def call_signing(file_obj, endpoint):
"""Get the jar signature and send it to the signing server to be signed."""
# We only want the (unique) temporary file name.
with tempfile.NamedTemporaryFile() as temp_file:
temp_filename = temp_file.name
# Extract jar signature.
jar = JarExtractor(path=storage.open(file_obj.file_path),
outpath=temp_filename,
omit_signature_sections=True,
extra_newlines=True)
log.debug(u'File signature contents: {0}'.format(jar.signatures))
log.debug(u'Calling signing service: {0}'.format(endpoint))
with statsd.timer('services.sign.addon'):
response = requests.post(
endpoint,
timeout=settings.SIGNING_SERVER_TIMEOUT,
data={'addon_id': get_id(file_obj.version.addon)},
files={'file': (u'mozilla.sf', unicode(jar.signatures))})
if response.status_code != 200:
msg = u'Posting to add-on signing failed: {0}'.format(response.reason)
log.error(msg)
raise SigningError(msg)
pkcs7 = b64decode(json.loads(response.content)['mozilla.rsa'])
cert_serial_num = get_signature_serial_number(pkcs7)
jar.make_signed(pkcs7, sigpath=u'mozilla')
shutil.move(temp_filename, file_obj.file_path)
return cert_serial_num
def call_signing(file_obj, endpoint):
"""Get the jar signature and send it to the signing server to be signed."""
# We only want the (unique) temporary file name.
with tempfile.NamedTemporaryFile() as temp_file:
temp_filename = temp_file.name
# Extract jar signature.
jar = JarExtractor(path=storage.open(file_obj.file_path),
outpath=temp_filename,
omit_signature_sections=True,
extra_newlines=True)
log.debug(u'File signature contents: {0}'.format(jar.signatures))
log.debug(u'Calling signing service: {0}'.format(endpoint))
with statsd.timer('services.sign.addon'):
response = requests.post(
endpoint,
timeout=settings.SIGNING_SERVER_TIMEOUT,
data={'addon_id': get_id(file_obj.version.addon)},
files={'file': (u'mozilla.sf', unicode(jar.signatures))})
if response.status_code != 200:
msg = u'Posting to add-on signing failed: {0}'.format(response.reason)
log.error(msg)
raise SigningError(msg)
pkcs7 = b64decode(json.loads(response.content)['mozilla.rsa'])
cert_serial_num = get_signature_serial_number(pkcs7)
jar.make_signed(pkcs7, sigpath=u'mozilla')
shutil.move(temp_filename, file_obj.file_path)
return cert_serial_num
def call_signing(file_obj):
"""Get the jar signature and send it to the signing server to be signed."""
endpoint = get_endpoint(file_obj)
if not endpoint:
log.warning('Not signing: no active endpoint')
return
timeout = settings.SIGNING_SERVER_TIMEOUT
# We only want the (unique) temporary file name.
with tempfile.NamedTemporaryFile() as temp_file:
temp_filename = temp_file.name
# Extract jar signature.
try:
jar = JarExtractor(path=storage.open(file_obj.file_path),
outpath=temp_filename,
omit_signature_sections=True)
except:
msg = 'Archive extraction failed. Bad archive?'
log.error(msg, exc_info=True)
raise SigningError(msg)
log.info('File signature contents: %s' % jar.signatures)
addon_id = file_obj.version.addon.guid
log.info('Calling signing service: %s' % endpoint)
try:
with statsd.timer('services.sign.addon'):
response = requests.post(endpoint, timeout=timeout,
data={'addon_id': addon_id},
files={'file': ('mozilla.sf',
str(jar.signatures))})
except requests.exceptions.HTTPError as error:
# Will occur when a 3xx or greater code is returned.
msg = 'Posting to add-on signing failed: %s, %s' % (
error.response.status, error)
log.error(msg)
raise SigningError(msg)
except:
# Will occur when some other error occurs.
msg = 'Posting to add-on signing failed'
log.error(msg, exc_info=True)
raise SigningError(msg)
if response.status_code != 200:
msg = 'Posting to add-on signing failed: %s' % response.reason
log.error(msg)
raise SigningError(msg)
pkcs7 = b64decode(json.loads(response.content)['mozilla.rsa'])
try:
cert_serial_num = get_signature_serial_number(pkcs7)
jar.make_signed(pkcs7, sigpath='mozilla')
except:
msg = 'Addon signing failed'
log.error(msg, exc_info=True)
raise SigningError(msg)
shutil.move(temp_filename, file_obj.file_path)
return cert_serial_num
def test_09_serial_number_extraction(self):
with open(test_file('zigbert.test.pkcs7.der'), 'r') as f:
serialno = get_signature_serial_number(f.read())
# Signature occured on Thursday, January 22nd 2015 at 11:02:22am PST
# The signing service returns a Python time.time() value multiplied
# by 1000 to get a (hopefully) truly unique serial number
self.assertEqual(1421953342960, serialno)
def call_signing(file_obj):
"""Get the jar signature and send it to the signing server to be signed."""
endpoint = get_endpoint(file_obj)
if not endpoint:
log.warning('Not signing: no active endpoint')
return
timeout = settings.SIGNING_SERVER_TIMEOUT
# We only want the (unique) temporary file name.
with tempfile.NamedTemporaryFile() as temp_file:
temp_filename = temp_file.name
# Extract jar signature.
try:
jar = JarExtractor(path=storage.open(file_obj.file_path),
outpath=temp_filename,
omit_signature_sections=True)
except:
msg = 'Archive extraction failed. Bad archive?'
log.error(msg, exc_info=True)
raise SigningError(msg)
log.info('File signature contents: %s' % jar.signatures)
# From https://wiki.mozilla.org/AMO/SigningService/API:
# "A unique identifier for the combination of addon name and version that
# will be used in the generated key and certificate. A strong preference
# for human readable.
addon_id = u"{slug}-{version}".format(slug=file_obj.version.addon.slug,
version=file_obj.version.version)
log.info('Calling signing service: %s' % endpoint)
try:
with statsd.timer('services.sign.addon'):
response = requests.post(
endpoint,
timeout=timeout,
data={'addon_id': addon_id},
files={'file': ('zigbert.sf', str(jar.signatures))})
except requests.exceptions.HTTPError as error:
# Will occur when a 3xx or greater code is returned.
msg = 'Posting to add-on signing failed: %s, %s' % (
error.response.status, error)
log.error(msg)
raise SigningError(msg)
except:
# Will occur when some other error occurs.
msg = 'Posting to add-on signing failed'
log.error(msg, exc_info=True)
raise SigningError(msg)
if response.status_code != 200:
msg = 'Posting to add-on signing failed %s' % response.reason
log.error(msg)
raise SigningError(msg)
pkcs7 = b64decode(json.loads(response.content)['zigbert.rsa'])
try:
cert_serial_num = get_signature_serial_number(pkcs7)
jar.make_signed(pkcs7)
except:
msg = 'Addon signing failed'
log.error(msg, exc_info=True)
raise SigningError(msg)
shutil.move(temp_filename, file_obj.file_path)
return cert_serial_num
