def call_signing(file_obj, endpoint): """Get the jar signature and send it to the signing server to be signed.""" # We only want the (unique) temporary file name. with tempfile.NamedTemporaryFile() as temp_file: temp_filename = temp_file.name # Extract jar signature. jar = JarExtractor(path=storage.open(file_obj.file_path), outpath=temp_filename, omit_signature_sections=True, extra_newlines=True) log.debug(u'File signature contents: {0}'.format(jar.signatures)) log.debug(u'Calling signing service: {0}'.format(endpoint)) with statsd.timer('services.sign.addon'): response = requests.post( endpoint, timeout=settings.SIGNING_SERVER_TIMEOUT, data={'addon_id': get_id(file_obj.version.addon)}, files={'file': (u'mozilla.sf', unicode(jar.signatures))}) if response.status_code != 200: msg = u'Posting to add-on signing failed: {0}'.format(response.reason) log.error(msg) raise SigningError(msg) pkcs7 = b64decode(json.loads(response.content)['mozilla.rsa']) cert_serial_num = get_signature_serial_number(pkcs7) jar.make_signed(pkcs7, sigpath=u'mozilla') shutil.move(temp_filename, file_obj.file_path) return cert_serial_num
def call_signing(file_obj): """Get the jar signature and send it to the signing server to be signed.""" endpoint = get_endpoint(file_obj) if not endpoint: log.warning('Not signing: no active endpoint') return timeout = settings.SIGNING_SERVER_TIMEOUT # We only want the (unique) temporary file name. with tempfile.NamedTemporaryFile() as temp_file: temp_filename = temp_file.name # Extract jar signature. try: jar = JarExtractor(path=storage.open(file_obj.file_path), outpath=temp_filename, omit_signature_sections=True) except: msg = 'Archive extraction failed. Bad archive?' log.error(msg, exc_info=True) raise SigningError(msg) log.info('File signature contents: %s' % jar.signatures) addon_id = file_obj.version.addon.guid log.info('Calling signing service: %s' % endpoint) try: with statsd.timer('services.sign.addon'): response = requests.post(endpoint, timeout=timeout, data={'addon_id': addon_id}, files={'file': ('mozilla.sf', str(jar.signatures))}) except requests.exceptions.HTTPError as error: # Will occur when a 3xx or greater code is returned. msg = 'Posting to add-on signing failed: %s, %s' % ( error.response.status, error) log.error(msg) raise SigningError(msg) except: # Will occur when some other error occurs. msg = 'Posting to add-on signing failed' log.error(msg, exc_info=True) raise SigningError(msg) if response.status_code != 200: msg = 'Posting to add-on signing failed: %s' % response.reason log.error(msg) raise SigningError(msg) pkcs7 = b64decode(json.loads(response.content)['mozilla.rsa']) try: cert_serial_num = get_signature_serial_number(pkcs7) jar.make_signed(pkcs7, sigpath='mozilla') except: msg = 'Addon signing failed' log.error(msg, exc_info=True) raise SigningError(msg) shutil.move(temp_filename, file_obj.file_path) return cert_serial_num
def test_09_serial_number_extraction(self): with open(test_file('zigbert.test.pkcs7.der'), 'r') as f: serialno = get_signature_serial_number(f.read()) # Signature occured on Thursday, January 22nd 2015 at 11:02:22am PST # The signing service returns a Python time.time() value multiplied # by 1000 to get a (hopefully) truly unique serial number self.assertEqual(1421953342960, serialno)
def call_signing(file_obj): """Get the jar signature and send it to the signing server to be signed.""" endpoint = get_endpoint(file_obj) if not endpoint: log.warning('Not signing: no active endpoint') return timeout = settings.SIGNING_SERVER_TIMEOUT # We only want the (unique) temporary file name. with tempfile.NamedTemporaryFile() as temp_file: temp_filename = temp_file.name # Extract jar signature. try: jar = JarExtractor(path=storage.open(file_obj.file_path), outpath=temp_filename, omit_signature_sections=True) except: msg = 'Archive extraction failed. Bad archive?' log.error(msg, exc_info=True) raise SigningError(msg) log.info('File signature contents: %s' % jar.signatures) # From https://wiki.mozilla.org/AMO/SigningService/API: # "A unique identifier for the combination of addon name and version that # will be used in the generated key and certificate. A strong preference # for human readable. addon_id = u"{slug}-{version}".format(slug=file_obj.version.addon.slug, version=file_obj.version.version) log.info('Calling signing service: %s' % endpoint) try: with statsd.timer('services.sign.addon'): response = requests.post( endpoint, timeout=timeout, data={'addon_id': addon_id}, files={'file': ('zigbert.sf', str(jar.signatures))}) except requests.exceptions.HTTPError as error: # Will occur when a 3xx or greater code is returned. msg = 'Posting to add-on signing failed: %s, %s' % ( error.response.status, error) log.error(msg) raise SigningError(msg) except: # Will occur when some other error occurs. msg = 'Posting to add-on signing failed' log.error(msg, exc_info=True) raise SigningError(msg) if response.status_code != 200: msg = 'Posting to add-on signing failed %s' % response.reason log.error(msg) raise SigningError(msg) pkcs7 = b64decode(json.loads(response.content)['zigbert.rsa']) try: cert_serial_num = get_signature_serial_number(pkcs7) jar.make_signed(pkcs7) except: msg = 'Addon signing failed' log.error(msg, exc_info=True) raise SigningError(msg) shutil.move(temp_filename, file_obj.file_path) return cert_serial_num