kamp/fdroidserver
1
0
Fork 0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-10-04 02:00:11 +02:00
Code Activity

common function for fetching sha256 signing-key fingerprint

Browse Source
This commit is contained in:
Michael Pöhn 2017-09-23 09:02:50 +02:00
parent d44d48285b
commit c196f7dd7a
2 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
fdroidserver/common.py
View File

@ -34,6 +34,7 @@ import logging
import hashlib import hashlib
import socket import socket
import base64 import base64
import zipfile
import xml.etree.ElementTree as XMLElementTree import xml.etree.ElementTree as XMLElementTree
from binascii import hexlify from binascii import hexlify
@ -2014,6 +2015,43 @@ def place_srclib(root_dir, number, libpath):
apk_sigfile = re.compile(r'META-INF/[0-9A-Za-z]+\.(SF|RSA|DSA|EC)') apk_sigfile = re.compile(r'META-INF/[0-9A-Za-z]+\.(SF|RSA|DSA|EC)')
def signer_fingerprint(sig):
"""Obtain sha256 signing-key fingerprint for pkcs7 signature.
Extracts hexadecimal sha256 signing-key fingerprint string
for a given pkcs7 signature.
:param: Contents of an APK signature.
:returns: shortened signature fingerprint.
"""
cert_encoded = get_certificate(sig)
return hashlib.sha256(cert_encoded).hexdigest()
def apk_signer_fingerprint(apk_path):
"""Obtain sha256 signing-key fingerprint for APK.
Extracts hexadecimal sha256 signing-key fingerprint string
for a given APK.
:param apkpath: path to APK
:returns: signature fingerprint
"""
with zipfile.ZipFile(apk_path, 'r') as apk:
certs = [n for n in apk.namelist() if CERT_PATH_REGEX.match(n)]
if len(certs) < 1:
logging.error("Found no signing certificates on %s" % apk_path)
return None
if len(certs) > 1:
logging.error("Found multiple signing certificates on %s" % apk_path)
return None
cert = apk.read(certs[0])
return signer_fingerprint(cert)
def metadata_get_sigdir(appid, vercode=None): def metadata_get_sigdir(appid, vercode=None):
"""Get signature directory for app""" """Get signature directory for app"""
if vercode: if vercode:

14
tests/common.TestCase
View File

@ -376,6 +376,20 @@ class CommonTest(unittest.TestCase):
for name in bad: for name in bad:
self.assertIsNone(fdroidserver.common.STANDARD_FILE_NAME_REGEX.match(name)) self.assertIsNone(fdroidserver.common.STANDARD_FILE_NAME_REGEX.match(name))
def test_apk_signer_fingerprint(self):
# fingerprints fetched with: keytool -printcert -file ____.RSA
testapks = (('repo/obb.main.oldversion_1444412523.apk',
'818e469465f96b704e27be2fee4c63ab9f83ddf30e7a34c7371a4728d83b0bc1'),
('repo/obb.main.twoversions_1101613.apk',
'32a23624c201b949f085996ba5ed53d40f703aca4989476949cae891022e0ed6'),
('repo/obb.main.twoversions_1101617.apk',
'32a23624c201b949f085996ba5ed53d40f703aca4989476949cae891022e0ed6'))
for apkfile, keytoolcertfingerprint in testapks:
self.assertEqual(keytoolcertfingerprint,
fdroidserver.common.apk_signer_fingerprint(apkfile))
if __name__ == "__main__": if __name__ == "__main__":
parser = optparse.OptionParser() parser = optparse.OptionParser()