public void DpapiCredentialStore_Get_ReadProtectedFile()
{
var fs = new TestFileSystem();
var store = new DpapiCredentialStore(fs, TestStoreRoot, TestNamespace);
string service = "https://example.com";
const string userName = "******";
const string password = "******"; // [SuppressMessage("Microsoft.Security", "CS001:SecretInline", Justification="Fake credential")]
string serviceSlug = Path.Combine(TestNamespace, "https", "example.com");
string fileName = $"{userName}.credential";
string filePath = Path.Combine(TestStoreRoot, serviceSlug, fileName);
byte[] plainData = Encoding.UTF8.GetBytes(password);
byte[] cryptoData = ProtectedData.Protect(plainData, null, DataProtectionScope.CurrentUser);
string cryptoLine0 = Convert.ToBase64String(cryptoData);
var contents = new StringBuilder();
contents.AppendLine(cryptoLine0);
contents.AppendLine($"service={service}");
contents.AppendLine($"account={userName}");
contents.AppendLine();
byte[] data = Encoding.UTF8.GetBytes(contents.ToString());
fs.Directories.Add(Path.Combine(TestStoreRoot, serviceSlug));
fs.Files[filePath] = data;
ICredential credential = store.Get(service, userName);
Assert.Equal(password, credential.Password);
Assert.Equal(userName, credential.Account);
}
public void DpapiCredentialStore_AddOrUpdate_CreatesUTF8ProtectedFile()
{
var fs = new TestFileSystem();
var store = new DpapiCredentialStore(fs, TestStoreRoot, TestNamespace);
string service = "https://example.com";
const string userName = "******";
const string password = "******"; // [SuppressMessage("Microsoft.Security", "CS001:SecretInline", Justification="Fake credential")]
string expectedServiceSlug = Path.Combine(TestNamespace, "https", "example.com");
string expectedFileName = $"{userName}.credential";
string expectedFilePath = Path.Combine(TestStoreRoot, expectedServiceSlug, expectedFileName);
store.AddOrUpdate(service, userName, password);
Assert.True(fs.Directories.Contains(Path.Combine(TestStoreRoot, expectedServiceSlug)));
Assert.True(fs.Files.TryGetValue(expectedFilePath, out byte[] data));
string contents = Encoding.UTF8.GetString(data);
Assert.False(string.IsNullOrWhiteSpace(contents));
string[] lines = contents.Split(Environment.NewLine);
Assert.Equal(4, lines.Length);
byte[] cryptoData = Convert.FromBase64String(lines[0]);
byte[] plainData = ProtectedData.Unprotect(cryptoData, null, DataProtectionScope.CurrentUser);
string plainLine0 = Encoding.UTF8.GetString(plainData);
Assert.Equal(password, plainLine0);
Assert.Equal($"service={service}", lines[1]);
Assert.Equal($"account={userName}", lines[2]);
Assert.True(string.IsNullOrWhiteSpace(lines[3]));
}
public void DpapiCredentialStore_Get_KeyNotFound_ReturnsNull()
{
var fs = new TestFileSystem();
var store = new DpapiCredentialStore(fs, TestStoreRoot, TestNamespace);
// Unique service; guaranteed not to exist!
string service = Guid.NewGuid().ToString("N");
ICredential credential = store.Get(service, account: null);
Assert.Null(credential);
}
public void DpapiCredentialStore_Remove_KeyNotFound_ReturnsFalse()
{
var fs = new TestFileSystem();
var store = new DpapiCredentialStore(fs, TestStoreRoot, TestNamespace);
// Unique service; guaranteed not to exist!
string service = Guid.NewGuid().ToString("N");
bool result = store.Remove(service, account: null);
Assert.False(result);
}
