Completed unit testing and fixes for all schannel.h, secur32.h and sspi.h functions

2019-08-27 11:45:05 -06:00 · 2019-08-27 11:45:05 -06:00 · b80ce7f131
parent 3a1d6548b3
commit b80ce7f131
6 changed files with 119 additions and 52 deletions
--- a/PInvoke/Security/Schannel/Schannel.cs
+++ b/PInvoke/Security/Schannel/Schannel.cs
@ -8,6 +8,7 @@ namespace Vanara.PInvoke
 {
 	public static partial class Schannel
 	{
+		public const uint CF_CERT_FROM_FILE = 2;
 		public const string DEFAULT_TLS_SSP_NAME = "Default TLS SSP";
 		public const string PCT1SP_NAME = "Microsoft PCT 1.0";
 		public const string SCHANNEL_NAME = "Schannel";
@ -24,7 +25,7 @@ namespace Vanara.PInvoke
 		[Flags]
 		public enum SP_PROT : uint
 		{
-			/// <summary>The sp prot none</summary>
+			/// <summary/>
 			SP_PROT_NONE = 0,

 			/// <summary>Transport Layer Security 1.0 client-side.</summary>
@ -63,145 +64,145 @@ namespace Vanara.PInvoke
 			/// <summary>Secure Sockets Layer 2.0 server-side. Superseded by SP_PROT_TLS1_SERVER.</summary>
 			SP_PROT_SSL2_SERVER = 4,

-			/// <summary>The sp prot pc t1</summary>
+			/// <summary/>
 			SP_PROT_PCT1 = (SP_PROT_PCT1_SERVER | SP_PROT_PCT1_CLIENT),

-			/// <summary>The sp prot ss l2</summary>
+			/// <summary/>
 			SP_PROT_SSL2 = (SP_PROT_SSL2_SERVER | SP_PROT_SSL2_CLIENT),

-			/// <summary>The sp prot ss l3</summary>
+			/// <summary/>
 			SP_PROT_SSL3 = (SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT),

-			/// <summary>The sp prot tl s1</summary>
+			/// <summary/>
 			SP_PROT_TLS1 = (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT),

-			/// <summary>The sp prot ss l3 tl s1 clients</summary>
+			/// <summary/>
 			SP_PROT_SSL3TLS1_CLIENTS = (SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT),

-			/// <summary>The sp prot ss l3 tl s1 servers</summary>
+			/// <summary/>
 			SP_PROT_SSL3TLS1_SERVERS = (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER),

-			/// <summary>The sp prot ss l3 tl s1</summary>
+			/// <summary/>
 			SP_PROT_SSL3TLS1 = (SP_PROT_SSL3 | SP_PROT_TLS1),

-			/// <summary>The sp prot uni server</summary>
+			/// <summary/>
 			SP_PROT_UNI_SERVER = 0x40000000,

-			/// <summary>The sp prot uni client</summary>
+			/// <summary/>
 			SP_PROT_UNI_CLIENT = 0x80000000,

-			/// <summary>The sp prot uni</summary>
+			/// <summary/>
 			SP_PROT_UNI = (SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT),

-			/// <summary>The sp prot all</summary>
+			/// <summary/>
 			SP_PROT_ALL = 0xffffffff,

-			/// <summary>The sp prot clients</summary>
+			/// <summary/>
 			SP_PROT_CLIENTS = (SP_PROT_PCT1_CLIENT | SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT),

-			/// <summary>The sp prot servers</summary>
+			/// <summary/>
 			SP_PROT_SERVERS = (SP_PROT_PCT1_SERVER | SP_PROT_SSL2_SERVER | SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER),

-			/// <summary>The sp prot tl s1 0 server</summary>
+			/// <summary/>
 			SP_PROT_TLS1_0_SERVER = SP_PROT_TLS1_SERVER,

-			/// <summary>The sp prot tl s1 0 client</summary>
+			/// <summary/>
 			SP_PROT_TLS1_0_CLIENT = SP_PROT_TLS1_CLIENT,

-			/// <summary>The sp prot tl s1 0</summary>
+			/// <summary/>
 			SP_PROT_TLS1_0 = (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_0_CLIENT),

-			/// <summary>The sp prot tl s1 1</summary>
+			/// <summary/>
 			SP_PROT_TLS1_1 = (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_1_CLIENT),

-			/// <summary>The sp prot tl s1 2</summary>
+			/// <summary/>
 			SP_PROT_TLS1_2 = (SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_2_CLIENT),

-			/// <summary>The sp prot tl s1 3 server</summary>
+			/// <summary/>
 			SP_PROT_TLS1_3_SERVER = 0x00001000,

