Unifies dummy password

Makefile

@@ -12,6 +12,8 @@ define cucumber_image_build
 	docker build --tag vcert.auto aruba/
 endef
 
+export DUMMY_PASS=CyberArkT3stP4ZZC0de%jQX^J=4H
+
 define cucumber_tests_run
     if [ -n "$(FEATURE)" ] && [ -n "$(PLATFORM)" ]; then \
 		echo "running cucumber tests for both feature $(FEATURE) and platform $(PLATFORM)"; \

aruba/features/credmgmt/credmgmt.feature

@@ -35,7 +35,7 @@ Feature: Managing credentials tokens from TPP
 
   Scenario: request with PKCS12 if possible with no password
     When I interactively get credentials from TPP with PKSC12 and no password
-    And I type "newPassw0rd!"
+    And I type dummy password
     And I remember the output
       And it should output access token
       And it should output refresh token

aruba/features/enroll/basic.enroll.feature

@@ -23,7 +23,7 @@ Feature: Enroll certificate
   @FAKE
   Scenario: Passphrases don't match
     When I run `vcert enroll -test-mode -test-mode-delay 0 -cn vfidev.example.com` interactively
-      And I type "newPassw0rd!"
+      And I type dummy password
       And I type "different password"
     Then it should fail with "Passphrases don't match"
 

aruba/features/enroll/enroll-deprecated-options.feature

@@ -13,7 +13,7 @@ Feature: Tests with deprecated TPP options
 # if ERRORLEVEL 1 goto :DONE
 # timeout /t 10
   Scenario: ~ Service Generated CSR with RSA key ~
-    When I enroll a certificate in TPPdeprecated with -csr service -key-type rsa -key-size 4096 -cn service-gen-rsa.vcert.example -format json -key-password newPassw0rd!
+    When I enroll a certificate with dummy password in TPPdeprecated with -csr service -key-type rsa -key-size 4096 -cn service-gen-rsa.vcert.example -format json
     Then it should retrieve certificate
     Then I get JSON response
     And that certificate should contain "Public-Key: (4096 bit)"
@@ -31,7 +31,7 @@ Feature: Tests with deprecated TPP options
   Scenario: ~ Service Generated CSR pickup later ID as param ~
     When I enroll certificate using TPPdeprecated with -csr service -cn service-gen-pickup-id-as-param.vcert.example -no-pickup
     Then it should post certificate request
-    And I retrieve the certificate from TPPdeprecated using the same Pickup ID with -key-password newPassw0rd! -timeout 59
+    And I retrieve the certificate from TPPdeprecated using the same Pickup ID and using a dummy password with -timeout 59
     Then it should retrieve certificate
     Then it should output encrypted private key
 
@@ -46,7 +46,7 @@ Feature: Tests with deprecated TPP options
   Scenario: ~ Service Generated CSR pickup later ID in file~
     When I enroll certificate using TPPdeprecated with -csr service -cn service-gen-pickup-id-in-file.vcert.example -no-pickup -pickup-id-file pickup_id.txt
     Then it should post certificate request
-    And I retrieve the certificate from TPPdeprecated with -pickup-id-file pickup_id.txt -key-password newPassw0rd! -timeout 59
+    And I retrieve the certificate using a dummy password from TPPdeprecated with -pickup-id-file pickup_id.txt -timeout 59
     Then it should retrieve certificate
     Then it should output encrypted private key
 

