autograph-mar.yaml
server:
listen: "0.0.0.0:8000"
noncecachesize: 524288
signers:
- id: testmar
type: mar
privatekey: |
autograph-mar.yaml
server:
listen: "0.0.0.0:8000"
noncecachesize: 524288
signers:
- id: testmar
type: mar
privatekey: |
firefox-10.0esr-10.0.1esr.partial.mar | |
null | |
firefox-1.5rc2-1.5.partial.mar | |
null | |
firefox-2.0.0.1.complete.mar | |
null | |
firefox-2.0-2.0.0.1.partial.mar |
$ curl -s http://localhost:8080/__heartbeat__|jq | |
{ | |
"status": false, | |
"checks": { | |
"check_autograph_heartbeat": false | |
}, | |
"details": "failed to request autograph heartbeat from http://localhost:8000/__heartbeat__: Get http://localhost:8000/__heartbeat__: dial tcp [::1]:8000: connect: connection refused" | |
} |
#!/usr/bin/env bash | |
set -e | |
[ ! -r "$1" ] && echo "usage: $0 <apk>" && exit 1 | |
tmpdir="$(mktemp -d)" | |
tmpcrt="$(mktemp)" | |
# unzip the apk into a temporary directory | |
unzip -qq "$1" -d "$tmpdir" | |
# extract the public cert from the pkcs7 detached signature |
package main | |
import ( | |
"bytes" | |
"encoding/json" | |
"fmt" | |
"io/ioutil" | |
"log" | |
"net/http" | |
"strings" |
go.mozilla.org/autograph | |
├ context | |
├ crypto/rand | |
├ crypto/sha256 | |
├ encoding/base64 | |
├ encoding/json | |
├ flag | |
├ fmt | |
├ io/ioutil | |
├ math/big |
$ LD_LIBRARY_PATH=tools/signmar-sha384/lib/ strace tools/signmar-sha384/bin/signmar \ | |
-d . \ | |
-n testmar \ | |
-v /tmp/resigned.mar | |
execve("tools/signmar-sha384/bin/signmar", ["tools/signmar-sha384/bin/signmar", "-d", ".", "-n", "testmar", "-v", "/tmp/resigned.mar"], 0x7fff51914f90 /* 62 vars */) = 0 | |
brk(NULL) = 0xc64000 | |
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) | |
openat(AT_FDCWD, "tools/signmar-sha384/lib/tls/haswell/x86_64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) |
server: | |
listen: "0.0.0.0:8000" | |
# cache 500k nonces to protect from authorization replay attacks | |
noncecachesize: 524288 | |
# The keys below are testing keys that do not grant any power | |
signers: | |
- id: testmar | |
type: mar | |
privatekey: | |
// This code requires a configuration file to initialize the crypto11 | |
// library. Use the following config in crypto11.config: | |
// { | |
// "Path" : "/opt/cloudhsm/lib/libcloudhsm_pkcs11.so", | |
// "TokenLabel": "cavium", | |
// "Pin" : "$CRYPTO_USER:$PASSWORD" | |
// } | |
// then invoke the program with: | |
// !CKNFAST_DEBUG=2 CRYPTO11_CONFIG_PATH=crypto11.config go run crypto11_sign.go | |
package main |
package main | |
import ( | |
"encoding/base64" | |
"fmt" | |
"github.com/miekg/pkcs11" | |
) | |
func main() { |