-			/// <summary>The sp prot tl s1 3 client</summary>
+			/// <summary/>
 			SP_PROT_TLS1_3_CLIENT = 0x00002000,

-			/// <summary>The sp prot tl s1 3</summary>
+			/// <summary/>
 			SP_PROT_TLS1_3 = (SP_PROT_TLS1_3_SERVER | SP_PROT_TLS1_3_CLIENT),

-			/// <summary>The sp prot DTLS server</summary>
+			/// <summary/>
 			SP_PROT_DTLS_SERVER = 0x00010000,

-			/// <summary>The sp prot DTLS client</summary>
+			/// <summary/>
 			SP_PROT_DTLS_CLIENT = 0x00020000,

-			/// <summary>The sp prot DTLS</summary>
+			/// <summary/>
 			SP_PROT_DTLS = (SP_PROT_DTLS_SERVER | SP_PROT_DTLS_CLIENT),

-			/// <summary>The sp prot DTL s1 0 server</summary>
+			/// <summary/>
 			SP_PROT_DTLS1_0_SERVER = SP_PROT_DTLS_SERVER,

-			/// <summary>The sp prot DTL s1 0 client</summary>
+			/// <summary/>
 			SP_PROT_DTLS1_0_CLIENT = SP_PROT_DTLS_CLIENT,

-			/// <summary>The sp prot DTL s1 0</summary>
+			/// <summary/>
 			SP_PROT_DTLS1_0 = (SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_0_CLIENT),

-			/// <summary>The sp prot DTL s1 2 server</summary>
+			/// <summary/>
 			SP_PROT_DTLS1_2_SERVER = 0x00040000,

-			/// <summary>The sp prot DTL s1 2 client</summary>
+			/// <summary/>
 			SP_PROT_DTLS1_2_CLIENT = 0x00080000,

-			/// <summary>The sp prot DTL s1 2</summary>
+			/// <summary/>
 			SP_PROT_DTLS1_2 = (SP_PROT_DTLS1_2_SERVER | SP_PROT_DTLS1_2_CLIENT),

-			/// <summary>The sp prot DTL s1 x server</summary>
+			/// <summary/>
 			SP_PROT_DTLS1_X_SERVER = (SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_2_SERVER),

-			/// <summary>The sp prot DTL s1 x client</summary>
+			/// <summary/>
 			SP_PROT_DTLS1_X_CLIENT = (SP_PROT_DTLS1_0_CLIENT | SP_PROT_DTLS1_2_CLIENT),

-			/// <summary>The sp prot DTL s1 x</summary>
+			/// <summary/>
 			SP_PROT_DTLS1_X = (SP_PROT_DTLS1_X_SERVER | SP_PROT_DTLS1_X_CLIENT),

-			/// <summary>The sp prot tl s1 1 plus server</summary>
+			/// <summary/>
 			SP_PROT_TLS1_1PLUS_SERVER = (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_3_SERVER),

-			/// <summary>The sp prot tl s1 1 plus client</summary>
+			/// <summary/>
 			SP_PROT_TLS1_1PLUS_CLIENT = (SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_3_CLIENT),

-			/// <summary>The sp prot tl s1 1 plus</summary>
+			/// <summary/>
 			SP_PROT_TLS1_1PLUS = (SP_PROT_TLS1_1PLUS_SERVER | SP_PROT_TLS1_1PLUS_CLIENT),

-			/// <summary>The sp prot tl s1 3 plus server</summary>
+			/// <summary/>
 			SP_PROT_TLS1_3PLUS_SERVER = SP_PROT_TLS1_3_SERVER,

-			/// <summary>The sp prot tl s1 3 plus client</summary>
+			/// <summary/>
 			SP_PROT_TLS1_3PLUS_CLIENT = SP_PROT_TLS1_3_CLIENT,

-			/// <summary>The sp prot tl s1 3 plus</summary>
+			/// <summary/>
 			SP_PROT_TLS1_3PLUS = (SP_PROT_TLS1_3PLUS_SERVER | SP_PROT_TLS1_3PLUS_CLIENT),

-			/// <summary>The sp prot tl s1 x server</summary>
+			/// <summary/>
 			SP_PROT_TLS1_X_SERVER = (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_3_SERVER),

-			/// <summary>The sp prot tl s1 x client</summary>
+			/// <summary/>
 			SP_PROT_TLS1_X_CLIENT = (SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_3_CLIENT),

