Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build / 817c574d753191c52acd5787da02bb853d4ac090^! / . / tools / releasetools / sign_target_files_apks
commit817c574d753191c52acd5787da02bb853d4ac090[log] [tgz]
authorRobert Craig <rpcraig@tycho.ncsc.mil>Fri Apr 19 10:59:22 2013 -0400
committerRobert Craig <rpcraig@tycho.ncsc.mil>Fri Aug 09 07:20:52 2013 -0400
treea5e226bb76bcc5dc3d8d17100ae93acfb17621b0
parent840f9d0a274cffbef790dc20cd4f9eec27c3841b [diff] [blame]
Modify release tools to replace certs in MMAC files.

Added support to perform a string replace of specified
dev keys with release keys when using the release tool
scripts.

Change-Id: Id0e945b0d62720c41f5ca9764a00de4bcdecaab4
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

diff --git a/tools/releasetools/sign_target_files_apks b/tools/releasetools/sign_target_files_apks
index 9fb1008..fe6f820 100755
--- a/tools/releasetools/sign_target_files_apks
+++ b/tools/releasetools/sign_target_files_apks

@@ -71,8 +71,10 @@
   print >> sys.stderr, "Python 2.4 or newer is required."
   sys.exit(1)
 
+import base64
 import cStringIO
 import copy
+import errno
 import os
 import re
 import subprocess
@@ -161,11 +163,45 @@
       print "rewriting %s:" % (info.filename,)
       new_data = RewriteProps(data)
       output_tf_zip.writestr(out_info, new_data)
+    elif info.filename.endswith("mac_permissions.xml"):
+      print "rewriting %s with new keys." % (info.filename,)
+      new_data = ReplaceCerts(data)
+      output_tf_zip.writestr(out_info, new_data)
     else:
       # a non-APK file; copy it verbatim
       output_tf_zip.writestr(out_info, data)
 
 
+def ReplaceCerts(data):
+  """Given a string of data, replace all occurences of a set
+  of X509 certs with a newer set of X509 certs and return
+  the updated data string."""
+  for old, new in OPTIONS.key_map.iteritems():
+    try:
+      if OPTIONS.verbose:
+        print "    Replacing %s.x509.pem with %s.x509.pem" % (old, new)
+      f = open(old + ".x509.pem")
+      old_cert16 = base64.b16encode(common.ParseCertificate(f.read())).lower()
+      f.close()
+      f = open(new + ".x509.pem")
+      new_cert16 = base64.b16encode(common.ParseCertificate(f.read())).lower()
+      f.close()
+      # Only match entire certs.
+      pattern = "\\b"+old_cert16+"\\b"
+      (data, num) = re.subn(pattern, new_cert16, data, flags=re.IGNORECASE)
+      if OPTIONS.verbose:
+        print "    Replaced %d occurence(s) of %s.x509.pem with " \
+            "%s.x509.pem" % (num, old, new)
+    except IOError, e:
+      if (e.errno == errno.ENOENT and not OPTIONS.verbose):
+        continue
+
+      print "    Error accessing %s. %s. Skip replacing %s.x509.pem " \
+          "with %s.x509.pem." % (e.filename, e.strerror, old, new)
+
+  return data
+
+
 def EditTags(tags):
   """Given a string containing comma-separated tags, apply the edits
   specified in OPTIONS.tag_changes and return the updated string."""