1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-16 11:50:10 +01:00
fdroidserver/tests/publish.TestCase
Hans-Christoph Steiner 8c1cf724e1 init: force keystore to PKCS12 format
Java 8 supports PKCS12, Java 9+ uses PKCS12 by default, which should have
a .p12 file extension.  `fdroid init` has always just added .jks which is
the old default format.

* https://docs.oracle.com/en/java/javase/12/tools/keytool.html#GUID-5990A2E4-78E3-47B7-AE75-6D1826259549__GUID-A8B9E662-C1C2-4A0E-9307-A8464F0E95D4
* https://openjdk.java.net/jeps/229
2020-09-23 16:40:37 +02:00

236 lines
10 KiB
Python
Executable File

#!/usr/bin/env python3
#
# command which created the keystore used in this test case:
#
# $ for ALIAS in repokey a163ec9b d2d51ff2 dc3b169e 78688a0f; \
# do keytool -genkey -keystore dummy-keystore.jks \
# -alias $ALIAS -keyalg 'RSA' -keysize '2048' \
# -validity '10000' -storepass 123456 -storetype jks \
# -keypass 123456 -dname 'CN=test, OU=F-Droid'; done
#
import inspect
import logging
import optparse
import os
import shutil
import sys
import unittest
import tempfile
import textwrap
from unittest import mock
localmodule = os.path.realpath(
os.path.join(os.path.dirname(inspect.getfile(inspect.currentframe())), '..'))
print('localmodule: ' + localmodule)
if localmodule not in sys.path:
sys.path.insert(0, localmodule)
from fdroidserver import publish
from fdroidserver import common
from fdroidserver.exception import FDroidException
class PublishTest(unittest.TestCase):
'''fdroidserver/publish.py'''
def setUp(self):
logging.basicConfig(level=logging.DEBUG)
self.basedir = os.path.join(localmodule, 'tests')
self.tmpdir = os.path.abspath(os.path.join(self.basedir, '..', '.testfiles'))
if not os.path.exists(self.tmpdir):
os.makedirs(self.tmpdir)
os.chdir(self.basedir)
def test_key_alias(self):
publish.config = {}
self.assertEqual('a163ec9b', publish.key_alias('com.example.app'))
self.assertEqual('d2d51ff2', publish.key_alias('com.example.anotherapp'))
self.assertEqual('dc3b169e', publish.key_alias('org.test.testy'))
self.assertEqual('78688a0f', publish.key_alias('org.org.org'))
self.assertEqual('ee8807d2', publish.key_alias("org.schabi.newpipe"))
self.assertEqual('b53c7e11', publish.key_alias("de.grobox.liberario"))
publish.config = {'keyaliases': {'yep.app': '@org.org.org',
'com.example.app': '1a2b3c4d'}}
self.assertEqual('78688a0f', publish.key_alias('yep.app'))
self.assertEqual('1a2b3c4d', publish.key_alias('com.example.app'))
def test_read_fingerprints_from_keystore(self):
common.config = {}
common.fill_config_defaults(common.config)
publish.config = common.config
publish.config['keystorepass'] = '123456'
publish.config['keypass'] = '123456'
publish.config['keystore'] = 'dummy-keystore.jks'
expected = {'78688a0f': '277655a6235bc6b0ef2d824396c51ba947f5ebc738c293d887e7083ff338af82',
'd2d51ff2': 'fa3f6a017541ee7fe797be084b1bcfbf92418a7589ef1f7fdeb46741b6d2e9c3',
'dc3b169e': '6ae5355157a47ddcc3834a71f57f6fb5a8c2621c8e0dc739e9ddf59f865e497c',
'a163ec9b': 'd34f678afbaa8f2fa6cc0edd6f0c2d1d2e2e9eb08bea521b24c740806016bff4',
'repokey': 'c58460800c7b250a619c30c13b07b7359a43e5af71a4352d86c58ae18c9f6d41'}
result = publish.read_fingerprints_from_keystore()
self.maxDiff = None
self.assertEqual(expected, result)
def test_store_and_load_fdroid_signing_key_fingerprints(self):
common.config = {}
common.fill_config_defaults(common.config)
publish.config = common.config
publish.config['keystorepass'] = '123456'
publish.config['keypass'] = '123456'
publish.config['keystore'] = os.path.join(os.getcwd(),
'dummy-keystore.jks')
publish.config['repo_keyalias'] = 'repokey'
appids = ['com.example.app',
'net.unavailable',
'org.test.testy',
'com.example.anotherapp',
'org.org.org']
testdir = tempfile.mkdtemp(prefix=inspect.currentframe().f_code.co_name, dir=self.tmpdir)
os.chdir(testdir)
with open('config.py', 'w') as f:
pass
publish.store_stats_fdroid_signing_key_fingerprints(appids, indent=2)
self.maxDiff = None
expected = {
"com.example.anotherapp": {
"signer": "fa3f6a017541ee7fe797be084b1bcfbf92418a7589ef1f7fdeb46741b6d2e9c3"
},
"com.example.app": {
"signer": "d34f678afbaa8f2fa6cc0edd6f0c2d1d2e2e9eb08bea521b24c740806016bff4"
},
"org.org.org": {
"signer": "277655a6235bc6b0ef2d824396c51ba947f5ebc738c293d887e7083ff338af82"
},
"org.test.testy": {
"signer": "6ae5355157a47ddcc3834a71f57f6fb5a8c2621c8e0dc739e9ddf59f865e497c"
}
}
self.assertEqual(expected, common.load_stats_fdroid_signing_key_fingerprints())
with open('config.py', 'r') as f:
self.assertEqual(textwrap.dedent('''\
