mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-11-14 02:50:12 +01:00
test APK signatures with a cert chain are parsed like apksigner
Microsoft and SanDisk sign APKs with a X.509 certificate chain of trust, so there are actually three certificates included. apksigner only cares about one certificate and ignores the other certificates in the chain. The correct values come from: apksigner verify --print-certs 883cbdae7aeb2e4b122e8ee8d89966c7062d0d49107a130235fa220a5b994a79.apk X.509 certificates are machine generated and just data, so are not copyrightable. So I included SANAPPSI.* directly.
This commit is contained in:
parent
accdd65f91
commit
fc4a9c96a5
@ -724,6 +724,8 @@ include tests/repo/urzip-*.apk
|
|||||||
include tests/repo/v1.v2.sig_1020.apk
|
include tests/repo/v1.v2.sig_1020.apk
|
||||||
include tests/rewritemeta.TestCase
|
include tests/rewritemeta.TestCase
|
||||||
include tests/run-tests
|
include tests/run-tests
|
||||||
|
include tests/SANAPPSI.RSA
|
||||||
|
include tests/SANAPPSI.SF
|
||||||
include tests/scanner.TestCase
|
include tests/scanner.TestCase
|
||||||
include tests/signatures.TestCase
|
include tests/signatures.TestCase
|
||||||
include tests/signindex.TestCase
|
include tests/signindex.TestCase
|
||||||
|
BIN
tests/SANAPPSI.RSA
Normal file
BIN
tests/SANAPPSI.RSA
Normal file
Binary file not shown.
2044
tests/SANAPPSI.SF
Normal file
2044
tests/SANAPPSI.SF
Normal file
File diff suppressed because it is too large
Load Diff
@ -615,6 +615,27 @@ class CommonTest(unittest.TestCase):
|
|||||||
self.assertFalse(fdroidserver.common.verify_apk_signature(twosigapk))
|
self.assertFalse(fdroidserver.common.verify_apk_signature(twosigapk))
|
||||||
self.assertIsNone(fdroidserver.common.verify_apks(sourceapk, twosigapk, self.tmpdir))
|
self.assertIsNone(fdroidserver.common.verify_apks(sourceapk, twosigapk, self.tmpdir))
|
||||||
|
|
||||||
|
def test_get_certificate_with_chain_sandisk(self):
|
||||||
|
"""Test that APK signatures with a cert chain are parsed like apksigner.
|
||||||
|
|
||||||
|
SanDisk signs their APKs with a X.509 certificate chain of
|
||||||
|
trust, so there are actually three certificates
|
||||||
|
included. apksigner only cares about the certificate in the
|
||||||
|
chain that actually signs the manifest.
|
||||||
|
|
||||||
|
The correct value comes from:
|
||||||
|
apksigner verify --print-certs 883cbdae7aeb2e4b122e8ee8d89966c7062d0d49107a130235fa220a5b994a79.apk
|
||||||
|
|
||||||
|
"""
|
||||||
|
cert = fdroidserver.common.get_certificate(
|
||||||
|
signature_block_file=Path('SANAPPSI.RSA').read_bytes(),
|
||||||
|
signature_file=Path('SANAPPSI.SF').read_bytes(),
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
'ea0abbf2a142e4b167405d516b2cc408c4af4b29cd50ba281aa4470d4aab3e53',
|
||||||
|
fdroidserver.common.signer_fingerprint(cert),
|
||||||
|
)
|
||||||
|
|
||||||
def test_write_to_config(self):
|
def test_write_to_config(self):
|
||||||
with tempfile.TemporaryDirectory() as tmpPath:
|
with tempfile.TemporaryDirectory() as tmpPath:
|
||||||
cfgPath = os.path.join(tmpPath, 'config.py')
|
cfgPath = os.path.join(tmpPath, 'config.py')
|
||||||
|
Loading…
Reference in New Issue
Block a user