include test cases for python getsig replacement

This includes the old getsig.java since that is the canonical implementation
of that algorithm.

fixes #5 https://gitlab.com/fdroid/fdroidserver/issues/5

tests/getsig/getsig.java

@@ -0,0 +1,105 @@
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.Signature;
+import java.security.cert.*;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Enumeration;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+
+public class getsig {
+
+    public static void main(String[] args) {
+
+        String apkPath = null;
+        boolean full = false;
+
+        if(args.length == 1) {
+            apkPath = args[0];
+        } else if (args.length == 2) {
+            if(!args[0].equals("-f")) {
+                System.out.println("Only -f is supported");
+                System.exit(1);
+            }
+            apkPath = args[1];
+            full = true;
+        } else {
+            System.out.println("Specify the APK file to get the signature from!");
+            System.exit(1);
+        }
+
+        try {
+
+            JarFile apk = new JarFile(apkPath);
+            java.security.cert.Certificate[] certs = null;
+
+            Enumeration entries = apk.entries();
+            while (entries.hasMoreElements()) {
+                JarEntry je = (JarEntry) entries.nextElement();
+                if (!je.isDirectory() && !je.getName().startsWith("META-INF/")) {
+                    // Just need to read the stream (discarding the data) to get
+                    // it to process the certificate...
+                    byte[] b = new byte[4096];
+                    InputStream is = apk.getInputStream(je);
+                    while (is.read(b, 0, b.length) != -1);
+                    is.close();
+                    certs = je.getCertificates();
+                    if(certs != null)
+                        break;
+                }
+            }
+            apk.close();
+
+            if (certs == null) {
+                System.out.println("Not signed");
+                System.exit(1);
+            }
+            if (certs.length != 1) {
+                System.out.println("One signature expected");
+                System.exit(1);
+            }
+
+            // Get the signature in the same form that is returned by
+            // android.content.pm.Signature.toCharsString() (but in the
+            // form of a byte array so we can pass it to the MD5 function)...
+            byte[] sig = certs[0].getEncoded();
+            byte[] csig = new byte[sig.length * 2];
+            for (int j=0; j<sig.length; j++) {
+                byte v = sig[j];
+                int d = (v>>4)&0xf;
+                csig[j*2] = (byte)(d >= 10 ? ('a' + d - 10) : ('0' + d));
+                d = v&0xf;
+                csig[j*2+1] = (byte)(d >= 10 ? ('a' + d - 10) : ('0' + d));
+            }
+
+            String result;
+            if(full) {
+                result = new String(csig);
+            } else {
+                // Get the MD5 sum...
+                MessageDigest md;
+                md = MessageDigest.getInstance("MD5");
+                byte[] md5sum = new byte[32];
+                md.update(csig);
+                md5sum = md.digest();
+                BigInteger bigInt = new BigInteger(1, md5sum);
+                String md5hash = bigInt.toString(16);
+                while (md5hash.length() < 32)
+                    md5hash = "0" + md5hash;
+                result = md5hash;
+            }
+
+            System.out.println("Result:" + result);
+            System.exit(0);
+
+        } catch (Exception e) {
+            System.out.println("Exception:" + e);
+            System.exit(1);
+        }
+    }
+
+}
+
+

tests/getsig/make.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+javac getsig.java

tests/getsig/run.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+java getsig $1 $2 $3

tests/run-tests

@@ -92,6 +92,15 @@ cd $WORKSPACE
 ./hooks/pre-commit
 
 
+#------------------------------------------------------------------------------#
+echo_header "test python getsig replacement"
+
+cd $WORKSPACE/tests/getsig
+./make.sh
+cd $WORKSPACE/tests
+./update.TestCase
+
+
 #------------------------------------------------------------------------------#
 echo_header "create a source tarball and use that to build a repo"
 

tests/update.TestCase

@@ -0,0 +1,82 @@
+#!/usr/bin/env python2
+# -*- coding: utf-8 -*-
+
+# http://www.drdobbs.com/testing/unit-testing-with-python/240165163
+
+import inspect
+import optparse
+import os
+import sys
+import unittest
+
+localmodule = os.path.realpath(os.path.join(
+        os.path.dirname(inspect.getfile(inspect.currentframe())),
+        '..'))
+print('localmodule: ' + localmodule)
+if localmodule not in sys.path:
+    sys.path.insert(0,localmodule)
+
+import fdroidserver.common
+import fdroidserver.update
+from fdroidserver.common import FDroidPopen, SilentPopen
+
+class UpdateTest(unittest.TestCase):
+    '''fdroid update'''
+
+    def javagetsig(self, apkfile):
+        getsig_dir = os.path.join(os.path.dirname(__file__), 'getsig')
+        if not os.path.exists(getsig_dir + "/getsig.class"):
+            logging.critical("getsig.class not found. To fix: cd '%s' && ./make.sh" % getsig_dir)
+            sys.exit(1)
+        p = FDroidPopen(['java', '-cp', os.path.join(os.path.dirname(__file__), 'getsig'),
+                         'getsig', os.path.join(os.getcwd(), apkfile)])
+        sig = None
+        for line in p.output.splitlines():
+            if line.startswith('Result:'):
+                sig = line[7:].strip()
+                break
+        if p.returncode == 0:
+            return sig
+        else:
+            return None
+        
+    def testGoodGetsig(self):
+        apkfile = os.path.join(os.path.dirname(__file__), 'urzip.apk')
+        sig = self.javagetsig(apkfile)
+        self.assertIsNotNone(sig, "sig is None")
+        pysig = fdroidserver.update.getsig(apkfile)
+        self.assertIsNotNone(pysig, "pysig is None")        
+        self.assertEquals(sig, fdroidserver.update.getsig(apkfile),
+                          "python sig not equal to java sig!")
+        self.assertEquals(len(sig), len(pysig),
+                          "the length of the two sigs are different!")
+        try:
+            self.assertEquals(sig.decode('hex'), pysig.decode('hex'),
+                              "the length of the two sigs are different!")
+        except TypeError as e:
+            print e
+            self.assertTrue(False, 'TypeError!')
+
+    def testBadGetsig(self):
+        apkfile = os.path.join(os.path.dirname(__file__), 'urzip-badsig.apk')
+        sig = self.javagetsig(apkfile)
+        self.assertIsNone(sig, "sig should be None: " + str(sig))
+        pysig = fdroidserver.update.getsig(apkfile)
+        self.assertIsNone(pysig, "python sig should be None: " + str(sig))
+
+        apkfile = os.path.join(os.path.dirname(__file__), 'urzip-badcert.apk')
+        sig = self.javagetsig(apkfile)
+        self.assertIsNone(sig, "sig should be None: " + str(sig))
+        pysig = fdroidserver.update.getsig(apkfile)
+        self.assertIsNone(pysig, "python sig should be None: " + str(sig))
+
+
+if __name__ == "__main__":
+    parser = optparse.OptionParser()
+    parser.add_option("-v", "--verbose", action="store_true", default=False,
+                      help="Spew out even more information than normal")
+    (fdroidserver.common.options, args) = parser.parse_args(['--verbose'])
+
+    newSuite = unittest.TestSuite()
+    newSuite.addTest(unittest.makeSuite(UpdateTest))
+    unittest.main()