alecs/plasma-framework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

and now packages are able to be verified by signed hash

Browse Source
This commit is contained in:
Aaron Seigo 2011-05-26 16:27:30 +02:00
parent 73758abf97
commit 1a255a51de
4 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
remote/signing.cpp
View File

@ -497,8 +497,6 @@ TrustLevel Signing::trustLevelOf(const QString &keyID) const
QString Signing::signerOf(const Package &package) const
{
const QString contents = package.path() + "CONTENTS";
kDebug() << "gonna go in for" << package.path();
kDebug() << "hash is" << package.contentsHash();
if (!QFile::exists(contents)) {
kDebug() << "not contents hash for package at" << package.path();
@ -512,19 +510,14 @@ QString Signing::signerOf(const Package &package) const
return QString();
}
char hash[10 * 1024];
qint64 read = file.read(hash, 10 * 1024 - 1);
if (read < 1) {
kDebug() << "failed to read the CONTENTS file at" << contents;
}
hash[read + 1] = '\0';
const QByteArray hash = file.read(10 * 1024);
const QString actualHash = package.contentsHash();
if (actualHash != hash) {
kDebug() << "CONTENTS does not match contents of package" << package.path();
return QString();
}
return "Success!";
return d->verifySignature(contents, QString());
}
QString Signing::signerOf(const KUrl &package, const KUrl &signature) const

1
tests/signedPackage/CONTENTS Normal file
View File

@ -0,0 +1 @@
f10e861114185f88a54b3a7bb7e2f7232c7b8835

BIN
tests/signedPackage/CONTENTS.sig Normal file
View File

Binary file not shown.

10
tests/signingtest.cpp
View File

@ -26,6 +26,8 @@
#include "plasma/applet.h"
#include "plasma/remote/signing.h"
static const QString fingerprint("8B8B22090C6F7C47B1EAEE75D6B72EB1A7F1DB43");
SigningTest::SigningTest(QObject *parent)
: QObject(parent),
m_signing(0),
@ -62,22 +64,22 @@ void SigningTest::missingFiles()
void SigningTest::invalidSignature()
{
QVERIFY(m_signing->signerOf(m_path, m_invalidSig).isEmpty());
QCOMPARE(m_signing->signerOf(m_path, m_invalidSig), QString());
}
void SigningTest::validSignature()
{
QVERIFY(!m_signing->signerOf(m_path, m_sig).isEmpty());
QCOMPARE(m_signing->signerOf(m_path, m_sig), fingerprint);
}
void SigningTest::validSignatureWithoutDefinedSigFile()
{
QVERIFY(!m_signing->signerOf(m_path).isEmpty());
QCOMPARE(m_signing->signerOf(m_path), fingerprint);
}
void SigningTest::validPackage()
{
QVERIFY(!m_signing->signerOf(m_package).isEmpty());
QCOMPARE(m_signing->signerOf(m_package), fingerprint);
}
void SigningTest::confirmDtorPerformance()