// MonoTests.System.Security.Policy.UnionCodeGroupTest
//
// Author:
-// Sebastien Pouliot (spouliot@motus.com)
+// Sebastien Pouliot <sebastien@ximian.com>
//
// (C) 2004 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using NUnit.Framework;
namespace MonoTests.System.Security.Policy {
[TestFixture]
- public class UnionCodeGroupTest : Assertion {
+ public class UnionCodeGroupTest {
[Test]
[ExpectedException (typeof (ArgumentNullException))]
{
// legal
UnionCodeGroup cg = new UnionCodeGroup (new AllMembershipCondition (), null);
- AssertNull ("PolicyStatement", cg.PolicyStatement);
+ Assert.IsNull (cg.AttributeString, "AttributeString");
+ Assert.IsNull (cg.Description, "Description");
+ Assert.IsNotNull (cg.MembershipCondition, "MembershipCondition");
+ Assert.IsNull (cg.Name, "Name");
+ Assert.IsNull (cg.PermissionSetName, "PermissionSetName");
+ Assert.IsNull (cg.PolicyStatement, "PolicyStatement");
}
[Test]
public void Constructor ()
{
UnionCodeGroup cg = new UnionCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.None)));
- AssertNotNull ("PolicyStatement", cg.PolicyStatement);
- AssertNotNull ("MembershipCondition", cg.MembershipCondition);
+ Assert.AreEqual (String.Empty, cg.AttributeString, "AttributeString");
+ Assert.IsNull (cg.Description, "Description");
+ Assert.IsNotNull (cg.MembershipCondition, "MembershipCondition");
+ Assert.IsNull (cg.Name, "Name");
+ Assert.IsNull (cg.PermissionSetName, "PermissionSetName");
+ Assert.IsNotNull (cg.PolicyStatement, "PolicyStatement");
}
[Test]
public void MergeLogic ()
{
UnionCodeGroup cg = new UnionCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.None)));
- AssertEquals ("MergeLogic", "Union", cg.MergeLogic);
+ Assert.AreEqual ("Union", cg.MergeLogic, "MergeLogic");
}
[Test]
{
UnionCodeGroup cg = new UnionCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.None)));
UnionCodeGroup cg2 = (UnionCodeGroup) cg.Copy ();
- AssertEquals ("AttributeString", cg.AttributeString, cg2.AttributeString);
- AssertEquals ("Children", cg.Children.Count, cg2.Children.Count);
- AssertEquals ("Description", cg.Description, cg2.Description);
- AssertEquals ("MergeLogic", cg.MergeLogic, cg2.MergeLogic);
- AssertEquals ("Name", cg.Name, cg2.Name);
- AssertEquals ("PermissionSetName", cg.PermissionSetName, cg2.PermissionSetName);
- AssertEquals ("ToXml", cg.ToXml ().ToString (), cg2.ToXml ().ToString ());
+ Assert.AreEqual (cg.AttributeString, cg2.AttributeString, "AttributeString");
+ Assert.AreEqual (cg.Children.Count, cg2.Children.Count, "Children");
+ Assert.AreEqual (cg.Description, cg2.Description, "Description");
+ Assert.AreEqual (cg.MergeLogic, cg2.MergeLogic, "MergeLogic");
+ Assert.AreEqual (cg.Name, cg2.Name, "Name");
+ Assert.AreEqual (cg.PermissionSetName, cg2.PermissionSetName, "PermissionSetName");
+ Assert.AreEqual (cg.ToXml ().ToString (), cg2.ToXml ().ToString (), "ToXml");
}
[Test]
UnionCodeGroup cg = new UnionCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.None)));
cg.AddChild (cgChild);
UnionCodeGroup cg2 = (UnionCodeGroup) cg.Copy ();
- AssertEquals ("Children", cg.Children.Count, cg2.Children.Count);
- AssertEquals ("ToXml", cg.ToXml ().ToString (), cg2.ToXml ().ToString ());
+ Assert.AreEqual (cg.Children.Count, cg2.Children.Count, "Children");
+ Assert.AreEqual (cg.ToXml ().ToString (), cg2.ToXml ().ToString (), "ToXml");
}
[Test]
cg.Resolve (null);
}
+ [Test]
+ public void Resolve_NoMatch ()
+ {