aruba/features/enroll/enroll-with-csr-PS-tests.feature

@@ -13,7 +13,7 @@ Feature: few more tests from Ryan
 # if ERRORLEVEL 1 goto :DONE
 # timeout /t 10
   Scenario: ~ Service Generated CSR with RSA key ~
-    When I enroll a certificate in TPP with -csr service -key-type rsa -key-size 4096 -cn service-gen-rsa.vcert.example -format json -key-password newPassw0rd!
+    When I enroll a certificate with dummy password in TPP with -csr service -key-type rsa -key-size 4096 -cn service-gen-rsa.vcert.example -format json
     Then it should retrieve certificate
     Then I get JSON response
     And that certificate should contain "Public-Key: (4096 bit)"
@@ -24,7 +24,7 @@ Feature: few more tests from Ryan
 # if ERRORLEVEL 1 goto :DONE
 # timeout /t 10
   Scenario: ~ Service Generated CSR with ECC key ~
-    When I enroll random certificate using TPPecdsa with -csr service -key-type ecdsa -key-curve p521 -format json -key-password newPassw0rd!
+    When I enroll random certificate with dummy password using TPPecdsa with -csr service -key-type ecdsa -key-curve p521 -format json
     Then it should post certificate request
     And it should retrieve certificate
     And the JSON response at "PrivateKey" should include "-----BEGIN EC PRIVATE KEY-----"
@@ -42,7 +42,7 @@ Feature: few more tests from Ryan
   Scenario: ~ Service Generated CSR pickup later ID as param ~
     When I enroll certificate using TPP with -csr service -cn service-gen-pickup-id-as-param.vcert.example -no-pickup
     Then it should post certificate request
-    And I retrieve the certificate from TPP using the same Pickup ID with -key-password newPassw0rd! -timeout 59
+    And I retrieve the certificate from TPP using the same Pickup ID and using a dummy password with -timeout 59
     Then it should retrieve certificate
     Then it should output encrypted private key
 
@@ -57,7 +57,7 @@ Feature: few more tests from Ryan
   Scenario: ~ Service Generated CSR pickup later ID in file~
     When I enroll certificate using TPP with -csr service -cn service-gen-pickup-id-in-file.vcert.example -no-pickup -pickup-id-file pickup_id.txt
     Then it should post certificate request
-    And I retrieve the certificate from TPP with -pickup-id-file pickup_id.txt -key-password newPassw0rd! -timeout 59
+    And I retrieve the certificate using a dummy password from TPP with -pickup-id-file pickup_id.txt -timeout 59
     Then it should retrieve certificate
     Then it should output encrypted private key
 
@@ -96,7 +96,7 @@ Feature: few more tests from Ryan
 #  if ERRORLEVEL 1 goto :DONE
 #  timeout /t 10
   Scenario: ~ Service Generated CSR with SANS and should be no log output ~
-    When I enroll random certificate using TPP with -csr service -san-dns one.vcert.example -san-dns two.vcert.example -san-ip 10.20.30.40 -san-ip 198.168.144.120 -san-email zack.jackson@vcert.example -format json -key-password newPassw0rd!
+    When I enroll random certificate with dummy password using TPP with -csr service -san-dns one.vcert.example -san-dns two.vcert.example -san-ip 10.20.30.40 -san-ip 198.168.144.120 -san-email zack.jackson@vcert.example -format json
     And I get JSON response
     And that certificate should contain "DNS:one.vcert.example"
     And that certificate should contain "DNS:two.vcert.example"
@@ -112,7 +112,7 @@ Feature: few more tests from Ryan
 # if ERRORLEVEL 1 goto :DONE
 # timeout /t 10
   Scenario: ~ User Provided CSR with SANs ~
-    Given I generate CSR with -cn user-provided-with-sans.vcert.example -san-dns one.vcert.example -san-dns two.vcert.example -san-ip 10.20.30.40 -san-ip 198.168.144.120 -san-email zack.jackson@vcert.example -key-file user-provided-with-sans.key -csr-file user-provided-with-sans.req -key-password newPassw0rd!
+    Given I generate CSR using dummy password with flags -cn user-provided-with-sans.vcert.example -san-dns one.vcert.example -san-dns two.vcert.example -san-ip 10.20.30.40 -san-ip 198.168.144.120 -san-email zack.jackson@vcert.example -key-file user-provided-with-sans.key -csr-file user-provided-with-sans.req
     And I enroll certificate using TPP with -csr file:user-provided-with-sans.req -cert-file c.pem
     And I decode certificate from file "c.pem"
     And that certificate should contain "DNS:one.vcert.example"
@@ -130,7 +130,7 @@ Feature: few more tests from Ryan
 # if ERRORLEVEL 1 goto :DONE
 # timeout /t 10
   Scenario: ~ User Provided CSR with full Subject DN ~
-    Given I generate CSR with -cn user-provided-full-subject.vcert.example -ou "DevOps Integrations" -o "Swordfish Security" -l "St. Petersburg" -st Russia -c RU -key-file user-provided-full-subject.key -csr-file user-provided-full-subject.req -key-password newPassw0rd!
+    Given I generate CSR using dummy password with flags -cn user-provided-full-subject.vcert.example -ou "DevOps Integrations" -o "Swordfish Security" -l "St. Petersburg" -st Russia -c RU -key-file user-provided-full-subject.key -csr-file user-provided-full-subject.req
     And I enroll certificate using TPP with -csr file:user-provided-full-subject.req -format json
     And I get JSON response
     Then that certificate Subject should contain "C = RU"

