diff options
author | Robert Griebl <robert.griebl@pelagicore.com> | 2015-09-29 17:17:23 +0200 |
---|---|---|
committer | Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com> | 2015-10-19 14:27:57 +0200 |
commit | ccc2be26cc311efabdf563a8e64cc5e352507d82 (patch) | |
tree | e8807491772a98d135f02d549b2d1630f3558767 | |
parent | ad41cea7d35abfac700180bdbc984590f1abc15d (diff) |
Added APPSTORE_NO_SECURITY
-rw-r--r-- | appstore/settings.py | 1 | ||||
-rw-r--r-- | store/admin.py | 7 | ||||
-rw-r--r-- | store/api.py | 9 | ||||
-rw-r--r-- | store/utilities.py | 18 |
4 files changed, 17 insertions, 18 deletions
diff --git a/appstore/settings.py b/appstore/settings.py index 6f6f559..82194d7 100644 --- a/appstore/settings.py +++ b/appstore/settings.py @@ -13,6 +13,7 @@ APPSTORE_PLATFORM_ID = 'AM' APPSTORE_PLATFORM_VERSION = 1 APPSTORE_DOWNLOAD_EXPIRY = 10 # in minutes APPSTORE_BIND_TO_DEVICE_ID = True # unique downloads for each device +APPSTORE_NO_SECURITY = True # ignore developer signatures and do not generate store signatures APPSTORE_STORE_SIGN_PKCS12_CERTIFICATE = 'certificates/store.p12' APPSTORE_STORE_SIGN_PKCS12_PASSWORD = 'password' APPSTORE_DEV_VERIFY_CA_CERTIFICATES = [ 'certificates/ca.crt', 'certificates/devca.crt' ] diff --git a/store/admin.py b/store/admin.py index 50c7cd0..ca91506 100644 --- a/store/admin.py +++ b/store/admin.py @@ -88,12 +88,7 @@ class AppAdminForm(forms.ModelForm): # validate package pkgdata = None; try: - chainOfTrust = [] - for cert in settings.APPSTORE_DEV_VERIFY_CA_CERTIFICATES: - with open(cert, 'rb') as certFile: - chainOfTrust.append(certFile.read()) - - pkgdata = parseAndValidatePackageMetadata(file, chainOfTrust) + pkgdata = parseAndValidatePackageMetadata(file) except Exception as error: raise forms.ValidationError(_('Validation error: %s' % str(error))) diff --git a/store/api.py b/store/api.py index 24ddf35..93faa9c 100644 --- a/store/api.py +++ b/store/api.py @@ -125,9 +125,12 @@ def appPurchase(request): if not os.path.exists(toPath): os.makedirs(toPath) - with open(fromFilePath, 'rb') as package: - pkgdata = parsePackageMetadata(package) - addSignatureToPackage(fromFilePath, toPath + toFile, pkgdata['rawDigest'], deviceId) + if not settings.APPSTORE_NO_SECURITY: + with open(fromFilePath, 'rb') as package: + pkgdata = parsePackageMetadata(package) + addSignatureToPackage(fromFilePath, toPath + toFile, pkgdata['rawDigest'], deviceId) + else: + shutil.copyfile(fromFilePath, toPath + toFile) return JsonResponse({'status': 'ok', 'url': request.build_absolute_uri('/app/download/' + toFile), diff --git a/store/utilities.py b/store/utilities.py index e2d9c4c..fee6993 100644 --- a/store/utilities.py +++ b/store/utilities.py @@ -242,7 +242,7 @@ def parseAndValidatePackageMetadata(packageFile, certificates = []): try: partFields = { 'header': [ 'applicationId', 'diskSpaceUsed' ], 'info': [ 'id', 'name', 'icon' ], - 'footer': [ 'digest', 'developerSignature' ], + 'footer': [ 'digest' ], 'icon': [], 'digest': [] } @@ -286,15 +286,16 @@ def parseAndValidatePackageMetadata(packageFile, certificates = []): if 'storeSignature' in pkgdata['footer']: raise Exception('cannot upload a package with an existing storeSignature field') - if not 'developerSignature' in pkgdata['footer']: - raise Exception('cannot upload a package without a developer signature') + if not settings.APPSTORE_NO_SECURITY: + if not 'developerSignature' in pkgdata['footer']: + raise Exception('cannot upload a package without a developer signature') - certificates = [] - for certFile in settings.APPSTORE_DEV_VERIFY_CA_CERTIFICATES: - with open(certFile, 'rb') as cert: - certificates.append(cert.read()) + certificates = [] + for certFile in settings.APPSTORE_DEV_VERIFY_CA_CERTIFICATES: + with open(certFile, 'rb') as cert: + certificates.append(cert.read()) - verifySignature(pkgdata['footer']['developerSignature'], pkgdata['rawDigest'], certificates) + verifySignature(pkgdata['footer']['developerSignature'], pkgdata['rawDigest'], certificates) except Exception as error: raise Exception(str(error)) @@ -336,4 +337,3 @@ def addSignatureToPackage(sourcePackageFile, destinationPackageFile, digest, dev yamlContent = yaml.dump_all([{ 'formatVersion': 1, 'formatType': 'am-package-footer'}, { 'storeSignature': base64.encodestring(signature) }], explicit_start=True) addFileToPackage(sourcePackageFile, destinationPackageFile, '--PACKAGE-FOOTER--store-signature', yamlContent) - |