vendor/aws-lc-sys/aws-lc/crypto/console/console_test.cc

// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 OR ISC

#include <gtest/gtest.h>
#include <signal.h>

#include "internal.h"
#include "../test/test_util.h"

#if defined(OPENSSL_WINDOWS)
#include <io.h>
#define dup _dup
#define dup2 _dup2
#define fileno _fileno
#define close _close
#else
#include <unistd.h>
#endif


#if !defined(OPENSSL_ANDROID)
// On Android, when running from an APK, |tmpfile| does not work. See
// b/36991167#comment8.

// Consolidated password testing
class PemPasswdTest : public testing::Test {
 protected:
  void SetUp() override {
#if defined(OPENSSL_WINDOWS)
    _putenv_s("AWSLC_CONSOLE_NO_TTY_DETECT", "1");
#else
    setenv("AWSLC_CONSOLE_NO_TTY_DETECT", "1", 1);
#endif

    // Save original file descriptors
    original_stdin = dup(fileno(stdin));
    original_stderr = dup(fileno(stderr));

    // Create temporary files
    stdin_file = createRawTempFILE();
    stderr_file = createRawTempFILE();
    ASSERT_TRUE(stdin_file != nullptr);
    ASSERT_TRUE(stderr_file != nullptr);

    // Redirect stdin/stderr to our temp files
    ASSERT_NE(-1, dup2(fileno(stdin_file), fileno(stdin)));
    ASSERT_NE(-1, dup2(fileno(stderr_file), fileno(stderr)));

    // Initialize console for each test
    openssl_console_acquire_mutex();
    ASSERT_TRUE(openssl_console_open());
  }

  void TearDown() override {
#if defined(OPENSSL_WINDOWS)
    _putenv_s("AWSLC_CONSOLE_NO_TTY_DETECT", ""); 
#else
    unsetenv("AWSLC_CONSOLE_NO_TTY_DETECT");
#endif

    // Close console for each test
    ASSERT_TRUE(openssl_console_close());
    openssl_console_release_mutex();

    // Restore original streams
    ASSERT_NE(-1, dup2(original_stdin, fileno(stdin)));
    ASSERT_NE(-1, dup2(original_stderr, fileno(stderr)));

    // Close temp files
    if (stdin_file) {
      fclose(stdin_file);
    }
    if (stderr_file) {
      fclose(stderr_file);
    }
  }

  void MockStdinInput(const std::string& input) {
    ASSERT_GT(fwrite(input.c_str(), 1, input.length(), stdin_file), (size_t)0);
    rewind(stdin_file);
  }

  std::string GetStderrOutput() {
    std::string output;
    char buf[1024];
    rewind(stderr_file);
    while (fgets(buf, sizeof(buf), stderr_file) != nullptr) {
      output += buf;
    }

    return output;
  }

  void ResetTempFiles() {
    fclose(stdin_file);
    fclose(stderr_file);

    stdin_file = tmpfile();
    stderr_file = tmpfile();
    ASSERT_TRUE(stdin_file != nullptr);
    ASSERT_TRUE(stderr_file != nullptr);

    // Redirect stdin/stderr to our NEW temp files
    ASSERT_NE(-1, dup2(fileno(stdin_file), fileno(stdin)));
    ASSERT_NE(-1, dup2(fileno(stderr_file), fileno(stderr)));
  }


  FILE* stdin_file = nullptr;
  FILE* stderr_file = nullptr;
  int original_stdin = -1;
  int original_stderr = -1;
  const char* default_prompt = "Enter password:";
};

// Test basic password functionality with various inputs
TEST_F(PemPasswdTest, PasswordInputVariations) {
  struct TestCase {
    std::string description;
    std::string input;
    int min_size;
    int expected_result;
    std::string expected_output;
  };

  std::vector<TestCase> test_cases = {
    // Normal password
    {"Normal password", "test_password\n", 0, 0, "test_password"},
    //
    // // Empty password
    {"Empty password allowed", "\n", 0, 0, ""},
    {"Empty password rejected", "\n", 2, -1, ""},

    // Length requirements
    {"Password too short", "short\n", 10, -1, "short"},
    {"Password meets min length", "longenoughpass\n", 10, 0, "longenoughpass"},

    // Special characters
    {"Special characters", "!@#$%^&*()\n", 0, 0, "!@#$%^&*()"},
    {"Unicode characters", "パスワード\n", 0, 0, "パスワード"}
  };

  for (const auto& tc : test_cases) {
    SCOPED_TRACE(tc.description);

    char buf[1024] = {0};
    MockStdinInput(tc.input);

