Loading tools/releasetools/check_target_files_signatures +2 −17 Original line number Diff line number Diff line Loading @@ -135,7 +135,7 @@ class CertDB(object): for i in to_load: f = open(i) cert = ParseCertificate(f.read()) cert = common.ParseCertificate(f.read()) f.close() name, _ = os.path.splitext(i) name, _ = os.path.splitext(name) Loading @@ -144,21 +144,6 @@ class CertDB(object): ALL_CERTS = CertDB() def ParseCertificate(data): """Parse a PEM-format certificate.""" cert = [] save = False for line in data.split("\n"): if "--END CERTIFICATE--" in line: break if save: cert.append(line) if "--BEGIN CERTIFICATE--" in line: save = True cert = "".join(cert).decode('base64') return cert def CertFromPKCS7(data, filename): """Read the cert out of a PKCS#7-format file (which is what is stored in a signed .apk).""" Loading @@ -175,7 +160,7 @@ def CertFromPKCS7(data, filename): AddProblem("error reading cert:\n" + err) return None cert = ParseCertificate(out) cert = common.ParseCertificate(out) if not cert: AddProblem("error parsing cert output") return None Loading tools/releasetools/common.py +15 −0 Original line number Diff line number Diff line Loading @@ -954,3 +954,18 @@ def GetTypeAndDevice(mount_point, info): return PARTITION_TYPES[fstab[mount_point].fs_type], fstab[mount_point].device else: return None def ParseCertificate(data): """Parse a PEM-format certificate.""" cert = [] save = False for line in data.split("\n"): if "--END CERTIFICATE--" in line: break if save: cert.append(line) if "--BEGIN CERTIFICATE--" in line: save = True cert = "".join(cert).decode('base64') return cert tools/releasetools/sign_target_files_apks +36 −0 Original line number Diff line number Diff line Loading @@ -71,8 +71,10 @@ if sys.hexversion < 0x02040000: print >> sys.stderr, "Python 2.4 or newer is required." sys.exit(1) import base64 import cStringIO import copy import errno import os import re import subprocess Loading Loading @@ -161,11 +163,45 @@ def SignApks(input_tf_zip, output_tf_zip, apk_key_map, key_passwords): print "rewriting %s:" % (info.filename,) new_data = RewriteProps(data) output_tf_zip.writestr(out_info, new_data) elif info.filename.endswith("mac_permissions.xml"): print "rewriting %s with new keys." % (info.filename,) new_data = ReplaceCerts(data) output_tf_zip.writestr(out_info, new_data) else: # a non-APK file; copy it verbatim output_tf_zip.writestr(out_info, data) def ReplaceCerts(data): """Given a string of data, replace all occurences of a set of X509 certs with a newer set of X509 certs and return the updated data string.""" for old, new in OPTIONS.key_map.iteritems(): try: if OPTIONS.verbose: print " Replacing %s.x509.pem with %s.x509.pem" % (old, new) f = open(old + ".x509.pem") old_cert16 = base64.b16encode(common.ParseCertificate(f.read())).lower() f.close() f = open(new + ".x509.pem") new_cert16 = base64.b16encode(common.ParseCertificate(f.read())).lower() f.close() # Only match entire certs. pattern = "\\b"+old_cert16+"\\b" (data, num) = re.subn(pattern, new_cert16, data, flags=re.IGNORECASE) if OPTIONS.verbose: print " Replaced %d occurence(s) of %s.x509.pem with " \ "%s.x509.pem" % (num, old, new) except IOError, e: if (e.errno == errno.ENOENT and not OPTIONS.verbose): continue print " Error accessing %s. %s. Skip replacing %s.x509.pem " \ "with %s.x509.pem." % (e.filename, e.strerror, old, new) return data def EditTags(tags): """Given a string containing comma-separated tags, apply the edits specified in OPTIONS.tag_changes and return the updated string.""" Loading Loading