aruba/features/enroll/enroll-with-csr.feature

@@ -75,7 +75,7 @@ Feature: enrolling certificates with -csr option (VEN-40652)
       | Cloud     |
 
   Scenario Outline: where it enrolls certificates with -csr local -no-prompt -key-password ...
-    Given I enroll random certificate using <endpoint> with -csr local -no-prompt -key-password newPassw0rd!
+    Given I enroll random certificate with dummy password using <endpoint> with -csr local -no-prompt
     And it should post certificate request
     Then it should retrieve certificate
     And it should output encrypted private key
@@ -98,7 +98,7 @@ Feature: enrolling certificates with -csr option (VEN-40652)
 
 
   Scenario Outline: where it should however enroll a certificate with -csr service, empty -key-password and -no-pickup
-    When I enroll random certificate using <endpoint> with -csr service -no-prompt -no-pickup
+    When I enroll random certificate with dummy password using <endpoint> with -csr service -no-prompt -no-pickup
     Then it should post certificate request
 
     @FAKE
@@ -117,7 +117,7 @@ Feature: enrolling certificates with -csr option (VEN-40652)
       | Cloud     |
 
   Scenario Outline: where it should enroll a certificate with -csr service -no-prompt -key-password ...
-    When I enroll random certificate using <endpoint> with -csr service -no-prompt -key-password newPassw0rd!
+    When I enroll random certificate with dummy password using <endpoint> with -csr service -no-prompt
     Then it should post certificate request
       And it should retrieve certificate
       And it should output encrypted private key
@@ -138,7 +138,7 @@ Feature: enrolling certificates with -csr option (VEN-40652)
     Then I retrieve the certificate using <endpoint> using the same Pickup ID with -timeout 180
       And it should retrieve certificate
       And it should not output private key
-    Then I retrieve the certificate using <endpoint> using the same Pickup ID with -key-password newPassw0rd! -timeout 180
+    Then I retrieve the certificate using <endpoint> using the same Pickup ID and using a dummy password with -timeout 180
       And it should retrieve certificate
       And it should output encrypted private key
 

aruba/features/enroll/pickup.feature

@@ -9,6 +9,6 @@ Feature: pickup is an action for retrieving certificates
 
   Scenario: should write private key to -key-file if specified (makes sense only with -csr service)
     Given I enroll a certificate in test-mode with -no-prompt -cn vfidev.example.com -csr service -no-pickup -pickup-id-file p.txt
-    Then I retrieve the certificate in test-mode with -pickup-id-file p.txt -key-password newPassw0rd!
+    Then I retrieve the certificate using a dummy password in test-mode with -pickup-id-file p.txt
     And it should retrieve certificate
     And it should output encrypted private key

aruba/features/format/jks.feature

@@ -204,8 +204,8 @@ Feature: JKS format output
 
   Scenario Outline: where it pickups up service-generated certificate and outputs it in JKS format
     When I enroll random certificate using <endpoint> with -no-prompt -no-pickup -csr service
-    And I retrieve the certificate using <endpoint> using the same Pickup ID with -timeout 180 -key-password newPassw0rd! -file all.jks -format jks -jks-alias abc
-    And "all.jks" should be JKS archive with password "newPassw0rd!"
+    And I retrieve the certificate using <endpoint> using the same Pickup ID and using a dummy password with -timeout 180 -file all.jks -format jks -jks-alias abc
+#    And "all.jks" should be JKS archive with password "dummy password" # currently, we don't have JKS steps
 