+ UnionCodeGroup cg = new UnionCodeGroup (new ZoneMembershipCondition (SecurityZone.Untrusted), new PolicyStatement (new PermissionSet (PermissionState.Unrestricted)));
+ Assert.IsNull (cg.Resolve (new Evidence ()));
+ }
+
+ [Test]
+ public void Resolve_AllMembershipCondition_None ()
+ {
+ UnionCodeGroup cg = new UnionCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.None)));
+ PolicyStatement result = cg.Resolve (new Evidence ());
+ Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, "Attributes");
+ Assert.AreEqual (String.Empty, result.AttributeString, "AttributeString");
+ Assert.IsFalse (result.PermissionSet.IsUnrestricted (), "IsUnrestricted");
+ Assert.AreEqual (0, result.PermissionSet.Count, "Count");
+ }
+
+ [Test]
+ public void Resolve_AllMembershipCondition_Unrestricted ()
+ {
+ UnionCodeGroup cg = new UnionCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.Unrestricted)));
+ PolicyStatement result = cg.Resolve (new Evidence ());
+ Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, "Attributes");
+ Assert.AreEqual (String.Empty, result.AttributeString, "AttributeString");
+ Assert.IsTrue (result.PermissionSet.IsUnrestricted (), "IsUnrestricted");
+ Assert.AreEqual (0, result.PermissionSet.Count, "Count");
+ }
+
+ [Test]
+ public void Resolve_ZoneMembershipCondition_Internet ()
+ {
+ IMembershipCondition mc = new ZoneMembershipCondition (SecurityZone.Internet);
+ PermissionSet pset = new PermissionSet (PermissionState.Unrestricted);
+ UnionCodeGroup cg = new UnionCodeGroup (mc, new PolicyStatement (pset, PolicyStatementAttribute.Nothing));
+
+ Evidence e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Internet));
+ PolicyStatement result = cg.Resolve (e);
+ Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, "Internet-Attributes");
+ Assert.AreEqual (String.Empty, result.AttributeString, "Internet-AttributeString");
+ Assert.IsTrue (result.PermissionSet.IsUnrestricted (),"Internet-IsUnrestricted");
+ Assert.AreEqual (0, result.PermissionSet.Count, "Internet-Count");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Intranet));
+ Assert.IsNull (cg.Resolve (e), "Intranet");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.MyComputer));
+ Assert.IsNull (cg.Resolve (e), "MyComputer");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.NoZone));
+ Assert.IsNull (cg.Resolve (e), "NoZone");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Trusted));
+ Assert.IsNull (cg.Resolve (e), "Trusted");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Untrusted));
+ Assert.IsNull (cg.Resolve (e), "Untrusted");
+ }
+
+ [Test]
+ public void Resolve_ZoneMembershipCondition_Intranet ()
+ {
+ IMembershipCondition mc = new ZoneMembershipCondition (SecurityZone.Intranet);
+ PermissionSet pset = new PermissionSet (PermissionState.None);
+ UnionCodeGroup cg = new UnionCodeGroup (mc, new PolicyStatement (pset, PolicyStatementAttribute.Exclusive));
+
+ Evidence e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Intranet));
+ PolicyStatement result = cg.Resolve (e);
+ Assert.AreEqual (PolicyStatementAttribute.Exclusive, result.Attributes, "Intranet-Attributes");
+ Assert.AreEqual ("Exclusive", result.AttributeString, "Intranet-AttributeString");
+ Assert.IsFalse (result.PermissionSet.IsUnrestricted (), "Intranet-IsUnrestricted");
+ Assert.AreEqual (0, result.PermissionSet.Count, "Intranet-Count");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Internet));
+ Assert.IsNull (cg.Resolve (e), "Internet");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.MyComputer));
