Loading tools/releasetools/check_target_files_signatures +2 −17 Original line number Original line Diff line number Diff line Loading @@ -135,7 +135,7 @@ class CertDB(object): for i in to_load: for i in to_load: f = open(i) f = open(i) cert = ParseCertificate(f.read()) cert = common.ParseCertificate(f.read()) f.close() f.close() name, _ = os.path.splitext(i) name, _ = os.path.splitext(i) name, _ = os.path.splitext(name) name, _ = os.path.splitext(name) Loading @@ -144,21 +144,6 @@ class CertDB(object): ALL_CERTS = CertDB() ALL_CERTS = CertDB() def ParseCertificate(data): """Parse a PEM-format certificate.""" cert = [] save = False for line in data.split("\n"): if "--END CERTIFICATE--" in line: break if save: cert.append(line) if "--BEGIN CERTIFICATE--" in line: save = True cert = "".join(cert).decode('base64') return cert def CertFromPKCS7(data, filename): def CertFromPKCS7(data, filename): """Read the cert out of a PKCS#7-format file (which is what is """Read the cert out of a PKCS#7-format file (which is what is stored in a signed .apk).""" stored in a signed .apk).""" Loading @@ -175,7 +160,7 @@ def CertFromPKCS7(data, filename): AddProblem("error reading cert:\n" + err) AddProblem("error reading cert:\n" + err) return None return None cert = ParseCertificate(out) cert = common.ParseCertificate(out) if not cert: if not cert: AddProblem("error parsing cert output") AddProblem("error parsing cert output") return None return None Loading tools/releasetools/common.py +15 −0 Original line number Original line Diff line number Diff line Loading @@ -954,3 +954,18 @@ def GetTypeAndDevice(mount_point, info): return PARTITION_TYPES[fstab[mount_point].fs_type], fstab[mount_point].device return PARTITION_TYPES[fstab[mount_point].fs_type], fstab[mount_point].device else: else: return None return None def ParseCertificate(data): """Parse a PEM-format certificate.""" cert = [] save = False for line in data.split("\n"): if "--END CERTIFICATE--" in line: break if save: cert.append(line) if "--BEGIN CERTIFICATE--" in line: save = True cert = "".join(cert).decode('base64') return cert tools/releasetools/sign_target_files_apks +36 −0 Original line number Original line Diff line number Diff line Loading @@ -71,8 +71,10 @@ if sys.hexversion < 0x02040000: print >> sys.stderr, "Python 2.4 or newer is required." print >> sys.stderr, "Python 2.4 or newer is required." sys.exit(1) sys.exit(1) import base64 import cStringIO import cStringIO import copy import copy import errno import os import os import re import re import subprocess import subprocess Loading Loading @@ -161,11 +163,45 @@ def SignApks(input_tf_zip, output_tf_zip, apk_key_map, key_passwords): print "rewriting %s:" % (info.filename,) print "rewriting %s:" % (info.filename,) new_data = RewriteProps(data) new_data = RewriteProps(data) output_tf_zip.writestr(out_info, new_data) output_tf_zip.writestr(out_info, new_data) elif info.filename.endswith("mac_permissions.xml"): print "rewriting %s with new keys." % (info.filename,) new_data = ReplaceCerts(data) output_tf_zip.writestr(out_info, new_data) else: else: # a non-APK file; copy it verbatim # a non-APK file; copy it verbatim output_tf_zip.writestr(out_info, data) output_tf_zip.writestr(out_info, data) def ReplaceCerts(data): """Given a string of data, replace all occurences of a set of X509 certs with a newer set of X509 certs and return the updated data string.""" for old, new in OPTIONS.key_map.iteritems(): try: if OPTIONS.verbose: print " Replacing %s.x509.pem with %s.x509.pem" % (old, new) f = open(old + ".x509.pem") old_cert16 = base64.b16encode(common.ParseCertificate(f.read())).lower() f.close() f = open(new + ".x509.pem") new_cert16 = base64.b16encode(common.ParseCertificate(f.read())).lower() f.close() # Only match entire certs. pattern = "\\b"+old_cert16+"\\b" (data, num) = re.subn(pattern, new_cert16, data, flags=re.IGNORECASE) if OPTIONS.verbose: print " Replaced %d occurence(s) of %s.x509.pem with " \ "%s.x509.pem" % (num, old, new) except IOError, e: if (e.errno == errno.ENOENT and not OPTIONS.verbose): continue print " Error accessing %s. %s. Skip replacing %s.x509.pem " \ "with %s.x509.pem." % (e.filename, e.strerror, old, new) return data def EditTags(tags): def EditTags(tags): """Given a string containing comma-separated tags, apply the edits """Given a string containing comma-separated tags, apply the edits specified in OPTIONS.tag_changes and return the updated string.""" specified in OPTIONS.tag_changes and return the updated string.""" Loading Loading
