mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-04 14:30:30 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

add verify_jar_signature() to verify entry.jar

Browse source
This commit is contained in:
Hans-Christoph Steiner 2023-03-08 11:26:29 +01:00
parent cfe399888b
commit dd16076651
No known key found for this signature in database
GPG key ID: 3E177817BA1B9BFA
2 changed files with 62 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

29
tests/common.TestCase
View file

@ -529,6 +529,35 @@ class CommonTest(unittest.TestCase):
self.assertRaises(VerificationException, fdroidserver.common.verify_deprecated_jar_signature, 'urzip-badsig.apk')
self.assertRaises(VerificationException, fdroidserver.common.verify_deprecated_jar_signature, 'urzip-release-unsigned.apk')
def test_verify_jar_signature(self):
"""Sign entry.jar and make sure it validates"""
config = fdroidserver.common.read_config(fdroidserver.common.options)
config['jarsigner'] = fdroidserver.common.find_sdk_tools_cmd('jarsigner')
config['keystore'] = os.path.join(self.basedir, 'keystore.jks')
config['repo_keyalias'] = 'sova'
config['keystorepass'] = 'r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI='
config['keypass'] = 'r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI='
fdroidserver.common.config = config
fdroidserver.signindex.config = config
repo_dir = Path(self.testdir) / 'repo'
repo_dir.mkdir()
shutil.copy('repo/entry.json', repo_dir)
shutil.copy('repo/index-v2.json', repo_dir)
os.chdir(self.testdir)
fdroidserver.signindex.sign_index('repo', 'entry.json')
fdroidserver.common.verify_jar_signature('repo/entry.jar')
def test_verify_jar_signature_fails(self):
"""Test verify_jar_signature fails on unsigned and deprecated algorithms"""
config = fdroidserver.common.read_config(fdroidserver.common.options)
config['jarsigner'] = fdroidserver.common.find_sdk_tools_cmd('jarsigner')
fdroidserver.common.config = config
source_dir = os.path.join(self.basedir, 'signindex')
for f in ('unsigned.jar', 'testy.jar', 'guardianproject.jar', 'guardianproject-v1.jar'):
testfile = os.path.join(source_dir, f)
with self.assertRaises(fdroidserver.index.VerificationException):
fdroidserver.common.verify_jar_signature(testfile)
def test_verify_deprecated_jar_signature(self):
config = fdroidserver.common.read_config(fdroidserver.common.options)
config['jarsigner'] = fdroidserver.common.find_sdk_tools_cmd('jarsigner')