+ Assert.IsNull (cg.Resolve (e), "MyComputer");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.NoZone));
+ Assert.IsNull (cg.Resolve (e), "NoZone");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Trusted));
+ Assert.IsNull (cg.Resolve (e), "Trusted");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Untrusted));
+ Assert.IsNull (cg.Resolve (e), "Untrusted");
+ }
+
+ [Test]
+ public void Resolve_ZoneMembershipCondition_MyComputer ()
+ {
+ IMembershipCondition mc = new ZoneMembershipCondition (SecurityZone.MyComputer);
+ PermissionSet pset = new PermissionSet (PermissionState.Unrestricted);
+ UnionCodeGroup cg = new UnionCodeGroup (mc, new PolicyStatement (pset, PolicyStatementAttribute.LevelFinal));
+
+ Evidence e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.MyComputer));
+ PolicyStatement result = cg.Resolve (e);
+ Assert.AreEqual (PolicyStatementAttribute.LevelFinal, result.Attributes, "MyComputer-Attributes");
+ Assert.AreEqual ("LevelFinal", result.AttributeString, "MyComputer-AttributeString");
+ Assert.IsTrue (result.PermissionSet.IsUnrestricted (), "MyComputer-IsUnrestricted");
+ Assert.AreEqual (0, result.PermissionSet.Count, "MyComputer-Count");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Internet));
+ Assert.IsNull (cg.Resolve (e), "Internet");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Intranet));
+ Assert.IsNull (cg.Resolve (e), "Intranet");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.NoZone));
+ Assert.IsNull (cg.Resolve (e), "NoZone");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Trusted));
+ Assert.IsNull (cg.Resolve (e), "Trusted");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Untrusted));
+ Assert.IsNull (cg.Resolve (e), "Untrusted");
+ }
+
+ [Test]
+ [ExpectedException (typeof (ArgumentException))]
+ public void Resolve_ZoneMembershipCondition_NoZone ()
+ {
+ IMembershipCondition mc = new ZoneMembershipCondition (SecurityZone.NoZone);
+ }
+
+ [Test]
+ public void Resolve_ZoneMembershipCondition_Trusted ()
+ {
+ IMembershipCondition mc = new ZoneMembershipCondition (SecurityZone.Trusted);
+ PermissionSet pset = new PermissionSet (PermissionState.Unrestricted);
+ UnionCodeGroup cg = new UnionCodeGroup (mc, new PolicyStatement (pset, PolicyStatementAttribute.All));
+
+ Evidence e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Trusted));
+ PolicyStatement result = cg.Resolve (e);
+ Assert.AreEqual (PolicyStatementAttribute.All, result.Attributes, "Trusted-Attributes");
+ Assert.AreEqual ("Exclusive LevelFinal", result.AttributeString, "Trusted-AttributeString");
+ Assert.IsTrue (result.PermissionSet.IsUnrestricted (), "Trusted-IsUnrestricted");
+ Assert.AreEqual (0, result.PermissionSet.Count, "Trusted-Count");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Internet));
+ Assert.IsNull (cg.Resolve (e), "Internet");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Intranet));
+ Assert.IsNull (cg.Resolve (e), "Intranet");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.MyComputer));
+ Assert.IsNull (cg.Resolve (e), "MyComputer");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.NoZone));
+ Assert.IsNull (cg.Resolve (e), "NoZone");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Untrusted));
+ Assert.IsNull (cg.Resolve (e), "Untrusted");
+ }
+
+ [Test]
+ public void Resolve_ZoneMembershipCondition_Untrusted ()
+ {
+ IMembershipCondition mc = new ZoneMembershipCondition (SecurityZone.Untrusted);
+ PermissionSet pset = new PermissionSet (PermissionState.None);
