Merge pull request #12 from virot/YubiKeyPolicies

Added ETW message for XML faults, and unit tests

Author: virot

TameMyCerts.Tests/XMLPolicyTests.cs

@@ -70,7 +70,7 @@ public void Test_Unknown_XML_Element()
         Assert.Empty(cacheEntry.ErrorMessage);
         Assert.Equal(2, _listener.Events.Count);
         Assert.Equal(92, _listener.Events[0].EventId);
-
+        output.WriteLine(_listener.Events[0].Message);
         File.Delete(filename);
     }
 
@@ -96,4 +96,58 @@ public void Test_Unknown_XML_Element2()
         File.Delete(filename);
     }
 
+    [Fact]
+    public void Test_Yubikey_Policies()
+    {
+        var filename = Path.GetTempFileName();
+
+        string sampleXML = @"<CertificateRequestPolicy xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance""
+  xmlns:xsd=""http://www.w3.org/2001/XMLSchema"">
+<YubikeyPolicies>
+  <YubikeyPolicy>
+    <Action>Allow</Action>
+    <PinPolicy>
+      <string>Always</string>
+      <string>Once</string>
+     </PinPolicy>
+     <TouchPolicy>
+       <string>Always</string>
+       <string>Cached</string>
+     </TouchPolicy>
+  </YubikeyPolicy>
+</YubikeyPolicies>
+
+</CertificateRequestPolicy>
+";
+        File.WriteAllText(filename, sampleXML);
+        _listener.ClearEvents();
+
+        CertificateRequestPolicyCacheEntry cacheEntry = new CertificateRequestPolicyCacheEntry(filename);
+
+        //Assert.Empty(cacheEntry.ErrorMessage);
+        //Assert.Equal(2, _listener.Events.Count);
+        Assert.DoesNotContain(92, _listener.Events.Select(e => e.EventId));
+        File.Delete(filename);
+    }
+
+
+    [Fact]
+    public void Broken_XML_Policies()
+    {
+        var filename = Path.GetTempFileName();
+
+        string sampleXML = @"<CertificateRequestPolicy xmlns:xsi=""""http://www.w3.org/2001/XMLSchema-instance""""
+  xmlns:xsd=""""http://www.w3.org/2001/XMLSchema"""">
+</CertificateRequestPolicy>
+";
+        File.WriteAllText(filename, sampleXML);
+        _listener.ClearEvents();
+
+        CertificateRequestPolicyCacheEntry cacheEntry = new CertificateRequestPolicyCacheEntry(filename);
+
+        output.WriteLine(cacheEntry.ErrorMessage);
+        Assert.Contains(94, _listener.Events.Select(e => e.EventId));
+        File.Delete(filename);
+    }
+
 }

TameMyCerts.Tests/YubikeyValidatorTests.cs

@@ -738,7 +738,7 @@ public void Validate_Slot_Allow_if_Wrong_slot_is_denied_10020()
             Assert.False(result.DeniedForIssuance);
             PrintResult(result);
 
-
+            output.WriteLine(policy.SaveToString());
         }
     }
 }

TameMyCerts/EWTLogger.cs

@@ -107,6 +107,14 @@ public void TMC_93_Policy_Unknown_XML_Attribute(string attributeName, string att
                 WriteEvent(93, attributeName, attributeValue, lineNumber, linePosition);
             }
         }
+        [Event(94, Level = EventLevel.Critical, Channel = EventChannel.Admin, Task = Tasks.XMLParser, Keywords = EventKeywords.None)]
+        public void TMC_94_XML_Parsing_error(string filename, string error)
+        {
+            if (IsEnabled())
+            {
+                WriteEvent(94, filename, error);
+            }
+        }
 
         #endregion
 

TameMyCerts/LocalizedStrings.Designer.cs

@@ -459,4 +459,7 @@ with the content:
   <data name="DirVal_TokenGroupNames_Failed" xml:space="preserve">
     <value>Unable to determine the msds-TokenGroupNames attribute for {0}. Note that this attribute is only available on Windows Server 2016 and newer Domain Controllers.</value>
   </data>
+  <data name="event_TMC_94_XML_Parsing_error" xml:space="preserve">
+    <value>Unable to parse '{0}', {1}.</value>
+  </data>
 </root>

TameMyCerts/LocalizedStrings.resx

@@ -84,8 +84,8 @@ public class CertificateRequestPolicy
     [XmlElement(ElementName = "DirectoryServicesMapping")]
     public DirectoryServicesMapping DirectoryServicesMapping { get; set; }
 
-    [XmlArray(ElementName = "YubikeyPolicies")]
-    public List<YubikeyPolicy> YubikeyPolicy { get; set; }
+    [XmlArray(ElementName = "YubiKeyPolicies")]
+    public List<YubikeyPolicy> YubikeyPolicy { get; set; } = new();
 
     [XmlElement(ElementName = "SupplementDnsNames")]
     public bool SupplementDnsNames { get; set; }
@@ -164,7 +164,7 @@ public string SaveToString()
     }
     private static void UnknownElementHandler(object sender, XmlElementEventArgs e)
     {
-        ETWLogger.Log.TMC_92_Policy_Unknown_XML_Element(e.Element.Name, e.LineNumber, e.LinePosition);
+         ETWLogger.Log.TMC_92_Policy_Unknown_XML_Element(e.Element.Name, e.LineNumber, e.LinePosition);
     }
 
     // Event handler for unknown attributes

TameMyCerts/Models/CertificateRequestPolicy.cs

@@ -30,6 +30,7 @@ public CertificateRequestPolicyCacheEntry(string fileName)
             ErrorMessage = ex.InnerException != null
                 ? $"{ex.Message} {ex.InnerException.Message}"
                 : ex.Message;
+            ETWLogger.Log.TMC_94_XML_Parsing_error(fileName, ErrorMessage);
         }
 
         LastUpdate = DateTimeOffset.Now;

TameMyCerts/Models/CertificateRequestPolicyCacheEntry.cs

@@ -259,11 +259,15 @@ if (-not $Uninstall.IsPresent) {
     New-Item -Path $AppInstallDirectory -ItemType Directory -Force -ErrorAction SilentlyContinue | Out-Null
     New-Item -Path "$AppInstallDirectory\\runtimes\win\lib\net8.0" -ItemType Directory -Force -ErrorAction SilentlyContinue | Out-Null
 
-    $FileList | ForEach-Object -Process {
+    # Only copy the files if .\install.ps1 is run from another folder than the AppInstallDirectory
+    if ($BaseDirectory -ne $AppInstallDirectory)
+    {
+        $FileList | ForEach-Object -Process {
 
-        Write-Verbose -Message "Copying $_ to $AppInstallDirectory."
+            Write-Verbose -Message "Copying $_ to $AppInstallDirectory."
 
-        Copy-Item -Path "$BaseDirectory\$_" -Destination "$AppInstallDirectory\$_" -Force
+            Copy-Item -Path "$BaseDirectory\$_" -Destination "$AppInstallDirectory\$_" -Force
+        }
     }
 
     Write-Verbose -Message "Registering $PolicyModuleName policy module COM Object"