def test_serial_number_extraction(self): with open(get_file('zigbert.test.pkcs7.der'), 'rb') as f: serialno = get_signer_serial_number(f.read()) # Signature occured on Thursday, January 22nd 2015 at 11:02:22am PST # The signing service returns a Python time.time() value multiplied # by 1000 to get a (hopefully) truly unique serial number self.assertEqual(1421953342960, serialno)
def test_serial_number_extraction(self): with open(get_file('zigbert.test.pkcs7.der'), 'rb') as f: serialno = get_signer_serial_number(f.read()) # Signature occured on Thursday, January 22nd 2015 at 11:02:22am PST # The signing service returns a Python time.time() value multiplied # by 1000 to get a (hopefully) truly unique serial number self.assertEqual(1421953342960, serialno)
def call_signing(file_obj, endpoint): """Get the jar signature and send it to the signing server to be signed.""" # We only want the (unique) temporary file name. with tempfile.NamedTemporaryFile() as temp_file: temp_filename = temp_file.name # Extract jar signature. jar = JarExtractor(path=storage.open(file_obj.file_path), outpath=temp_filename, omit_signature_sections=True, extra_newlines=True) log.debug(u'File signature contents: {0}'.format(jar.signatures)) log.debug(u'Calling signing service: {0}'.format(endpoint)) with statsd.timer('services.sign.addon'): response = requests.post( endpoint, timeout=settings.SIGNING_SERVER_TIMEOUT, data={'addon_id': get_id(file_obj.version.addon)}, files={'file': (u'mozilla.sf', unicode(jar.signatures))}) if response.status_code != 200: msg = u'Posting to add-on signing failed: {0}'.format(response.reason) log.error(msg) raise SigningError(msg) pkcs7 = b64decode(json.loads(response.content)['mozilla.rsa']) cert_serial_num = get_signer_serial_number(pkcs7) jar.make_signed(pkcs7, sigpath=u'mozilla') shutil.move(temp_filename, file_obj.file_path) return cert_serial_num
def call_signing(file_obj): """Get the jar signature and send it to the signing server to be signed.""" # Extract jar signature. jar = JarExtractor(path=storage.open(file_obj.file_path)) log.debug(u'File signature contents: {0}'.format(jar.signatures)) signed_manifest = unicode(jar.signatures) conf = settings.AUTOGRAPH_CONFIG log.debug('Calling autograph service: {0}'.format(conf['server_url'])) # create the signing request signing_request = [{ 'input': b64encode(signed_manifest), 'keyid': conf['signer'], 'options': { 'id': get_id(file_obj.version.addon), }, }] # post the request with statsd.timer('services.sign.addon.autograph'): response = requests.post( '{server}/sign/data'.format(server=conf['server_url']), json=signing_request, auth=HawkAuth(id=conf['user_id'], key=conf['key'])) if response.status_code != requests.codes.CREATED: msg = u'Posting to add-on signing failed: {0} {1}'.format( response.reason, response.text) log.error(msg) raise SigningError(msg) # convert the base64 encoded pkcs7 signature back to binary pkcs7 = b64decode(force_bytes(response.json()[0]['signature'])) cert_serial_num = get_signer_serial_number(pkcs7) # We only want the (unique) temporary file name. with tempfile.NamedTemporaryFile(dir=settings.TMP_PATH) as temp_file: temp_filename = temp_file.name jar.make_signed( signed_manifest=signed_manifest, signature=pkcs7, sigpath=u'mozilla', outpath=temp_filename) shutil.move(temp_filename, file_obj.file_path) return cert_serial_num
def call_signing(file_obj): """Get the jar signature and send it to the signing server to be signed.""" # Extract jar signature. jar = JarExtractor(path=storage.open(file_obj.current_file_path)) log.debug(u'File signature contents: {0}'.format(jar.signatures)) signed_manifest = six.text_type(jar.signatures) conf = settings.AUTOGRAPH_CONFIG log.debug('Calling autograph service: {0}'.format(conf['server_url'])) # create the signing request signing_request = [{ 'input': b64encode(signed_manifest), 'keyid': conf['signer'], 'options': { 'id': get_id(file_obj.version.addon), }, }] # post the request with statsd.timer('services.sign.addon.autograph'): response = requests.post( '{server}/sign/data'.format(server=conf['server_url']), json=signing_request, auth=HawkAuth(id=conf['user_id'], key=conf['key'])) if response.status_code != requests.codes.CREATED: msg = u'Posting to add-on signing failed: {0} {1}'.format( response.reason, response.text) log.error(msg) raise SigningError(msg) # convert the base64 encoded pkcs7 signature back to binary pkcs7 = b64decode(force_bytes(response.json()[0]['signature'])) cert_serial_num = get_signer_serial_number(pkcs7) # We only want the (unique) temporary file name. with tempfile.NamedTemporaryFile(dir=settings.TMP_PATH) as temp_file: temp_filename = temp_file.name jar.make_signed( signed_manifest=signed_manifest, signature=pkcs7, sigpath=u'mozilla', outpath=temp_filename) shutil.move(temp_filename, file_obj.current_file_path) return cert_serial_num