+ UnionCodeGroup cg = new UnionCodeGroup (mc, new PolicyStatement (pset, PolicyStatementAttribute.Nothing));
+
+ Evidence e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Untrusted));
+ PolicyStatement result = cg.Resolve (e);
+ Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, "Untrusted-Attributes");
+ Assert.AreEqual (String.Empty, result.AttributeString, "Untrusted-AttributeString");
+ Assert.IsFalse (result.PermissionSet.IsUnrestricted (), "Untrusted-IsUnrestricted");
+ Assert.AreEqual (0, result.PermissionSet.Count, "Untrusted-Count");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Internet));
+ Assert.IsNull (cg.Resolve (e), "Internet");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Intranet));
+ Assert.IsNull (cg.Resolve (e), "Intranet");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.MyComputer));
+ Assert.IsNull (cg.Resolve (e), "MyComputer");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.NoZone));
+ Assert.IsNull (cg.Resolve (e), "NoZone");
+
+ e = new Evidence ();
+ e.AddHost (new Zone (SecurityZone.Trusted));
+ Assert.IsNull (cg.Resolve (e), "Trusted");
+ }
+
[Test]
[ExpectedException (typeof (ArgumentNullException))]
public void ResolveMatchingCodeGroups_Null ()
cg.ResolveMatchingCodeGroups (null);
}
+ [Test]
+ public void ResolveMatchingCodeGroups_NoMatch ()
+ {
+ UnionCodeGroup cg = new UnionCodeGroup (new ZoneMembershipCondition (SecurityZone.Untrusted), new PolicyStatement (new PermissionSet (PermissionState.Unrestricted)));
+ Assert.IsNull (cg.ResolveMatchingCodeGroups (new Evidence ()));
+ }
+
+ [Test]
+ public void ResolveMatchingCodeGroups_OneLevel ()
+ {
+ UnionCodeGroup level1 = new UnionCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.None)));
+ CodeGroup match = level1.ResolveMatchingCodeGroups (new Evidence ());
+ Assert.IsNotNull (match, "Match");
+ Assert.IsTrue (match.Equals (level1, false), "Equals(false)");
+ Assert.IsTrue (match.Equals (level1, true), "Equals(true)");
+ }
+
+ [Test]
+ public void ResolveMatchingCodeGroups_TwoLevel ()
+ {
+ UnionCodeGroup level1 = new UnionCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.None)));
+ CodeGroup level2 = level1.Copy ();
+ level1.AddChild (level2);
+
+ CodeGroup match = level1.ResolveMatchingCodeGroups (new Evidence ());
+ Assert.IsNotNull (match, "Match");
+ Assert.IsTrue (match.Equals (level1, false), "Equals(false)");
+ Assert.IsTrue (match.Equals (level1, true), "Equals(true)");
+
+ UnionCodeGroup level2b = new UnionCodeGroup (new ZoneMembershipCondition (SecurityZone.Untrusted), new PolicyStatement (new PermissionSet (PermissionState.Unrestricted)));
+ level1.AddChild (level2b);
+ CodeGroup match2 = level1.ResolveMatchingCodeGroups (new Evidence ());
+ Assert.IsNotNull (match2, "Match2");
+ Assert.IsTrue (match2.Equals (level1, false), "Equals(false)");
+ Assert.IsTrue (!match2.Equals (level1, true), "Equals(true)");
+ }
+
+ [Test]
+ public void ResolveMatchingCodeGroups_ThreeLevel ()
+ {
+ UnionCodeGroup level1 = new UnionCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.None)));
+ CodeGroup level2 = level1.Copy ();
+ level1.AddChild (level2);
+ UnionCodeGroup level3 = new UnionCodeGroup (new ZoneMembershipCondition (SecurityZone.Untrusted), new PolicyStatement (new PermissionSet (PermissionState.Unrestricted)));
+ level2.AddChild (level3);
+
+ CodeGroup match = level1.ResolveMatchingCodeGroups (new Evidence ());
+ Assert.IsNotNull (match, "Match");
+ Assert.IsTrue (match.Equals (level1, false), "Equals(false)");
+ // Equals (true) isn't a deep compare (just one level)