     @FAKE
     Examples:

aruba/features/format/pkcs12.feature

@@ -47,9 +47,9 @@ Feature: PKCS#12 format output
     And "all.p12" should be PKCS#12 archive with password ""
 
   Scenario Outline: where all objects are written to one PKCS#12 archive with key password
-    When I enroll random certificate in <endpoint> with -format pkcs12 -file all.p12 -key-password newPassw0rd!
+    When I enroll random certificate with dummy password in <endpoint> with -format pkcs12 -file all.p12
     Then the exit status should be 0
-    And "all.p12" should be PKCS#12 archive with password "newPassw0rd!"
+    And "all.p12" should be PKCS#12 archive with dummy password
 
     @FAKE
     Examples:
@@ -67,9 +67,9 @@ Feature: PKCS#12 format output
       | Cloud     |
 
   Scenario Outline: where all objects are written to one PKCS#12 legacy archive with key password
-    When I enroll random certificate in <endpoint> with -format legacy-pkcs12 -file all.p12 -key-password newPassw0rd!
+    When I enroll random certificate with dummy password in <endpoint> with -format legacy-pkcs12 -file all.p12
     Then the exit status should be 0
-    And "all.p12" should be PKCS#12 archive in legacy mode with password "newPassw0rd!"
+    And "all.p12" should be PKCS#12 archive in legacy mode with dummy password
 
     @FAKE
     Examples:
@@ -166,8 +166,8 @@ Feature: PKCS#12 format output
 
   Scenario Outline: where it pickups up service-generated certificate and outputs it in PKCS#12 format
     When I enroll random certificate using <endpoint> with -no-prompt -no-pickup -csr service
-    And I retrieve the certificate using <endpoint> using the same Pickup ID with -timeout 180 -key-password newPassw0rd! -file all.p12 -format pkcs12
-    And "all.p12" should be PKCS#12 archive with password "newPassw0rd!"
+    And I retrieve the certificate using <endpoint> using the same Pickup ID and using a dummy password with -timeout 180 -file all.p12 -format pkcs12
+    And "all.p12" should be PKCS#12 archive with dummy password
 
     @FAKE
     Examples:
@@ -181,8 +181,8 @@ Feature: PKCS#12 format output
 
   Scenario Outline: where it pickups up service-generated certificate and outputs it in PKCS#12 legacy format
     When I enroll random certificate using <endpoint> with -no-prompt -no-pickup -csr service
-    And I retrieve the certificate using <endpoint> using the same Pickup ID with -timeout 180 -key-password newPassw0rd! -file all.p12 -format legacy-pkcs12
-    And "all.p12" should be PKCS#12 archive in legacy mode with password "newPassw0rd!"
+    And I retrieve the certificate using <endpoint> using the same Pickup ID and using a dummy password with -timeout 180 -file all.p12 -format legacy-pkcs12
+    And "all.p12" should be PKCS#12 archive in legacy mode with dummy password
 
     @FAKE
     Examples:
@@ -199,24 +199,24 @@ Feature: PKCS#12 format output
 #    Examples:
 #      | endpoint  |
 #      | Cloud     | # -csr service is not supported by Cloud
-
+#
 #  Scenario Outline: Pickup PKCS12 with typing pass phrases
 #    When I enroll random certificate using <endpoint> with -no-prompt -no-pickup -csr service
 #    And I interactively retrieve the certificate using <endpoint> using the same Pickup ID with -timeout 99 -file all.p12 -format pkcs12
-#    And I type "newPassw0rd!"
-#    And I type "newPassw0rd!"
+#    And I type dummy password
+#    And I type dummy password
 #    Then the exit status should be 0
-#    And "all.p12" should be PKCS#12 archive with password "newPassw0rd!"
+#    And "all.p12" should be PKCS#12 archive with dummy password
 #    Examples:
 #      | endpoint  |
 #      | test-mode |
-      # | TPP       |
-      # | Cloud     | # -csr service is not supported by Cloud
+#       | TPP       |
+#       | Cloud     | # -csr service is not supported by Cloud
 
