新增简易的8080面板😊

tools/test_signature.py

@@ -0,0 +1,199 @@
+#!/usr/bin/env python3
+"""
+签名验证测试脚本
+测试签名验证功能是否正常工作
+"""
+
+import sys
+import json
+import base64
+import hashlib
+from pathlib import Path
+
+# 添加项目路径
+sys.path.insert(0, str(Path(__file__).parent.parent))
+sys.path.insert(0, str(Path(__file__).parent.parent / "store/@{FutureOSS}/signature-verifier"))
+
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import padding
+from cryptography.hazmat.backends import default_backend
+from cryptography.exceptions import InvalidSignature
+
+# 导入签名验证插件
+from main import SignatureVerifier, SignatureSigner
+
+
+def test_verify_official_plugins():
+    """测试验证所有已签名的官方插件"""
+    print("="*60)
+    print("测试 1: 验证所有官方插件签名")
+    print("="*60)
+    
+    store_dir = Path(__file__).parent.parent / "store"
+    verifier = SignatureVerifier(key_dir="./data/signature-verifier/keys")
+    
+    authors = ["FutureOSS", "Falck"]
+    total = 0
+    passed = 0
+    failed = 0
+    
+    for author in authors:
+        author_dir = store_dir / f"@{{{author}}}"
+        if not author_dir.exists():
+            continue
+        
+        print(f"\n--- @{author} ---")
+        for plugin_dir in sorted(author_dir.iterdir()):
+            if plugin_dir.is_dir() and (plugin_dir / "manifest.json").exists():
+                total += 1
+                valid, msg = verifier.verify_plugin(plugin_dir, author)
+                status = "✅ 通过" if valid else "❌ 失败"
+                print(f"  {status}: {plugin_dir.name} - {msg}")
+                if valid:
+                    passed += 1
+                else:
+                    failed += 1
+    
+    print(f"\n{'='*60}")
+    print(f"结果: {passed}/{total} 通过, {failed} 失败")
+    print(f"{'='*60}")
+    return failed == 0
+
+
+def test_tamper_detection():
+    """测试篡改检测"""
+    print("\n" + "="*60)
+    print("测试 2: 篡改检测")
+    print("="*60)
+    
+    store_dir = Path(__file__).parent.parent / "store"
+    verifier = SignatureVerifier(key_dir="./data/signature-verifier/keys")
+    
+    # 选择一个测试插件
+    test_plugin = store_dir / "@{FutureOSS}" / "dashboard"
+    if not test_plugin.exists():
+        print("跳过: dashboard 插件不存在")
+        return True
+    
+    # 验证原始签名
+    valid_before, msg_before = verifier.verify_plugin(test_plugin, "FutureOSS")
+    print(f"\n篡改前: {'✅ 有效' if valid_before else '❌ 无效'} - {msg_before}")
+    
+    if not valid_before:
+        print("警告: 原始签名已无效，跳过篡改测试")
+        return False
+    
+    # 创建一个临时篡改文件
+    tamper_file = test_plugin / "__tamper_test__.tmp"
+    tamper_file.write_text("tampered content")
+    
+    # 验证篡改后的签名
+    valid_after, msg_after = verifier.verify_plugin(test_plugin, "FutureOSS")
+    print(f"篡改后: {'✅ 有效' if valid_after else '❌ 无效'} - {msg_after}")
+    
+    # 清理
+    tamper_file.unlink()
+    
+    # 再次验证应该恢复有效
+    valid_clean, msg_clean = verifier.verify_plugin(test_plugin, "FutureOSS")
+    print(f"清理后: {'✅ 有效' if valid_clean else '❌ 无效'} - {msg_clean}")
+    
+    # 预期：篡改后无效，清理后有效
+    success = not valid_after and valid_clean
+    print(f"\n{'='*60}")
+    print(f"篡改检测: {'✅ 成功' if success else '❌ 失败'}")
+    print(f"{'='*60}")
+    return success
+
+
+def test_missing_signature():
+    """测试缺失签名文件"""
+    print("\n" + "="*60)
+    print("测试 3: 缺失签名检测")
+    print("="*60)
+    
+    store_dir = Path(__file__).parent.parent / "store"
+    verifier = SignatureVerifier(key_dir="./data/signature-verifier/keys")
+    
+    # 选择一个插件并临时移除签名
+    test_plugin = store_dir / "@{FutureOSS}" / "json-codec"
+    if not test_plugin.exists():
+        print("跳过: json-codec 插件不存在")
+        return True
+    
+    sig_file = test_plugin / "SIGNATURE"
+    if not sig_file.exists():
+        print("跳过: json-codec 没有签名文件")
+        return True
+    
+    # 备份签名
+    backup = sig_file.read_text()
+    sig_file.unlink()
+    
+    # 验证
+    valid, msg = verifier.verify_plugin(test_plugin, "FutureOSS")
+    print(f"无签名: {'✅ 有效' if valid else '❌ 无效'} - {msg}")
+    
+    # 恢复
+    sig_file.write_text(backup)
+    
+    valid_restored, msg_restored = verifier.verify_plugin(test_plugin, "FutureOSS")
+    print(f"恢复后: {'✅ 有效' if valid_restored else '❌ 无效'} - {msg_restored}")
+    
+    success = not valid and valid_restored
+    print(f"\n{'='*60}")
+    print(f"缺失签名检测: {'✅ 成功' if success else '❌ 失败'}")
+    print(f"{'='*60}")
+    return success
+
+
+def test_official_check():
+    """测试 is_official_plugin 方法"""
+    print("\n" + "="*60)
+    print("测试 4: 官方插件识别")
+    print("="*60)
+    
+    store_dir = Path(__file__).parent.parent / "store"
+    verifier = SignatureVerifier(key_dir="./data/signature-verifier/keys")
+    
+    # 测试官方插件
+    official_plugin = store_dir / "@{FutureOSS}" / "dashboard"
+    is_official = verifier.is_official_plugin(official_plugin)
+    print(f"dashboard 是官方插件: {'✅ 是' if is_official else '❌ 否'}")
+    
+    success = is_official
+    print(f"\n{'='*60}")
+    print(f"官方插件识别: {'✅ 成功' if success else '❌ 失败'}")
+    print(f"{'='*60}")
+    return success
+
+
+def main():
+    print("FutureOSS 签名验证系统测试")
+    print("="*60)
+    
+    results = []
+    
+    results.append(("官方插件验证", test_verify_official_plugins()))
+    results.append(("篡改检测", test_tamper_detection()))
+    results.append(("缺失签名检测", test_missing_signature()))
+    results.append(("官方插件识别", test_official_check()))
+    
+    print("\n" + "="*60)
+    print("测试总结")
+    print("="*60)
+    
+    for name, passed in results:
+        status = "✅ 通过" if passed else "❌ 失败"
+        print(f"  {status}: {name}")
+    
+    all_passed = all(r[1] for r in results)
+    print(f"\n{'='*60}")
+    print(f"总体结果: {'✅ 全部通过' if all_passed else '❌ 有失败'}")
+    print(f"{'='*60}")
+    
+    return 0 if all_passed else 1
+
+
+if __name__ == "__main__":
+    sys.exit(main())