+ Assert.IsTrue (match.Equals (level1, true), "Equals(true)");
+ }
+
[Test]
public void ToFromXmlRoundtrip ()
{
UnionCodeGroup cg = new UnionCodeGroup (new AllMembershipCondition (), ps);
cg.Name = "SomeName";
cg.Description = "Some Description";
- Assert ("Equals (itself)", cg.Equals (cg));
+ Assert.IsTrue (cg.Equals (cg), "Equals (itself)");
SecurityElement se = cg.ToXml ();
UnionCodeGroup cg2 = new UnionCodeGroup (new AllMembershipCondition(), ps);
cg2.Name = "SomeOtherName";
cg2.Description = "Some Other Description";
- Assert ("Equals (another)", !cg.Equals (cg2));
+ Assert.IsTrue (!cg.Equals (cg2), "Equals (another)");
cg2.FromXml (se);
- Assert ("Equals (FromXml)", cg.Equals (cg2));
+ Assert.IsTrue (cg.Equals (cg2), "Equals (FromXml)");
}
+
+ [Test]
+ public void ResolveWithChildren ()
+ {
+ PermissionSet pset1 = new PermissionSet (PermissionState.None);
+ PermissionSet pset2 = new PermissionSet (PermissionState.None);
+ PermissionSet pset3 = new PermissionSet (PermissionState.None);
+ PermissionSet pset4 = new PermissionSet (PermissionState.None);
+ PermissionSet pset5 = new PermissionSet (PermissionState.None);
+ PermissionSet pset6 = new PermissionSet (PermissionState.None);
+
+ IPermission perm1 = new UIPermission (PermissionState.Unrestricted);
+ IPermission perm2 = new EnvironmentPermission (PermissionState.Unrestricted);
+ IPermission perm3 = new FileDialogPermission (PermissionState.Unrestricted);
+ IPermission perm4 = new ReflectionPermission (PermissionState.Unrestricted);
+ IPermission perm5 = new RegistryPermission (PermissionState.Unrestricted);
+ IPermission perm6 = new FileIOPermission (PermissionState.Unrestricted);
+
+ pset1.AddPermission (perm1);
+ PolicyStatement policy1 = new PolicyStatement (pset1);
+
+ pset2.AddPermission(perm2);
+ PolicyStatement policy2 = new PolicyStatement (pset2);
+
+ pset3.AddPermission (perm3);
+ PolicyStatement policy3 = new PolicyStatement (pset3);
+
+ pset4.AddPermission (perm4);
+ PolicyStatement policy4 = new PolicyStatement (pset4);
+
+ pset5.AddPermission (perm5);
+ PolicyStatement policy5 = new PolicyStatement (pset5);
+
+ pset6.AddPermission (perm6);
+ PolicyStatement policy6 = new PolicyStatement (pset6);
+
+ UnionCodeGroup root = new UnionCodeGroup (new AllMembershipCondition (), policy1);
+
+ UnionCodeGroup child1 = new UnionCodeGroup (new ZoneMembershipCondition (SecurityZone.Internet), policy2);
+ UnionCodeGroup child2 = new UnionCodeGroup (new AllMembershipCondition (), policy3);
+ UnionCodeGroup child3 = new UnionCodeGroup (new AllMembershipCondition (), policy4);
+ UnionCodeGroup childofchild1 = new UnionCodeGroup (new AllMembershipCondition (), policy5);
+ UnionCodeGroup childofchild3 = new UnionCodeGroup (new AllMembershipCondition (), policy6);
+
+ child1.AddChild (childofchild1);
+ child3.AddChild (childofchild3);
+
+ root.AddChild (child1);
+ root.AddChild (child2);
+ root.AddChild (child3);
+
+ PolicyStatement result = root.Resolve (new Evidence ());
+
+ PermissionSet correctset = new PermissionSet (PermissionState.None);
+ correctset.AddPermission (perm1);
+ correctset.AddPermission (perm3);
+ correctset.AddPermission (perm4);
+ correctset.AddPermission (perm6);
+
+ Assert.AreEqual (correctset.Count, result.PermissionSet.Count, "PermissionSet.Count");
+ foreach (IPermission p in correctset) {
+ IPermission r = result.PermissionSet.GetPermission (p.GetType ());
+ Assert.IsNotNull (r, "PermissionSet.GetPermission");
+ }
+ }
}
}
projects / mono.git / blobdiff