// RegistrySecurityTest.cs - NUnit Test Cases for RegistrySecurity
//
// Authors:
//	James Bellinger (jfb@zer7.com)

#if !MOBILE

using System;
using System.IO;
using System.Security.AccessControl;
using System.Security.Principal;
using Microsoft.Win32;
using NUnit.Framework;

namespace MonoTests.System.Security.AccessControl
{
	[TestFixture]
	public class RegistrySecurityTest
	{
		[Test]
		public void ChangeGroupToEveryone ()
		{
			string keyName = @"SOFTWARE\Mono RegistrySecurityTest ChangeGroupToEveryone";

			RegistrySecurity security;
			if (PlatformID.Win32NT != Environment.OSVersion.Platform) {
				Assert.Ignore ();
			}

			try {
				using (RegistryKey key = Registry.CurrentUser.CreateSubKey (keyName)) {
					// Before we begin manipulating this, make sure we're in the right spot.
					Assert.AreEqual (key.Name, @"HKEY_CURRENT_USER\" + keyName);

					// Set the group to Everyone.
					SecurityIdentifier worldSid = new SecurityIdentifier ("WD");

					security = key.GetAccessControl ();
					security.SetGroup (worldSid);
					key.SetAccessControl (security);

					// Make sure it actually became Everyone.
					security = key.GetAccessControl ();
					Assert.AreEqual (worldSid, security.GetGroup (typeof(SecurityIdentifier)));
				}
			} finally {
				Registry.CurrentUser.DeleteSubKey (keyName);
			}
		}

		[Test]
		public void EveryoneCanRead ()
		{
			string keyName = @"Software\Mono RegistrySecurityTest EveryoneCanRead";

			RegistrySecurity security;
			if (PlatformID.Win32NT != Environment.OSVersion.Platform) {
				Assert.Ignore ();
			}

			try {
				using (RegistryKey key = Registry.CurrentUser.CreateSubKey (keyName)) {
					AuthorizationRuleCollection explicitRules, inheritedRules;

					// Before we begin manipulating this, make sure we're in the right spot.
					Assert.AreEqual (key.Name, @"HKEY_CURRENT_USER\" + keyName);

					// Let's add Everyone to the read list.
					SecurityIdentifier worldSid = new SecurityIdentifier ("WD");

					security = key.GetAccessControl ();
					inheritedRules = security.GetAccessRules (false, true, typeof (SecurityIdentifier));
					Assert.AreNotEqual (0, inheritedRules.Count);
					explicitRules = security.GetAccessRules (true, false, typeof (SecurityIdentifier));
					Assert.AreEqual (0, explicitRules.Count);

					security.AddAccessRule (new RegistryAccessRule (worldSid,
					                                                RegistryRights.FullControl,
					                                                AccessControlType.Allow));
					key.SetAccessControl (security);

					// Verify that we have our permission!
					security = key.GetAccessControl ();
					inheritedRules = security.GetAccessRules (false, true, typeof (SecurityIdentifier));
					Assert.AreNotEqual (0, inheritedRules.Count);
					explicitRules = security.GetAccessRules (true, false, typeof (SecurityIdentifier));
					Assert.AreEqual (1, explicitRules.Count);

					RegistryAccessRule rule = (RegistryAccessRule)explicitRules [0];
					Assert.AreEqual (AccessControlType.Allow, rule.AccessControlType);
					Assert.AreEqual (worldSid, rule.IdentityReference);
					Assert.AreEqual (InheritanceFlags.None, rule.InheritanceFlags);
					Assert.AreEqual (PropagationFlags.None, rule.PropagationFlags);
					Assert.AreEqual (RegistryRights.FullControl, rule.RegistryRights);
					Assert.IsFalse (rule.IsInherited);
				}
			} finally {
				Registry.CurrentUser.DeleteSubKey (keyName);
			}
		}
	}
}

#endif