def test_tampered_manifest(self): # MANIFEST.MF does not verify against .SF in either way. # Was tampered manually. jar_data = get_data_fn("tampered-manifest.jar") cert = get_data_fn("javatools-cert.pem") with self.assertRaises(ManifestChecksumError): verify(cert, jar_data)
def test_overriden_extension_handling(self): jar_data = get_data_fn("test_extensions/no-email-protection.jar") cert = get_data_fn("test_extensions/ca.pem") self.verify_wrap( cert, jar_data, "Signature by certificate without EmailProtection EKU extension failed" ) jar_data = get_data_fn("test_extensions/no-ku.jar") self.verify_wrap( cert, jar_data, "Signature by certificate without any KU extension failed") jar_data = get_data_fn("test_extensions/wrong-ku.jar") with self.assertRaises(SignatureBlockFileVerificationError): verify(cert, jar_data)
def test_cli_sign_and_verify(self): src = get_data_fn("cli-sign-and-verify.jar") key_alias = "SAMPLE3" cert = get_data_fn("javatools-cert.pem") key = get_data_fn("javatools.pem") with NamedTemporaryFile() as tmp_jar: copyfile(src, tmp_jar.name) cli_sign_jar(None, tmp_jar.name, cert, key, key_alias) error_message = verify(cert, tmp_jar.name, key_alias) self.assertIsNone(error_message, "Verification of JAR which we just signed failed: %s" % error_message)
def test_cli_sign_and_verify_ecdsa_pkcs8_sha512(self): src = get_data_fn("cli-sign-and-verify.jar") key_alias = "SAMPLE3" cert = get_data_fn("ec-cert.pem") key = get_data_fn("ec-key.pem") with NamedTemporaryFile() as tmp_jar: copyfile(src, tmp_jar.name) cli_sign_jar([tmp_jar.name, cert, key, key_alias]) error_message = verify(cert, tmp_jar.name, key_alias) self.assertIsNone(error_message, "Verification of JAR which we just signed failed: %s" % error_message)
def test_sign_with_certchain_and_verify(self): src = get_data_fn("certchain-data.jar") key_alias = "SIGNING" signing_cert = get_data_fn("certchain-signing.pem") key = get_data_fn("certchain-signing-key.pem") intermediate_cert = get_data_fn("certchain-intermediate.pem") root_cert = get_data_fn("certchain-root.pem") with NamedTemporaryFile() as tmp_jar: copyfile(src, tmp_jar.name) self.assertEqual(0, cli_sign_jar( ["-c", root_cert, "-c", intermediate_cert, tmp_jar.name, signing_cert, key, key_alias]), "Signing with embedding a chain of certificates failed") error_message = verify(root_cert, tmp_jar.name, key_alias) self.assertIsNone(error_message, "Verification of JAR which we signed embedding chain of certificates failed: %s" % error_message) # # The end.
def test_multiple_sf_files(self): jar_data = get_data_fn("multiple-sf-files.jar") cert = get_data_fn("javatools-cert.pem") with self.assertRaises(VerificationError): verify(cert, jar_data)
def verify_wrap(self, cert, jar, error_prefix): try: verify(cert, jar) except VerificationError, error_message: self.fail("%s: %s" % (error_prefix, error_message))
def test_tampered_signature_block(self): jar_data = get_data_fn("ec-tampered.jar") cert = get_data_fn("ec-cert.pem") error_message = verify(cert, jar_data, "TEST") self.assertIsNotNone(error_message, "Error: verification of a tampered signature has succeeded")
def test_missing_signature_block(self): jar_data = get_data_fn("ec-must-fail.jar") cert = get_data_fn("ec-cert.pem") error_message = verify(cert, jar_data, "TEST") self.assertIsNotNone(error_message, "Error: verification of non-existing key alias has succeeded")
def test_tampered_jar_entry(self): jar_data = get_data_fn("tampered-entry.jar") cert = get_data_fn("javatools-cert.pem") with self.assertRaises(JarChecksumError): verify(cert, jar_data)
def test_multiple_valid_sf_files_cert2(self): jar_data = get_data_fn("test_jarutil/multiple-sf-files-all-valid.jar") cert = get_data_fn("test_jarutil/javatools-cert-2.pem") sf_file = "KEY2.SF" self.assertEqual(verify(cert, jar_data, sf_file), None)
def test_multiple_sf_files_no_cert_specified(self): jar_data = get_data_fn("test_jarutil/multiple-sf-files-some-junk.jar") cert = get_data_fn("test_jarutil/javatools-cert.pem") with self.assertRaises(VerificationError): verify(cert, jar_data)
def test_multiple_valid_sf_files_cert1(self): jar_data = get_data_fn("multiple-sf-files-all-valid.jar") cert = get_data_fn("javatools-cert.pem") sf_file = "KEY1.SF" self.assertEquals(verify(cert, jar_data, sf_file), None)
def test_missing_signature_block(self): jar_data = get_data_fn("ec-must-fail.jar") cert = get_data_fn("ec-cert.pem") with self.assertRaises(JarSignatureMissingError): verify(cert, jar_data)
def test_tampered_signature_block(self): jar_data = get_data_fn("ec-tampered.jar") cert = get_data_fn("ec-cert.pem") with self.assertRaises(SignatureBlockFileVerificationError): verify(cert, jar_data)
def test_single_sf_file_wrong_cert_specified(self): jar_data = get_data_fn("test_jarutil/jarutil-signed.jar") cert = get_data_fn("test_jarutil/javatools-cert.pem") sf_file = "DOES_NOT_EXIST.SF" with self.assertRaises(VerificationError): verify(cert, jar_data, sf_file)
def test_single_sf_file_correct_cert_specified(self): jar_data = get_data_fn("test_jarutil/jarutil-signed.jar") cert = get_data_fn("test_jarutil/javatools-cert.pem") sf_file = "UNUSED.SF" self.assertEqual(verify(cert, jar_data, sf_file), None)