def test_inject_ids(self, post):
post().status_code = 200
post().content = '{"zigbert.rsa": ""}'
packaged.sign(self.version.pk)
zf = zipfile.ZipFile(self.file.signed_file_path, mode='r')
ids_data = zf.read('META-INF/ids.json')
eq_(sorted(json.loads(ids_data).keys()), ['id', 'version'])
def test_inject_ids(self, post):
post().status_code = 200
post().content = '{"zigbert.rsa": ""}'
packaged.sign(self.version.pk)
zf = zipfile.ZipFile(self.file.signed_file_path, mode='r')
ids_data = zf.read('META-INF/ids.json')
eq_(sorted(json.loads(ids_data).keys()), ['id', 'version'])
def test_sign_reviewer(self, sign_app):
packaged.sign(self.version.pk, reviewer=True)
assert sign_app.called
ids = json.loads(sign_app.call_args[0][2])
eq_(ids['id'], 'reviewer-{guid}-{version_id}'.format(
guid=self.app.guid, version_id=self.version.pk))
eq_(ids['version'], self.version.pk)
def test_no_server_full(self):
with self.settings(SIGNING_SERVER=''):
packaged.sign(self.version)
# Make sure the files weren't signed.
assert not self.file1.is_signed
assert not self.file2.is_signed
assert not self.file1.cert_serial_num
assert not self.file2.cert_serial_num
def test_no_server_full(self):
with self.settings(SIGNING_SERVER=''):
packaged.sign(self.version)
# Make sure the files weren't signed.
assert not is_signed(self.file1.file_path)
assert not is_signed(self.file2.file_path)
assert not self.file1.cert_serial_num
assert not self.file2.cert_serial_num
def test_inject_ids_replace(self, sign):
zf = zipfile.ZipFile(self.file.file_path, mode='a')
zf.writestr('META-INF/ids.json', '{}')
zf.close()
storage.open(self.file.signed_file_path, 'w')
packaged.sign(self.version.pk, resign=True)
zf = zipfile.ZipFile(self.file.file_path, mode='r')
ids_data = zf.read('META-INF/ids.json')
eq_(sorted(json.loads(ids_data).keys()), ['id', 'version'])
def test_no_server_prelim(self):
self.file1.update(status=amo.STATUS_LITE)
self.file2.update(status=amo.STATUS_LITE)
with self.settings(PRELIMINARY_SIGNING_SERVER=''):
packaged.sign(self.version)
# Make sure the files weren't signed.
assert not self.file1.is_signed
assert not self.file2.is_signed
assert not self.file1.cert_serial_num
assert not self.file2.cert_serial_num
def test_no_server_prelim(self):
self.file1.update(status=amo.STATUS_LITE)
self.file2.update(status=amo.STATUS_LITE)
with self.settings(PRELIMINARY_SIGNING_SERVER=''):
packaged.sign(self.version)
# Make sure the files weren't signed.
assert not is_signed(self.file1.file_path)
assert not is_signed(self.file2.file_path)
assert not self.file1.cert_serial_num
assert not self.file2.cert_serial_num
def test_inject_ids(self, post):
"""
Checks correct signing of a package using fake data
as returned by Trunion
"""
post().status_code = 200
post().content = '{"zigbert.rsa": ""}'
packaged.sign(self.version.pk)
zf = zipfile.ZipFile(self.file1.signed_file_path, mode='r')
ids_data = zf.read('META-INF/ids.json')
eq_(sorted(json.loads(ids_data).keys()), ['id', 'version'])
def test_inject_ids(self, post):
"""
Checks correct signing of a package using fake data
as returned by Trunion
"""
post().status_code = 200
post().content = '{"zigbert.rsa": ""}'
packaged.sign(self.version.pk)
zf = zipfile.ZipFile(self.file1.signed_file_path, mode='r')
ids_data = zf.read('META-INF/ids.json')
eq_(sorted(json.loads(ids_data).keys()), ['id', 'version'])
def test_sign_file(self):
assert not self.file1.is_signed
assert not self.file2.is_signed
assert not self.file1.cert_serial_num
assert not self.file2.cert_serial_num
assert not self.file1.hash
assert not self.file2.hash
packaged.sign(self.version)
assert self.file1.is_signed
assert self.file2.is_signed
assert self.file1.cert_serial_num
assert self.file2.cert_serial_num
assert self.file1.hash
assert self.file2.hash
def test_sign_consumer(self, sign_addon):
file_list = packaged.sign(self.version.pk)
assert sign_addon.called
ids = json.loads(sign_addon.call_args[0][2])
eq_(ids['id'], self.addon.guid)
eq_(ids['version'], self.version.pk)
file_list = dict(file_list)
eq_(file_list[self.file1.pk], self.file1.signed_file_path)
eq_(file_list[self.file2.pk], self.file2.signed_file_path)
def handle(self, *args, **options):
if len(args) == 0: # Sign all the addons?
