def test_serial_number_extraction(self):
with open(get_file('zigbert.test.pkcs7.der'), 'rb') as f:
serialno = get_signer_serial_number(f.read())
# Signature occured on Thursday, January 22nd 2015 at 11:02:22am PST
# The signing service returns a Python time.time() value multiplied
# by 1000 to get a (hopefully) truly unique serial number
self.assertEqual(1421953342960, serialno)
def test_serial_number_extraction(self):
with open(get_file('zigbert.test.pkcs7.der'), 'rb') as f:
serialno = get_signer_serial_number(f.read())
# Signature occured on Thursday, January 22nd 2015 at 11:02:22am PST
# The signing service returns a Python time.time() value multiplied
# by 1000 to get a (hopefully) truly unique serial number
self.assertEqual(1421953342960, serialno)
def call_signing(file_obj, endpoint):
"""Get the jar signature and send it to the signing server to be signed."""
# We only want the (unique) temporary file name.
with tempfile.NamedTemporaryFile() as temp_file:
temp_filename = temp_file.name
# Extract jar signature.
jar = JarExtractor(path=storage.open(file_obj.file_path),
outpath=temp_filename,
omit_signature_sections=True,
extra_newlines=True)
log.debug(u'File signature contents: {0}'.format(jar.signatures))
log.debug(u'Calling signing service: {0}'.format(endpoint))
with statsd.timer('services.sign.addon'):
response = requests.post(
endpoint,
timeout=settings.SIGNING_SERVER_TIMEOUT,
data={'addon_id': get_id(file_obj.version.addon)},
files={'file': (u'mozilla.sf', unicode(jar.signatures))})
if response.status_code != 200:
msg = u'Posting to add-on signing failed: {0}'.format(response.reason)
log.error(msg)
raise SigningError(msg)
pkcs7 = b64decode(json.loads(response.content)['mozilla.rsa'])
cert_serial_num = get_signer_serial_number(pkcs7)
jar.make_signed(pkcs7, sigpath=u'mozilla')
shutil.move(temp_filename, file_obj.file_path)
return cert_serial_num
def call_signing(file_obj):
"""Get the jar signature and send it to the signing server to be signed."""
# Extract jar signature.
jar = JarExtractor(path=storage.open(file_obj.file_path))
log.debug(u'File signature contents: {0}'.format(jar.signatures))
signed_manifest = unicode(jar.signatures)
conf = settings.AUTOGRAPH_CONFIG
log.debug('Calling autograph service: {0}'.format(conf['server_url']))
# create the signing request
signing_request = [{
'input': b64encode(signed_manifest),
'keyid': conf['signer'],
'options': {
'id': get_id(file_obj.version.addon),
},
}]
# post the request
with statsd.timer('services.sign.addon.autograph'):
response = requests.post(
'{server}/sign/data'.format(server=conf['server_url']),
json=signing_request,
auth=HawkAuth(id=conf['user_id'], key=conf['key']))
if response.status_code != requests.codes.CREATED:
msg = u'Posting to add-on signing failed: {0} {1}'.format(
response.reason, response.text)
log.error(msg)
raise SigningError(msg)
# convert the base64 encoded pkcs7 signature back to binary
pkcs7 = b64decode(force_bytes(response.json()[0]['signature']))
cert_serial_num = get_signer_serial_number(pkcs7)
# We only want the (unique) temporary file name.
with tempfile.NamedTemporaryFile(dir=settings.TMP_PATH) as temp_file:
temp_filename = temp_file.name
jar.make_signed(
signed_manifest=signed_manifest,
signature=pkcs7,
sigpath=u'mozilla',
outpath=temp_filename)
shutil.move(temp_filename, file_obj.file_path)
return cert_serial_num
def call_signing(file_obj):
"""Get the jar signature and send it to the signing server to be signed."""
# Extract jar signature.
jar = JarExtractor(path=storage.open(file_obj.current_file_path))
log.debug(u'File signature contents: {0}'.format(jar.signatures))
signed_manifest = six.text_type(jar.signatures)
conf = settings.AUTOGRAPH_CONFIG
log.debug('Calling autograph service: {0}'.format(conf['server_url']))
# create the signing request
signing_request = [{
'input': b64encode(signed_manifest),
'keyid': conf['signer'],
'options': {
'id': get_id(file_obj.version.addon),
},
}]
# post the request
with statsd.timer('services.sign.addon.autograph'):
response = requests.post(
'{server}/sign/data'.format(server=conf['server_url']),
json=signing_request,
auth=HawkAuth(id=conf['user_id'], key=conf['key']))
if response.status_code != requests.codes.CREATED:
msg = u'Posting to add-on signing failed: {0} {1}'.format(
response.reason, response.text)
log.error(msg)
raise SigningError(msg)
# convert the base64 encoded pkcs7 signature back to binary
pkcs7 = b64decode(force_bytes(response.json()[0]['signature']))
cert_serial_num = get_signer_serial_number(pkcs7)
# We only want the (unique) temporary file name.
with tempfile.NamedTemporaryFile(dir=settings.TMP_PATH) as temp_file:
temp_filename = temp_file.name
jar.make_signed(
signed_manifest=signed_manifest,
signature=pkcs7,
sigpath=u'mozilla',
outpath=temp_filename)
shutil.move(temp_filename, file_obj.current_file_path)
return cert_serial_num
def call_signing(file_obj):
"""Get the jar signature and send it to the signing server to be signed."""
