From 9a707236b8a7eb600e2fd0cae1b3e4cde5495673 Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Sat, 26 Dec 2020 17:03:10 -0800 Subject: [PATCH] Move signing code into main app sources --- app/build.gradle.kts | 5 +- app/signing/.gitignore | 1 - app/signing/build.gradle.kts | 35 -------- .../java/com/topjohnwu/signing/ZipSigner.java | 81 ------------------ .../com/topjohnwu/signing/ApkSignerV2.java | 0 .../com/topjohnwu/signing/BootSigner.java | 0 .../topjohnwu/signing/ByteArrayStream.java | 0 .../com/topjohnwu/signing/CryptoUtils.java | 0 .../java/com/topjohnwu/signing/JarMap.java | 0 .../java/com/topjohnwu/signing/SignApk.java | 0 .../java/com/topjohnwu/signing/SignBoot.java | 0 .../java/com/topjohnwu/signing/ZipUtils.java | 0 .../src/main/resources/keys/testkey.pk8 | Bin .../src/main/resources/keys/testkey.x509.pem | 0 .../src/main/resources/keys/verity.pk8 | Bin .../src/main/resources/keys/verity.x509.pem | 0 settings.gradle.kts | 2 +- 17 files changed, 5 insertions(+), 119 deletions(-) delete mode 100644 app/signing/.gitignore delete mode 100644 app/signing/build.gradle.kts delete mode 100644 app/signing/src/main/java/com/topjohnwu/signing/ZipSigner.java rename app/{signing => }/src/main/java/com/topjohnwu/signing/ApkSignerV2.java (100%) rename app/{signing => }/src/main/java/com/topjohnwu/signing/BootSigner.java (100%) rename app/{signing => }/src/main/java/com/topjohnwu/signing/ByteArrayStream.java (100%) rename app/{signing => }/src/main/java/com/topjohnwu/signing/CryptoUtils.java (100%) rename app/{signing => }/src/main/java/com/topjohnwu/signing/JarMap.java (100%) rename app/{signing => }/src/main/java/com/topjohnwu/signing/SignApk.java (100%) rename app/{signing => }/src/main/java/com/topjohnwu/signing/SignBoot.java (100%) rename app/{signing => }/src/main/java/com/topjohnwu/signing/ZipUtils.java (100%) rename app/{signing => }/src/main/resources/keys/testkey.pk8 (100%) rename app/{signing => }/src/main/resources/keys/testkey.x509.pem (100%) rename app/{signing => }/src/main/resources/keys/verity.pk8 (100%) rename app/{signing => }/src/main/resources/keys/verity.x509.pem (100%) diff --git a/app/build.gradle.kts b/app/build.gradle.kts index 0347083d0..793868a6e 100644 --- a/app/build.gradle.kts +++ b/app/build.gradle.kts @@ -74,13 +74,16 @@ dependencies { implementation(fileTree(mapOf("dir" to "libs", "include" to listOf("*.jar")))) implementation(kotlin("stdlib")) implementation(project(":app:shared")) - implementation(project(":app:signing")) implementation("com.github.topjohnwu:jtar:1.0.0") implementation("com.github.topjohnwu:indeterminate-checkbox:1.0.7") implementation("com.github.topjohnwu:lz4-java:1.7.1") implementation("com.jakewharton.timber:timber:4.7.1") + val vBC = "1.67" + implementation("org.bouncycastle:bcprov-jdk15on:${vBC}") + implementation("org.bouncycastle:bcpkix-jdk15on:${vBC}") + val vBAdapt = "4.0.0" val bindingAdapter = "me.tatarka.bindingcollectionadapter2:bindingcollectionadapter" implementation("${bindingAdapter}:${vBAdapt}") diff --git a/app/signing/.gitignore b/app/signing/.gitignore deleted file mode 100644 index 796b96d1c..000000000 --- a/app/signing/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/build diff --git a/app/signing/build.gradle.kts b/app/signing/build.gradle.kts deleted file mode 100644 index c5dcea3d2..000000000 --- a/app/signing/build.gradle.kts +++ /dev/null @@ -1,35 +0,0 @@ -import com.github.jengelman.gradle.plugins.shadow.tasks.ShadowJar - -plugins { - id("java-library") - id("java") - id("com.github.johnrengelman.shadow") version "6.0.0" -} - -java { - sourceCompatibility = JavaVersion.VERSION_1_8 - targetCompatibility = JavaVersion.VERSION_1_8 -} - -val jar by tasks.getting(Jar::class) { - manifest { - attributes["Main-Class"] = "com.topjohnwu.signing.ZipSigner" - } -} - -val shadowJar by tasks.getting(ShadowJar::class) { - archiveBaseName.set("zipsigner") - archiveClassifier.set(null as String?) - archiveVersion.set("4.0") -} - -repositories { - jcenter() -} - -dependencies { - implementation(fileTree(mapOf("dir" to "libs", "include" to listOf("*.jar")))) - - api("org.bouncycastle:bcprov-jdk15on:1.67") - api("org.bouncycastle:bcpkix-jdk15on:1.67") -} diff --git a/app/signing/src/main/java/com/topjohnwu/signing/ZipSigner.java b/app/signing/src/main/java/com/topjohnwu/signing/ZipSigner.java deleted file mode 100644 index 357c72730..000000000 --- a/app/signing/src/main/java/com/topjohnwu/signing/ZipSigner.java +++ /dev/null @@ -1,81 +0,0 @@ -package com.topjohnwu.signing; - -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.Security; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; - -public class ZipSigner { - - private static void usage() { - System.err.println("ZipSigner usage:"); - System.err.println(" zipsigner.jar input.jar output.jar"); - System.err.println(" sign jar with AOSP test keys"); - System.err.println(" zipsigner.jar x509.pem pk8 input.jar output.jar"); - System.err.println(" sign jar with certificate / private key pair"); - System.err.println(" zipsigner.jar keyStore keyStorePass alias keyPass input.jar output.jar"); - System.err.println(" sign jar with Java KeyStore"); - System.exit(2); - } - - private static void sign(JarMap input, FileOutputStream output) throws Exception { - sign(SignApk.class.getResourceAsStream("/keys/testkey.x509.pem"), - SignApk.class.getResourceAsStream("/keys/testkey.pk8"), input, output); - } - - private static void sign(InputStream certIs, InputStream keyIs, - JarMap input, FileOutputStream output) throws Exception { - X509Certificate cert = CryptoUtils.readCertificate(certIs); - PrivateKey key = CryptoUtils.readPrivateKey(keyIs); - SignApk.sign(cert, key, input, output); - } - - private static void sign(String keyStore, String keyStorePass, String alias, String keyPass, - JarMap in, FileOutputStream out) throws Exception { - KeyStore ks; - try { - ks = KeyStore.getInstance("JKS"); - try (InputStream is = new FileInputStream(keyStore)) { - ks.load(is, keyStorePass.toCharArray()); - } - } catch (KeyStoreException|IOException|CertificateException|NoSuchAlgorithmException e) { - ks = KeyStore.getInstance("PKCS12"); - try (InputStream is = new FileInputStream(keyStore)) { - ks.load(is, keyStorePass.toCharArray()); - } - } - X509Certificate cert = (X509Certificate) ks.getCertificate(alias); - PrivateKey key = (PrivateKey) ks.getKey(alias, keyPass.toCharArray()); - SignApk.sign(cert, key, in, out); - } - - public static void main(String[] args) throws Exception { - if (args.length != 2 && args.length != 4 && args.length != 6) - usage(); - - Security.insertProviderAt(new BouncyCastleProvider(), 1); - - try (JarMap in = JarMap.open(args[args.length - 2], false); - FileOutputStream out = new FileOutputStream(args[args.length - 1])) { - if (args.length == 2) { - sign(in, out); - } else if (args.length == 4) { - try (InputStream cert = new FileInputStream(args[0]); - InputStream key = new FileInputStream(args[1])) { - sign(cert, key, in, out); - } - } else if (args.length == 6) { - sign(args[0], args[1], args[2], args[3], in, out); - } - } - } -} diff --git