Added APPSTORE_NO_SECURITY

author: Robert Griebl <robert.griebl@pelagicore.com> 2015-09-29 17:17:23 +0200
committer: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com> 2015-10-19 14:27:57 +0200
commit: ccc2be26cc311efabdf563a8e64cc5e352507d82 (patch)
tree: e8807491772a98d135f02d549b2d1630f3558767
parent: ad41cea7d35abfac700180bdbc984590f1abc15d (diff)
4 files changed, 17 insertions, 18 deletions
diff --git a/appstore/settings.py b/appstore/settings.py
index 6f6f559..82194d7 100644
--- a/appstore/settings.py
+++ b/appstore/settings.py
@@ -13,6 +13,7 @@ APPSTORE_PLATFORM_ID = 'AM'
 APPSTORE_PLATFORM_VERSION = 1
 APPSTORE_DOWNLOAD_EXPIRY = 10     # in minutes
 APPSTORE_BIND_TO_DEVICE_ID = True # unique downloads for each device
+APPSTORE_NO_SECURITY = True       # ignore developer signatures and do not generate store signatures
 APPSTORE_STORE_SIGN_PKCS12_CERTIFICATE = 'certificates/store.p12'
 APPSTORE_STORE_SIGN_PKCS12_PASSWORD = 'password'
 APPSTORE_DEV_VERIFY_CA_CERTIFICATES = [ 'certificates/ca.crt', 'certificates/devca.crt' ]
diff --git a/store/admin.py b/store/admin.py
index 50c7cd0..ca91506 100644
--- a/store/admin.py
+++ b/store/admin.py
@@ -88,12 +88,7 @@ class AppAdminForm(forms.ModelForm):
         # validate package
         pkgdata = None;
         try:
-            chainOfTrust = []
-            for cert in settings.APPSTORE_DEV_VERIFY_CA_CERTIFICATES:
-                with open(cert, 'rb') as certFile:
-                    chainOfTrust.append(certFile.read())
-
-            pkgdata = parseAndValidatePackageMetadata(file, chainOfTrust)
+            pkgdata = parseAndValidatePackageMetadata(file)
         except Exception as error:
             raise forms.ValidationError(_('Validation error: %s' % str(error)))
 
diff --git a/store/api.py b/store/api.py
index 24ddf35..93faa9c 100644
--- a/store/api.py
+++ b/store/api.py
@@ -125,9 +125,12 @@ def appPurchase(request):
         if not os.path.exists(toPath):
             os.makedirs(toPath)
 
-        with open(fromFilePath, 'rb') as package:
-            pkgdata = parsePackageMetadata(package)
-            addSignatureToPackage(fromFilePath, toPath + toFile, pkgdata['rawDigest'], deviceId)
+        if not settings.APPSTORE_NO_SECURITY:
+            with open(fromFilePath, 'rb') as package:
+                pkgdata = parsePackageMetadata(package)
+                addSignatureToPackage(fromFilePath, toPath + toFile, pkgdata['rawDigest'], deviceId)
+        else:
+            shutil.copyfile(fromFilePath, toPath + toFile)
 
         return JsonResponse({'status': 'ok',
                              'url': request.build_absolute_uri('/app/download/' + toFile),
diff --git a/store/utilities.py b/store/utilities.py
index e2d9c4c..fee6993 100644
--- a/store/utilities.py
+++ b/store/utilities.py
@@ -242,7 +242,7 @@ def parseAndValidatePackageMetadata(packageFile, certificates = []):
     try:
         partFields = { 'header': [ 'applicationId', 'diskSpaceUsed' ],
                        'info':   [ 'id', 'name', 'icon' ],
-                       'footer': [ 'digest', 'developerSignature' ],
+                       'footer': [ 'digest' ],
                        'icon':   [],
                        'digest': [] }
 
@@ -286,15 +286,16 @@ def parseAndValidatePackageMetadata(packageFile, certificates = []):
         if 'storeSignature' in pkgdata['footer']:
             raise Exception('cannot upload a package with an existing storeSignature field')
 
-        if not 'developerSignature' in pkgdata['footer']:
-            raise Exception('cannot upload a package without a developer signature')
+        if not settings.APPSTORE_NO_SECURITY:
+            if not 'developerSignature' in pkgdata['footer']:
+                raise Exception('cannot upload a package without a developer signature')
 
-        certificates = []
-        for certFile in settings.APPSTORE_DEV_VERIFY_CA_CERTIFICATES:
-            with open(certFile, 'rb') as cert:
-               certificates.append(cert.read())
+            certificates = []
+            for certFile in settings.APPSTORE_DEV_VERIFY_CA_CERTIFICATES:
+                with open(certFile, 'rb') as cert:
+                   certificates.append(cert.read())
 
-        verifySignature(pkgdata['footer']['developerSignature'], pkgdata['rawDigest'], certificates)
+            verifySignature(pkgdata['footer']['developerSignature'], pkgdata['rawDigest'], certificates)
 
     except Exception as error:
         raise Exception(str(error))
@@ -336,4 +337,3 @@ def addSignatureToPackage(sourcePackageFile, destinationPackageFile, digest, dev
     yamlContent = yaml.dump_all([{ 'formatVersion': 1, 'formatType': 'am-package-footer'}, { 'storeSignature': base64.encodestring(signature) }], explicit_start=True)
 
     addFileToPackage(sourcePackageFile, destinationPackageFile, '--PACKAGE-FOOTER--store-signature', yamlContent)
-
author	Robert Griebl <robert.griebl@pelagicore.com>	2015-09-29 17:17:23 +0200
committer	Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>	2015-10-19 14:27:57 +0200
commit	ccc2be26cc311efabdf563a8e64cc5e352507d82 (patch)
tree	e8807491772a98d135f02d549b2d1630f3558767
parent	ad41cea7d35abfac700180bdbc984590f1abc15d (diff)