def test_no_keystore(self, jarsigner):
self.stor.get_app_key.side_effect = NoSuchKey
with self.unsigned_apk() as apk:
signer.sign(self.apk_id, apk)
# Asset key store is saved.
self.stor.put_app_key.assert_called_with(mock.ANY, self.apk_id)
def test_no_keystore(self, jarsigner):
self.stor.get_app_key.side_effect = NoSuchKey
with self.unsigned_apk() as apk:
signer.sign(self.apk_id, apk)
# Asset key store is saved.
self.stor.put_app_key.assert_called_with(mock.ANY, self.apk_id)
def test_always_generate(self, gen_keystore, jarsigner):
gen_keystore.return_value = self.open_keystore().name
with self.unsigned_apk() as apk:
signer.sign(self.apk_id, apk)
assert not self.stor.get_app_key.called, (
'key stores should not be fetched in reviewer mode')
assert not self.stor.put_app_key.called, (
'key stores should not be saved in reviewer mode')
assert gen_keystore.called, ('key store should have been generated')
def test_always_generate(self, gen_keystore, jarsigner):
gen_keystore.return_value = self.open_keystore().name
with self.unsigned_apk() as apk:
signer.sign(self.apk_id, apk)
assert not self.stor.get_app_key.called, (
'key stores should not be fetched in reviewer mode')
assert not self.stor.put_app_key.called, (
'key stores should not be saved in reviewer mode')
assert gen_keystore.called, (
'key store should have been generated')
def post(self, request):
form = SignForm(request.POST)
if not form.is_valid():
return self.form_errors([form])
src = form.cleaned_data['unsigned_apk_s3_path']
dest = form.cleaned_data['signed_apk_s3_path']
log.info('about to sign APK ID={id} from {src} to {dest}'
.format(src=src, dest=dest,
id=form.cleaned_data['apk_id']))
with storage.get_apk(src) as fp:
real_hash = checksum_hash(fp)
claimed_hash = form.cleaned_data['unsigned_apk_s3_hash']
log.info('Unsigned APK hash check: '
'{src} real={real} claimed={claimed}'
.format(src=src, real=real_hash,
claimed=claimed_hash))
if real_hash != claimed_hash:
raise BadRequestError('unsigned APK content '
'hash check failed')
with signer.sign(form.cleaned_data['apk_id'],
fp) as signed_fp:
storage.put_signed_apk(signed_fp, dest)
return Response({'signed_apk_s3_url': storage.signed_apk_url(dest)})
def post(self, request):
form = SignForm(request.POST)
if not form.is_valid():
return self.form_errors([form])
src = form.cleaned_data['unsigned_apk_s3_path']
dest = form.cleaned_data['signed_apk_s3_path']
log.info('about to sign APK ID={id} from {src} to {dest}'.format(
src=src, dest=dest, id=form.cleaned_data['apk_id']))
with storage.get_apk(src) as fp:
real_hash = checksum_hash(fp)
claimed_hash = form.cleaned_data['unsigned_apk_s3_hash']
log.info('Unsigned APK hash check: '
'{src} real={real} claimed={claimed}'.format(
src=src, real=real_hash, claimed=claimed_hash))
if real_hash != claimed_hash:
raise BadRequestError('unsigned APK content '
'hash check failed')
with signer.sign(form.cleaned_data['apk_id'], fp) as signed_fp:
storage.put_signed_apk(signed_fp, dest)
return Response({'signed_apk_s3_url': storage.signed_apk_url(dest)})
def test_sign_and_verify(self):
self.stor.get_app_key.return_value = self.open_keystore()
with self.unsigned_apk() as apk:
signed_fp = signer.sign(self.apk_id, apk)
signed_fp.seek(0)
output = signer.jarsigner(['-verify', '-verbose', signed_fp.name])
buf = []
for ln in output.splitlines():
if ln.startswith('Warning:'):
# Strip out all trailing warnings.
break
buf.append(ln)
buf = '\n'.join(buf)
assert buf.strip().endswith('jar verified.'), buf
# Make sure we don't leave any key stores on the server.
eq_(os.listdir(self.tmp), [])
def test_sign_and_verify(self):
self.stor.get_app_key.return_value = self.open_keystore()
with self.unsigned_apk() as apk:
signed_fp = signer.sign(self.apk_id, apk)
signed_fp.seek(0)
output = signer.jarsigner(['-verify', '-verbose', signed_fp.name])
buf = []
for ln in output.splitlines():
if ln.startswith('Warning:'):
# Strip out all trailing warnings.
break
buf.append(ln)
buf = '\n'.join(buf)
assert buf.strip().endswith('jar verified.'), buf
# Make sure we don't leave any key stores on the server.
eq_(os.listdir(self.tmp), [])