-			/// <summary>The sp prot tl s1 x</summary>
+			/// <summary/>
 			SP_PROT_TLS1_X = (SP_PROT_TLS1_X_SERVER | SP_PROT_TLS1_X_CLIENT),

-			/// <summary>The sp prot ss l3 tl s1 x clients</summary>
+			/// <summary/>
 			SP_PROT_SSL3TLS1_X_CLIENTS = (SP_PROT_TLS1_X_CLIENT | SP_PROT_SSL3_CLIENT),

-			/// <summary>The sp prot ss l3 tl s1 x servers</summary>
+			/// <summary/>
 			SP_PROT_SSL3TLS1_X_SERVERS = (SP_PROT_TLS1_X_SERVER | SP_PROT_SSL3_SERVER),

-			/// <summary>The sp prot ss l3 tl s1 x</summary>
+			/// <summary/>
 			SP_PROT_SSL3TLS1_X = (SP_PROT_SSL3 | SP_PROT_TLS1_X),

-			/// <summary>The sp prot x clients</summary>
+			/// <summary/>
 			SP_PROT_X_CLIENTS = (SP_PROT_CLIENTS | SP_PROT_TLS1_X_CLIENT | SP_PROT_DTLS1_X_CLIENT),

-			/// <summary>The sp prot x servers</summary>
+			/// <summary/>
 			SP_PROT_X_SERVERS = (SP_PROT_SERVERS | SP_PROT_TLS1_X_SERVER | SP_PROT_DTLS1_X_SERVER)
 		}

@ -250,7 +251,7 @@ namespace Vanara.PInvoke
 		[DllImport(Lib.Schannel, SetLastError = false, CharSet = CharSet.Auto)]
 		[PInvokeData("schannel.h", MSDNShortId = "c914d4e3-657e-45ef-ace8-2cea900a8a76")]
 		[return: MarshalAs(UnmanagedType.Bool)]
-		public static extern bool SslEmptyCache(string pszTargetName, uint dwFlags = 0);
+		public static extern bool SslEmptyCache([Optional] string pszTargetName, uint dwFlags = 0);

 		/// <summary>
 		/// <para>
--- a/PInvoke/Security/Secur32/Sspi.cs
+++ b/PInvoke/Security/Secur32/Sspi.cs
@ -4552,7 +4552,7 @@ namespace Vanara.PInvoke
 		// SaslSetContextOption( PCtxtHandle ContextHandle, ULONG Option, PVOID Value, ULONG Size );
 		[DllImport(Lib.Secur32, SetLastError = false, ExactSpelling = true)]
 		[PInvokeData("sspi.h", MSDNShortId = "3c3b1209-b0de-4100-8dfe-53ea314b790b")]
-		public static extern HRESULT SaslSetContextOption(in CtxtHandle ContextHandle, SASL_OPTION Option, string Value, uint Size);
+		public static extern HRESULT SaslSetContextOption(in CtxtHandle ContextHandle, SASL_OPTION Option, [MarshalAs(UnmanagedType.LPWStr)] string Value, uint Size);

 		/// <summary>The <c>SaslSetContextOption</c> function sets the value of the specified property for the specified SASL context.</summary>
 		/// <param name="ContextHandle">Handle of the SASL context.</param>
--- a/UnitTests/PInvoke/Security/Schannel/SchannelTests.cs
+++ b/UnitTests/PInvoke/Security/Schannel/SchannelTests.cs
@ -0,0 +1,42 @@
+using NUnit.Framework;
+using System;
+using System.Linq;
+using System.Security.Cryptography.X509Certificates;
+using Vanara.InteropServices;
+using static Vanara.PInvoke.Schannel;
+
+namespace Vanara.PInvoke.Tests
+{
+	[TestFixture()]
+	public class SchannelTests
+	{
+		[Test]
+		public unsafe void SslCrackCertificateTest()
+		{
+			using (var store = new X509Store(StoreLocation.CurrentUser))
+			{
+				store.Open(OpenFlags.ReadOnly);
+				var cert = store.Certificates.Find(X509FindType.FindBySubjectName, Environment.UserName, false).OfType<X509Certificate2>().First();
+				fixed (byte* pData = cert.RawData)
+				{
+					Assert.That(SslCrackCertificate((IntPtr)pData, (uint)cert.RawData.Length, CF_CERT_FROM_FILE, out var pCert), ResultIs.Successful);
+					pCert.ToStructure<PInvoke.Schannel.X509Certificate>().WriteValues();
+				}
+			}
+		}
+
+		[Test]
+		public void SslEmptyCacheTest()
+		{
+			Assert.That(SslEmptyCache(), ResultIs.Successful);
+		}
+
+		[Test]
+		public void SslGetServerIdentityTest()
+		{
+			// There is no useful documentation or samples on this function. Only checking that it is callable.
+			using (var mem = new SafeHGlobalHandle(256))
+				Assert.That(SslGetServerIdentity(mem, mem.Size, out var pId, out var pSz), ResultIs.FailureCode(HRESULT.SEC_E_ILLEGAL_MESSAGE));
+		}
+	}
+}
--- a/UnitTests/PInvoke/Security/Secur32/SaslTests.cs
+++ b/UnitTests/PInvoke/Security/Secur32/SaslTests.cs
@ -11,7 +11,7 @@ namespace Vanara.PInvoke.Tests
 		{
 			Assert.That(SaslEnumerateProfiles(out var list, out var cnt), Is.EqualTo((HRESULT)0));
 			Assert.That(cnt, Is.LessThan(100));
-			TestContext.WriteLine(string.Join("; ", list));
+			TestContext.WriteLine($"({cnt}): " + string.Join("; ", list));
 		}

