Implements secure value loading method for multiple Windows credentials

src/core/zowe/core_for_zowe_sdk/constants.py

@@ -16,4 +16,5 @@
     "ZoweCredentialKey": "Zowe-Plugin",
     "ZoweServiceName": "Zowe",
     "ZoweAccountName": "secure_config_props",
+    "WIN32_CRED_MAX_STRING_LENGTH" : 2560 
 }

src/core/zowe/core_for_zowe_sdk/zosmf_profile.py

@@ -72,7 +72,8 @@ def load(self):
         )
 
         with open(profile_file, "r") as fileobj:
-            profile_yaml = yaml.safe_load(fileobj)
+            yaml_content = fileobj.read()
+            profile_yaml = yaml.safe_load(yaml_content)
 
         zosmf_host = profile_yaml["host"]
         if "port" in profile_yaml:
@@ -94,13 +95,28 @@ def load(self):
         )
 
     def __get_secure_value(self, name):
+        """Retrieve a secure value from the keyring."""
         service_name = constants["ZoweCredentialKey"]
         account_name = "zosmf_{}_{}".format(self.profile_name, name)
 
+        secret_value = ""
         if sys.platform == "win32":
             service_name += "/" + account_name
 
-        secret_value = keyring.get_password(service_name, account_name)
+            # Try to retrieve the secure value without an index
+            secret_value = keyring.get_password(service_name, account_name)  
+            if secret_value is None:
+                # Retrieve the secure value with an index
+                index = 1
+                while True:
+                    field_name = f"{account_name}-{index}"
+                    temp_value = keyring.get_password(service_name, field_name)
+                    if temp_value is None:
+                        break
+                    secret_value += temp_value
+                    index += 1
+        else:
+            secret_value = keyring.get_password(service_name, account_name)
 
         if sys.platform == "win32":
             secret_value = secret_value.encode("utf-16")
@@ -119,11 +135,32 @@ def __load_secure_credentials(self):
         try:
             zosmf_user = self.__get_secure_value("user")
             zosmf_password = self.__get_secure_value("password")
+            if sys.platform == "win32":
+                if len(zosmf_user) > constants["WIN32_CRED_MAX_STRING_LENGTH"]:
+                    # Split user value across multiple fields
+                    self.__split_and_store_secure_value("user", zosmf_user)
+                if len(zosmf_password) > constants["WIN32_CRED_MAX_STRING_LENGTH"]:
+                    # Split password value across multiple fields
+                    self.__split_and_store_secure_value("password", zosmf_password)    
         except Exception as e:
             raise SecureProfileLoadFailed(self.profile_name, e)
         else:
             return (zosmf_user, zosmf_password)
-
+
+    def __split_and_store_secure_value(self, field_name, value):
+        """Split and store a secure value across multiple fields."""
+        service_name = constants["ZoweCredentialKey"]
+        account_name = f"zosmf_{self.profile_name}_{field_name}"
+
+        # Delete any previously used fields storing this value
+        keyring.delete_password(service_name, account_name)
+        sliced_values = [value[i:i+constants["WIN32_CRED_MAX_STRING_LENGTH"]] for i in range(0, len(value), constants["WIN32_CRED_MAX_STRING_LENGTH"])]
+
+        for index, temp_value in enumerate(sliced_values, start=1):
+            keyring.set_password(service_name, f"{account_name}-{index}", temp_value)
+
+        # Append null byte to mark the termination of the last field
+        keyring.set_password(service_name, f"{account_name}-{len(sliced_values)+1}", "\0")
 
 if HAS_KEYRING and sys.platform.startswith("linux"):
     from contextlib import closing

tests/unit/test_zowe_core.py

@@ -12,7 +12,7 @@
 from jsonschema import validate, ValidationError
 from zowe.core_for_zowe_sdk.validators import validate_config_json
 import commentjson
-
+from zowe.core_for_zowe_sdk.constants import constants
 from pyfakefs.fake_filesystem_unittest import TestCase
 from zowe.core_for_zowe_sdk import (
     ApiConnection,
@@ -158,6 +158,74 @@ def test_object_should_be_instance_of_class(self):
         zosmf_profile = ZosmfProfile(self.profile_name)
         self.assertIsInstance(zosmf_profile, ZosmfProfile)
 
+    @mock.patch("builtins.open", mock.mock_open(read_data="yaml_content"))
+    @mock.patch("yaml.safe_load")
+    def test_load(self, yaml_load_mock):
+        """Test the load method."""
+        zosmf_profile = ZosmfProfile(self.profile_name)
+        profile_file = os.path.join(
+            zosmf_profile.profiles_dir, f"{self.profile_name}.yaml"
+        )
+
+                # Mock the return values
+        profile_yaml = {
+            "host": "example.com",
+            "port": 443,
+            "user": "test_user",
+            "password": "test_password",
+            "rejectUnauthorized": True,
+        }
+        yaml_load_mock.return_value = profile_yaml
+         # Set secure values for user and password
+        profile_yaml["user"] = constants["SecureValuePrefix"] + "secure_user"
+        profile_yaml["password"] = constants["SecureValuePrefix"] + "secure_password"
+        # Mock the private methods
+        # zosmf_profile._ZosmfProfile__load_secure_credentials = mock.MagicMock(return_value=("secure_user", "secure_password"))
+        zosmf_profile._ZosmfProfile__get_secure_value = mock.MagicMock(side_effect=["secure_user", "secure_password"])
+        zosmf_profile._ZosmfProfile__split_and_store_secure_value = mock.MagicMock()
+
+        # Call the load method
+        result = zosmf_profile.load()
+
+        # Assertions
+        yaml_load_mock.assert_called_once_with("yaml_content")  # Ensure safe_load is called with the correct argument
+        zosmf_profile._ZosmfProfile__load_secure_credentials.assert_called_once()
+        zosmf_profile._ZosmfProfile__get_secure_value.assert_called_with("user")
+        zosmf_profile._ZosmfProfile__get_secure_value.assert_called_with("password")
+        zosmf_profile._ZosmfProfile__split_and_store_secure_value.assert_not_called()
+
+        expected_connection = ApiConnection(
+            "example.com", "secure_user", "secure_password", True
+        )
+        self.assertEqual(result, expected_connection)
+
+        # Additional test case for long credentials
+        long_user = "x" * 1000
+        long_password = "y" * 2000
+        profile_yaml["user"] = long_user
+        profile_yaml["password"] = long_password
+
+        # Reset the mocks
+        yaml_load_mock.reset_mock()
+        zosmf_profile._ZosmfProfile__get_secure_value.reset_mock()
+        zosmf_profile._ZosmfProfile__split_and_store_secure_value.reset_mock()
+
+        # Call the load method with long credentials
+        result = zosmf_profile.load()
+
+        # Assertions
+        yaml_load_mock.assert_called_once_with("yaml_content")
+        zosmf_profile._ZosmfProfile__load_secure_credentials.assert_called_once()
+        zosmf_profile._ZosmfProfile__get_secure_value.assert_called_with("user")
+        zosmf_profile._ZosmfProfile__get_secure_value.assert_called_with("password")
+        zosmf_profile._ZosmfProfile__split_and_store_secure_value.assert_called_with("user", long_user)
+        zosmf_profile._ZosmfProfile__split_and_store_secure_value.assert_called_with("password", long_password)
+
+        expected_connection = ApiConnection(
+            "example.com", "secure_user", "secure_password", True
+        )
+        self.assertEqual(result, expected_connection)
+
 
 class TestZosmfProfileManager(TestCase):
     """ProfileManager class unit tests."""