raise CommandError(
'Please provide at least one addon id to sign. If you want to '
'sign them all, use the "process_addons --task sign_addons" '
'management command.')
addon_ids = [int(addon_id) for addon_id in args]
to_sign = Version.objects.filter(addon_id__in=addon_ids)
num_versions = to_sign.count()
self.stdout.write('Starting the signing of %s versions' % num_versions)
for version in to_sign:
try:
self.stdout.write('Signing version %s' % version.pk)
sign(version)
except SigningError as e:
self.stderr.write('Error while signing version %s: %s' %
(version.pk, e))
def test_sign_consumer(self, sign_addon):
file_list = packaged.sign(self.version.pk)
assert sign_addon.called
ids = json.loads(sign_addon.call_args[0][2])
eq_(ids['id'], self.addon.guid)
eq_(ids['version'], self.version.pk)
file_list = dict(file_list)
eq_(file_list[self.file1.pk], self.file1.signed_file_path)
eq_(file_list[self.file2.pk], self.file2.signed_file_path)
def test_sign_reviewer(self, sign_addon):
file_list = packaged.sign(self.version.pk, reviewer=True)
assert sign_addon.called
ids = json.loads(sign_addon.call_args[0][2])
eq_(ids['id'], 'reviewer-{guid}-{version_id}'.format(
guid=self.addon.guid, version_id=self.version.pk))
eq_(ids['version'], self.version.pk)
file_list = dict(file_list)
eq_(file_list[self.file1.pk], self.file1.signed_reviewer_file_path)
eq_(file_list[self.file2.pk], self.file2.signed_reviewer_file_path)
def test_sign_reviewer(self, sign_addon):
file_list = packaged.sign(self.version.pk, reviewer=True)
assert sign_addon.called
ids = json.loads(sign_addon.call_args[0][2])
eq_(
ids['id'],
'reviewer-{guid}-{version_id}'.format(guid=self.addon.guid,
version_id=self.version.pk))
eq_(ids['version'], self.version.pk)
file_list = dict(file_list)
eq_(file_list[self.file1.pk], self.file1.signed_reviewer_file_path)
eq_(file_list[self.file2.pk], self.file2.signed_reviewer_file_path)
def test_inject_ids_replace(self, post):
post().status_code = 200
post().content = '{"zigbert.rsa": ""}'
origz = zipfile.ZipFile(self.file.file_path, mode='r')
original_contents = sorted([
(zi.filename, origz.read(zi.filename))
for zi in origz.infolist()])
zf = zipfile.ZipFile(self.file.file_path, mode='a')
zf.writestr('META-INF/ids.json', '{}')
zf.close()
packaged.sign(self.version.pk, resign=True)
zf = zipfile.ZipFile(self.file.signed_file_path, mode='r')
ids_data = zf.read('META-INF/ids.json')
eq_(sorted(json.loads(ids_data).keys()), ['id', 'version'])
eq_([zi.filename for zi in zf.infolist()].count('META-INF/ids.json'),
1)
eq_(sorted([(zi.filename, zf.read(zi.filename))
for zi in zf.infolist()
if not zi.filename.startswith('META-INF')]),
original_contents)
def test_already_exists(self):
storage.open(self.file.signed_file_path, 'w')
assert packaged.sign(self.version.pk)
def test_reviewer_server_inactive(self, _no_sign):
with self.settings(SIGNED_APPS_REVIEWER_SERVER_ACTIVE=False):
packaged.sign(self.version.pk, reviewer=True)
assert _no_sign.called
def test_not_packaged(self):
self.app.update(is_packaged=False)
packaged.sign(self.version.pk)
def test_good(self):
with self.settings(SIGNED_APPS_KEY=self.sample_packaged_key()):
self.is_signed(packaged.sign(self.version.pk))
def test_reviewer_server_active(self):
with self.settings(SIGNED_APPS_REVIEWER_SERVER_ACTIVE=True):
packaged.sign(self.version.pk, reviewer=True)
def test_no_file(self):
[f.delete() for f in self.app.current_version.all_files]
packaged.sign(self.version.pk)
def test_resign_already_exists(self, sign_app):
private_storage.open(self.file.signed_file_path, 'w')
packaged.sign(self.version.pk, resign=True)
assert sign_app.called
def test_already_exists(self):
storage.open(self.file.signed_file_path, 'w')
assert packaged.sign(self.version.pk)
def test_reviewer(self):
