def gen_keystore(apk_id):
"""
Generates a new key store using Java's keytool command.
"""
mode = get_user_mode()
log.info('generating key store for app ID {id} in '
'{mode} mode'.format(mode=mode, id=apk_id))
# -dname = distinguished name
# CN = common name
# OU = organizational unit
dname = ["CN={mode}: Marketplace app ID {id}".format(id=apk_id,
mode=mode),
"OU={mode}: Mozilla APK Signer".format(mode=mode),
"O=Firefox Marketplace",
"L=Mountain View",
"ST=California",
"C=US"]
# TODO: delete keystores after use! bug 976295
keystore = os.path.join(settings.APK_SIGNER_KEYS_TEMP_DIR,
'gen_keystore_{u}'.format(u=uuid.uuid4()))
if mode == 'REVIEWER':
validity = settings.APK_REVIEWER_VALIDITY_PERIOD
else:
validity = settings.APK_END_USER_VALIDITY_PERIOD
args = [
'-genkey',
'-keystore', keystore,
'-storepass', settings.APK_SIGNER_STORE_PASSWD,
# We currently aren't using aliases. This flag is intended for having
# multiple key pairs in the same keystore.
'-alias', '0',
'-validity', str(validity),
'-keyalg', settings.APK_SIGNER_APP_KEY_ALGO,
'-keysize', str(settings.APK_SIGNER_APP_KEY_LENGTH),
'-storetype', 'pkcs12',
'-dname', ', '.join(dname)]
try:
keytool(args)
except KeytoolError, exc:
raise SigningError("Failed to generate key: ID {id}: {exc}"
.format(id=apk_id, exc=exc))
def gen_keystore(apk_id):
"""
Generates a new key store using Java's keytool command.
"""
mode = get_user_mode()
log.info('generating key store for app ID {id} in '
'{mode} mode'.format(mode=mode, id=apk_id))
# -dname = distinguished name
# CN = common name
# OU = organizational unit
dname = ["CN={mode}: Marketplace app ID {id}".format(id=apk_id,
mode=mode),
"OU={mode}: Mozilla APK Signer".format(mode=mode),
"O=Firefox Marketplace",
"L=Mountain View",
"ST=California",
"C=US"]
# TODO: delete keystores after use! bug 976295
keystore = os.path.join(settings.APK_SIGNER_KEYS_TEMP_DIR,
'gen_keystore_{u}'.format(u=uuid.uuid4()))
if mode == 'REVIEWER':
validity = settings.APK_REVIEWER_VALIDITY_PERIOD
else:
validity = settings.APK_END_USER_VALIDITY_PERIOD
args = [
'-genkey',
'-keystore', keystore,
'-storepass', settings.APK_SIGNER_STORE_PASSWD,
# We currently aren't using aliases. This flag is intended for having
# multiple key pairs in the same keystore.
'-alias', '0',
'-validity', str(validity),
'-keyalg', settings.APK_SIGNER_APP_KEY_ALGO,
'-keysize', str(settings.APK_SIGNER_APP_KEY_LENGTH),
'-storetype', 'pkcs12',
'-dname', ', '.join(dname)]
try:
keytool(args)
except KeytoolError, exc:
raise SigningError("Failed to generate key: ID {id}: {exc}"
.format(id=apk_id, exc=exc))
def get_keystore(apk_id):
"""
Returns an open file object for a key store.
An end-user keystore will be generated and saved to S3 if it doesn't
exist. Reviewer keystores are always generated.
"""
if get_user_mode() == 'REVIEWER':
log.info('reviewer mode: generating a new keystore')
# Always generate new key stores for reviewers.
# Thus, we don't need to store them.
return make_keystore(apk_id, store=False)
else:
log.info('end-user mode: fetching/generating/storing keystore')
try:
# TODO: maybe check for expired key stores. In other words,
# this code will break in 10 years :)
return storage.get_app_key(apk_id)
except NoSuchKey:
return make_keystore(apk_id)
def get_keystore(apk_id):
"""
Returns an open file object for a key store.
An end-user keystore will be generated and saved to S3 if it doesn't
exist. Reviewer keystores are always generated.
"""
if get_user_mode() == 'REVIEWER':
log.info('reviewer mode: generating a new keystore')
# Always generate new key stores for reviewers.
# Thus, we don't need to store them.
return make_keystore(apk_id, store=False)
else:
log.info('end-user mode: fetching/generating/storing keystore')
try:
# TODO: maybe check for expired key stores. In other words,
# this code will break in 30 years :)
return storage.get_app_key(apk_id)
except NoSuchKey:
return make_keystore(apk_id)
