diff options
author | Victor Hsieh <victorhsieh@chromium.org> | 2016-08-02 16:47:01 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-08-15 15:19:52 -0700 |
commit | 7573ff7efb99d93274305f69ea07b505f3921a57 (patch) | |
tree | 0cdc533af348a746ffc609f6526b0868ca00c27d | |
parent | 8e917140b7ffafebb82d32998e9f56ad215a53c6 (diff) | |
download | vboot-7573ff7efb99d93274305f69ea07b505f3921a57.tar.gz |
Add script to sign Android image
sign_android_image.sh is the main script that signs the image. It makes
similar changes to an image like the Android official signing tool
(sign_target_files_apks.py) does, but more Chrome OS specific.
TEST=./sign_official_build.sh recovery recovery_image.bin \
../../tests/devkeys/ out_img
TEST=Same above but with a recovery image without Android image.
Android signing was skipping.
TEST=Same above but with a M53 image. Android signing was skipped.
TEST=Unpack the image and diff the before and after. Looks correct.
BUG=b:29915721
Change-Id: I0ae5f0ad8d2b05e485d60262558517ea563bf527
Reviewed-on: https://chromium-review.googlesource.com/366794
Commit-Ready: Victor Hsieh <victorhsieh@chromium.org>
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
-rwxr-xr-x | scripts/image_signing/sign_android_image.sh | 219 | ||||
-rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 30 | ||||
-rwxr-xr-x | scripts/keygeneration/create_new_android_keys.sh | 63 | ||||
-rw-r--r-- | tests/devkeys/android/media.pk8 | bin | 0 -> 1218 bytes | |||
-rw-r--r-- | tests/devkeys/android/media.x509.pem | 24 | ||||
-rw-r--r-- | tests/devkeys/android/platform.pk8 | bin | 0 -> 1217 bytes | |||
-rw-r--r-- | tests/devkeys/android/platform.x509.pem | 24 | ||||
-rw-r--r-- | tests/devkeys/android/releasekey.pk8 | bin | 0 -> 1219 bytes | |||
-rw-r--r-- | tests/devkeys/android/releasekey.x509.pem | 24 | ||||
-rw-r--r-- | tests/devkeys/android/shared.pk8 | bin | 0 -> 1219 bytes | |||
-rw-r--r-- | tests/devkeys/android/shared.x509.pem | 24 |
11 files changed, 408 insertions, 0 deletions
diff --git a/scripts/image_signing/sign_android_image.sh b/scripts/image_signing/sign_android_image.sh new file mode 100755 index 00000000..6f999793 --- /dev/null +++ b/scripts/image_signing/sign_android_image.sh @@ -0,0 +1,219 @@ +#!/bin/bash + +# Copyright 2016 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +. "$(dirname "$0")/common.sh" + +set -e + +keytool_bin="/usr/local/buildtools/java/jdk/bin/keytool" + +# Print usage string +usage() { + cat <<EOF +Usage: $PROG /path/to/cros_root_fs/dir /path/to/keys/dir + +Re-sign framework apks in an Android system image. The image itself does not +need to be signed since it is shipped with Chrome OS image, which is already +signed. + +Android has many "framework apks" that are signed with 4 different framework +keys, depends on the purpose of the apk. During development, apks are signed +with the debug one. This script is to re-sign those apks with corresponding +release key. It also handles some of the consequences of the key changes, such +as sepolicy update. + +EOF + if [[ $# -gt 0 ]]; then + error "$*" + exit 1 + fi + exit 0 +} + +# Return name