fdroid-server/tests/publish.TestCase

#!/usr/bin/env python3

#
#  command which created the keystore used in this test case:
#
#  $ for ALIAS in repokey a163ec9b d2d51ff2 dc3b169e 78688a0f; \
#        do keytool -genkey -keystore dummy-keystore.jks \
#        -alias $ALIAS -keyalg 'RSA' -keysize '2048' \
#        -validity '10000' -storepass 123456 -storetype jks \
#        -keypass 123456 -dname 'CN=test, OU=F-Droid'; done
#

import inspect
import logging
import optparse
import os
import shutil
import sys
import unittest
import tempfile
import textwrap
from unittest import mock

localmodule = os.path.realpath(
    os.path.join(os.path.dirname(inspect.getfile(inspect.currentframe())), '..'))
print('localmodule: ' + localmodule)
if localmodule not in sys.path:
    sys.path.insert(0, localmodule)

from fdroidserver import publish
from fdroidserver import common
from fdroidserver.exception import FDroidException


class PublishTest(unittest.TestCase):
    '''fdroidserver/publish.py'''

    def setUp(self):
        logging.basicConfig(level=logging.DEBUG)
        self.basedir = os.path.join(localmodule, 'tests')
        self.tmpdir = os.path.abspath(os.path.join(self.basedir, '..', '.testfiles'))
        if not os.path.exists(self.tmpdir):
            os.makedirs(self.tmpdir)
        os.chdir(self.basedir)

    def test_key_alias(self):
        publish.config = {}
        self.assertEqual('a163ec9b', publish.key_alias('com.example.app'))
        self.assertEqual('d2d51ff2', publish.key_alias('com.example.anotherapp'))
        self.assertEqual('dc3b169e', publish.key_alias('org.test.testy'))
        self.assertEqual('78688a0f', publish.key_alias('org.org.org'))

        self.assertEqual('ee8807d2', publish.key_alias("org.schabi.newpipe"))
        self.assertEqual('b53c7e11', publish.key_alias("de.grobox.liberario"))

        publish.config = {'keyaliases': {'yep.app': '@org.org.org',
                                         'com.example.app': '1a2b3c4d'}}
        self.assertEqual('78688a0f', publish.key_alias('yep.app'))
        self.assertEqual('1a2b3c4d', publish.key_alias('com.example.app'))

    def test_read_fingerprints_from_keystore(self):
        common.config = {}
        common.fill_config_defaults(common.config)
        publish.config = common.config
        publish.config['keystorepass'] = '123456'
        publish.config['keypass'] = '123456'
        publish.config['keystore'] = 'dummy-keystore.jks'

        expected = {'78688a0f': '277655a6235bc6b0ef2d824396c51ba947f5ebc738c293d887e7083ff338af82',
                    'd2d51ff2': 'fa3f6a017541ee7fe797be084b1bcfbf92418a7589ef1f7fdeb46741b6d2e9c3',
                    'dc3b169e': '6ae5355157a47ddcc3834a71f57f6fb5a8c2621c8e0dc739e9ddf59f865e497c',
                    'a163ec9b': 'd34f678afbaa8f2fa6cc0edd6f0c2d1d2e2e9eb08bea521b24c740806016bff4',
                    'repokey': 'c58460800c7b250a619c30c13b07b7359a43e5af71a4352d86c58ae18c9f6d41'}
        result = publish.read_fingerprints_from_keystore()
        self.maxDiff = None
        self.assertEqual(expected, result)

    def test_store_and_load_fdroid_signing_key_fingerprints(self):
        common.config = {}
        common.fill_config_defaults(common.config)
        publish.config = common.config
        publish.config['keystorepass'] = '123456'
        publish.config['keypass'] = '123456'
        publish.config['keystore'] = os.path.join(os.getcwd(),
                                                  'dummy-keystore.jks')
        publish.config['repo_keyalias'] = 'repokey'

        appids = ['com.example.app',
                  'net.unavailable',
                  'org.test.testy',
                  'com.example.anotherapp',
                  'org.org.org']

        testdir = tempfile.mkdtemp(prefix=inspect.currentframe().f_code.co_name, dir=self.tmpdir)
        os.chdir(testdir)
        with open('config.py', 'w') as f:
            pass

        publish.store_stats_fdroid_signing_key_fingerprints(appids, indent=2)

        self.maxDiff = None
        expected = {
            "com.example.anotherapp": {
                "signer": "fa3f6a017541ee7fe797be084b1bcfbf92418a7589ef1f7fdeb46741b6d2e9c3"
            },
            "com.example.app": {
                "signer": "d34f678afbaa8f2fa6cc0edd6f0c2d1d2e2e9eb08bea521b24c740806016bff4"
            },
            "org.org.org": {
                "signer": "277655a6235bc6b0ef2d824396c51ba947f5ebc738c293d887e7083ff338af82"
            },
            "org.test.testy": {
                "signer": "6ae5355157a47ddcc3834a71f57f6fb5a8c2621c8e0dc739e9ddf59f865e497c"
            }
        }
        self.assertEqual(expected, common.load_stats_fdroid_signing_key_fingerprints())

        with open('config.py', 'r') as f:
            self.assertEqual(textwrap.dedent('''\

                repo_key_sha256 = "c58460800c7b250a619c30c13b07b7359a43e5af71a4352d86c58ae18c9f6d41"
                '''), f.read())

