create index.get_index_from_jar() for parsing index-v1.json

Also removes redundant comments, should be in the doc string!
2024-07-02 07:20:37 +02:00 · 2018-12-17 14:03:12 +01:00 · 2018-12-17 14:03:12 +01:00 · 869cc114a3
commit 869cc114a3
parent 09281bee25
1 changed files with 25 additions and 23 deletions
--- a/fdroidserver/index.py
+++ b/fdroidserver/index.py
@ -687,15 +687,18 @@ def get_mirror_service_urls(url):


 def download_repo_index(url_str, etag=None, verify_fingerprint=True):
-    """
-    Downloads the repository index from the given :param url_str
-    and verifies the repository's fingerprint if :param verify_fingerprint is not False.
+    """Downloads and verifies index file, then returns its data.
+
+    Downloads the repository index from the given :param url_str and
+    verifies the repository's fingerprint if :param verify_fingerprint
+    is not False.

    :raises: VerificationException() if the repository could not be verified

    :return: A tuple consisting of:
        - The index in JSON format or None if the index did not change
        - The new eTag as returned by the HTTP request
+
    """
    url = urllib.parse.urlsplit(url_str)

@ -713,32 +716,31 @@ def download_repo_index(url_str, etag=None, verify_fingerprint=True):
        return None, new_etag

    with tempfile.NamedTemporaryFile() as fp:
-        # write and open JAR file
        fp.write(download)
-        jar = zipfile.ZipFile(fp)
-
-        # verify that the JAR signature is valid
-        logging.debug(_('Verifying index signature:'))
-        common.verify_jar_signature(fp.name)
-
-        # get public key and its fingerprint from JAR
-        public_key, public_key_fingerprint = get_public_key_from_jar(jar)
-
-        # compare the fingerprint if verify_fingerprint is True
-        if verify_fingerprint and fingerprint.upper() != public_key_fingerprint:
-            raise VerificationException(_("The repository's fingerprint does not match."))
-
-        # load repository index from JSON
-        index = json.loads(jar.read('index-v1.json').decode("utf-8"))
-        index["repo"]["pubkey"] = hexlify(public_key).decode("utf-8")
+        index, public_key, public_key_fingerprint = get_index_from_jar(fp.name, fingerprint)
+        index["repo"]["pubkey"] = hexlify(public_key).decode()
        index["repo"]["fingerprint"] = public_key_fingerprint
-
-        # turn the apps into App objects
        index["apps"] = [metadata.App(app) for app in index["apps"]]
-
        return index, new_etag


+def get_index_from_jar(jarfile, fingerprint=None):
+    """Returns the data, public key, and fingerprint from index-v1.jar
+
+    :raises: VerificationException() if the repository could not be verified
+    """
+
+    logging.debug(_('Verifying index signature:'))
+    common.verify_jar_signature(jarfile)
+    with zipfile.ZipFile(jarfile) as jar:
+        public_key, public_key_fingerprint = get_public_key_from_jar(jar)
+        if fingerprint is not None:
+            if fingerprint.upper() != public_key_fingerprint:
+                raise VerificationException(_("The repository's fingerprint does not match."))
+        data = json.loads(jar.read('index-v1.json').decode())
+        return data, public_key, public_key_fingerprint
+
+
 def get_public_key_from_jar(jar):
    """
    Get the public key and its fingerprint from a JAR file.