   Scenario Outline: where it should enroll a PKCS12 certificate with -csr service and without file option (VEN-48622)
     When I enroll random certificate using <endpoint> with -csr service -no-prompt -no-pickup -format pkcs12
       Then it should post certificate request
-    Then I retrieve the certificate using <endpoint> using the same Pickup ID with -key-password newPassw0rd! -timeout 59
+    Then I retrieve the certificate using <endpoint> using the same Pickup ID and using a dummy password with -timeout 59
       And it should retrieve certificate
       And it should output encrypted private key
 

aruba/features/gencsr/output.feature

@@ -16,8 +16,8 @@ Feature: Generating simple certificate request
 
   Scenario: where CSR is generated interactively with non-empty key-password
     When I run `vcert gencsr -cn vfidev.example.com` interactively
-    And I type "newPassw0rd!"
-    And I type "newPassw0rd!"
+    And I type dummy password
+    And I type dummy password
     Then the exit status should be 0
     And it should output encrypted private key
     And it should output CSR
@@ -29,7 +29,7 @@ Feature: Generating simple certificate request
     And it should output CSR
 
   Scenario: where CSR is generated and the private key is encrypted
-    When I run `vcert gencsr -cn vfidev.example.com -key-password newPassw0rd!`
+    When I generate CSR using dummy password with flags -cn vfidev.example.com
     Then the exit status should be 0
     And it should output encrypted private key
     And it should output CSR

aruba/features/gencsr/step_definitions/my_steps.rb

@@ -0,0 +1,6 @@
+And(/^I type dummy password$/) do
+  steps %{
+    And I type "#{DUMMY_PASSWORD}"
+  }
+end# frozen_string_literal: true
+

aruba/features/renew/renew-with-csr-local.feature

@@ -65,14 +65,14 @@ Feature: renew action with -csr local (default) option
       | Cloud     |
 
   Scenario Outline: renew certificate using -id using `-csr local` with PKCS12 flag
-    Given I enroll random certificate using <endpoint> with -key-password Passcode123! -key-file k.pem -cert-file c.pem -csr local
+    Given I enroll random certificate with dummy password using <endpoint> with -key-file k.pem -cert-file c.pem -csr local
       And it should write private key to the file "k.pem"
       And it should write certificate to the file "c.pem"
       And it should output Pickup ID
     And I decode certificate from file "c.pem"
-    Then I renew the certificate in <endpoint> using the same Pickup ID with flags -key-password Passcode123! -file all.p12 -format pkcs12
+    Then I renew the certificate using a dummy password in <endpoint> using the same Pickup ID with flags -file all.p12 -format pkcs12
       And it should retrieve certificate
-      And "all.p12" should be PKCS#12 archive with password "Passcode123!"
+      And "all.p12" should be PKCS#12 archive with dummy password
 
     @TPP
     Examples:
@@ -85,14 +85,14 @@ Feature: renew action with -csr local (default) option
       | Cloud     |
 
   Scenario Outline: renew certificate using -id using `-csr local` with PKCS12 legacy flag
-    Given I enroll random certificate using <endpoint> with -key-password Passcode123! -key-file k.pem -cert-file c.pem -csr local
+    Given I enroll random certificate with dummy password using <endpoint> with -key-file k.pem -cert-file c.pem -csr local
       And it should write private key to the file "k.pem"
       And it should write certificate to the file "c.pem"
       And it should output Pickup ID
     And I decode certificate from file "c.pem"
-    Then I renew the certificate in <endpoint> using the same Pickup ID with flags -key-password Passcode123! -file all.p12 -format legacy-pkcs12
+    Then I renew the certificate using a dummy password in <endpoint> using the same Pickup ID with flags -file all.p12 -format legacy-pkcs12
       And it should retrieve certificate
-      And "all.p12" should be PKCS#12 archive in legacy mode with password "Passcode123!"
+      And "all.p12" should be PKCS#12 archive in legacy mode with dummy password
 
     @TPP
     Examples: