Skip to content

Commit

Permalink
fix: file keyring fails to add/import/export keys when input is not s…
Browse files Browse the repository at this point in the history
…tdin (fix #9566) (backport #9821) (#9880)

* fix: file keyring fails to add/import/export keys when input is not stdin (fix #9566) (#9821)

## Description

Add a test case to reproduce the issue described in #9566. The test currently fails, and I've pointed some possible solutions over cosmos/cosmos-sdk#9566 (comment). But I feel this needs more works in order to provide a more robust solution. I'll keep poking at better options, but taking any pointers if anyone has ideas.

(cherry picked from commit f479b51)

# Conflicts:
#	client/keys/add.go
#	client/keys/add_test.go
#	client/keys/export_test.go

* fix: merge conflict backporting pr-9821 (#9888)

Co-authored-by: daeMOn <[email protected]>
  • Loading branch information
mergify[bot] and daeMOn63 committed Nov 2, 2021
1 parent 3e017e7 commit 38c1e21
Show file tree
Hide file tree
Showing 4 changed files with 185 additions and 85 deletions.
6 changes: 5 additions & 1 deletion client/context.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package client

import (
"bufio"
"encoding/json"
"io"
"os"
Expand Down Expand Up @@ -60,7 +61,10 @@ func (ctx Context) WithKeyring(k keyring.Keyring) Context {

// WithInput returns a copy of the context with an updated input.
func (ctx Context) WithInput(r io.Reader) Context {
ctx.Input = r
// convert to a bufio.Reader to have a shared buffer between the keyring and the
// the Commands, ensuring a read from one advance the read pointer for the other.
// see https://github.com/cosmos/cosmos-sdk/issues/9566.
ctx.Input = bufio.NewReader(r)
return ctx
}

Expand Down
3 changes: 1 addition & 2 deletions client/keys/add_test.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package keys

import (
"bufio"
"context"
"fmt"
"testing"
Expand Down Expand Up @@ -124,7 +123,7 @@ func TestAddRecoverFileBackend(t *testing.T) {
mockIn := testutil.ApplyMockIODiscardOutErr(cmd)
kbHome := t.TempDir()

clientCtx := client.Context{}.WithKeyringDir(kbHome).WithInput(bufio.NewReader(mockIn))
clientCtx := client.Context{}.WithKeyringDir(kbHome).WithInput(mockIn)
ctx := context.WithValue(context.Background(), client.ClientContextKey, &clientCtx)

cmd.SetArgs([]string{
Expand Down
143 changes: 90 additions & 53 deletions client/keys/export_test.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package keys

import (
"bytes"
"bufio"
"context"
"fmt"
"testing"
Expand All @@ -18,58 +18,95 @@ import (
)

func Test_runExportCmd(t *testing.T) {
cmd := ExportKeyCommand()
cmd.Flags().AddFlagSet(Commands("home").PersistentFlags())
mockIn := testutil.ApplyMockIODiscardOutErr(cmd)

// Now add a temporary keybase
kbHome := t.TempDir()

// create a key
kb, err := keyring.New(sdk.KeyringServiceName(), keyring.BackendTest, kbHome, nil)
require.NoError(t, err)
t.Cleanup(func() {
kb.Delete("keyname1") // nolint:errcheck
})

path := sdk.GetConfig().GetFullFundraiserPath()
_, err = kb.NewAccount("keyname1", testutil.TestMnemonic, "", path, hd.Secp256k1)
require.NoError(t, err)

