verity: Let the tools ask for a password if needed

verity keys can be passworded. Let the password prompts and input
come up in cases of scripted signing, so that the password can
be input. While we're at it, make the password prompt print out
the key that is being requested.

This is roughly equivalent to change Icf69ba1e58bf1f91979eaf1d3b91cb202782e8fd
to signapk in build/

Ref CYNGNOS-3156

Change-Id: I4d9cab891b7c4179198ff3f139d25650ee933e53

diff --git a/verity/Utils.java b/verity/Utils.java
index 6d80276..fda430e 100644 (file)
--- a/verity/Utils.java
+++ b/verity/Utils.java
@@ -18,6 +18,7 @@ package com.android.verity;
 
 import java.lang.reflect.Constructor;
 import java.io.File;
+import java.io.BufferedReader;
 import java.io.ByteArrayInputStream;
 import java.io.Console;
 import java.io.FileInputStream;
@@ -61,6 +62,7 @@ public class Utils {
 
     private static final Map<String, String> ID_TO_ALG;
     private static final Map<String, String> ALG_TO_ID;
+    private static String mKeyPath;
 
     static {
         ID_TO_ALG = new HashMap<String, String>();
@@ -145,7 +147,19 @@ public class Utils {
             return null;
         }
 
-        char[] password = System.console().readPassword("Password for the private key file: ");
+        char[] password = null;
+        if (System.console() == null) {
+            System.out.print("Enter password for " + mKeyPath + " (password will not be hidden): ");
+            System.out.flush();
+            BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in));
+            try {
+                password = stdin.readLine().toCharArray();
+            } catch (IOException ex) {
+                return null;
+            }
+        } else {
+            password = System.console().readPassword("Enter password for " + mKeyPath + " key>");
+        }
 
         SecretKeyFactory skFactory = SecretKeyFactory.getInstance(epkInfo.getAlgName());
         Key key = skFactory.generateSecret(new PBEKeySpec(password));
@@ -182,10 +196,12 @@ public class Utils {
     }
 
     static PrivateKey loadPEMPrivateKeyFromFile(String keyFname) throws Exception {
+        mKeyPath = keyFname.replace(".pk8","");
         return loadPEMPrivateKey(read(keyFname));
     }
 
     static PrivateKey loadDERPrivateKeyFromFile(String keyFname) throws Exception {
+        mKeyPath = keyFname.replace(".pk8","");
         return loadDERPrivateKey(read(keyFname));
     }
 
@@ -203,10 +219,12 @@ public class Utils {
     }
 
     static PublicKey loadPEMPublicKeyFromFile(String keyFname) throws Exception {
+        mKeyPath = keyFname.replace(".x509.pem","");
         return loadPEMPublicKey(read(keyFname));
     }
 
     static PublicKey loadDERPublicKeyFromFile(String keyFname) throws Exception {
+        mKeyPath = keyFname.replace(".x509.der","");
         return loadDERPublicKey(read(keyFname));
     }
 

diff --git a/verity/VeritySigner.java b/verity/VeritySigner.java
index 9d85747..24effb9 100644 (file)
--- a/verity/VeritySigner.java
+++ b/verity/VeritySigner.java
@@ -61,7 +61,7 @@ public class VeritySigner {
 
             System.exit(1);
         } else {
-            PrivateKey privateKey = Utils.loadDERPrivateKey(Utils.read(args[1]));
+            PrivateKey privateKey = Utils.loadDERPrivateKeyFromFile(args[1]);
             byte[] signature = Utils.sign(privateKey, content);
             Utils.write(signature, args[2]);
         }

diff --git a/verity/build_verity_metadata.py b/verity/build_verity_metadata.py
index 51e629a..479caf8 100755 (executable)
--- a/verity/build_verity_metadata.py
+++ b/verity/build_verity_metadata.py
@@ -5,6 +5,7 @@ import sys
 import struct
 import tempfile
 import commands
+import subprocess
 
 VERSION = 0
 MAGIC_NUMBER = 0xb001b001
@@ -34,7 +35,9 @@ def sign_verity_table(table, signer_path, key_path):
             table_file.flush()
             cmd = " ".join((signer_path, table_file.name, key_path, signature_file.name))
             print cmd
-            run(cmd)
+            runcmd = [signer_path, table_file.name, key_path, signature_file.name];
+            sp = subprocess.Popen(runcmd)
+            sp.wait()
             return signature_file.read()
 
 def build_verity_table(block_device, data_blocks, root_hash, salt):