    def test_store_and_load_fdroid_signing_key_fingerprints_with_missmatch(self):
        common.config = {}
        common.fill_config_defaults(common.config)
        publish.config = common.config
        publish.config['keystorepass'] = '123456'
        publish.config['keypass'] = '123456'
        publish.config['keystore'] = os.path.join(os.getcwd(),
                                                  'dummy-keystore.jks')
        publish.config['repo_keyalias'] = 'repokey'
        publish.config['repo_key_sha256'] = 'bad bad bad bad bad bad bad bad bad bad bad bad'

        testdir = tempfile.mkdtemp(prefix=inspect.currentframe().f_code.co_name, dir=self.tmpdir)
        os.chdir(testdir)
        publish.store_stats_fdroid_signing_key_fingerprints({}, indent=2)
        with self.assertRaises(FDroidException):
            common.load_stats_fdroid_signing_key_fingerprints()

    def test_reproducible_binaries_process(self):
        common.config = {}
        common.fill_config_defaults(common.config)
        publish.config = common.config
        publish.config['keystore'] = 'keystore.jks'
        publish.config['repo_keyalias'] = 'sova'
        publish.config['keystorepass'] = 'r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI='
        publish.config['keypass'] = 'r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI='
        testdir = tempfile.mkdtemp(prefix=inspect.currentframe().f_code.co_name, dir=self.tmpdir)

        shutil.copy('keystore.jks', testdir)
        os.mkdir(os.path.join(testdir, 'repo'))
        metadata_dir = os.path.join(testdir, 'metadata')
        os.mkdir(metadata_dir)
        shutil.copy(os.path.join('metadata', 'com.politedroid.yml'), metadata_dir)
        with open(os.path.join(metadata_dir, 'com.politedroid.yml'), 'a') as fp:
            fp.write('\nBinaries: https://placeholder/foo%v.apk\n')
        os.mkdir(os.path.join(testdir, 'unsigned'))
        shutil.copy('repo/com.politedroid_6.apk', os.path.join(testdir, 'unsigned'))
        os.mkdir(os.path.join(testdir, 'unsigned', 'binaries'))
        shutil.copy('repo/com.politedroid_6.apk',
                    os.path.join(testdir, 'unsigned', 'binaries', 'com.politedroid_6.binary.apk'))

        os.chdir(testdir)
        with mock.patch.object(sys, 'argv', ['fdroid fakesubcommand']):
            publish.main()

    def test_check_for_key_collisions(self):
        from fdroidserver.metadata import App
        common.config = {}
        common.fill_config_defaults(common.config)
        publish.config = common.config

        randomappids = [
            "org.fdroid.fdroid",
            "a.b.c",
            "u.v.w.x.y.z",
            "lpzpkgqwyevnmzvrlaazhgardbyiyoybyicpmifkyrxkobljoz",
            "vuslsm.jlrevavz.qnbsenmizhur.lprwbjiujtu.ekiho",
            "w.g.g.w.p.v.f.v.gvhyz",
            "nlozuqer.ufiinmrbjqboogsjgmpfks.dywtpcpnyssjmqz",
        ]
        allapps = {}
        for appid in randomappids:
            allapps[appid] = App()
        allaliases = publish.check_for_key_collisions(allapps)
        self.assertEqual(len(randomappids), len(allaliases))

        allapps = {'tof.cv.mpp': App(), 'j6mX276h': App()}
        self.assertEqual(publish.key_alias('tof.cv.mpp'), publish.key_alias('j6mX276h'))
        self.assertRaises(SystemExit, publish.check_for_key_collisions, allapps)

    def test_create_key_if_not_existing(self):
        try:
            import jks
            import jks.util
        except ImportError:
            self.skipTest("pyjks not installed")
        common.config = {}
        common.fill_config_defaults(common.config)
        publish.config = common.config
        publish.config['keystorepass'] = '123456'
        publish.config['keypass'] = '654321'
        publish.config['keystore'] = "keystore.jks"
        publish.config['keydname'] = 'CN=Birdman, OU=Cell, O=Alcatraz, L=Alcatraz, S=California, C=US'
        testdir = tempfile.mkdtemp(prefix=inspect.currentframe().f_code.co_name, dir=self.tmpdir)
        os.chdir(testdir)
        keystore = jks.KeyStore.new("jks", [])
        keystore.save(publish.config['keystore'], publish.config['keystorepass'])

        self.assertTrue(publish.create_key_if_not_existing("newalias"))
        # The second time we try that, a new key should not be created
        self.assertFalse(publish.create_key_if_not_existing("newalias"))
        self.assertTrue(publish.create_key_if_not_existing("anotheralias"))

        keystore = jks.KeyStore.load(publish.config['keystore'], publish.config['keystorepass'])
        self.assertCountEqual(keystore.private_keys, ["newalias", "anotheralias"])
        for alias, pk in keystore.private_keys.items():
            self.assertFalse(pk.is_decrypted())
            pk.decrypt(publish.config['keypass'])
            self.assertTrue(pk.is_decrypted())
            self.assertEqual(jks.util.RSA_ENCRYPTION_OID, pk.algorithm_oid)


if __name__ == "__main__":
    os.chdir(os.path.dirname(__file__))

    parser = optparse.OptionParser()
    parser.add_option("-v", "--verbose", action="store_true", default=False,
                      help="Spew out even more information than normal")
    (common.options, args) = parser.parse_args(['--verbose'])

    newSuite = unittest.TestSuite()
    newSuite.addTest(unittest.makeSuite(PublishTest))
    unittest.main(failfast=False)