    ASSERT_TRUE(openssl_console_write(default_prompt));

    ASSERT_EQ(openssl_console_read(buf, tc.min_size, sizeof(buf), 0), tc.expected_result);

    if (tc.expected_result == 0) {
      ASSERT_STREQ(buf, tc.expected_output.c_str());
    }

    // Verify prompt was written
    std::string output = GetStderrOutput();
    ASSERT_TRUE(output.find(default_prompt) != std::string::npos);

    ResetTempFiles();
  }
}

// Test password verification flow (matching and non-matching)
TEST_F(PemPasswdTest, PasswordVerification) {
  struct TestCase {
    std::string description;
    std::string first_password;
    std::string second_password;
    bool should_match;
  };

  std::vector<TestCase> test_cases = {
    {"Matching passwords", "test_password\n", "test_password\n", true},
    {"Non-matching passwords", "password1\n", "password2\n", false}
  };

  for (const auto& tc : test_cases) {
    SCOPED_TRACE(tc.description);

    char buf1[1024] = {0};
    char buf2[1024] = {0};

    // Mock both password inputs
    std::string combined_input = tc.first_password + tc.second_password;
    MockStdinInput(combined_input);

    // First password entry
    ASSERT_TRUE(openssl_console_write(default_prompt));
    ASSERT_EQ(0, openssl_console_read(buf1, 0, sizeof(buf1), 0));

    // Verification prompt
    ASSERT_TRUE(openssl_console_write("Verifying - "));
    ASSERT_TRUE(openssl_console_write(default_prompt));
    ASSERT_EQ(0, openssl_console_read(buf2, 0, sizeof(buf2), 0));

    // Verify match/mismatch as expected
    if (tc.should_match) {
      ASSERT_STREQ(buf1, buf2);
    } else {
      ASSERT_STRNE(buf1, buf2);
    }

    // Verify prompts were written
    std::string output = GetStderrOutput();
    ASSERT_TRUE(output.find(default_prompt) != std::string::npos);
    ASSERT_TRUE(output.find("Verifying - ") != std::string::npos);

    ResetTempFiles();
  }
}

// Test buffer handling (truncation of long passwords)
TEST_F(PemPasswdTest, BufferHandling) {
  // Small buffer to test truncation
  char small_buf[16] = {0};

  // Create a password longer than the buffer
  std::string long_password(32, 'a');
  long_password += "\n";

  MockStdinInput(long_password);
  ASSERT_TRUE(openssl_console_write(default_prompt));
  ASSERT_EQ(0, openssl_console_read(small_buf, 0, sizeof(small_buf),0));

  // Verify the password was truncated to fit the buffer (15 chars + null terminator)
  std::string expected(15, 'a');
  ASSERT_STREQ(small_buf, expected.c_str());
}

// Test echo modes
TEST_F(PemPasswdTest, EchoModes) {
  const char* test_password = "test_password\n";
  char buf_no_echo[1024] = {0};
  char buf_with_echo[1024] = {0};

  // Test with echo disabled
  MockStdinInput(test_password);
  ASSERT_TRUE(openssl_console_write(default_prompt));
  ASSERT_EQ(0, openssl_console_read(buf_no_echo, 0, sizeof(buf_no_echo), 0));

  // Test with echo enabled
  MockStdinInput(test_password);
  ASSERT_TRUE(openssl_console_write(default_prompt));
  ASSERT_EQ(0, openssl_console_read(buf_with_echo, 0, sizeof(buf_with_echo), 1));

  // Both should have the same result
  ASSERT_STREQ(buf_no_echo, "test_password");
  ASSERT_STREQ(buf_with_echo, "test_password");
}
#endif
chore: checkpoint before Python removal 2026-03-26 22:33:59 +00:00			`// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.`
			`// SPDX-License-Identifier: Apache-2.0 OR ISC`

			`#include <gtest/gtest.h>`
			`#include <signal.h>`

			`#include "internal.h"`
			`#include "../test/test_util.h"`

			`#if defined(OPENSSL_WINDOWS)`
			`#include <io.h>`
			`#define dup _dup`
			`#define dup2 _dup2`
			`#define fileno _fileno`
			`#define close _close`
			`#else`
			`#include <unistd.h>`
			`#endif`