repo_key_sha256 = "c58460800c7b250a619c30c13b07b7359a43e5af71a4352d86c58ae18c9f6d41"
'''), f.read())
def test_store_and_load_fdroid_signing_key_fingerprints_with_missmatch(self):
common.config = {}
common.fill_config_defaults(common.config)
publish.config = common.config
publish.config['keystorepass'] = '123456'
publish.config['keypass'] = '123456'
publish.config['keystore'] = os.path.join(os.getcwd(),
'dummy-keystore.jks')
publish.config['repo_keyalias'] = 'repokey'
publish.config['repo_key_sha256'] = 'bad bad bad bad bad bad bad bad bad bad bad bad'
testdir = tempfile.mkdtemp(prefix=inspect.currentframe().f_code.co_name, dir=self.tmpdir)
os.chdir(testdir)
publish.store_stats_fdroid_signing_key_fingerprints({}, indent=2)
with self.assertRaises(FDroidException):
common.load_stats_fdroid_signing_key_fingerprints()
def test_reproducible_binaries_process(self):
common.config = {}
common.fill_config_defaults(common.config)
publish.config = common.config
publish.config['keystore'] = 'keystore.jks'
publish.config['repo_keyalias'] = 'sova'
publish.config['keystorepass'] = 'r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI='
publish.config['keypass'] = 'r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI='
testdir = tempfile.mkdtemp(prefix=inspect.currentframe().f_code.co_name, dir=self.tmpdir)
shutil.copy('keystore.jks', testdir)
os.mkdir(os.path.join(testdir, 'repo'))
metadata_dir = os.path.join(testdir, 'metadata')
os.mkdir(metadata_dir)
shutil.copy(os.path.join('metadata', 'com.politedroid.yml'), metadata_dir)
with open(os.path.join(metadata_dir, 'com.politedroid.yml'), 'a') as fp:
fp.write('\nBinaries: https://placeholder/foo%v.apk\n')
os.mkdir(os.path.join(testdir, 'unsigned'))
shutil.copy('repo/com.politedroid_6.apk', os.path.join(testdir, 'unsigned'))
os.mkdir(os.path.join(testdir, 'unsigned', 'binaries'))
shutil.copy('repo/com.politedroid_6.apk',
os.path.join(testdir, 'unsigned', 'binaries', 'com.politedroid_6.binary.apk'))
os.chdir(testdir)
with mock.patch.object(sys, 'argv', ['fdroid fakesubcommand']):
publish.main()
def test_check_for_key_collisions(self):
from fdroidserver.metadata import App
common.config = {}
common.fill_config_defaults(common.config)
publish.config = common.config
randomappids = [
"org.fdroid.fdroid",
"a.b.c",
"u.v.w.x.y.z",
"lpzpkgqwyevnmzvrlaazhgardbyiyoybyicpmifkyrxkobljoz",
"vuslsm.jlrevavz.qnbsenmizhur.lprwbjiujtu.ekiho",
"w.g.g.w.p.v.f.v.gvhyz",
"nlozuqer.ufiinmrbjqboogsjgmpfks.dywtpcpnyssjmqz",
]
allapps = {}
for appid in randomappids:
allapps[appid] = App()
allaliases = publish.check_for_key_collisions(allapps)
self.assertEqual(len(randomappids), len(allaliases))
allapps = {'tof.cv.mpp': App(), 'j6mX276h': App()}
self.assertEqual(publish.key_alias('tof.cv.mpp'), publish.key_alias('j6mX276h'))
self.assertRaises(SystemExit, publish.check_for_key_collisions, allapps)
def test_create_key_if_not_existing(self):
try:
import jks
import jks.util
except ImportError:
self.skipTest("pyjks not installed")
common.config = {}
common.fill_config_defaults(common.config)
publish.config = common.config
publish.config['keystorepass'] = '123456'
publish.config['keypass'] = '654321'
publish.config['keystore'] = "keystore.jks"
publish.config['keydname'] = 'CN=Birdman, OU=Cell, O=Alcatraz, L=Alcatraz, S=California, C=US'
testdir = tempfile.mkdtemp(prefix=inspect.currentframe().f_code.co_name, dir=self.tmpdir)
os.chdir(testdir)
keystore = jks.KeyStore.new("jks", [])
keystore.save(publish.config['keystore'], publish.config['keystorepass'])
self.assertTrue(publish.create_key_if_not_existing("newalias"))
# The second time we try that, a new key should not be created
self.assertFalse(publish.create_key_if_not_existing("newalias"))
self.assertTrue(publish.create_key_if_not_existing("anotheralias"))
keystore = jks.KeyStore.load(publish.config['keystore'], publish.config['keystorepass'])
self.assertCountEqual(keystore.private_keys, ["newalias", "anotheralias"])
for alias, pk in keystore.private_keys.items():
self.assertFalse(pk.is_decrypted())
pk.decrypt(publish.config['keypass'])
self.assertTrue(pk.is_decrypted())
self.assertEqual(jks.util.RSA_ENCRYPTION_OID, pk.algorithm_oid)
if __name__ == "__main__":
os.chdir(os.path.dirname(__file__))
parser = optparse.OptionParser()
parser.add_option("-v", "--verbose", action="store_true", default=False,
help="Spew out even more information than normal")
(common.options, args) = parser.parse_args(['--verbose'])
newSuite = unittest.TestSuite()
newSuite.addTest(unittest.makeSuite(PublishTest))
unittest.main(failfast=False)