def call_signing(file_obj): """Get the jar signature and send it to the signing server to be signed.""" # Extract jar signature. jar = JarExtractor(path=storage.open(file_obj.file_path)) log.debug(u'File signature contents: {0}'.format(jar.signatures)) use_autograph = waffle.switch_is_active('activate-autograph-signing') signed_manifest = unicode(jar.signatures) has_error = False if use_autograph: conf = settings.AUTOGRAPH_CONFIG log.debug('Calling autograph service: {0}'.format(conf['server_url'])) # create the signing request signing_request = [{ 'input': b64encode(signed_manifest), 'keyid': conf['signer'], 'options': { 'id': get_id(file_obj.version.addon), }, }] # post the request with statsd.timer('services.sign.addon'): response = requests.post( '{server}/sign/data'.format(server=conf['server_url']), json=signing_request, auth=HawkAuth(id=conf['user_id'], key=conf['key'])) if response.status_code != requests.codes.CREATED: has_error = True else: log.debug(u'Calling signing service: {0}'.format( settings.SIGNING_SERVER)) with statsd.timer('services.sign.addon'): response = requests.post( get_trunion_endpoint(settings.SIGNING_SERVER), timeout=settings.SIGNING_SERVER_TIMEOUT, data={'addon_id': get_id(file_obj.version.addon)}, files={'file': (u'mozilla.sf', signed_manifest)}) if response.status_code != requests.codes.OK: has_error = True if has_error: msg = u'Posting to add-on signing failed: {0} {1}'.format( response.reason, response.text) log.error(msg) raise SigningError(msg) # convert the base64 encoded pkcs7 signature back to binary if use_autograph: pkcs7 = b64decode(force_bytes(response.json()[0]['signature'])) else: pkcs7 = b64decode(response.json()['mozilla.rsa']) cert_serial_num = get_signer_serial_number(pkcs7) # We only want the (unique) temporary file name. with tempfile.NamedTemporaryFile(dir=settings.TMP_PATH) as temp_file: temp_filename = temp_file.name jar.make_signed( signed_manifest=signed_manifest, signature=pkcs7, sigpath=u'mozilla', outpath=temp_filename) shutil.move(temp_filename, file_obj.file_path) return cert_serial_num
def test_serial_number_extraction(self): with open(get_file('mozilla-generated-by-openssl.pkcs7.der'), 'rb') as f: serialno = get_signer_serial_number(f.read()) self.assertEqual(1498181554500, serialno)
def test_serial_number_extraction(self): with open(get_file('mozilla-generated-by-openssl.pkcs7.der'), 'rb') as f: serialno = get_signer_serial_number(f.read()) self.assertEqual(1498181554500, serialno)
def call_signing(file_obj): """Get the jar signature and send it to the signing server to be signed.""" # Extract jar signature. jar = JarExtractor(path=storage.open(file_obj.file_path)) log.debug(u'File signature contents: {0}'.format(jar.signatures)) use_autograph = waffle.switch_is_active('activate-autograph-signing') signed_manifest = unicode(jar.signatures) has_error = False if use_autograph: conf = settings.AUTOGRAPH_CONFIG log.debug('Calling autograph service: {0}'.format(conf['server_url'])) # create the signing request signing_request = [{ 'input': b64encode(signed_manifest), 'keyid': conf['signer'], 'options': { 'id': get_id(file_obj.version.addon), }, }] # post the request with statsd.timer('services.sign.addon'): response = requests.post( '{server}/sign/data'.format(server=conf['server_url']), json=signing_request, auth=HawkAuth(id=conf['user_id'], key=conf['key'])) if response.status_code != requests.codes.CREATED: has_error = True else: log.debug(u'Calling signing service: {0}'.format( settings.SIGNING_SERVER)) with statsd.timer('services.sign.addon'): response = requests.post( get_trunion_endpoint(settings.SIGNING_SERVER), timeout=settings.SIGNING_SERVER_TIMEOUT, data={'addon_id': get_id(file_obj.version.addon)}, files={'file': (u'mozilla.sf', signed_manifest)}) if response.status_code != requests.codes.OK: has_error = True if has_error: msg = u'Posting to add-on signing failed: {0} {1}'.format( response.reason, response.text) log.error(msg) raise SigningError(msg) # convert the base64 encoded pkcs7 signature back to binary if use_autograph: pkcs7 = b64decode(force_bytes(response.json()[0]['signature'])) else: pkcs7 = b64decode(response.json()['mozilla.rsa']) cert_serial_num = get_signer_serial_number(pkcs7) # We only want the (unique) temporary file name. with tempfile.NamedTemporaryFile() as temp_file: temp_filename = temp_file.name jar.make_signed( signed_manifest=signed_manifest, signature=pkcs7, sigpath=u'mozilla', outpath=temp_filename) shutil.move(temp_filename, file_obj.file_path) return cert_serial_num