according to the current signing debug key. The name is used to +# select key files. +choose_key() { + local apk="$1" + + local sha1=$(unzip -p "${apk}" META-INF/CERT.RSA | \ + "${keytool_bin}" -printcert | awk '/^\s*SHA1:/ {print $2}') + + # Fingerprints below are generated by: + # $ keytool -file vendor/google/certs/cheetskeys/$NAME.x509.pem -printcert \ + # | grep SHA1: + case "${sha1}" in + "AA:04:E0:5F:82:9C:7E:D1:B9:F8:FC:99:6C:5A:54:43:83:D9:F5:BC") + echo "platform" + ;; + "D4:C4:2D:E0:B9:1B:15:72:FA:7D:A7:21:E0:A6:09:94:B4:4C:B5:AE") + echo "media" + ;; + "38:B6:2C:E1:75:98:E3:E1:1C:CC:F6:6B:83:BB:97:0E:2D:40:6C:AE") + echo "shared" + ;; + "EC:63:36:20:23:B7:CB:66:18:70:D3:39:3C:A9:AE:7E:EF:A9:32:42") + # The above fingerprint is from devkey. Translate to releasekey. + echo "releasekey" + ;; + *) + # Not a framework apk. Do not re-sign. + echo "" + ;; + esac +} + +# Re-sign framework apks with the corresponding release keys. Only apk with +# known key fingerprint are re-signed. We should not re-sign non-framework +# apks. +sign_framework_apks() { + local system_mnt="$1" + local key_dir="$2" + + info "Start signing framework apks" + + # Counters for sanity check. + local counter_platform=0 + local counter_media=0 + local counter_shared=0 + local counter_releasekey=0 + local counter_total=0 + + local apk + while read -d $'\0' -r apk; do + local keyname=$(choose_key "${apk}") + if [[ -z "${keyname}" ]]; then + continue + fi + + info "Re-signing (${keyname}) ${apk}" + + local temp_dir="$(make_temp_dir)" + local temp_apk="${temp_dir}/temp.apk" + local signed_apk="${temp_dir}/signed.apk" + local aligned_apk="${temp_dir}/aligned.apk" + + # Follow the standard manual signing process. See + # https://developer.android.com/studio/publish/app-signing.html. + cp "${apk}" "${temp_apk}" + # Explicitly remove existing signature. + zip -q "${temp_apk}" -d "META-INF/*" + signapk "${key_dir}/$keyname.x509.pem" "${key_dir}/$keyname.pk8" \ + "${temp_apk}" "${signed_apk}" > /dev/null + zipalign 4 "${signed_apk}" "${aligned_apk}" + + sudo mv -f "${aligned_apk}" "${apk}" + + : $(( counter_${keyname} += 1 )) + : $(( counter_total += 1 )) + done < <(find "${system_mnt}/system" -type f -name '*.apk' -print0) + + # Sanity check. + if [[ ${counter_platform} -lt 2 || ${counter_media} -lt 2 || + ${counter_shared} -lt 2 || ${counter_releasekey} -lt 2 || + ${counter_total} -lt 25 ]]; then + die "Number of re-signed package seems to be wrong" + fi +} + +# Platform key is part of the SELinux policy. Since we are re-signing framework +# apks, we need to replace the key in the policy as well. +update_sepolicy() { + local system_mnt=$1 + local key_dir=$2 + + # Only platform is used at this time. + local public_platform_key="${key_dir}/platform.x509.pem" + + info "Start updating sepolicy" + + local new_cert=$(sed -E '/(BEGIN|END) CERTIFICATE/d' \ + "${public_platform_key}" | tr -d '\n' \ + | base64 --decode | hexdump -v -e '/1 "%02x"') + + if [[ -z "${new_cert}" ]]; then + die "Unable to get the public platform key" + fi + + local output=$(make_temp_file) + local xml="${system_mnt}/system/etc/security/mac_permissions.xml" + local