[refactor] hyperledger-iroha#3240: Guard against secrets leakage

Signed-off-by: Dmitry Murzin <[email protected]>
dima74 · Apr 18, 2024 · 082fb49 · 082fb49
1 parent 108173e
commit 082fb49
Show file tree

Hide file tree

Showing 7 changed files with 231 additions and 56 deletions.
diff --git a/cli/src/lib.rs b/cli/src/lib.rs
@@ -649,6 +649,20 @@ mod tests {
             base
         }
 
+        fn config_to_toml_value(config: PartialUserConfig) -> Result<toml::Value> {
+            use iroha_crypto::ExposedPrivateKey;
+            let private_key = config.private_key.as_ref().unwrap().clone();
+            let genesis_private_key = config.genesis.private_key.as_ref().unwrap().clone();
+            let mut result = toml::Value::try_from(config)?;
+
+            // private key will be serialized as "[REDACTED PrivateKey]" so need to restore it
+            result["private_key"] = toml::Value::try_from(ExposedPrivateKey(private_key))?;
+            result["genesis"]["private_key"] =
+                toml::Value::try_from(ExposedPrivateKey(genesis_private_key))?;
+
+            Ok(result)
+        }
+
         #[test]
         fn relative_file_paths_resolution() -> Result<()> {
             // Given
@@ -663,7 +677,7 @@ mod tests {
                 cfg.kura.store_dir.set("../storage".into());
                 cfg.snapshot.store_dir.set("../snapshots".into());
                 cfg.dev_telemetry.out_file.set("../logs/telemetry".into());
-                toml::Value::try_from(cfg)?
+                config_to_toml_value(cfg)?
             };
 
             let dir = tempfile::tempdir()?;
@@ -722,7 +736,7 @@ mod tests {
             let config = {
                 let mut cfg = config_factory();
                 cfg.genesis.file.set("./genesis.json".into());
-                toml::Value::try_from(cfg)?
+                config_to_toml_value(cfg)?
             };
 
             let dir = tempfile::tempdir()?;

diff --git a/config/tests/fixtures.rs b/config/tests/fixtures.rs
@@ -63,9 +63,7 @@ fn minimal_config_snapshot() -> Result<()> {
                             "ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB",
                         ),
                     ),
-                    private_key: ed25519(
-                        "8F4C15E5D664DA3F13778801D23D4E89B76E94C1B94B389544168B6CB894F84F8BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB",
-                    ),
+                    private_key: "[REDACTED PrivateKey]",
                 },
                 p2p_address: 127.0.0.1:1337,
             },
@@ -309,9 +307,7 @@ fn full_envs_set_is_consumed() -> Result<()> {
                 ),
             ),
             private_key: Some(
-                ed25519(
-                    "8F4C15E5D664DA3F13778801D23D4E89B76E94C1B94B389544168B6CB894F84F8BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB",
-                ),
+                "[REDACTED PrivateKey]",
             ),
             genesis: GenesisPartial {
                 public_key: Some(
@@ -322,9 +318,7 @@ fn full_envs_set_is_consumed() -> Result<()> {
                     ),
                 ),
                 private_key: Some(
-                    ed25519(
-                        "8F4C15E5D664DA3F13778801D23D4E89B76E94C1B94B389544168B6CB894F84F8BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB",
-                    ),
+                    "[REDACTED PrivateKey]",
                 ),
                 file: None,
             },