Ejemplo n.º 1
0
 def test_tampered_manifest(self):
     # MANIFEST.MF does not verify against .SF in either way.
     # Was tampered manually.
     jar_data = get_data_fn("tampered-manifest.jar")
     cert = get_data_fn("javatools-cert.pem")
     with self.assertRaises(ManifestChecksumError):
         verify(cert, jar_data)
Ejemplo n.º 2
0
 def test_overriden_extension_handling(self):
     jar_data = get_data_fn("test_extensions/no-email-protection.jar")
     cert = get_data_fn("test_extensions/ca.pem")
     self.verify_wrap(
         cert, jar_data,
         "Signature by certificate without EmailProtection EKU extension failed"
     )
     jar_data = get_data_fn("test_extensions/no-ku.jar")
     self.verify_wrap(
         cert, jar_data,
         "Signature by certificate without any KU extension failed")
     jar_data = get_data_fn("test_extensions/wrong-ku.jar")
     with self.assertRaises(SignatureBlockFileVerificationError):
         verify(cert, jar_data)
Ejemplo n.º 3
0
 def test_cli_sign_and_verify(self):
     src = get_data_fn("cli-sign-and-verify.jar")
     key_alias = "SAMPLE3"
     cert = get_data_fn("javatools-cert.pem")
     key = get_data_fn("javatools.pem")
     with NamedTemporaryFile() as tmp_jar:
         copyfile(src, tmp_jar.name)
         cli_sign_jar(None, tmp_jar.name, cert, key, key_alias)
         error_message = verify(cert, tmp_jar.name, key_alias)
         self.assertIsNone(error_message,
                           "Verification of JAR which we just signed failed: %s"
                           % error_message)
Ejemplo n.º 4
0
 def test_cli_sign_and_verify_ecdsa_pkcs8_sha512(self):
     src = get_data_fn("cli-sign-and-verify.jar")
     key_alias = "SAMPLE3"
     cert = get_data_fn("ec-cert.pem")
     key = get_data_fn("ec-key.pem")
     with NamedTemporaryFile() as tmp_jar:
         copyfile(src, tmp_jar.name)
         cli_sign_jar([tmp_jar.name, cert, key, key_alias])
         error_message = verify(cert, tmp_jar.name, key_alias)
         self.assertIsNone(error_message,
                           "Verification of JAR which we just signed failed: %s"
                           % error_message)
Ejemplo n.º 5
0
    def test_sign_with_certchain_and_verify(self):
        src = get_data_fn("certchain-data.jar")
        key_alias = "SIGNING"
        signing_cert = get_data_fn("certchain-signing.pem")
        key = get_data_fn("certchain-signing-key.pem")
        intermediate_cert = get_data_fn("certchain-intermediate.pem")
        root_cert = get_data_fn("certchain-root.pem")
        with NamedTemporaryFile() as tmp_jar:
            copyfile(src, tmp_jar.name)
            self.assertEqual(0, cli_sign_jar(
                ["-c", root_cert, "-c", intermediate_cert,
                 tmp_jar.name, signing_cert, key, key_alias]),
                "Signing with embedding a chain of certificates failed")
            error_message = verify(root_cert, tmp_jar.name, key_alias)
            self.assertIsNone(error_message,
                "Verification of JAR which we signed embedding chain of certificates failed: %s"
                % error_message)