pattern='(<signer signature=")\w+("><seinfo value="platform)' + sed -E "s/${pattern}/\1${new_cert}"'\2/g' "${xml}" > "${output}" + + # Sanity check. + if cmp "${xml}" "${output}"; then + die "Failed to replace SELinux policy cert" + fi + + sudo mv -f "${output}" "${xml}" +} + +# Replace the debug key in OTA cert with release key. +replace_ota_cert() { + local system_mnt=$1 + local release_cert=$2 + local ota_zip="${system_mnt}/system/etc/security/otacerts.zip" + + info "Replacing OTA cert" + + local temp_dir=$(make_temp_dir) + pushd "${temp_dir}" > /dev/null + cp "${release_cert}" . + sudo rm "${ota_zip}" + sudo zip -q -r "${ota_zip}" . + popd > /dev/null +} + +# Restore SELinux context. This has to run after all file changes, before +# creating the new squashfs image. +reapply_file_security_context() { + local system_mnt=$1 + local root_fs_dir=$2 + + info "Reapplying file security context" + + sudo /sbin/setfiles -v -r "${system_mnt}" \ + "${root_fs_dir}/etc/selinux/arc/contexts/files/android_file_contexts" \ + "${system_mnt}" +} + +main() { + local root_fs_dir=$1 + local key_dir=$2 + local android_dir="${root_fs_dir}/opt/google/containers/android" + local system_img="${android_dir}/system.raw.img" + + if [[ $# -ne 2 ]]; then + usage "command takes exactly 2 args" + fi + + if [[ ! -f "${system_img}" ]]; then + die "System image does not exist: ${system_img}" + fi + + local working_dir=$(make_temp_dir) + local system_mnt="${working_dir}/mnt" + + info "Unpacking sqaushfs image to ${system_img}" + sudo unsquashfs -f -d "${system_mnt}" "${system_img}" + + sign_framework_apks "${system_mnt}" "${key_dir}" + update_sepolicy "${system_mnt}" "${key_dir}" + replace_ota_cert "${system_mnt}" "${key_dir}/releasekey.x509.pem" + reapply_file_security_context "${system_mnt}" "${root_fs_dir}" + + info "Repacking sqaushfs image" + + local new_system_img="${working_dir}/system.raw.img" + sudo mksquashfs "${system_mnt}" "${new_system_img}" -comp lzo + + local old_size=$(stat -c '%s' "${system_img}") + local new_size=$(stat -c '%s' "${new_system_img}") + info "Android system image size change: ${old_size} -> ${new_size}" + + sudo mv -f "${new_system_img}" "${system_img}" +} + +main "$@" diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index 4f3407ef..badfaa92 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -590,6 +590,35 @@ resign_firmware_payload() { echo "Re-signed firmware AU payload in $image" } +# Re-sign Android image if exists. +resign_android_image_if_exists() { + local image=$1 + + local rootfs_dir=$(make_temp_dir) + mount_image_partition "${image}" 3 "${rootfs_dir}" + + local system_img="${rootfs_dir}/opt/google/containers/android/system.raw.img" + + if [[ ! -e "${system_img}" ]]; then + info "Android image not found. Not signing Android APKs." + sudo umount "${rootfs_dir}" + return + fi + + # Sign only 54+ images to make sure it works on dev channel first. + local milestone=$(grep CHROMEOS_RELEASE_CHROME_MILESTONE= \ + "${rootfs_dir}/etc/lsb-release" | cut -d= -f2) + if [[ "${milestone}" -le 53 ]]; then + info "Not signing Android apks