# For the moment there is no real difference between reviewers
# and users.
with self.settings(SIGNED_APPS_KEY=self.sample_packaged_key()):
self.is_signed(packaged.sign(self.version.pk, True))
def test_resign_already_exists(self, sign_addon):
storage.open(self.file1.signed_file_path, 'w')
storage.open(self.file2.signed_file_path, 'w')
packaged.sign(self.version.pk, resign=True)
assert sign_addon.called
def test_good(self):
self.setup_files()
path = packaged.sign(self.version.pk)
# TODO: This will change when we actually sign things.
assert os.stat(path).st_size == (
os.stat(self.file.file_path).st_size)
def test_already_exists(self, sign_addon):
with (storage.open(self.file1.signed_file_path, 'w') and
storage.open(self.file2.signed_file_path, 'w')):
assert packaged.sign(self.version.pk)
assert not sign_addon.called
def test_reviewer(self):
self.setup_files()
path = packaged.sign(self.version.pk, True)
assert os.stat(path).st_size == (
os.stat(self.file.file_path).st_size)
def sign_if_packaged(self, version_pk, reviewer=False):
if not self.is_packaged:
return
return packaged.sign(version_pk, reviewer=reviewer)
def test_no_key(self):
raise SkipTest('Keys ignored')
key = self.sample_packaged_key() + '.nope'
with self.settings(SIGNED_APPS_KEY=key):
packaged.sign(self.version.pk)
def sign_files(self):
"""Sign the files for this version."""
return packaged.sign(self)
def test_already_exists(self, sign_addon):
with (storage.open(self.file1.signed_file_path, 'w')
and storage.open(self.file2.signed_file_path, 'w')):
assert packaged.sign(self.version.pk)
assert not sign_addon.called
def test_not_app(self):
self.app.update(type=amo.ADDON_EXTENSION)
packaged.sign(self.version.pk)
def test_already_exists(self, sign_app):
with private_storage.open(self.file.signed_file_path, 'w') as f:
f.write('.')
assert packaged.sign(self.version.pk)
assert not sign_app.called
def test_already_exists(self, sign_app):
storage.open(self.file.signed_file_path, 'w')
assert packaged.sign(self.version.pk)
assert not sign_app.called
def test_sign_consumer(self, sign_app):
packaged.sign(self.version.pk)
assert sign_app.called
ids = json.loads(sign_app.call_args[0][2])
eq_(ids['id'], self.app.guid)
eq_(ids['version'], self.version.pk)
def sign_if_packaged(self, version_pk):
if not self.is_packaged:
return
packaged.sign(version_pk)
def test_server_active(self):
with self.settings(SIGNED_APPS_SERVER_ACTIVE=True):
packaged.sign(self.version.pk)
def test_raises(self, xpisign):
xpisign.side_effect = ValueError
with self.settings(SIGNED_APPS_KEY=self.sample_packaged_key()):
self.is_signed(packaged.sign(self.version.pk))
def test_server_inactive(self, _no_sign):
with self.settings(SIGNED_APPS_SERVER_ACTIVE=False):
packaged.sign(self.version.pk)
assert _no_sign.called
def test_already_exists(self, sign_app):
storage.open(self.file.signed_file_path, 'w')
assert packaged.sign(self.version.pk)
assert not sign_app.called
def test_not_app(self):
self.app.update(type=amo.ADDON_EXTENSION)
packaged.sign(self.version.pk)
def test_inject_ids(self, sign):
packaged.sign(self.version.pk)
zf = zipfile.ZipFile(self.file.file_path, mode='r')
ids_data = zf.read('META-INF/ids.json')
eq_(sorted(json.loads(ids_data).keys()), ['id', 'version'])
def test_no_file(self):
[f.delete() for f in self.app.current_version.all_files]
packaged.sign(self.version.pk)
def test_reviewer(self):
# For the moment there is no real difference between reviewers
# and users.
with self.settings(SIGNED_APPS_KEY=self.sample_packaged_key()):
self.is_signed(packaged.sign(self.version.pk, True))
def test_server_active(self):
with self.settings(SIGNED_APPS_SERVER_ACTIVE=True):
packaged.sign(self.version.pk)
def test_not_packaged(self):
self.app.update(is_packaged=False)
packaged.sign(self.version.pk)
def test_good(self):
with self.settings(SIGNED_APPS_KEY=self.sample_packaged_key()):
self.is_signed(packaged.sign(self.version.pk))
def test_resign_already_exists(self, sign_addon):
storage.open(self.file1.signed_file_path, 'w')
storage.open(self.file2.signed_file_path, 'w')
packaged.sign(self.version.pk, resign=True)
assert sign_addon.called
def test_raises(self, xpisign):
xpisign.side_effect = ValueError
with self.settings(SIGNED_APPS_KEY=self.sample_packaged_key()):
self.is_signed(packaged.sign(self.version.pk))
def sign_if_packaged(self, version_pk, reviewer=False):
if not self.is_packaged:
return
return packaged.sign(version_pk, reviewer=reviewer)