def test_no_keystore(self, jarsigner): self.stor.get_app_key.side_effect = NoSuchKey with self.unsigned_apk() as apk: signer.sign(self.apk_id, apk) # Asset key store is saved. self.stor.put_app_key.assert_called_with(mock.ANY, self.apk_id)
def test_always_generate(self, gen_keystore, jarsigner): gen_keystore.return_value = self.open_keystore().name with self.unsigned_apk() as apk: signer.sign(self.apk_id, apk) assert not self.stor.get_app_key.called, ( 'key stores should not be fetched in reviewer mode') assert not self.stor.put_app_key.called, ( 'key stores should not be saved in reviewer mode') assert gen_keystore.called, ('key store should have been generated')
def test_always_generate(self, gen_keystore, jarsigner): gen_keystore.return_value = self.open_keystore().name with self.unsigned_apk() as apk: signer.sign(self.apk_id, apk) assert not self.stor.get_app_key.called, ( 'key stores should not be fetched in reviewer mode') assert not self.stor.put_app_key.called, ( 'key stores should not be saved in reviewer mode') assert gen_keystore.called, ( 'key store should have been generated')
def post(self, request): form = SignForm(request.POST) if not form.is_valid(): return self.form_errors([form]) src = form.cleaned_data['unsigned_apk_s3_path'] dest = form.cleaned_data['signed_apk_s3_path'] log.info('about to sign APK ID={id} from {src} to {dest}' .format(src=src, dest=dest, id=form.cleaned_data['apk_id'])) with storage.get_apk(src) as fp: real_hash = checksum_hash(fp) claimed_hash = form.cleaned_data['unsigned_apk_s3_hash'] log.info('Unsigned APK hash check: ' '{src} real={real} claimed={claimed}' .format(src=src, real=real_hash, claimed=claimed_hash)) if real_hash != claimed_hash: raise BadRequestError('unsigned APK content ' 'hash check failed') with signer.sign(form.cleaned_data['apk_id'], fp) as signed_fp: storage.put_signed_apk(signed_fp, dest) return Response({'signed_apk_s3_url': storage.signed_apk_url(dest)})
def post(self, request): form = SignForm(request.POST) if not form.is_valid(): return self.form_errors([form]) src = form.cleaned_data['unsigned_apk_s3_path'] dest = form.cleaned_data['signed_apk_s3_path'] log.info('about to sign APK ID={id} from {src} to {dest}'.format( src=src, dest=dest, id=form.cleaned_data['apk_id'])) with storage.get_apk(src) as fp: real_hash = checksum_hash(fp) claimed_hash = form.cleaned_data['unsigned_apk_s3_hash'] log.info('Unsigned APK hash check: ' '{src} real={real} claimed={claimed}'.format( src=src, real=real_hash, claimed=claimed_hash)) if real_hash != claimed_hash: raise BadRequestError('unsigned APK content ' 'hash check failed') with signer.sign(form.cleaned_data['apk_id'], fp) as signed_fp: storage.put_signed_apk(signed_fp, dest) return Response({'signed_apk_s3_url': storage.signed_apk_url(dest)})
def test_sign_and_verify(self): self.stor.get_app_key.return_value = self.open_keystore() with self.unsigned_apk() as apk: signed_fp = signer.sign(self.apk_id, apk) signed_fp.seek(0) output = signer.jarsigner(['-verify', '-verbose', signed_fp.name]) buf = [] for ln in output.splitlines(): if ln.startswith('Warning:'): # Strip out all trailing warnings. break buf.append(ln) buf = '\n'.join(buf) assert buf.strip().endswith('jar verified.'), buf # Make sure we don't leave any key stores on the server. eq_(os.listdir(self.tmp), [])