// Now enter password
args := []string{
"keyname1",
fmt.Sprintf("--%s=%s", flags.FlagHome, kbHome),
fmt.Sprintf("--%s=%s", flags.FlagKeyringBackend, keyring.BackendTest),
testCases := []struct {
name string
keyringBackend string
extraArgs []string
userInput string
mustFail bool
expectedOutput string
}{
{
name: "--unsafe only must fail",
keyringBackend: keyring.BackendTest,
extraArgs: []string{"--unsafe"},
mustFail: true,
},
{
name: "--unarmored-hex must fail",
keyringBackend: keyring.BackendTest,
extraArgs: []string{"--unarmored-hex"},
mustFail: true,
},
{
name: "--unsafe --unarmored-hex fail with no user confirmation",
keyringBackend: keyring.BackendTest,
extraArgs: []string{"--unsafe", "--unarmored-hex"},
userInput: "",
mustFail: true,
expectedOutput: "",
},
{
name: "--unsafe --unarmored-hex succeed",
keyringBackend: keyring.BackendTest,
extraArgs: []string{"--unsafe", "--unarmored-hex"},
userInput: "y\n",
mustFail: false,
expectedOutput: "2485e33678db4175dc0ecef2d6e1fc493d4a0d7f7ce83324b6ed70afe77f3485\n",
},
{
name: "file keyring backend properly read password and user confirmation",
keyringBackend: keyring.BackendFile,
extraArgs: []string{"--unsafe", "--unarmored-hex"},
// first 2 pass for creating the key, then unsafe export confirmation, then unlock keyring pass
userInput: "12345678\n12345678\ny\n12345678\n",
mustFail: false,
expectedOutput: "2485e33678db4175dc0ecef2d6e1fc493d4a0d7f7ce83324b6ed70afe77f3485\n",
},
}

mockIn.Reset("123456789\n123456789\n")
cmd.SetArgs(args)

clientCtx := client.Context{}.
WithKeyringDir(kbHome).
WithKeyring(kb).
WithInput(mockIn)
ctx := context.WithValue(context.Background(), client.ClientContextKey, &clientCtx)

require.NoError(t, cmd.ExecuteContext(ctx))

argsUnsafeOnly := append(args, "--unsafe")
cmd.SetArgs(argsUnsafeOnly)
require.Error(t, cmd.ExecuteContext(ctx))

argsUnarmoredHexOnly := append(args, "--unarmored-hex")
cmd.SetArgs(argsUnarmoredHexOnly)
require.Error(t, cmd.ExecuteContext(ctx))

argsUnsafeUnarmoredHex := append(args, "--unsafe", "--unarmored-hex")
cmd.SetArgs(argsUnsafeUnarmoredHex)
require.Error(t, cmd.ExecuteContext(ctx))

mockOut := bytes.NewBufferString("")
cmd.SetOut(mockOut)
cmd.SetErr(mockOut)
mockIn.Reset("y\n")
require.NoError(t, cmd.ExecuteContext(ctx))
require.Equal(t, "2485e33678db4175dc0ecef2d6e1fc493d4a0d7f7ce83324b6ed70afe77f3485\n", mockOut.String())
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
kbHome := t.TempDir()
defaultArgs := []string{
"keyname1",
fmt.Sprintf("--%s=%s", flags.FlagHome, kbHome),
fmt.Sprintf("--%s=%s", flags.FlagKeyringBackend, tc.keyringBackend),
}

cmd := ExportKeyCommand()
cmd.Flags().AddFlagSet(Commands("home").PersistentFlags())

cmd.SetArgs(append(defaultArgs, tc.extraArgs...))
mockIn, mockOut := testutil.ApplyMockIO(cmd)

mockIn.Reset(tc.userInput)
mockInBuf := bufio.NewReader(mockIn)

// create a key
kb, err := keyring.New(sdk.KeyringServiceName(), tc.keyringBackend, kbHome, bufio.NewReader(mockInBuf))
require.NoError(t, err)
t.Cleanup(func() {
kb.Delete("keyname1") // nolint:errcheck
})

path := sdk.GetConfig().GetFullFundraiserPath()
_, err = kb.NewAccount("keyname1", testutil.TestMnemonic, "", path, hd.Secp256k1)
require.NoError(t, err)

clientCtx := client.Context{}.
WithKeyringDir(kbHome).
WithKeyring(kb).
WithInput(mockInBuf)
ctx := context.WithValue(context.Background(), client.ClientContextKey, &clientCtx)

err = cmd.ExecuteContext(ctx)
if tc.mustFail {
require.Error(t, err)
} else {
require.NoError(t, err)
require.Equal(t, tc.expectedOutput, mockOut.String())
}
})
}
}
118 changes: 89 additions & 29 deletions client/keys/import_test.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
package keys

import (
"bufio"
"context"
"fmt"
"io/ioutil"
"os"
"path/filepath"
"testing"