tools/releasetools/check_target_files_signatures +2 −17 Original line number Original line Diff line number Diff line Loading @@ -135,7 +135,7 @@ class CertDB(object): for i in to_load: for i in to_load: f = open(i) f = open(i) cert = ParseCertificate(f.read()) cert = common.ParseCertificate(f.read()) f.close() f.close() name, _ = os.path.splitext(i) name, _ = os.path.splitext(i) name, _ = os.path.splitext(name) name, _ = os.path.splitext(name) Loading @@ -144,21 +144,6 @@ class CertDB(object): ALL_CERTS = CertDB() ALL_CERTS = CertDB() def ParseCertificate(data): """Parse a PEM-format certificate.""" cert = [] save = False for line in data.split("\n"): if "--END CERTIFICATE--" in line: break if save: cert.append(line) if "--BEGIN CERTIFICATE--" in line: save = True cert = "".join(cert).decode('base64') return cert def CertFromPKCS7(data, filename): def CertFromPKCS7(data, filename): """Read the cert out of a PKCS#7-format file (which is what is """Read the cert out of a PKCS#7-format file (which is what is stored in a signed .apk).""" stored in a signed .apk).""" Loading @@ -175,7 +160,7 @@ def CertFromPKCS7(data, filename): AddProblem("error reading cert:\n" + err) AddProblem("error reading cert:\n" + err) return None return None cert = ParseCertificate(out) cert = common.ParseCertificate(out) if not cert: if not cert: AddProblem("error parsing cert output") AddProblem("error parsing cert output") return None return None Loading
tools/releasetools/common.py +15 −0 Original line number Original line Diff line number Diff line Loading @@ -954,3 +954,18 @@ def GetTypeAndDevice(mount_point, info): return PARTITION_TYPES[fstab[mount_point].fs_type], fstab[mount_point].device return PARTITION_TYPES[fstab[mount_point].fs_type], fstab[mount_point].device else: else: return None return None def ParseCertificate(data): """Parse a PEM-format certificate.""" cert = [] save = False for line in data.split("\n"): if "--END CERTIFICATE--" in line: break if save: cert.append(line) if "--BEGIN CERTIFICATE--" in line: save = True cert = "".join(cert).decode('base64') return cert
tools/releasetools/sign_target_files_apks +36 −0 Original line number Original line Diff line number Diff line Loading @@ -71,8 +71,10 @@ if sys.hexversion < 0x02040000: print >> sys.stderr, "Python 2.4 or newer is required." print >> sys.stderr, "Python 2.4 or newer is required." sys.exit(1) sys.exit(1) import base64 import cStringIO import cStringIO import copy import copy import errno import os import os import re import re import subprocess import subprocess Loading Loading @@ -161,11 +163,45 @@ def SignApks(input_tf_zip, output_tf_zip, apk_key_map, key_passwords): print "rewriting %s:" % (info.filename,) print "rewriting %s:" % (info.filename,) new_data = RewriteProps(data) new_data = RewriteProps(data) output_tf_zip.writestr(out_info, new_data) output_tf_zip.writestr(out_info, new_data) elif info.filename.endswith("mac_permissions.xml"): print "rewriting %s with new keys." % (info.filename,) new_data = ReplaceCerts(data) output_tf_zip.writestr(out_info, new_data) else: else: # a non-APK file; copy it verbatim # a non-APK file; copy it verbatim output_tf_zip.writestr(out_info, data) output_tf_zip.writestr(out_info, data) def ReplaceCerts(data): """Given a string of data, replace all occurences of a set of X509 certs with a newer set of X509 certs and return the updated data string.""" for old, new in OPTIONS.key_map.iteritems(): try: if OPTIONS.verbose: print " Replacing %s.x509.pem with %s.x509.pem" % (old, new) f = open(old + ".x509.pem") old_cert16 = base64.b16encode(common.ParseCertificate(f.read())).lower() f.close() f = open(new + ".x509.pem") new_cert16 = base64.b16encode(common.ParseCertificate(f.read())).lower() f.close() # Only match entire certs. pattern = "\\b"+old_cert16+"\\b" (data, num) = re.subn(pattern, new_cert16, data, flags=re.IGNORECASE) if OPTIONS.verbose: print " Replaced %d occurence(s) of %s.x509.pem with " \ "%s.x509.pem" % (num, old, new) except IOError, e: if (e.errno == errno.ENOENT and not OPTIONS.verbose): continue print " Error accessing %s. %s. Skip replacing %s.x509.pem " \ "with %s.x509.pem." % (e.filename, e.strerror, old, new) return data def EditTags(tags): def EditTags(tags): """Given a string containing comma-separated tags, apply the edits """Given a string containing comma-separated tags, apply the edits specified in OPTIONS.tag_changes and return the updated string.""" specified in OPTIONS.tag_changes and return the updated string.""" Loading
