Example #1
0
def _check_digest_algorithm(command_output, apk_path):
    # This prevents https://bugzilla.mozilla.org/show_bug.cgi?id=1332916
    match_result = DIGEST_ALGORITHM_REGEX.search(command_output)
    if match_result is None:
        log.critical(command_output)
        raise SignatureError(
            'Could not find what digest algorithm was used to sign this APK')

    digest_algorithm = match_result.group(1)
    if digest_algorithm != 'SHA1':
        log.critical(command_output)
        raise SignatureError(
            'Wrong digest algorithm: SHA1 digest is expected, but "{}" was found'
            .format(digest_algorithm))

    log.info(
        'The signature of "{}" contains the correct digest algorithm'.format(
            apk_path))
Example #2
0
def _check_certificate_via_return_code(return_code, command_output, binary_path, apk_path, certificate_alias, keystore_path):
    if return_code != 0:
        log.critical(command_output)
        raise SignatureError(
            '{} doesn\'t verify APK "{}". It compared certificate against "{}", located in keystore "{}".\
            Maybe you\'re now allowed to push such APKs on this instance?'.format(
                binary_path, apk_path, certificate_alias, keystore_path
            )
        )

    log.info('The signature of "{}" comes from the correct alias "{}"'.format(apk_path, certificate_alias))
Example #3
0
def verify(product_config, apk_path):
    # This prevents https://bugzilla.mozilla.org/show_bug.cgi?id=1332916
    expected_digest_algorithm = product_config["digest_algorithm"]
    if not _does_apk_have_expected_digest(apk_path, expected_digest_algorithm):
        raise SignatureError(
            'Wrong digest algorithm: "{}" digest is expected, but it was not found'
            .format(expected_digest_algorithm))

    log.info(
        'The signature of "{}" contains the correct digest algorithm ({})'.
        format(apk_path, expected_digest_algorithm))
Example #4
0
def verify(context, apk_path):
    # This prevents https://bugzilla.mozilla.org/show_bug.cgi?id=1332916
    android_product = extract_android_product_from_scopes(context)
    expected_digest_algorithm = _DIGEST_ALGORITHM_PER_ANDROID_PRODUCT[android_product]
    if not _does_apk_have_expected_digest(apk_path, expected_digest_algorithm):
        raise SignatureError(
            'Wrong digest algorithm: "{}" digest is expected, but it was not found'.format(expected_digest_algorithm)
        )

    log.info('The signature of "{}" contains the correct digest algorithm ({})'.format(
        apk_path, expected_digest_algorithm
    ))