Add prod key for serverless config.

    private static final String DEBUG_KEY =

            "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaAn2XVifsLTHg616nTsOMVmlhBoECGbTEBTKKvdd2hO60"

            + "pj1pnU8SMkhYfaNxZuKgw9LNvOwlFwStboIYeZ3lQ==";

    private static final String PROD_KEY =

            "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+lky6wKyGL6lE1VrD0YTMHwb0Xwc+tzC8MvnrzVxodvTp"

            + "VY/jV7V+Zktcx+pry43XPABFRXtbhTo+qykhyBA1g==";

    private final SignedConfigEvent mEvent;

    private final PublicKey mDebugKey;

    private final PublicKey mProdKey;

    public SignatureVerifier(SignedConfigEvent event) {

        mEvent = event;

        mDebugKey = createKey(DEBUG_KEY);

        mDebugKey = Build.IS_DEBUGGABLE ? createKey(DEBUG_KEY) : null;

        mProdKey = createKey(PROD_KEY);

    }

    private static PublicKey createKey(String base64) {

        }

    }

    private boolean verifyWithPublicKey(PublicKey key, byte[] data, byte[] signature)

            throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {

        Signature verifier = Signature.getInstance("SHA256withECDSA");

        verifier.initVerify(key);

        verifier.update(data);

        return verifier.verify(signature);

    }

    /**

     * Verify a signature for signed config.

     *

        if (Build.IS_DEBUGGABLE) {

            if (mDebugKey != null) {

                if (DBG) Slog.w(TAG, "Trying to verify signature using debug key");

                Signature verifier = Signature.getInstance("SHA256withECDSA");

                verifier.initVerify(mDebugKey);

                verifier.update(data);

                if (verifier.verify(signature)) {

                if (verifyWithPublicKey(mDebugKey, data, signature)) {

                    Slog.i(TAG, "Verified config using debug key");

                    mEvent.verifiedWith = StatsLog.SIGNED_CONFIG_REPORTED__VERIFIED_WITH__DEBUG;

                    return true;

                Slog.w(TAG, "Debuggable build, but have no debug key");

            }

        }

        // TODO verify production key.

        Slog.w(TAG, "NO PRODUCTION KEY YET, FAILING VERIFICATION");

        if (mProdKey ==  null) {

            Slog.e(TAG, "No prod key; construction failed?");

            return false;

        }

        if (verifyWithPublicKey(mProdKey, data, signature)) {

            Slog.i(TAG, "Verified config using production key");

            mEvent.verifiedWith = StatsLog.SIGNED_CONFIG_REPORTED__VERIFIED_WITH__PRODUCTION;

            return true;

        } else {

            if (DBG) Slog.i(TAG, "Verification failed using production key");

            mEvent.status = StatsLog.SIGNED_CONFIG_REPORTED__STATUS__SIGNATURE_CHECK_FAILED;

            return false;

        }

    }

}

-----BEGIN PUBLIC KEY-----

MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+lky6wKyGL6lE1VrD0YTMHwb0Xwc

+tzC8MvnrzVxodvTpVY/jV7V+Zktcx+pry43XPABFRXtbhTo+qykhyBA1g==

-----END PUBLIC KEY-----

# The arg values can be taken from the debug log for SignedConfigService when verbose logging is

# enabled.

openssl dgst -sha256 -verify $(dirname $0)/debug_public.pem -signature <(echo $2 | base64 -d) <(echo $1 | base64 -d)

function verify() {

  D=${1}

  S=${2}

  K=${3}

  echo Trying ${K}

  openssl dgst -sha256 -verify $(dirname $0)/${K} -signature <(echo ${S} | base64 -d) <(echo ${D} | base64 -d)

}

PROD_KEY_NAME=prod_public.pem

DEBUG_KEY_NAME=debug_public.pem

SIGNATURE="$2"

DATA="$1"

echo DATA: ${DATA}

echo SIGNATURE: ${SIGNATURE}

if verify "${DATA}" "${SIGNATURE}" "${PROD_KEY_NAME}"; then

  echo Verified with ${PROD_KEY_NAME}

  exit 0

fi

if verify "${DATA}" "${SIGNATURE}" "${DEBUG_KEY_NAME}"; then

  echo Verified with ${DEBUG_KEY_NAME}

  exit 0

fi

exit 1