Package us.johnmeyer.sitetest.credentials

Facilities for managing credentials.

See: Description

Class Summary

Class	Description
BrowserstackCredential	Retrieves, validates, supplies Browserstack Credential.
BrowserstackCredentialSecrets	If you must use inline credentials, put them in this file and ensure it does not get into source control.
CredentialGetter	Utility class to retrieve credential from disk.
WebDriverWrapper	Provides Selenium WebDriver.

Enum Summary

Enum	Description
BrowserstackCredential.Mode	Enumeration enumerates supported ways to retrieve credential.
WebDriverWrapper.Browser	Enumerates browser options for Browserstack.

Exception Summary

Exception	Description
BrowserstackAutomateKeyException	At some point the Browserstack Automate key will be entered incorrectly or refused by the host.
BrowserstackCredential.UsingRecycledCredentialInstance	Problem of using a recycled credential.
CredentialRetrievalException	Gathers data related to a problem retrieving credential information from local filesystem.
WebDriverWrapperReinstantiationException	Thrown if wrapper is re-instantiated with out quitting previous.

Package us.johnmeyer.sitetest.credentials Description

Facilities for managing credentials. See BrowserstackCredential.Mode for supported credential storage approaches: "local file", "embedded in source", and "console prompt".

Secure My Browserstack Credentials

As regards the Selenium webdriver authentication mechanism, it is what it is. The best we can do is ensure that the user ID and automate key are protected. Were PCI certification required here, it would need to address two kinds of secrets:

1. PAN (personal account number) information , which includes payment card information, and
2. credentials.

Credentials are the keys to the servers and services. Per the specification:

8.2.1 Using strong cryptography, render all authentication credentials (such as passwords/phrases) unreadable during transmission and storage on all system components.
— PCI DSS v 3.2

The most egregious risk at this point is the possibility of transmitting the credential to Bitbucket or Github, where it can be read by all the world.

As a start, I've just put in a couple of controls to get me closer to the specification:

Control Option 1: The .bsc File

To block this, the code references a file called .bsc in the user's home directory. See README.md in the project for how to set this up.

Control Option 2: prompting

The console prompts for user ID and key, and the secret information remains safely off of the system and out of the source code. This works when running the product from the command line but not from maven.

3/5/2018 there is a problem with prompting not happening automatically. Until this is fixed the .bsc file is the only way to automate connectivity to Browserstack.

BrowserstackCredentialWrapper and Build Name

Working in Browserstack Automate

Browserstack has a 'build name' field that is set once per Selenium WebDriver session and that can be used to look up test results on their website. For working through new tests, I'm putting the integration test method name into this field so that I can identify tests that are erroring. This means I am instatiating a new webdriver each time I run a test.

Some classes I plan to build for the testing of the site Tester is coming together in a Bitbucket git repository. As of 10/25/17 you can run this yourself if you copy the BrowserstackCredentials file to the testSite package directory and update it with your own secret browserstack credentials.