a proof of concept on signing (bug 791741)

Andy McKay · Andy McKay · commit 540bfe3f30f3 · 2012-09-26T13:12:36.000-07:00
diff --git a/apps/amo/tests/__init__.py b/apps/amo/tests/__init__.py
@@ -409,8 +409,12 @@ def manifest_copy_over(self, dest, name):
 
     @staticmethod
     def sample_key():
-        path = 'mkt/webapps/tests/sample.key'
-        return os.path.join(settings.ROOT, path)
+        return os.path.join(settings.ROOT,
+                            'mkt/webapps/tests/sample.key')
+
+    def sample_packaged_key(self):
+        return os.path.join(settings.ROOT,
+                            'mkt/webapps/tests/sample.packaged.pem')
 
     def mozball_image(self):
         return os.path.join(settings.ROOT,
diff --git a/lib/crypto/packaged.py b/lib/crypto/packaged.py
@@ -1,7 +1,12 @@
+import os
+
+from django.conf import settings
 from django.core.files.storage import default_storage as storage
 
 from celeryutils import task
 import commonware.log
+from django_statsd.clients import statsd
+from xpisign import xpisign
 
 import amo
 from versions.models import Version
@@ -13,6 +18,25 @@ class SigningError(Exception):
     pass
 
 
+def sign_app(src, dest):
+    if settings.SIGNED_APPS_SERVER_ACTIVE:
+        # At some point this will be implemented, but not now.
+        raise NotImplementedError
+
+    if not os.path.exists(settings.SIGNED_APPS_KEY):
+        raise ValueError('The signed apps key cannot be found.')
+
+    # TODO: stop doing this and use the signing server.
+    try:
+        # Not sure this will work too well on S3.
+        xpisign(storage.open(src, 'r'), settings.SIGNED_APPS_KEY,
+                storage.open(dest, 'w'))
+    except:
+        # TODO: figure out some likely errors that can occur.
+        log.error('Signing failed', exc_info=True)
+        raise
+
+
 @task
 def sign(version_id, reviewer=False):
     version = Version.objects.get(pk=version_id)
@@ -40,17 +64,7 @@ def sign(version_id, reviewer=False):
         return path
 
     # When we know how to sign, we will sign. For the moment, let's copy.
-    dest = storage.open(path, 'w')
-    src = storage.open(file_obj.file_path, 'r')
-    # I'm not sure if this makes sense with an S3 backend.
-    while 1:
-        buffer = src.read(1024 * 1024)
-        if buffer:
-            dest.write(buffer)
-        else:
-            break
-
-    dest.close()
-    src.close()
+    with statsd.timer('services.sign.app'):
+        sign_app(file_obj.file_path, path)
     log.info('Signing complete.')
     return path
diff --git a/lib/crypto/receipt.py b/lib/crypto/receipt.py
@@ -38,7 +38,7 @@ def sign(receipt):
     request = urllib2.Request(destination, data, headers)
 
     try:
-        with statsd.timer('services.sign'):
+        with statsd.timer('services.sign.receipt'):
             response = urllib2.urlopen(request, timeout=timeout)
     except urllib2.HTTPError, error:
         # Will occur when a 3xx or greater code is returned
diff --git a/lib/crypto/tests.py b/lib/crypto/tests.py
@@ -11,6 +11,7 @@
 from nose.tools import eq_, raises
 
 import amo.tests
+from files.utils import SafeUnzip
 from lib.crypto import packaged
 from lib.crypto.receipt import crack, sign, SigningError
 from mkt.webapps.models import Webapp
@@ -89,6 +90,10 @@ def setup_files(self):
 
 class TestPackaged(PackagedApp, amo.tests.TestCase):
 
+    def setUp(self):
+        super(TestPackaged, self).setUp()
+        self.setup_files()
+
     @raises(packaged.SigningError)
     def test_not_app(self):
         self.app.update(type=amo.ADDON_EXTENSION)
@@ -108,15 +113,35 @@ def test_already_exists(self):
         storage.open(self.file.signed_file_path, 'w')
         assert packaged.sign(self.version.pk)
 