			`#if !defined(OPENSSL_ANDROID)`
			`// On Android, when running from an APK, \|tmpfile\| does not work. See`
			`// b/36991167#comment8.`

			`// Consolidated password testing`
			`class PemPasswdTest : public testing::Test {`
			`protected:`
			`void SetUp() override {`
			`#if defined(OPENSSL_WINDOWS)`
			`_putenv_s("AWSLC_CONSOLE_NO_TTY_DETECT", "1");`
			`#else`
			`setenv("AWSLC_CONSOLE_NO_TTY_DETECT", "1", 1);`
			`#endif`

			`// Save original file descriptors`
			`original_stdin = dup(fileno(stdin));`
			`original_stderr = dup(fileno(stderr));`

			`// Create temporary files`
			`stdin_file = createRawTempFILE();`
			`stderr_file = createRawTempFILE();`
			`ASSERT_TRUE(stdin_file != nullptr);`
			`ASSERT_TRUE(stderr_file != nullptr);`

			`// Redirect stdin/stderr to our temp files`
			`ASSERT_NE(-1, dup2(fileno(stdin_file), fileno(stdin)));`
			`ASSERT_NE(-1, dup2(fileno(stderr_file), fileno(stderr)));`

			`// Initialize console for each test`
			`openssl_console_acquire_mutex();`
			`ASSERT_TRUE(openssl_console_open());`
			`}`

			`void TearDown() override {`
			`#if defined(OPENSSL_WINDOWS)`
			`_putenv_s("AWSLC_CONSOLE_NO_TTY_DETECT", "");`
			`#else`
			`unsetenv("AWSLC_CONSOLE_NO_TTY_DETECT");`
			`#endif`

			`// Close console for each test`
			`ASSERT_TRUE(openssl_console_close());`
			`openssl_console_release_mutex();`

			`// Restore original streams`
			`ASSERT_NE(-1, dup2(original_stdin, fileno(stdin)));`
			`ASSERT_NE(-1, dup2(original_stderr, fileno(stderr)));`

			`// Close temp files`
			`if (stdin_file) {`
			`fclose(stdin_file);`
			`}`
			`if (stderr_file) {`
			`fclose(stderr_file);`
			`}`
			`}`

			`void MockStdinInput(const std::string& input) {`
			`ASSERT_GT(fwrite(input.c_str(), 1, input.length(), stdin_file), (size_t)0);`
			`rewind(stdin_file);`
			`}`

			`std::string GetStderrOutput() {`
			`std::string output;`
			`char buf[1024];`
			`rewind(stderr_file);`
			`while (fgets(buf, sizeof(buf), stderr_file) != nullptr) {`
			`output += buf;`
			`}`

			`return output;`
			`}`

			`void ResetTempFiles() {`
			`fclose(stdin_file);`
			`fclose(stderr_file);`

			`stdin_file = tmpfile();`
			`stderr_file = tmpfile();`
			`ASSERT_TRUE(stdin_file != nullptr);`
			`ASSERT_TRUE(stderr_file != nullptr);`

			`// Redirect stdin/stderr to our NEW temp files`
			`ASSERT_NE(-1, dup2(fileno(stdin_file), fileno(stdin)));`
			`ASSERT_NE(-1, dup2(fileno(stderr_file), fileno(stderr)));`
			`}`


			`FILE* stdin_file = nullptr;`
			`FILE* stderr_file = nullptr;`
			`int original_stdin = -1;`
			`int original_stderr = -1;`
			`const char* default_prompt = "Enter password:";`
			`};`

			`// Test basic password functionality with various inputs`
			`TEST_F(PemPasswdTest, PasswordInputVariations) {`
			`struct TestCase {`
			`std::string description;`
			`std::string input;`
			`int min_size;`
			`int expected_result;`
			`std::string expected_output;`
			`};`

			`std::vector<TestCase> test_cases = {`
			`// Normal password`
			`{"Normal password", "test_password\n", 0, 0, "test_password"},`
			`//`
			`// // Empty password`
			`{"Empty password allowed", "\n", 0, 0, ""},`
			`{"Empty password rejected", "\n", 2, -1, ""},`

			`// Length requirements`
			`{"Password too short", "short\n", 10, -1, "short"},`
			`{"Password meets min length", "longenoughpass\n", 10, 0, "longenoughpass"},`

