From 291cb322371b60a488dcaee543f7f2324a3cbfc8 Mon Sep 17 00:00:00 2001
From: Andrew Chow <github@achow101.com>
Date: Thu, 5 Oct 2023 16:51:56 -0400
Subject: [PATCH] test: Check that no unencrypted records persist after
 encrypting

---
 test/functional/wallet_encryption.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/test/functional/wallet_encryption.py b/test/functional/wallet_encryption.py
index b30634010d5a1..aa391a864cd64 100755
--- a/test/functional/wallet_encryption.py
+++ b/test/functional/wallet_encryption.py
@@ -4,6 +4,8 @@
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 """Test Wallet encryption"""
 
+import os
+import subprocess
 import time
 
 from test_framework.test_framework import BitcoinTestFramework
@@ -47,6 +49,25 @@ def run_test(self):
         assert_raises_rpc_error(-8, "passphrase cannot be empty", self.nodes[0].walletpassphrase, '', 1)
         assert_raises_rpc_error(-8, "passphrase cannot be empty", self.nodes[0].walletpassphrasechange, '', 'ff')
 
+        # Make sure there are no unencrypted key records
+        # Use the wallet tool's dump mechanism to get all of the records to inspect them.
+        self.nodes[0].unloadwallet(self.default_wallet_name)
+        dump_file = os.path.join(self.nodes[0].datadir_path, "wallet.dump")
+        subprocess.check_call([self.options.bitcoinwallet, f"-datadir={self.nodes[0].datadir_path}", f"-chain={self.chain}", f"-wallet={self.default_wallet_name}", f"-dumpfile={dump_file}", "dump"], stdout=subprocess.DEVNULL)
+        self.nodes[0].loadwallet(self.default_wallet_name)
+        # Look for records that contain the hex for 'key' but not 'ckey'
+        key_hex = b"key".hex()
+        ckey_hex = b"ckey".hex()
+        # Hex for records to skip
+        skip_records = [b"mkey".hex(), b"activehdkey".hex(), b"defaultkey".hex(), b"keymeta".hex()]
+        with open(dump_file, "r", encoding="utf8") as f:
+            for row in f:
+                k, v = row.split(",")
+                # Skip 'mkey' records. These aren't private key records.
+                if any([skip in k for skip in skip_records]):
+                    continue
+                assert ckey_hex in k or key_hex not in k, "Unexpected unencrypted key record"
+
         # Check that walletpassphrase works
         self.nodes[0].walletpassphrase(passphrase, 2)
         sig = self.nodes[0].signmessage(address, msg)