+    @raises(NotImplementedError)
+    def test_server_active(self):
+        with self.settings(SIGNED_APPS_SERVER_ACTIVE=True):
+            packaged.sign(self.version.pk)
+
+    @raises(ValueError)
+    def test_no_key(self):
+        key = self.sample_packaged_key() + '.nope'
+        with self.settings(SIGNED_APPS_KEY=key):
+            packaged.sign(self.version.pk)
+
+    def is_signed(self, path):
+        unz = SafeUnzip(path)
+        assert unz.is_valid()
+        assert unz.is_signed()
+
     def test_good(self):
-        self.setup_files()
-        path = packaged.sign(self.version.pk)
-        # TODO: This will change when we actually sign things.
-        assert os.stat(path).st_size == (
-                os.stat(self.file.file_path).st_size)
+        with self.settings(SIGNED_APPS_KEY=self.sample_packaged_key()):
+            self.is_signed(packaged.sign(self.version.pk))
 
     def test_reviewer(self):
-        self.setup_files()
-        path = packaged.sign(self.version.pk, True)
-        assert os.stat(path).st_size == (
-                os.stat(self.file.file_path).st_size)
+        # For the moment there is no real difference between reviewers
+        # and users.
+        with self.settings(SIGNED_APPS_KEY=self.sample_packaged_key()):
+            self.is_signed(packaged.sign(self.version.pk, True))
+
+    @mock.patch('lib.crypto.packaged.xpisign')
+    @raises(ValueError)
+    def test_raises(self, xpisign):
+        xpisign.side_effect = ValueError
+        with self.settings(SIGNED_APPS_KEY=self.sample_packaged_key()):
+            self.is_signed(packaged.sign(self.version.pk))
diff --git a/lib/settings_base.py b/lib/settings_base.py
@@ -230,6 +230,11 @@ def lazy_langs(languages):
 SIGNED_APPS_PATH = NETAPP_STORAGE + '/signed-apps'
 # Special reviewer signed ones for special people.
 SIGNED_APPS_REVIEWER_PATH = NETAPP_STORAGE + '/signed-apps-reviewer'
+# The path to the key used for signed apps receipt key if the signing server
+# is not active.
+SIGNED_APPS_KEY = ''
+# A seperate signing server for signing packaged apps.
+SIGNED_APPS_SERVER_ACTIVE = False
 
