.AllGuid)); collection.Add(mockRule.Object); @@ -1713,7 +1713,7 @@ public async Task ACLProcessor_ProcessACL_CreateChild_ManageCA() } [Fact] - public async Task ACLProcessor_ProcessACL_DeleteChild_ManageCertificates() + public async Task ACLProcessor_ProcessACL_EnterpriseCA_ManageCertificates() { var expectedPrincipalType = Label.EnterpriseCA; var expectedPrincipalSID = "S-1-5-21-3130019616-2776909439-2417379446-512"; @@ -1726,7 +1726,7 @@ public async Task ACLProcessor_ProcessACL_DeleteChild_ManageCertificates() mockRule.Setup(x => x.AccessControlType()).Returns(AccessControlType.Allow); mockRule.Setup(x => x.IsAceInheritedFrom(It.IsAny())).Returns(true); mockRule.Setup(x => x.IdentityReference()).Returns(expectedPrincipalSID); - mockRule.Setup(x => x.ActiveDirectoryRights()).Returns(ActiveDirectoryRights.DeleteChild); + mockRule.Setup(x => x.ActiveDirectoryRights()).Returns((ActiveDirectoryRights)CertificationAuthorityRights.ManageCertificates); mockRule.Setup(x => x.ObjectType()).Returns(new Guid(ACEGuids.AllGuid)); collection.Add(mockRule.Object); @@ -1751,43 +1751,43 @@ public async Task ACLProcessor_ProcessACL_DeleteChild_ManageCertificates() Assert.Equal(actual.RightName, expectedRightName); } - // [Fact] - // public async Task ACLProcessor_ProcessACL_Enroll() - // { - // var expectedPrincipalType = Label.EnterpriseCA; - // var expectedPrincipalSID = "S-1-5-21-3130019616-2776909439-2417379446-512"; - // var expectedRightName = EdgeNames.ManageCertificates; - // - // var mockLDAPUtils = new Mock(); - // var mockSecurityDescriptor = new Mock(MockBehavior.Loose, null); - // var mockRule = new Mock(MockBehavior.Loose, null); - // var collection = new List(); - // mockRule.Setup(x => x.AccessControlType()).Returns(AccessControlType.Allow); - // mockRule.Setup(x => x.IsAceInheritedFrom(It.IsAny())).Returns(true); - // mockRule.Setup(x => x.IdentityReference()).Returns(expectedPrincipalSID); - // mockRule.Setup(x => x.ActiveDirectoryRights()).Returns((int)CertificationAuthorityRights.Enroll); - // mockRule.Setup(x => x.ObjectType()).Returns(new Guid(ACEGuids.AllGuid)); - // collection.Add(mockRule.Object); - // - // mockSecurityDescriptor.Setup(m => m.GetAccessRules(It.IsAny(), It.IsAny(), It.IsAny())) - // .Returns(collection); - // mockSecurityDescriptor.Setup(m => m.GetOwner(It.IsAny())).Returns((string)null); - // mockLDAPUtils.Setup(x => x.MakeSecurityDescriptor()).Returns(mockSecurityDescriptor.Object); - // mockLDAPUtils.Setup(x => x.ResolveIDAndType(It.IsAny(), It.IsAny())) - // .ReturnsAsync((true, new TypedPrincipal(expectedPrincipalSID, expectedPrincipalType))); - // mockLDAPUtils.Setup(x => x.PagedQuery(It.IsAny(), It.IsAny())) - // .Returns(Array.Empty>().ToAsyncEnumerable); - // - // var processor = new ACLProcessor(mockLDAPUtils.Object); - // var bytes = Utils.B64ToBytes(UnProtectedUserNtSecurityDescriptor); - // var result = await processor.ProcessACL(bytes, _testDomainName, Label.EnterpriseCA, true).ToArrayAsync(); - // - // Assert.Single(result); - // var actual = result.First(); - // Assert.Equal(actual.PrincipalType, expectedPrincipalType); - // Assert.Equal(actual.PrincipalSID, expectedPrincipalSID); - // Assert.False(actual.IsInherited); - // Assert.Equal(actual.RightName, expectedRightName); - // } + [Fact] + public async Task ACLProcessor_ProcessACL_EnterpriseCA_Enroll() + { + var expectedPrincipalType = Label.EnterpriseCA; + var expectedPrincipalSID = "S-1-5-21-3130019616-2776909439-2417379446-512"; + var expectedRightName = EdgeNames.Enroll; + + var mockLDAPUtils = new Mock(); + var mockSecurityDescriptor = new Mock(MockBehavior.Loose, null); + var mockRule = new Mock(MockBehavior.Loose, null); + var collection = new List(); + mockRule.Setup(x => x.AccessControlType()).Returns(AccessControlType.Allow); + mockRule.Setup(x => x.IsAceInheritedFrom(It.IsAny())).Returns(true); + mockRule.Setup(x => x.IdentityReference()).Returns(expectedPrincipalSID); + mockRule.Setup(x => x.ActiveDirectoryRights()).Returns((ActiveDirectoryRights)CertificationAuthorityRights.Enroll); + mockRule.Setup(x => x.ObjectType()).Returns(new Guid(ACEGuids.AllGuid)); + collection.Add(mockRule.Object); + + mockSecurityDescriptor.Setup(m => m.GetAccessRules(It.IsAny(), It.IsAny(), It.IsAny())) + .Returns(collection); + mockSecurityDescriptor.Setup(m => m.GetOwner(It.IsAny())).Returns((string)null); + mockLDAPUtils.Setup(x => x.MakeSecurityDescriptor()).Returns(mockSecurityDescriptor.Object); + mockLDAPUtils.Setup(x => x.ResolveIDAndType(It.IsAny(), It.IsAny())) + .ReturnsAsync((true, new TypedPrincipal(expectedPrincipalSID, expectedPrincipalType))); + mockLDAPUtils.Setup(x => x.PagedQuery(It.IsAny(), It.IsAny())) + .Returns(Array.Empty>().ToAsyncEnumerable); + + var processor = new ACLProcessor(mockLDAPUtils.Object); + var bytes = Utils.B64ToBytes(UnProtectedUserNtSecurityDescriptor); + var result = await processor.ProcessACL(bytes, _testDomainName, Label.EnterpriseCA, true).ToArrayAsync(); + + Assert.Single(result); + var actual = result.First(); + Assert.Equal(actual.PrincipalType, expectedPrincipalType); + Assert.Equal(actual.PrincipalSID, expectedPrincipalSID); + Assert.False(actual.IsInherited); + Assert.Equal(actual.RightName, expectedRightName); + } } } \ No newline at end of file