2021-04-26 20:07:00 +02:00
|
|
|
#coding:utf-8
|
2022-01-25 22:55:48 +01:00
|
|
|
|
|
|
|
"""
|
|
|
|
ID: issue-5364
|
|
|
|
ISSUE: 5364
|
|
|
|
TITLE: ISQL does not show encryption status of database
|
|
|
|
DESCRIPTION:
|
2022-06-06 19:41:32 +02:00
|
|
|
Test uses Firebird built-in encryption plugin wich actually does encryption using trivial algorithm.
|
|
|
|
Before running this test following prerequisites must be met:
|
|
|
|
1. Files fbSampleDbCrypt.conf and libfbSampleDbCrypt.so/fbSampleDbCrypt.dll must present in the $FB_HOME/plugins folder;
|
|
|
|
2. File fbSampleDbCrypt.conf must contain line: Auto = yes
|
|
|
|
3. File $QA_HOME/pytest.ini must contain line with 'encryption' marker declaration.
|
|
|
|
### ACHTUNG ###
|
|
|
|
Unfortunately, there is no files fbSampleDbCrypt.* in FB 3.x snapshots (at least for June-2022).
|
|
|
|
One need to take both thiese files from any FB 4.x snapshot (they have backward compatibility).
|
|
|
|
On FB 4.x these files can be found here: $FB_HOME/examples/prebuilt/plugins/
|
|
|
|
###############
|
2022-01-25 22:55:48 +01:00
|
|
|
|
2022-06-06 19:41:32 +02:00
|
|
|
We open connection to DB and run 'ALTER DATABASE ENCRYPT.../DECRYPT'.
|
|
|
|
One need to keep connection opened for several seconds in order to give encryption thread be fully completed.
|
|
|
|
Duration of this delay depends on concurrent workload, usually it is almost zero.
|
|
|
|
But in this test it can be tuned - see variable 'MAX_ENCRYPT_DECRYPT_MS'.
|
|
|
|
Immediately after launch encryption/decryption, we run isql and ask it to give result of 'SHOW DATABASE' command.
|
|
|
|
If this output contains text 'Database [not] encrypted' and *not* contains phrase 'not complete' then we can assume
|
|
|
|
that encryption/decryption thread completed. Otherwise we loop until such conditions will raise or timeout expired.
|
2022-01-25 22:55:48 +01:00
|
|
|
|
|
|
|
JIRA: CORE-5077
|
2022-02-02 15:46:19 +01:00
|
|
|
FBTEST: bugs.core_5077
|
2022-06-06 19:41:32 +02:00
|
|
|
NOTES:
|
|
|
|
[06.06.2022] pzotov
|
|
|
|
Checked on 4.0.1.2692, 3.0.8.33535 - both on Linux and Windows.
|
2022-01-25 22:55:48 +01:00
|
|
|
"""
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-06-06 19:41:32 +02:00
|
|
|
import time
|
|
|
|
import datetime as py_dt
|
|
|
|
from datetime import timedelta
|
|
|
|
|
2021-04-26 20:07:00 +02:00
|
|
|
import pytest
|
2022-01-25 22:55:48 +01:00
|
|
|
from firebird.qa import *
|
2022-06-06 19:41:32 +02:00
|
|
|
from firebird.driver import DatabaseError
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-06-06 19:41:32 +02:00
|
|
|
MAX_ENCRYPT_DECRYPT_MS = 5000
|
2022-01-25 22:55:48 +01:00
|
|
|
db = db_factory()
|
|
|
|
act = python_act('db')
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-01-25 22:55:48 +01:00
|
|
|
@pytest.mark.version('>=3.0')
|
2022-06-06 19:41:32 +02:00
|
|
|
@pytest.mark.encryption
|
|
|
|
def test_1(act: Action, capsys):
|
|
|
|
for m in ('encryption', 'decryption'):
|
|
|
|
expected_stdout_console = f"""
|
|
|
|
Expected: {m} status presents in the 'SHOW DATABASE' output.
|
|
|
|
"""
|
|
|
|
|
|
|
|
with act.db.connect() as con:
|
|
|
|
t1=py_dt.datetime.now()
|
|
|
|
d1 = t1-t1
|
|
|
|
sttm = 'alter database ' + ('encrypt with "fbSampleDbCrypt" key "Red"' if m == 'encryption' else 'decrypt')
|
|
|
|
try:
|
|
|
|
con.execute_immediate(sttm)
|
|
|
|
con.commit()
|
|
|
|
except DatabaseError as e:
|
|
|
|
print( e.__str__() )
|
|
|
|
|
|
|
|
act.expected_stdout = ''
|
|
|
|
act.stdout = capsys.readouterr().out
|
|
|
|
assert act.clean_stdout == act.clean_expected_stdout
|
|
|
|
act.reset()
|
|
|
|
|
|
|
|
|
|
|
|
while True:
|
|
|
|
t2=py_dt.datetime.now()
|
|
|
|
d1=t2-t1
|
|
|
|
if d1.seconds*1000 + d1.microseconds//1000 > MAX_ENCRYPT_DECRYPT_MS:
|
|
|
|
break
|
|
|
|
|
|
|
|
# Possible output:
|
|
|
|
# Database not encrypted
|
|
|
|
# Database encrypted, crypt thread not complete
|
|
|
|
act.isql(switches=['-q'], input = 'show database;', combine_output = True)
|
|
|
|
if m == 'encryption' and 'Database encrypted' in act.stdout or m == 'decryption' and 'Database not encrypted' in act.stdout:
|
|
|
|
if 'not complete' in act.stdout:
|
|
|
|
pass
|
|
|
|
else:
|
|
|
|
break
|
|
|
|
act.reset()
|
|
|
|
|
|
|
|
if d1.seconds*1000 + d1.microseconds//1000 <= MAX_ENCRYPT_DECRYPT_MS:
|
|
|
|
print(expected_stdout_console)
|
|
|
|
else:
|
|
|
|
print(f'BREAK ON TIMEOUT EXPIRATION: {m.upper()} took {d1.seconds*1000 + d1.microseconds//1000} ms which exceeds limit = {MAX_ENCRYPT_DECRYPT_MS} ms.')
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-06-06 19:41:32 +02:00
|
|
|
act.expected_stdout = expected_stdout_console
|
|
|
|
act.stdout = capsys.readouterr().out
|
|
|
|
assert act.clean_stdout == act.clean_expected_stdout
|
|
|
|
act.reset()
|