before 53 (incl.). Current: ${milestone}." + return + fi + + "${SCRIPT_DIR}/sign_android_image.sh" "${rootfs_dir}" "${KEY_DIR}/android" + + sudo umount "${rootfs_dir}" + echo "Re-signed Android image" +} + # Verify an image including rootfs hash using the specified keys. verify_image() { local rootfs_image=$(make_temp_file) @@ -772,6 +801,7 @@ sign_image_file() { echo "Preparing ${image_type} image..." cp --sparse=always "${input}" "${output}" resign_firmware_payload "${output}" + resign_android_image_if_exists "${output}" # We do NOT strip /boot for factory installer, since some devices need it to # boot EFI. crbug.com/260512 would obsolete this requirement. # diff --git a/scripts/keygeneration/create_new_android_keys.sh b/scripts/keygeneration/create_new_android_keys.sh new file mode 100755 index 00000000..a233a97a --- /dev/null +++ b/scripts/keygeneration/create_new_android_keys.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +# Copyright 2016 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +set -e + +usage() { + cat <<EOF +Usage: $0 DIR + +Generate Android's 4 framework key pairs at DIR. For detail, please refer to +"Certificates and private keys" and "Manually generating keys" in +https://source.android.com/devices/tech/ota/sign_builds.html. + +EOF + + if [[ $# -ne 0 ]]; then + echo "ERROR: $*" >&2 + exit 1 + else + exit 0 + fi +} + +# Use the same SUBJECT used in Nexus. +SUBJECT='/C=US/ST=California/L=Mountain View/O=Google Inc./OU=Android/CN=Android' + +# Generate .pk8 and .x509.pem at the given directory. +make_pair() { + local dir=$1 + local name=$2 + + # Generate RSA key. + openssl genrsa -3 -out "${dir}/temp.pem" 2048 + + # Create a certificate with the public part of the key. + openssl req -new -x509 -key "${dir}/temp.pem" -out "${dir}/${name}.x509.pem" \ + -days 10000 -subj "${SUBJECT}" + + # Create a PKCS#8-formatted version of the private key. + openssl pkcs8 -in "${dir}/temp.pem" -topk8 -outform DER \ + -out "${dir}/${name}.pk8" -nocrypt + + # Best attempt to securely delete the temp.pem file. + shred --remove "${dir}/temp.pem" +} + +main() { + if [[ $# -ne 1 ]]; then + usage "Invalid argument." + fi + + local dir=$1 + + make_pair "${dir}" platform + make_pair "${dir}" shared + make_pair "${dir}" media + make_pair "${dir}" releasekey +} + +main "$@" diff --git a/tests/devkeys/android/media.pk8 b/tests/devkeys/android/media.pk8 Binary files differnew file mode 100644 index 00000000..53fb2531 --- /dev/null +++ b/tests/devkeys/android/media.pk8 diff --git a/tests/devkeys/android/media.x509.pem b/tests/devkeys/android/media.x509.pem new file mode 100644 index 00000000..d3ec5bed --- /dev/null +++ b/tests/devkeys/android/media.x509.