releasetools: Clean up ReplaceVerityKeyId and add tests. Test: python -m unittest test_sign_target_files_apks Test: Run sign_target_files_apks.py on marlin target_files.zip. Change-Id: Ic3c3f4f14c73f8f8e48a8341e024e0861e665989

commit: e838d1446c6c7be2d5b2f5beabf1a5557a131edb [log] [tgz]
author: Tao Bao <tbao@google.com> Sat Dec 23 23:44:48 2017 -0800
committer: Tao Bao <tbao@google.com> Tue Jan 02 12:29:31 2018 -0800
tree: 6c6f1cd619be25363e15d89513bf4a152085a53d
parent: 1c830bfbaa92f23bde31e6b40e72c13e61085ba7 [diff] [blame]
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 73d77e7..7a1126c 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py

@@ -577,31 +577,39 @@
   misc_info["verity_key"] = key_path
 
 
-def ReplaceVerityKeyId(targetfile_input_zip, targetfile_output_zip, key_path):
-  in_cmdline = targetfile_input_zip.read("BOOT/cmdline")
-  # copy in_cmdline to output_zip if veritykeyid is not present in in_cmdline
+def ReplaceVerityKeyId(input_zip, output_zip, key_path):
+  """Replaces the veritykeyid parameter in BOOT/cmdline.
+
+  Args:
+    input_zip: The input target_files zip, which should be already open.
+    output_zip: The output target_files zip, which should be already open and
+        writable.
+    key_path: The path to the PEM encoded X.509 certificate.
+  """
+  in_cmdline = input_zip.read("BOOT/cmdline")
+  # Copy in_cmdline to output_zip if veritykeyid is not present.
   if "veritykeyid" not in in_cmdline:
-    common.ZipWriteStr(targetfile_output_zip, "BOOT/cmdline", in_cmdline)
-    return in_cmdline
+    common.ZipWriteStr(output_zip, "BOOT/cmdline", in_cmdline)
+    return
+
   out_buffer = []
   for param in in_cmdline.split():
-    if "veritykeyid" in param:
-      # extract keyid using openssl command
-      p = common.Run(
-          ["openssl", "x509", "-in", key_path, "-text"],
-          stdout=subprocess.PIPE)
-      keyid, stderr = p.communicate()
-      keyid = re.search(
-          r'keyid:([0-9a-fA-F:]*)', keyid).group(1).replace(':', '').lower()
-      print("Replacing verity keyid with %s error=%s" % (keyid, stderr))
-      out_buffer.append("veritykeyid=id:%s" % (keyid,))
-    else:
+    if "veritykeyid" not in param:
       out_buffer.append(param)
+      continue
 
-  out_cmdline = ' '.join(out_buffer)
-  out_cmdline = out_cmdline.strip()
-  print("out_cmdline %s" % (out_cmdline))
-  common.ZipWriteStr(targetfile_output_zip, "BOOT/cmdline", out_cmdline)
+    # Extract keyid using openssl command.
+    p = common.Run(["openssl", "x509", "-in", key_path, "-text"],
+                   stdout=subprocess.PIPE)
+    keyid, stderr = p.communicate()
+    assert p.returncode == 0, "Failed to dump certificate: {}".format(stderr)
+    keyid = re.search(
+        r'keyid:([0-9a-fA-F:]*)', keyid).group(1).replace(':', '').lower()
+    print("Replacing verity keyid with {}".format(keyid))
+    out_buffer.append("veritykeyid=id:%s" % (keyid,))
+
+  out_cmdline = ' '.join(out_buffer).strip() + '\n'
+  common.ZipWriteStr(output_zip, "BOOT/cmdline", out_cmdline)
 
 
 def ReplaceMiscInfoTxt(input_zip, output_zip, misc_info):
commit	e838d1446c6c7be2d5b2f5beabf1a5557a131edb	[log] [tgz]
author	Tao Bao <tbao@google.com>	Sat Dec 23 23:44:48 2017 -0800
committer	Tao Bao <tbao@google.com>	Tue Jan 02 12:29:31 2018 -0800
tree	6c6f1cd619be25363e15d89513bf4a152085a53d
parent	1c830bfbaa92f23bde31e6b40e72c13e61085ba7 [diff] [blame]