#
# The end.
Ejemplo n.º 6
0
 def test_multiple_sf_files(self):
     jar_data = get_data_fn("multiple-sf-files.jar")
     cert = get_data_fn("javatools-cert.pem")
     with self.assertRaises(VerificationError):
         verify(cert, jar_data)
Ejemplo n.º 7
0
 def verify_wrap(self, cert, jar, error_prefix):
     try:
         verify(cert, jar)
     except VerificationError, error_message:
         self.fail("%s: %s" % (error_prefix, error_message))
Ejemplo n.º 8
0
 def test_tampered_signature_block(self):
     jar_data = get_data_fn("ec-tampered.jar")
     cert = get_data_fn("ec-cert.pem")
     error_message = verify(cert, jar_data, "TEST")
     self.assertIsNotNone(error_message,
         "Error: verification of a tampered signature has succeeded")
Ejemplo n.º 9
0
 def test_missing_signature_block(self):
     jar_data = get_data_fn("ec-must-fail.jar")
     cert = get_data_fn("ec-cert.pem")
     error_message = verify(cert, jar_data, "TEST")
     self.assertIsNotNone(error_message,
         "Error: verification of non-existing key alias has succeeded")
Ejemplo n.º 10
0
 def test_tampered_signature_block(self):
     jar_data = get_data_fn("ec-tampered.jar")
     cert = get_data_fn("ec-cert.pem")
     error_message = verify(cert, jar_data, "TEST")
     self.assertIsNotNone(error_message,
         "Error: verification of a tampered signature has succeeded")
Ejemplo n.º 11
0
 def test_tampered_jar_entry(self):
     jar_data = get_data_fn("tampered-entry.jar")
     cert = get_data_fn("javatools-cert.pem")
     with self.assertRaises(JarChecksumError):
         verify(cert, jar_data)
Ejemplo n.º 12
0
 def test_multiple_valid_sf_files_cert2(self):
     jar_data = get_data_fn("test_jarutil/multiple-sf-files-all-valid.jar")
     cert = get_data_fn("test_jarutil/javatools-cert-2.pem")
     sf_file = "KEY2.SF"
     self.assertEqual(verify(cert, jar_data, sf_file), None)
Ejemplo n.º 13
0
 def test_multiple_sf_files_no_cert_specified(self):
     jar_data = get_data_fn("test_jarutil/multiple-sf-files-some-junk.jar")
     cert = get_data_fn("test_jarutil/javatools-cert.pem")
     with self.assertRaises(VerificationError):
         verify(cert, jar_data)
Ejemplo n.º 14
0
 def test_multiple_valid_sf_files_cert1(self):
     jar_data = get_data_fn("multiple-sf-files-all-valid.jar")
     cert = get_data_fn("javatools-cert.pem")
     sf_file = "KEY1.SF"
     self.assertEquals(verify(cert, jar_data, sf_file), None)
Ejemplo n.º 15
0
 def test_missing_signature_block(self):
     jar_data = get_data_fn("ec-must-fail.jar")
     cert = get_data_fn("ec-cert.pem")
     with self.assertRaises(JarSignatureMissingError):
         verify(cert, jar_data)
Ejemplo n.º 16
0
 def test_tampered_signature_block(self):
     jar_data = get_data_fn("ec-tampered.jar")
     cert = get_data_fn("ec-cert.pem")
     with self.assertRaises(SignatureBlockFileVerificationError):
         verify(cert, jar_data)
Ejemplo n.º 17
0
 def test_single_sf_file_wrong_cert_specified(self):
     jar_data = get_data_fn("test_jarutil/jarutil-signed.jar")
     cert = get_data_fn("test_jarutil/javatools-cert.pem")
     sf_file = "DOES_NOT_EXIST.SF"
     with self.assertRaises(VerificationError):
         verify(cert, jar_data, sf_file)
Ejemplo n.º 18
0
 def test_single_sf_file_correct_cert_specified(self):
     jar_data = get_data_fn("test_jarutil/jarutil-signed.jar")
     cert = get_data_fn("test_jarutil/javatools-cert.pem")
     sf_file = "UNUSED.SF"
     self.assertEqual(verify(cert, jar_data, sf_file), None)
Ejemplo n.º 19
0
 def test_missing_signature_block(self):
     jar_data = get_data_fn("ec-must-fail.jar")
     cert = get_data_fn("ec-cert.pem")
     error_message = verify(cert, jar_data, "TEST")
     self.assertIsNotNone(error_message,
         "Error: verification of non-existing key alias has succeeded")