change OTA tools to handle variable dev keys

The signing and OTA-building tools now understand the
default_sys_dev_certificate value which may be present in the
META/misc_info.txt file of the target-files packages.

Change-Id: I64f09ec0b77a5184b6ddb74019255518776ee773
diff --git a/tools/releasetools/sign_target_files_apks b/tools/releasetools/sign_target_files_apks
index 5353063..bc88ef8 100755
--- a/tools/releasetools/sign_target_files_apks
+++ b/tools/releasetools/sign_target_files_apks
@@ -36,10 +36,16 @@
   -d  (--default_key_mappings)  <dir>
       Set up the following key mappings:
 
-        build/target/product/security/testkey   ==>  $dir/releasekey
-        build/target/product/security/media     ==>  $dir/media
-        build/target/product/security/shared    ==>  $dir/shared
-        build/target/product/security/platform  ==>  $dir/platform
+        $devkey/devkey    ==>  $dir/releasekey
+        $devkey/testkey   ==>  $dir/releasekey
+        $devkey/media     ==>  $dir/media
+        $devkey/shared    ==>  $dir/shared
+        $devkey/platform  ==>  $dir/platform
+
+      where $devkey is the directory part of the value of
+      default_system_dev_certificate from the input target-files's
+      META/misc_info.txt.  (Defaulting to "build/target/product/security"
+      if the value is not present in misc_info.
 
       -d and -k options are added to the set of mappings in the order
       in which they appear on the command line.
@@ -55,7 +61,7 @@
       the last component of the build fingerprint).  Prefix each with
       '+' or '-' to indicate whether that tag should be added or
       removed.  Changes are processed in the order they appear.
-      Default value is "-test-keys,+release-keys".
+      Default value is "-test-keys,-dev-keys,+release-keys".
 
 """
 
@@ -80,7 +86,7 @@
 OPTIONS.extra_apks = {}
 OPTIONS.key_map = {}
 OPTIONS.replace_ota_keys = False
-OPTIONS.tag_changes = ("-test-keys", "+release-keys")
+OPTIONS.tag_changes = ("-test-keys", "-dev-keys", "+release-keys")
 
 def GetApkCerts(tf_zip):
   certmap = common.ReadApkCerts(tf_zip)
@@ -198,14 +204,12 @@
   return "\n".join(output) + "\n"
 
 
-def ReplaceOtaKeys(input_tf_zip, output_tf_zip):
+def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info):
   try:
     keylist = input_tf_zip.read("META/otakeys.txt").split()
   except KeyError:
     raise ExternalError("can't read META/otakeys.txt from input")
 
-  misc_info = common.LoadInfoDict(input_tf_zip)
-
   extra_recovery_keys = misc_info.get("extra_recovery_keys", None)
   if extra_recovery_keys:
     extra_recovery_keys = [OPTIONS.key_map.get(k, k) + ".x509.pem"
@@ -227,10 +231,10 @@
     print "using:\n   ", "\n   ".join(mapped_keys)
     print "for OTA package verification"
   else:
+    devkey = misc_info.get("default_system_dev_certificate",
+                           "build/target/product/security/testkey")
     mapped_keys.append(
-        OPTIONS.key_map.get("build/target/product/security/testkey",
-                            "build/target/product/security/testkey")
-        + ".x509.pem")
+        OPTIONS.key_map.get(devkey, devkey) + ".x509.pem")
     print "META/otakeys.txt has no keys; using", mapped_keys[0]
 
   # recovery uses a version of the key that has been slightly
@@ -259,8 +263,28 @@
                      tempfile.getvalue())
 
 
+def BuildKeyMap(misc_info, key_mapping_options):
+  for s, d in key_mapping_options:
+    if s is None:   # -d option
+      devkey = misc_info.get("default_system_dev_certificate",
+                             "build/target/product/security/testkey")
+      devkeydir = os.path.dirname(devkey)
+
+      OPTIONS.key_map.update({
+          devkeydir + "/testkey":  d + "/releasekey",
+          devkeydir + "/devkey":   d + "/releasekey",
+          devkeydir + "/media":    d + "/media",
+          devkeydir + "/shared":   d + "/shared",
+          devkeydir + "/platform": d + "/platform",
+          })
+    else:
+      OPTIONS.key_map[s] = d
+
+
 def main(argv):
 
+  key_mapping_options = []
+
   def option_handler(o, a):
     if o in ("-e", "--extra_apks"):
       names, key = a.split("=")
@@ -268,15 +292,9 @@
       for n in names:
         OPTIONS.extra_apks[n] = key
     elif o in ("-d", "--default_key_mappings"):
-      OPTIONS.key_map.update({
-          "build/target/product/security/testkey": "%s/releasekey" % (a,),
-          "build/target/product/security/media": "%s/media" % (a,),
-          "build/target/product/security/shared": "%s/shared" % (a,),
-          "build/target/product/security/platform": "%s/platform" % (a,),
-          })
+      key_mapping_options.append((None, a))
     elif o in ("-k", "--key_mapping"):
-      s, d = a.split("=")
-      OPTIONS.key_map[s] = d
+      key_mapping_options.append(a.split("=", 1))
     elif o in ("-o", "--replace_ota_keys"):
       OPTIONS.replace_ota_keys = True
     elif o in ("-t", "--tag_changes"):
@@ -307,6 +325,10 @@
   input_zip = zipfile.ZipFile(args[0], "r")
   output_zip = zipfile.ZipFile(args[1], "w")
 
+  misc_info = common.LoadInfoDict(input_zip)
+
+  BuildKeyMap(misc_info, key_mapping_options)
+
   apk_key_map = GetApkCerts(input_zip)
   CheckAllApksSigned(input_zip, apk_key_map)