# Extract jar signature.
jar = JarExtractor(path=storage.open(file_obj.file_path))
log.debug(u'File signature contents: {0}'.format(jar.signatures))
use_autograph = waffle.switch_is_active('activate-autograph-signing')
signed_manifest = unicode(jar.signatures)
has_error = False
if use_autograph:
conf = settings.AUTOGRAPH_CONFIG
log.debug('Calling autograph service: {0}'.format(conf['server_url']))
# create the signing request
signing_request = [{
'input': b64encode(signed_manifest),
'keyid': conf['signer'],
'options': {
'id': get_id(file_obj.version.addon),
},
}]
# post the request
with statsd.timer('services.sign.addon'):
response = requests.post(
'{server}/sign/data'.format(server=conf['server_url']),
json=signing_request,
auth=HawkAuth(id=conf['user_id'], key=conf['key']))
if response.status_code != requests.codes.CREATED:
has_error = True
else:
log.debug(u'Calling signing service: {0}'.format(
settings.SIGNING_SERVER))
with statsd.timer('services.sign.addon'):
response = requests.post(
get_trunion_endpoint(settings.SIGNING_SERVER),
timeout=settings.SIGNING_SERVER_TIMEOUT,
data={'addon_id': get_id(file_obj.version.addon)},
files={'file': (u'mozilla.sf', signed_manifest)})
if response.status_code != requests.codes.OK:
has_error = True
if has_error:
msg = u'Posting to add-on signing failed: {0} {1}'.format(
response.reason, response.text)
log.error(msg)
raise SigningError(msg)
# convert the base64 encoded pkcs7 signature back to binary
if use_autograph:
pkcs7 = b64decode(force_bytes(response.json()[0]['signature']))
else:
pkcs7 = b64decode(response.json()['mozilla.rsa'])
cert_serial_num = get_signer_serial_number(pkcs7)
# We only want the (unique) temporary file name.
with tempfile.NamedTemporaryFile(dir=settings.TMP_PATH) as temp_file:
temp_filename = temp_file.name
jar.make_signed(
signed_manifest=signed_manifest,
signature=pkcs7,
sigpath=u'mozilla',
outpath=temp_filename)
shutil.move(temp_filename, file_obj.file_path)
return cert_serial_num
def test_serial_number_extraction(self):
with open(get_file('mozilla-generated-by-openssl.pkcs7.der'),
'rb') as f:
serialno = get_signer_serial_number(f.read())
self.assertEqual(1498181554500, serialno)
def test_serial_number_extraction(self):
with open(get_file('mozilla-generated-by-openssl.pkcs7.der'), 'rb') as f:
serialno = get_signer_serial_number(f.read())
self.assertEqual(1498181554500, serialno)
def call_signing(file_obj):
"""Get the jar signature and send it to the signing server to be signed."""
# Extract jar signature.
jar = JarExtractor(path=storage.open(file_obj.file_path))
log.debug(u'File signature contents: {0}'.format(jar.signatures))
use_autograph = waffle.switch_is_active('activate-autograph-signing')
signed_manifest = unicode(jar.signatures)
has_error = False
if use_autograph:
conf = settings.AUTOGRAPH_CONFIG
log.debug('Calling autograph service: {0}'.format(conf['server_url']))
# create the signing request
signing_request = [{
'input': b64encode(signed_manifest),
'keyid': conf['signer'],
'options': {
'id': get_id(file_obj.version.addon),
},
}]
# post the request
with statsd.timer('services.sign.addon'):
response = requests.post(
'{server}/sign/data'.format(server=conf['server_url']),
json=signing_request,
auth=HawkAuth(id=conf['user_id'], key=conf['key']))
if response.status_code != requests.codes.CREATED:
has_error = True
else:
log.debug(u'Calling signing service: {0}'.format(
settings.SIGNING_SERVER))
with statsd.timer('services.sign.addon'):
response = requests.post(
get_trunion_endpoint(settings.SIGNING_SERVER),
timeout=settings.SIGNING_SERVER_TIMEOUT,
data={'addon_id': get_id(file_obj.version.addon)},
files={'file': (u'mozilla.sf', signed_manifest)})
if response.status_code != requests.codes.OK:
has_error = True
if has_error:
msg = u'Posting to add-on signing failed: {0} {1}'.format(
response.reason, response.text)
log.error(msg)
raise SigningError(msg)
# convert the base64 encoded pkcs7 signature back to binary
if use_autograph:
pkcs7 = b64decode(force_bytes(response.json()[0]['signature']))
else:
pkcs7 = b64decode(response.json()['mozilla.rsa'])
cert_serial_num = get_signer_serial_number(pkcs7)
# We only want the (unique) temporary file name.
with tempfile.NamedTemporaryFile() as temp_file:
temp_filename = temp_file.name
jar.make_signed(
signed_manifest=signed_manifest,
signature=pkcs7,
sigpath=u'mozilla',
outpath=temp_filename)
shutil.move(temp_filename, file_obj.file_path)
return cert_serial_num
