| blob | 239d7d5e8f41078efa5ee694902dded314eb483b |
1 # -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
2 # vim: set filetype=python:
3 # This Source Code Form is subject to the terms of the Mozilla Public
4 # License, v. 2.0. If a copy of the MPL was not distributed with this
5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 @template
9 def SignedAppFile(name, flags, app_directory="app/"):
10 if not CONFIG["COMPILE_ENVIRONMENT"]:
11 return
13 GENERATED_FILES += [name]
14 props = GENERATED_FILES[name]
15 props.script = "/security/manager/ssl/tests/unit/sign_app.py"
16 props.inputs = [app_directory]
17 props.flags = flags
18 # Turn RELATIVEDIR into list entry: like
19 # 'security/manager/ssl/tests/unit/test_signed_apps' ->
20 # TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_signed_apps.
21 files = TEST_HARNESS_FILES.xpcshell
22 for part in RELATIVEDIR.split("/"):
23 files = files[part]
24 files += ["!%s" % name]
27 # Except for unusual testcases (unknown issuer, unsigned app, empty
28 # signerInfos), the naming scheme is as follows:
29 # app_mf{-1,-256}_sf{-1,-256}_p7{-1,-256}.zip, where:
30 # "mf" refers to the manifest file, "sf" refers to the signature file,
31 # and "p7" refers to the pkcs#7 file. The "{-1,-256}" indicates which
32 # hash algorithms are present in the corresponding file (both may be
33 # present).
34 # For example, "app_mf-1_sf-1-256_p7-256.zip" means that the manifest
35 # file has sha-1 hashes, the signature file has sha-1 hashes and sha-256
36 # hashes, and the pkcs#7 file only has sha-256.
37 #
38 # Temporarily disabled. See bug 1256495.
39 # signed_app_files = (
40 # ['unknown_issuer_app.zip', '-i', 'unknown issuer', '-p', 'sha256'],
41 # ['unsigned_app.zip'],
42 # ['empty_signerInfos.zip', '-e'],
43 # )
44 #
45 # for signed_app_file_params in signed_app_files:
46 # SignedAppFile(signed_app_file_params[0], signed_app_file_params[1:])
47 #
48 # for mf_algs in [['1'], ['256'], ['1', '256']]:
49 # for sf_algs in [['1'], ['256'], ['1', '256']]:
50 # for p7_algs in [['1'], ['256'], ['1', '256']]:
51 # filename = "app_mf-%s_sf-%s_p7-%s.zip" % ('-'.join(mf_algs), '-'.join(sf_algs), '-'.join(p7_algs))
52 # args = []
53 # for mf_alg in mf_algs:
54 # args.append('-m')
55 # args.append('sha%s' % mf_alg)
56 # for sf_alg in sf_algs:
57 # args.append('-s')
58 # args.append('sha%s' % sf_alg)
59 # for p7_alg in p7_algs:
60 # args.append('-p')
61 # args.append('sha%s' % p7_alg)
62 # SignedAppFile(filename, args)
63 #
64 # COSE test-cases
65 # SignedAppFile('cose_signed_with_pkcs7.zip', ['-c', 'ES256', '-p', 'sha256'])
66 # SignedAppFile('cose_int_signed_with_pkcs7.zip', ['-c', 'ES256', '-r', 'xpcshell signed apps test root', '-p', 'sha256'])
67 # SignedAppFile('cose_multiple_signed_with_pkcs7.zip', ['-c', 'ES256', '-c', 'ES384', '-p', 'sha256'])
68 # SignedAppFile('only_cose_signed.zip', ['-c', 'ES256'])
69 # SignedAppFile('only_cose_multiple_signed.zip', ['-c', 'ES384', '-c', 'ES256'])
70 # SignedAppFile('cose_tampered_good_pkcs7.zip', ['-m', 'sha1', '-s', 'sha1', '-p', 'sha1'], 'app_cose_tampered/')
71 # SignedAppFile('big_manifest.zip', ['-p', 'sha256', '--pad-headers', '2'])
72 # SignedAppFile('huge_manifest.zip', ['-p', 'sha256', '--pad-headers', '10'])
73 # SignedAppFile('validity_expired.zip', ['-c', 'ES256', '-p', 'sha256', '--cert-validity', '19700101-19701212'])
74 # SignedAppFile('validity_not_yet_valid.zip', ['-c', 'ES256', '-p', 'sha256', '--cert-validity', '99990101-99991212'])
75 # SignedAppFile('alternate-root.zip', ['-k', 'alternate', '-c', 'ES256', '-p', 'sha256'])
77 # To generate a new entry, add SignedAppFile, run mach build and copy from
78 # objdir/_tests/xpcshell/security/manager/ssl/tests/unit/test_signed_apps/
79 # to this directory.