Expand All @@ -18,26 +18,50 @@ import (
)

func Test_runImportCmd(t *testing.T) {
cmd := ImportKeyCommand()
cmd.Flags().AddFlagSet(Commands("home").PersistentFlags())
mockIn := testutil.ApplyMockIODiscardOutErr(cmd)

// Now add a temporary keybase
kbHome := t.TempDir()
kb, err := keyring.New(sdk.KeyringServiceName(), keyring.BackendTest, kbHome, nil)

clientCtx := client.Context{}.
WithKeyringDir(kbHome).
WithKeyring(kb).
WithInput(bufio.NewReader(mockIn))
ctx := context.WithValue(context.Background(), client.ClientContextKey, &clientCtx)

require.NoError(t, err)
t.Cleanup(func() {
kb.Delete("keyname1") // nolint:errcheck
})

keyfile := filepath.Join(kbHome, "key.asc")
testCases := []struct {
name string
keyringBackend string
userInput string
expectError bool
}{
{
name: "test backend success",
keyringBackend: keyring.BackendTest,
// key armor passphrase
userInput: "123456789\n",
},
{
name: "test backend fail with wrong armor pass",
keyringBackend: keyring.BackendTest,
userInput: "987654321\n",
expectError: true,
},
{
name: "file backend success",
keyringBackend: keyring.BackendFile,
// key armor passphrase + keyring password x2
userInput: "123456789\n12345678\n12345678\n",
},
{
name: "file backend fail with wrong armor pass",
keyringBackend: keyring.BackendFile,
userInput: "987654321\n12345678\n12345678\n",
expectError: true,
},
{
name: "file backend fail with wrong keyring pass",
keyringBackend: keyring.BackendFile,
userInput: "123465789\n12345678\n87654321\n",
expectError: true,
},
{
name: "file backend fail with no keyring pass",
keyringBackend: keyring.BackendFile,
userInput: "123465789\n",
expectError: true,
},
}

armoredKey := `-----BEGIN TENDERMINT PRIVATE KEY-----
salt: A790BB721D1C094260EA84F5E5B72289
kdf: bcrypt
Expand All @@ -47,12 +71,48 @@ HbP+c6JmeJy9JXe2rbbF1QtCX1gLqGcDQPBXiCtFvP7/8wTZtVOPj8vREzhZ9ElO
=f3l4
-----END TENDERMINT PRIVATE KEY-----
`
require.NoError(t, ioutil.WriteFile(keyfile, []byte(armoredKey), 0644))

mockIn.Reset("123456789\n")
cmd.SetArgs([]string{
"keyname1", keyfile,
fmt.Sprintf("--%s=%s", flags.FlagKeyringBackend, keyring.BackendTest),
})
require.NoError(t, cmd.ExecuteContext(ctx))

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
cmd := ImportKeyCommand()
cmd.Flags().AddFlagSet(Commands("home").PersistentFlags())
mockIn := testutil.ApplyMockIODiscardOutErr(cmd)

// Now add a temporary keybase
kbHome := t.TempDir()
kb, err := keyring.New(sdk.KeyringServiceName(), tc.keyringBackend, kbHome, nil)

clientCtx := client.Context{}.
WithKeyringDir(kbHome).
WithKeyring(kb).
WithInput(mockIn)
ctx := context.WithValue(context.Background(), client.ClientContextKey, &clientCtx)

require.NoError(t, err)
t.Cleanup(func() {
kb.Delete("keyname1") // nolint:errcheck
})

keyfile := filepath.Join(kbHome, "key.asc")

require.NoError(t, ioutil.WriteFile(keyfile, []byte(armoredKey), 0644))

defer func() {
_ = os.RemoveAll(kbHome)
}()

mockIn.Reset(tc.userInput)
cmd.SetArgs([]string{
"keyname1", keyfile,
fmt.Sprintf("--%s=%s", flags.FlagKeyringBackend, tc.keyringBackend),
})

err = cmd.ExecuteContext(ctx)
if tc.expectError {
require.Error(t, err)
} else {
require.NoError(t, err)
}
})
}
}

0 comments on commit 38c1e21

Please sign in to comment.