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/TCCAuWgAwIBAgIJAMi4UJBVFupsMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g +VmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UE +AwwHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe +Fw0xNjA2MjkyMTUxNDVaFw00MzExMTUyMTUxNDVaMIGUMQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G +A1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHQW5kcm9p +ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANRmZX0ek4H/HTuYfuS4WPvMBBtRRXSmysX1 +I/EIAXPVkMswIWmvw/3nBXnjmZDLrg/XG0pOQbUGSJ7RI4d27jHblX/3RQNwpmEx +r8RPLcnBosM/KYaE+9lmSGl/XfbR0b8nreWOeJVBkGMDrrC5O4f7FSrORJBs2JI8 +ZZjiRFcnstdcPHwKBnHjNCRkhC72MvHMUXmndxMBnT18RWk8KrF/de9PotqPmZOZ +fMJrebuCw0G/j0nwciqd3tpO0oANAGtWbzJ9xk53DlYRj4qu74rnQjAtyD0a73dO +U1QRnan28Duk+lKIaIUzqqrcx9uEKYp4N2figpDWKaL9QUnVSW8CAwEAAaNQME4w +HQYDVR0OBBYEFN99GqWFkNea+rCFvb4x45xBmMhIMB8GA1UdIwQYMBaAFN99GqWF +kNea+rCFvb4x45xBmMhIMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AFluihpLMwTAcv6l3jJZomf/a8fjEn3Ghx54B3g5n8xeDD0h2OxDOdrDc63Bg14Q +s+ANOXsqNRkZse3ze97lX6qGzXmTfuUwXdlCzgnNA970/WG8EqOgI4yQJ+7a5bu5 +jE7WHaGRuZg5r3XiX+/A8Amo8w1vPsSTCHIiMeCShC9I6L/yF+o4bg7X/mnrVvzt +QLkpYhbxZ68sLlnessfj9zigHpyUtY6HzAvYbRKN4y/2RvkMwRHBHaxZyu1g8LeY +A5c/EfktgF7ORsBrxZeKejOu+8nFzlf8TQAr0zVCHaaP1FLtA2qeLDQsGeYaKBTE +1Ol/AEBSc6LFhA3Inj6xHoI= +-----END CERTIFICATE----- diff --git a/tests/devkeys/android/platform.pk8 b/tests/devkeys/android/platform.pk8 Binary files differnew file mode 100644 index 00000000..7b615ecb --- /dev/null +++ b/tests/devkeys/android/platform.pk8 diff --git a/tests/devkeys/android/platform.x509.pem b/tests/devkeys/android/platform.x509.pem new file mode 100644 index 00000000..8b422ac7 --- /dev/null +++ b/tests/devkeys/android/platform.x509.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/TCCAuWgAwIBAgIJAKsh6Cqx4cjwMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g +VmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UE +AwwHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe +Fw0xNjA2MjkyMTUxNDBaFw00MzExMTUyMTUxNDBaMIGUMQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G +A1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHQW5kcm9p +ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALK5wH9wQ7BxBeE7lKNn3xnerYzZcBwyAscQ +nr+SWz4wmIUaNLZ7d2BwpzNaa84P2hiC7F3dbJDumjvgBlsNI5ALIUZcBqYkngG8 +UJhzpPw1CmvruGCsVUwaMWSx0Fh2f9o2SKuQPbGcBcdTha0tkmypONVuuZ1PeDlE +tiSHT3b/PDMqbCGhuunLUaPCOYyBoB/qC6oR1+aInrz860U5IVfubSj4hzAOrysm +EymSwsXkbMOG1gmZZiVjDn1pyIRC7Dy2u70JWaL92nRtRfeVaFwk0KRDXi+PYm+k +eQ0gOTcmbGwTh/FO4Wqc0sG78qoALB8Or+WuRTvZKsp6NRF1Kw8CAwEAAaNQME4w +HQYDVR0OBBYEFKYVE2bBhv9LZ136ipflr1O3RlVWMB8GA1UdIwQYMBaAFKYVE2bB +hv9LZ136ipflr1O3RlVWMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AAK7tIOyglsBLWHhl/Kc1ZjHUTvhrI3n+pz4aCtViynaHJs5O5qW3hYCLwetxBJf +92SoRNIUc1va7vLkc5fk7k5FpW+kjz1XtLasGE9KsqN6Y2I5Y88w6f6ZS5Yj/DZp +jvVAJkyCu4Un/6Qygw8DzbRGoKqlUR4x7lrqM8ZU4LkeTkxZnwX95ygth3YyXtG/ +ozbJSCx0iiJQX/uH/bXtngp5LbhFcmQj/rUxvLchRQxGPONvvpiB+6mqkN2hDLMN +KFBc2z9vu5s477bz9sz1+uPZVOnwc8u3q6VF0dowFReXtzKViciYst/zktcGzz04 +z3jF4S6UhxYQ93pmqvI0pKI= +-----END CERTIFICATE----- diff --git a/tests/devkeys/android/releasekey.pk8 b/tests/devkeys/android/releasekey.pk8 Binary files differnew file mode 100644 index 00000000..502b5d98 --- /dev/null +++ b/tests/devkeys/android/releasekey.pk8 diff --git a/tests/devkeys/android/releasekey.x509.pem b/tests/devkeys/android/releasekey.x509.pem new file mode 100644 index 00000000..e3750265 --- /dev/null +++ b/tests/devkeys/android/releasekey.x509.