a/app/signing/src/main/java/com/topjohnwu/signing/ApkSignerV2.java b/app/src/main/java/com/topjohnwu/signing/ApkSignerV2.java similarity index 100% rename from app/signing/src/main/java/com/topjohnwu/signing/ApkSignerV2.java rename to app/src/main/java/com/topjohnwu/signing/ApkSignerV2.java diff --git a/app/signing/src/main/java/com/topjohnwu/signing/BootSigner.java b/app/src/main/java/com/topjohnwu/signing/BootSigner.java similarity index 100% rename from app/signing/src/main/java/com/topjohnwu/signing/BootSigner.java rename to app/src/main/java/com/topjohnwu/signing/BootSigner.java diff --git a/app/signing/src/main/java/com/topjohnwu/signing/ByteArrayStream.java b/app/src/main/java/com/topjohnwu/signing/ByteArrayStream.java similarity index 100% rename from app/signing/src/main/java/com/topjohnwu/signing/ByteArrayStream.java rename to app/src/main/java/com/topjohnwu/signing/ByteArrayStream.java diff --git a/app/signing/src/main/java/com/topjohnwu/signing/CryptoUtils.java b/app/src/main/java/com/topjohnwu/signing/CryptoUtils.java similarity index 100% rename from app/signing/src/main/java/com/topjohnwu/signing/CryptoUtils.java rename to app/src/main/java/com/topjohnwu/signing/CryptoUtils.java diff --git a/app/signing/src/main/java/com/topjohnwu/signing/JarMap.java b/app/src/main/java/com/topjohnwu/signing/JarMap.java similarity index 100% rename from app/signing/src/main/java/com/topjohnwu/signing/JarMap.java rename to app/src/main/java/com/topjohnwu/signing/JarMap.java diff --git a/app/signing/src/main/java/com/topjohnwu/signing/SignApk.java b/app/src/main/java/com/topjohnwu/signing/SignApk.java similarity index 100% rename from app/signing/src/main/java/com/topjohnwu/signing/SignApk.java rename to app/src/main/java/com/topjohnwu/signing/SignApk.java diff --git a/app/signing/src/main/java/com/topjohnwu/signing/SignBoot.java b/app/src/main/java/com/topjohnwu/signing/SignBoot.java similarity index 100% rename from app/signing/src/main/java/com/topjohnwu/signing/SignBoot.java rename to app/src/main/java/com/topjohnwu/signing/SignBoot.java diff --git a/app/signing/src/main/java/com/topjohnwu/signing/ZipUtils.java b/app/src/main/java/com/topjohnwu/signing/ZipUtils.java similarity index 100% rename from app/signing/src/main/java/com/topjohnwu/signing/ZipUtils.java rename to app/src/main/java/com/topjohnwu/signing/ZipUtils.java diff --git a/app/signing/src/main/resources/keys/testkey.pk8 b/app/src/main/resources/keys/testkey.pk8 similarity index 100% rename from app/signing/src/main/resources/keys/testkey.pk8 rename to app/src/main/resources/keys/testkey.pk8 diff --git a/app/signing/src/main/resources/keys/testkey.x509.pem b/app/src/main/resources/keys/testkey.x509.pem similarity index 100% rename from app/signing/src/main/resources/keys/testkey.x509.pem rename to app/src/main/resources/keys/testkey.x509.pem diff --git a/app/signing/src/main/resources/keys/verity.pk8 b/app/src/main/resources/keys/verity.pk8 similarity index 100% rename from app/signing/src/main/resources/keys/verity.pk8 rename to app/src/main/resources/keys/verity.pk8 diff --git a/app/signing/src/main/resources/keys/verity.x509.pem b/app/src/main/resources/keys/verity.x509.pem similarity index 100% rename from app/signing/src/main/resources/keys/verity.x509.pem rename to app/src/main/resources/keys/verity.x509.pem diff --git a/settings.gradle.kts b/settings.gradle.kts index cdcafdaf4..f84d1cf00 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -1 +1 @@ -include(":app", ":app:signing", ":app:shared", ":native", ":stub") +include(":app", ":app:shared", ":native", ":stub")