tools/releasetools/check_target_files_signatures +2 −17 Original line number Diff line number Diff line Loading @@ -135,7 +135,7 @@ class CertDB(object): for i in to_load: f = open(i) cert = ParseCertificate(f.read()) cert = common.ParseCertificate(f.read()) f.close() name, _ = os.path.splitext(i) name, _ = os.path.splitext(name) Loading @@ -144,21 +144,6 @@ class CertDB(object): ALL_CERTS = CertDB() def ParseCertificate(data): """Parse a PEM-format certificate.""" cert = [] save = False for line in data.split("\n"): if "--END CERTIFICATE--" in line: break if save: cert.append(line) if "--BEGIN CERTIFICATE--" in line: save = True cert = "".join(cert).decode('base64') return cert def CertFromPKCS7(data, filename): """Read the cert out of a PKCS#7-format file (which is what is stored in a signed .apk).""" Loading @@ -175,7 +160,7 @@ def CertFromPKCS7(data, filename): AddProblem("error reading cert:\n" + err) return None cert = ParseCertificate(out) cert = common.ParseCertificate(out) if not cert: AddProblem("error parsing cert output") return None Loading
tools/releasetools/common.py +15 −0 Original line number Diff line number Diff line Loading @@ -954,3 +954,18 @@ def GetTypeAndDevice(mount_point, info): return PARTITION_TYPES[fstab[mount_point].fs_type], fstab[mount_point].device else: return None def ParseCertificate(data): """Parse a PEM-format certificate.""" cert = [] save = False for line in data.split("\n"): if "--END CERTIFICATE--" in line: break if save: cert.append(line) if "--BEGIN CERTIFICATE--" in line: save = True cert = "".join(cert).decode('base64') return cert
tools/releasetools/sign_target_files_apks +36 −0 Original line number Diff line number Diff line Loading @@ -71,8 +71,10 @@ if sys.hexversion < 0x02040000: print >> sys.stderr, "Python 2.4 or newer is required." sys.exit(1) import base64 import cStringIO import copy import errno import os import re import subprocess Loading Loading @@ -161,11 +163,45 @@ def SignApks(input_tf_zip, output_tf_zip, apk_key_map, key_passwords): print "rewriting %s:" % (info.filename,) new_data = RewriteProps(data) output_tf_zip.writestr(out_info, new_data) elif info.filename.endswith("mac_permissions.xml"): print "rewriting %s with new keys." % (info.filename,) new_data = ReplaceCerts(data) output_tf_zip.writestr(out_info, new_data) else: # a non-APK file; copy it verbatim output_tf_zip.writestr(out_info, data) def ReplaceCerts(data): """Given a string of data, replace all occurences of a set of X509 certs with a newer set of X509 certs and return the updated data string.""" for old, new in OPTIONS.key_map.iteritems(): try: if OPTIONS.verbose: print " Replacing %s.x509.pem with %s.x509.pem" % (old, new) f = open(old + ".x509.pem") old_cert16 = base64.b16encode(common.ParseCertificate(f.read())).lower() f.close() f = open(new + ".x509.pem") new_cert16 = base64.b16encode(common.ParseCertificate(f.read())).lower() f.close() # Only match entire certs. pattern = "\\b"+old_cert16+"\\b" (data, num) = re.subn(pattern, new_cert16, data, flags=re.IGNORECASE) if OPTIONS.verbose: print " Replaced %d occurence(s) of %s.x509.pem with " \ "%s.x509.pem" % (num, old, new) except IOError, e: if (e.errno == errno.ENOENT and not OPTIONS.verbose): continue print " Error accessing %s. %s. Skip replacing %s.x509.pem " \ "with %s.x509.pem." % (e.filename, e.strerror, old, new) return data def EditTags(tags): """Given a string containing comma-separated tags, apply the edits specified in OPTIONS.tag_changes and return the updated string.""" Loading