 # Absolute path to a writable directory shared by all servers. No trailing
 # slash.
diff --git a/mkt/webapps/tests/sample.packaged.pem b/mkt/webapps/tests/sample.packaged.pem
@@ -0,0 +1,75 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            d1:b6:bf:af:06:17:8c:be
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen
+        Validity
+            Not Before: Jul 28 04:31:41 2009 GMT
+            Not After : Jul 26 04:31:41 2019 GMT
+        Subject: C=US, ST=California, O=M2Crypto, CN=localhost
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d4:99:6f:33:3f:e6:ac:0a:34:d8:0e:45:97:f3:
+                    2b:6a:50:2a:84:30:0a:52:9c:15:30:9f:05:29:3a:
+                    21:f4:c1:c3:01:9e:2f:55:56:4e:35:ac:f1:16:1e:
+                    26:8d:b5:26:b7:99:78:92:ea:1c:74:46:ab:41:12:
+                    ef:cc:53:62:cc:59:5c:9e:c4:86:df:d9:25:35:55:
+                    05:4b:16:ff:d9:90:e3:f4:51:b4:b4:fa:c5:98:4b:
+                    60:f0:60:7f:14:4e:1e:dd:61:9b:22:a2:9c:21:17:
+                    43:a3:cb:07:80:f5:75:59:9c:55:1c:fe:e0:66:d4:
+                    70:77:5e:13:06:0c:05:c7:1f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                04:05:3D:6A:A7:E8:D7:52:BD:2F:C4:52:30:7C:2C:BD:D3:81:46:C6
+            X509v3 Authority Key Identifier: 
+                keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE
+
+    Signature Algorithm: sha1WithRSAEncryption
+        ac:2b:ad:86:36:96:5c:fb:34:2c:02:ca:d9:5f:a7:8e:b6:58:
+        24:1d:27:b6:8e:81:aa:69:0e:60:26:64:2e:72:a1:ff:d8:ba:
+        bb:7e:5d:46:c7:07:2d:a8:c8:4c:df:1e:ba:c8:bc:21:5b:f2:
+        b3:01:4c:d6:3b:10:fd:49:70:e6:83:01:f3:24:e2:a9:97:d7:
+        c3:9c:5b:2d:d7:64:2b:e5:e2:0e:3e:d9:8c:e6:93:86:39:32:
+        50:43:5f:36:4a:3b:b0:05:e7:65:a3:b3:ef:50:56:7f:7e:dc:
+        f0:65:83:ac:42:7e:97:a0:c0:7e:63:c6:c8:c6:35:d3:60:d1:
+        4f:51
+-----BEGIN CERTIFICATE-----
+MIICkTCCAfqgAwIBAgIJANG2v68GF4y+MA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY
+MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzE0MVoXDTE5MDcy
+NjA0MzE0MVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP
+BgNVBAoTCE0yQ3J5cHRvMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBANSZbzM/5qwKNNgORZfzK2pQKoQwClKcFTCfBSk6IfTB
+wwGeL1VWTjWs8RYeJo21JreZeJLqHHRGq0ES78xTYsxZXJ7Eht/ZJTVVBUsW/9mQ
+4/RRtLT6xZhLYPBgfxROHt1hmyKinCEXQ6PLB4D1dVmcVRz+4GbUcHdeEwYMBccf
+AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQEBT1qp+jXUr0vxFIwfCy904FG
+xjAfBgNVHSMEGDAWgBStZEV0j4PHLNXXoIWREECanJbP7jANBgkqhkiG9w0BAQUF
+AAOBgQCsK62GNpZc+zQsAsrZX6eOtlgkHSe2joGqaQ5gJmQucqH/2Lq7fl1Gxwct
+qMhM3x66yLwhW/KzAUzWOxD9SXDmgwHzJOKpl9fDnFst12Qr5eIOPtmM5pOGOTJQ
+Q182SjuwBedlo7PvUFZ/ftzwZYOsQn6XoMB+Y8bIxjXTYNFPUQ==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDUmW8zP+asCjTYDkWX8ytqUCqEMApSnBUwnwUpOiH0wcMBni9V
+Vk41rPEWHiaNtSa3mXiS6hx0RqtBEu/MU2LMWVyexIbf2SU1VQVLFv/ZkOP0UbS0
++sWYS2DwYH8UTh7dYZsiopwhF0OjyweA9XVZnFUc/uBm1HB3XhMGDAXHHwIDAQAB
+AoGBALBHrSm8kYMTT2/anZ/5tIUJhcdnohePbg6LvJbLqf4tb4l25V6IGn9tL9Yc
+F/GmRD02VwDSd9d+BWAG2Kj+d0rfdCLfKY9O8PVVm0DF6grLZ7ugItYqUHRDYOdV
+MOVOQrx+mCIzHtoEtQ6HLqmqt2rIX731L1TA7OLNm3XHyISJAkEA/mgNNNg0e23G
+64z83yxxwPEnBrnKd1+xjH9QJ0Z9SJJuF4sNXRIFA4YUNvv2MNe3gMS4Hg9w78HL
+PwcEzLnO9QJBANXuWAZGV58CdkM2w7H9+ukxMbQeLSnmgjpdddo31qqbfgFAYZMK
+LppRqyosj+a2qQ6vua0ndstTImSi7KPmCUMCQQDbwr5Fu836ISYIK830aswIw0fX
+A37mB3+zwfZXNwjaO8NmCvQMRZiXJqcnqBdOsckOLuBs9yGzuk/7rfBzeL5RAkA2
+uBcly7o/vsZ3HLvjfB5ApUecVZehvwcSXLN3VI8A5nLNaSVMEe+nozoPuIQ6NAB7
+9DCe/JgjG6mRaibzKTS3AkEAjTl5MTKkYR78+2u3NRU/ypa1iKCicSvI/Ryw7p/z
+Q8XmVA0CmNRvltf9gA1gJ04ZijBPtl+s09uppaCw9L3vuA==
+-----END RSA PRIVATE KEY-----
diff --git a/requirements/prod.txt b/requirements/prod.txt
@@ -49,6 +49,7 @@ statsd==1.0.0
 -e git://github.com/jbalogh/schematic.git@f996182b857769541cfa7659d4f9e864360cddf4#egg=schematic
 -e git://github.com/jbalogh/test-utils.git@3c2214d193d1b0c0d74c77b3731c8afb0173e669#egg=test-utils
 -e git://github.com/fwenzel/django-mozilla-product-details.git@36ef06539d6b34c4f345fd0d3e16937d0db9a752#egg=django-mozilla-product-details
+-e git://github.com/nmaier/xpisign.py.git@f825b34ea83cf68ea66dcd9e47e0c7e5f38b6bd5#egg=xpisign
 
 ## Forked.
 -e git://github.com/andymckay/django-piston-oauth2.git@6cb1ad61e3f437e7ca080ee00ae7b80de7d010f0#egg=django-piston-oauth2
