moz.build (3762B)
1 # -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- 2 # vim: set filetype=python: 3 # This Source Code Form is subject to the terms of the Mozilla Public 4 # License, v. 2.0. If a copy of the MPL was not distributed with this 5 # file, You can obtain one at http://mozilla.org/MPL/2.0/. 6 7 8 @template 9 def SignedAppFile(name, flags, app_directory="app/"): 10 if not CONFIG["COMPILE_ENVIRONMENT"]: 11 return 12 13 GENERATED_FILES += [name] 14 props = GENERATED_FILES[name] 15 props.script = "/security/manager/ssl/tests/unit/sign_app.py" 16 props.inputs = [app_directory] 17 props.flags = flags 18 # Turn RELATIVEDIR into list entry: like 19 # 'security/manager/ssl/tests/unit/test_signed_apps' -> 20 # TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_signed_apps. 21 files = TEST_HARNESS_FILES.xpcshell 22 for part in RELATIVEDIR.split("/"): 23 files = files[part] 24 files += ["!%s" % name] 25 26 27 # Except for unusual testcases (unknown issuer, unsigned app, empty 28 # signerInfos), the naming scheme is as follows: 29 # app_mf{-1,-256}_sf{-1,-256}_p7{-1,-256}.zip, where: 30 # "mf" refers to the manifest file, "sf" refers to the signature file, 31 # and "p7" refers to the pkcs#7 file. The "{-1,-256}" indicates which 32 # hash algorithms are present in the corresponding file (both may be 33 # present). 34 # For example, "app_mf-1_sf-1-256_p7-256.zip" means that the manifest 35 # file has sha-1 hashes, the signature file has sha-1 hashes and sha-256 36 # hashes, and the pkcs#7 file only has sha-256. 37 # 38 # Temporarily disabled. See bug 1256495. 39 # signed_app_files = ( 40 # ['unknown_issuer_app.zip', '-i', 'unknown issuer', '-p', 'sha256'], 41 # ['unsigned_app.zip'], 42 # ['empty_signerInfos.zip', '-e'], 43 # ) 44 # 45 # for signed_app_file_params in signed_app_files: 46 # SignedAppFile(signed_app_file_params[0], signed_app_file_params[1:]) 47 # 48 # for mf_algs in [['1'], ['256'], ['1', '256']]: 49 # for sf_algs in [['1'], ['256'], ['1', '256']]: 50 # for p7_algs in [['1'], ['256'], ['1', '256']]: 51 # filename = "app_mf-%s_sf-%s_p7-%s.zip" % ('-'.join(mf_algs), '-'.join(sf_algs), '-'.join(p7_algs)) 52 # args = [] 53 # for mf_alg in mf_algs: 54 # args.append('-m') 55 # args.append('sha%s' % mf_alg) 56 # for sf_alg in sf_algs: 57 # args.append('-s') 58 # args.append('sha%s' % sf_alg) 59 # for p7_alg in p7_algs: 60 # args.append('-p') 61 # args.append('sha%s' % p7_alg) 62 # SignedAppFile(filename, args) 63 # 64 # COSE test-cases 65 # SignedAppFile('cose_signed_with_pkcs7.zip', ['-c', 'ES256', '-p', 'sha256']) 66 # SignedAppFile('cose_int_signed_with_pkcs7.zip', ['-c', 'ES256', '-r', 'xpcshell signed apps test root', '-p', 'sha256']) 67 # SignedAppFile('cose_multiple_signed_with_pkcs7.zip', ['-c', 'ES256', '-c', 'ES384', '-p', 'sha256']) 68 # SignedAppFile('only_cose_signed.zip', ['-c', 'ES256']) 69 # SignedAppFile('only_cose_multiple_signed.zip', ['-c', 'ES384', '-c', 'ES256']) 70 # SignedAppFile('cose_tampered_good_pkcs7.zip', ['-m', 'sha1', '-s', 'sha1', '-p', 'sha1'], 'app_cose_tampered/') 71 # SignedAppFile('big_manifest.zip', ['-p', 'sha256', '--pad-headers', '2']) 72 # SignedAppFile('huge_manifest.zip', ['-p', 'sha256', '--pad-headers', '10']) 73 # SignedAppFile('validity_expired.zip', ['-c', 'ES256', '-p', 'sha256', '--cert-validity', '19700101-19701212']) 74 # SignedAppFile('validity_not_yet_valid.zip', ['-c', 'ES256', '-p', 'sha256', '--cert-validity', '99990101-99991212']) 75 # SignedAppFile('alternate-root.zip', ['-k', 'alternate', '-c', 'ES256', '-p', 'sha256']) 76 77 # To generate a new entry, add SignedAppFile, run mach build and copy from 78 # objdir/_tests/xpcshell/security/manager/ssl/tests/unit/test_signed_apps/ 79 # to this directory.