 		// [Test] Not on system
@ -20,9 +20,25 @@ namespace Vanara.PInvoke.Tests
 			Assert.That(SaslGetProfilePackage("GSSAPI", out var pPkgInfo), Is.Zero);
 			var pi = pPkgInfo.ToStructure<SecPkgInfo>();
 			Assert.That((uint)pi.fCapabilities, Is.Not.Zero);
+			pi.WriteValues();
 		}

-		/*
+		[Test]
+		public unsafe void SaslNonFuncTest()
+		{
+			Assert.That(SaslAcceptSecurityContext(null, null, null, ASC_REQ.ASC_REQ_ALLOCATE_MEMORY, DREP.SECURITY_NATIVE_DREP, out var hCtx, null, out _, out _), ResultIs.Failure);
+			Assert.That(SaslGetProfilePackage(null, out _), ResultIs.Failure);
+			var desc = default(SecBufferDesc);
+			Assert.That(SaslIdentifyPackage(ref desc, out _), ResultIs.Failure);
+			Assert.That(SaslInitializeSecurityContext(null, null, null, ASC_REQ.ASC_REQ_ALLOCATE_MEMORY, 0, DREP.SECURITY_NATIVE_DREP, null, 0, out _, null, out _, out _), ResultIs.Failure);
+			Assert.That(SaslGetContextOption(hCtx, SASL_OPTION.SASL_OPTION_AUTHZ_STRING, default, 0, out _), ResultIs.Failure);
+			Assert.That(SaslSetContextOption(hCtx, SASL_OPTION.SASL_OPTION_AUTHZ_STRING, "asdfasdf", 18), ResultIs.Failure);
+		}
+
+		/************************
+		 * These methods cannot be tested functionally as Sasl is not supported on all systems.
+		 * **********************
+		SaslGetProfilePackage
 		SaslAcceptSecurityContext	secur32.dll	sspi.h	Vanara.PInvoke.Secur32.SaslAcceptSecurityContext
 		SaslGetContextOption	secur32.dll	sspi.h	Vanara.PInvoke.Secur32.SaslGetContextOption
 		SaslIdentifyPackage	secur32.dll	sspi.h	Vanara.PInvoke.Secur32.SaslIdentifyPackage
--- a/UnitTests/PInvoke/Security/Secur32/Secur32Tests.cs
+++ b/UnitTests/PInvoke/Security/Secur32/Secur32Tests.cs
@ -284,6 +284,13 @@ namespace Vanara.PInvoke.Tests
 				out var profBuf, out var profBufLen, out var logonId, out var hToken, out var quotas, out var subStat), Is.EqualTo((NTStatus)0));
 		}

+		[Test]
+		public void LsaRegisterLogonProcessTest()
+		{
+			// This function cannot be tested beyond callability
+			Assert.That(LsaRegisterLogonProcess("alskdjfalksdjf", out var conn, out var mode), ResultIs.Failure);
+		}
+
 		[Test]
 		public void LsaRegisterPolicyChangeNotificationTest()
 		{
--- a/UnitTests/PInvoke/Security/Security.csproj
+++ b/UnitTests/PInvoke/Security/Security.csproj
@ -71,6 +71,7 @@
    <Compile Include="Secur32\SaslTests.cs" />
    <Compile Include="Secur32\SspiTests.cs" />
    <Compile Include="Secur32\Secur32Tests.cs" />
+    <Compile Include="Schannel\SchannelTests.cs" />
    <Compile Include="SecurityTests.cs" />
  </ItemGroup>
  <ItemGroup>