			`// Special characters`
			`{"Special characters", "!@#$%^&()\n", 0, 0, "!@#$%^&()"},`
			`{"Unicode characters", "パスワード\n", 0, 0, "パスワード"}`
			`};`

			`for (const auto& tc : test_cases) {`
			`SCOPED_TRACE(tc.description);`

			`char buf[1024] = {0};`
			`MockStdinInput(tc.input);`

			`ASSERT_TRUE(openssl_console_write(default_prompt));`

			`ASSERT_EQ(openssl_console_read(buf, tc.min_size, sizeof(buf), 0), tc.expected_result);`

			`if (tc.expected_result == 0) {`
			`ASSERT_STREQ(buf, tc.expected_output.c_str());`
			`}`

			`// Verify prompt was written`
			`std::string output = GetStderrOutput();`
			`ASSERT_TRUE(output.find(default_prompt) != std::string::npos);`

			`ResetTempFiles();`
			`}`
			`}`

			`// Test password verification flow (matching and non-matching)`
			`TEST_F(PemPasswdTest, PasswordVerification) {`
			`struct TestCase {`
			`std::string description;`
			`std::string first_password;`
			`std::string second_password;`
			`bool should_match;`
			`};`

			`std::vector<TestCase> test_cases = {`
			`{"Matching passwords", "test_password\n", "test_password\n", true},`
			`{"Non-matching passwords", "password1\n", "password2\n", false}`
			`};`

			`for (const auto& tc : test_cases) {`
			`SCOPED_TRACE(tc.description);`

			`char buf1[1024] = {0};`
			`char buf2[1024] = {0};`

			`// Mock both password inputs`
			`std::string combined_input = tc.first_password + tc.second_password;`
			`MockStdinInput(combined_input);`

			`// First password entry`
			`ASSERT_TRUE(openssl_console_write(default_prompt));`
			`ASSERT_EQ(0, openssl_console_read(buf1, 0, sizeof(buf1), 0));`

			`// Verification prompt`
			`ASSERT_TRUE(openssl_console_write("Verifying - "));`
			`ASSERT_TRUE(openssl_console_write(default_prompt));`
			`ASSERT_EQ(0, openssl_console_read(buf2, 0, sizeof(buf2), 0));`

			`// Verify match/mismatch as expected`
			`if (tc.should_match) {`
			`ASSERT_STREQ(buf1, buf2);`
			`} else {`
			`ASSERT_STRNE(buf1, buf2);`
			`}`

			`// Verify prompts were written`
			`std::string output = GetStderrOutput();`
			`ASSERT_TRUE(output.find(default_prompt) != std::string::npos);`
			`ASSERT_TRUE(output.find("Verifying - ") != std::string::npos);`

			`ResetTempFiles();`
			`}`
			`}`

			`// Test buffer handling (truncation of long passwords)`
			`TEST_F(PemPasswdTest, BufferHandling) {`
			`// Small buffer to test truncation`
			`char small_buf[16] = {0};`

			`// Create a password longer than the buffer`
			`std::string long_password(32, 'a');`
			`long_password += "\n";`

			`MockStdinInput(long_password);`
			`ASSERT_TRUE(openssl_console_write(default_prompt));`
			`ASSERT_EQ(0, openssl_console_read(small_buf, 0, sizeof(small_buf),0));`

			`// Verify the password was truncated to fit the buffer (15 chars + null terminator)`
			`std::string expected(15, 'a');`
			`ASSERT_STREQ(small_buf, expected.c_str());`
			`}`

			`// Test echo modes`
			`TEST_F(PemPasswdTest, EchoModes) {`
			`const char* test_password = "test_password\n";`
			`char buf_no_echo[1024] = {0};`
			`char buf_with_echo[1024] = {0};`

			`// Test with echo disabled`
			`MockStdinInput(test_password);`
			`ASSERT_TRUE(openssl_console_write(default_prompt));`
			`ASSERT_EQ(0, openssl_console_read(buf_no_echo, 0, sizeof(buf_no_echo), 0));`

			`// Test with echo enabled`
			`MockStdinInput(test_password);`
			`ASSERT_TRUE(openssl_console_write(default_prompt));`
			`ASSERT_EQ(0, openssl_console_read(buf_with_echo, 0, sizeof(buf_with_echo), 1));`

			`// Both should have the same result`
			`ASSERT_STREQ(buf_no_echo, "test_password");`
			`ASSERT_STREQ(buf_with_echo, "test_password");`
			`}`
			`#endif`