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/TCCAuWgAwIBAgIJAOP6XMUWw6ovMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g +VmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UE +AwwHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe +Fw0xNjA2MjkyMTUyMTBaFw00MzExMTUyMTUyMTBaMIGUMQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G +A1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHQW5kcm9p +ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALZPiJrLQcYJItjj8KpR879BDpoSEXy5Ptik +TVVVXN8KoEpXWtRPwYSIG110lIY+U/VugOGz085m3VtC5mlobALvZDYz8L61XvIi ++ZYsWjoJBstBhQCr//P2uYWIJRElV1wKppJwqsS/gBc1Qmk6UZAPCABs4lF/8W1E +p31vQpsRsi9d7kS3PFqoriI3ECYqlQ/7y2zXpulY+IlYLdan+FusunGuVEX4RO8X +T6t/ICtV4kfvIok+WcAVrJS4ry0CWgVxEBzgkHnpuNxYsrP+VELQgvyiDrz2ZN6N +Sdqteso6vF+LBgfnZbE28SVnXLEIq9qokAO/+vsMLS3cC0MMAQsCAwEAAaNQME4w +HQYDVR0OBBYEFDygTzrIA3e5rGFzdiO2wvSc19psMB8GA1UdIwQYMBaAFDygTzrI +A3e5rGFzdiO2wvSc19psMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AKa7SCivs+mdPcCPlB9IcBjAU6VrZx2L1hup/g1ciE0TiKW0T43rlA/F/14OBIuD +W9767ynezlc84edcStDrczFK6fXFivnUL5I9OWt2SqgrWJvA8340mdPpu01Ot+AH +95LshV+ObC7ZBgIzdkcvpeFn9Z0MhUHGBWubdj+9FLrKNJZylZjX6YaRlHpjzALf +xyDs2gkwOpEXkoEOhSsXgCX5A1nrFaM3WAjAiJa/Mbq+FfrvY/9IlVKaHrGaohQz +NkucJC+Y147gmvVEENbUsJzV1LKJMWurEpdETMvAKlqlaLuQEbpM2d78u0uNnTEC +6JbScH21uNVRu8UMNFh3HFs= +-----END CERTIFICATE----- diff --git a/tests/devkeys/android/shared.pk8 b/tests/devkeys/android/shared.pk8 Binary files differnew file mode 100644 index 00000000..9403f0f8 --- /dev/null +++ b/tests/devkeys/android/shared.pk8 diff --git a/tests/devkeys/android/shared.x509.pem b/tests/devkeys/android/shared.x509.pem new file mode 100644 index 00000000..63bc602d --- /dev/null +++ b/tests/devkeys/android/shared.x509.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/TCCAuWgAwIBAgIJAMAHZkxZ4orXMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g +VmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UE +AwwHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe +Fw0xNjA2MjkyMTUxNTBaFw00MzExMTUyMTUxNTBaMIGUMQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G +A1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHQW5kcm9p +ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALr6JlzAZ7FZi/tOUMJTkh9Q7JuKXqqMqrNR +d2Y3/O4WFVVH/cLhLcbaRXzLTDnc1+X6U/hGxqEsxMw/ibzMez5Wcjpw1iUtjlAv +xFS21Fl/plasmpZicCeGr7zrN0rWBAQFDqAGWLter/NTFwPJ//gxQWLumCs5RAx9 +KUH0c7SKKwyxj5iHeu9M/af26w0ZBNDaWMjASaOKL9Zf4mPxL6BT5n57WcYgRr/w +DGzfQXJRFS1gkhmBLlBpK1Iqn+Em6QgtKvcLRIpxgIEHvYfQ9Wp+qJfzObbF571J +UJvgebql21zESNURDM0MuME+8o5jFwCko9xp0bGBU47SHF9uKbUCAwEAAaNQME4w +HQYDVR0OBBYEFGbO0kw1I8ALeMIbYEGg70I+iW/kMB8GA1UdIwQYMBaAFGbO0kw1 +I8ALeMIbYEGg70I+iW/kMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AI4Q7dUgKjAPHEyUXsrWaQRalN86O01QorUNnGfXeNN+9YJbGUTB7Of0PUTFoU0o +Fgw+yHcq1WbZeAH87TnQ6iICcDzcI2vUTxOT7Ag+TM1ZaxU56zhW+YFW8m4swq6C +NQIRxqmPMObdnaWZcRbp3jl4o3xADGVCmylfnpwRWbCE1fvEIWI3oLtDHT1S+UDt +Z0KVj93r3iauOt9CEkTJGKIy9bmaDXq8fEiS41gk0fYHZv2KA0YuxfldROqa18Mb +E0WZMBvIuhmC5cdiNrfZ6bGJmc2ydkehZfYO5XKk/3gIxw7OCBK72t7N7jAQ5LGc +fvx96vPRpY9nEAvElBEvv8o= +-----END CERTIFICATE----- |