[ FAB-5555 ] Improve password-masking test

The mask password test will pass even when the result is inconclusive, should the log file be missing or empty. The test will be updated with the following improvements: -fail if expected passwd value is the null string -fail if expected passwd value contains any character other than '*' -log both to STDOUT (visible in jenkins CI) and to logfile -follow the scheme that creates disjoint test directories for each fvt test -test both the bootstrap init, as well as a registry defined in a pre-exsiting config file Change-Id: I2f67746df8a28425612f81fd1e1e35e91b27a7d9 Signed-off-by: rennman <[email protected]>
hyperledger · Aug 25, 2017 · 85cd788 · 85cd788
1 parent 3c819af
commit 85cd788
Showing 1 changed file with 49 additions and 7 deletions.
diff --git a/scripts/fvt/passwordsInLog_test.sh b/scripts/fvt/passwordsInLog_test.sh
@@ -1,18 +1,60 @@
-#!/bin/bash
+#!/bin/bash 
 #
 # Copyright IBM Corp. All Rights Reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
 
+function checkPasswd() {
+   local pswd="$1"
+   set -f
+   # Extract password value(s) from logfile
+   passwd=$(egrep -o "Pass:[^[:space:]]+" $LOGFILE| awk -F':' '{print $2}')
+
+   # Fail if password is empty
+   if [[ -z "$passwd" ]] ; then
+      ErrorMsg "Unable to extract password value(s)"
+   fi
+
+   # Fail if password matches anything other than '*'
+   for p in $passwd; do 
+      if ! [[ "$p" =~ \*+ ]]; then
+         ErrorMsg "Passwords were not masked in the log"
+      fi
+   done
+
+   # ensure any string passed in doesn't appear anywhere in logfile
+   if [[ -n "$pswd" ]]; then
+      grep "$pswd" "$LOGFILE" && ErrorMsg "$pswd was not masked in the log"
+   fi
+   set +f
+}
+
 RC=0
+TESTCASE="passwordsInLog"
+TESTDIR="/tmp/$TESTCASE"
+mkdir -p $TESTDIR
+
 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
 SCRIPTDIR="$FABRIC_CA/scripts/fvt"
 . $SCRIPTDIR/fabric-ca_utils
-fabric-ca-server init -b administrator:administratorpw -d &> /tmp/log.txt
-grep "administratorpw" /tmp/log.txt &> /dev/null
-if [ $? == 0 ]; then
-   ErrorMsg "Passwords were not masked in the log"
-fi
+
+export CA_CFG_PATH="$TESTDIR"
+export FABRIC_CA_SERVER_HOME="$TESTDIR"
+LOGFILE=$FABRIC_CA_SERVER_HOME/log.txt
+
+USER=administrator
+PSWD=thisIs_aLongUniquePasswordWith_aMinisculePossibilityOfBeingDuplicated
+
+# Test using bootstrap ID
+fabric-ca-server init -b $USER:$PSWD -d 2>&1 | tee $LOGFILE
+test ${PIPESTATUS[0]} -eq 0 && checkPasswd "$PSWD" || ErrorMsg "Init of CA failed"
+
+# Test using multiple IDs from pre-supplied config file
+$SCRIPTDIR/fabric-ca_setup.sh -R
+mkdir -p $TESTDIR
+$SCRIPTDIR/fabric-ca_setup.sh -I -X -n1 -D 2>&1 | tee $LOGFILE 
+test ${PIPESTATUS[0]} -eq 0 && checkPasswd "$PSWD" || ErrorMsg "Init of CA failed"
+
 CleanUp $RC
-exit $RC
+exit $RC