#!/bin/bash

# Copyright 2018 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

. "$(dirname "$0")/common.sh"

#######################################
# Return name according to the current signing debug key. The name is used to
# select key files.
# Globals:
#   None
# Arguments:
#   sha1: signature of the APK.
#   keyset: "cheets" or "aosp" build?
# Outputs:
#   Writes the name of the key to stdout.
# Returns:
#   0 on success, non-zero on error.
#######################################
android_choose_key() {
  local sha1="$1"
  local keyset="$2"

  if [[ "${keyset}" != "aosp" && "${keyset}" != "cheets" ]]; then
    error "Unknown Android build keyset '${keyset}'."
    return 1
  fi

  # Fingerprints below are generated by:
  # 'cheets' keyset:
  # $ keytool -file vendor/google/certs/cheetskeys/$NAME.x509.pem -printcert \
  #     | grep SHA1:
  # 'aosp' keyset:
  # $ keytool -file build/target/product/security/$NAME.x509.pem -printcert \
  #     | grep SHA1:
  declare -A platform_sha=(
    ['cheets']='AA:04:E0:5F:82:9C:7E:D1:B9:F8:FC:99:6C:5A:54:43:83:D9:F5:BC'
    ['aosp']='27:19:6E:38:6B:87:5E:76:AD:F7:00:E7:EA:84:E4:C6:EE:E3:3D:FA'
  )
  declare -A media_sha=(
    ['cheets']='D4:C4:2D:E0:B9:1B:15:72:FA:7D:A7:21:E0:A6:09:94:B4:4C:B5:AE'
    ['aosp']='B7:9D:F4:A8:2E:90:B5:7E:A7:65:25:AB:70:37:AB:23:8A:42:F5:D3'
  )
  declare -A shared_sha=(
    ['cheets']='38:B6:2C:E1:75:98:E3:E1:1C:CC:F6:6B:83:BB:97:0E:2D:40:6C:AE'
    ['aosp']='5B:36:8C:FF:2D:A2:68:69:96:BC:95:EA:C1:90:EA:A4:F5:63:0F:E5'
  )
  declare -A release_sha=(
    ['cheets']='EC:63:36:20:23:B7:CB:66:18:70:D3:39:3C:A9:AE:7E:EF:A9:32:42'
    ['aosp']='61:ED:37:7E:85:D3:86:A8:DF:EE:6B:86:4B:D8:5B:0B:FA:A5:AF:81'
  )

  case "${sha1}" in
    "${platform_sha["${keyset}"]}")
      echo "platform"
      ;;
    "${media_sha["${keyset}"]}")
      echo "media"
      ;;
    "${shared_sha["${keyset}"]}")
      echo "shared"
      ;;
    "${release_sha["${keyset}"]}")
      # The release_sha[] fingerprint is from devkey. Translate to releasekey.
      echo "releasekey"
      ;;
    *)
      # Not a framework apk.  Do not re-sign.
      echo ""
      ;;
  esac
  return 0
}

#######################################
# Extract 'ro.build.flavor' property from build property file.
# Globals:
#   None
# Arguments:
#   build_prop_file: path to build property file.
# Outputs:
#   Writes the value of the property to stdout.
# Returns:
#   0 on success, non-zero on error.
#######################################
android_get_build_flavor_prop() {
  local build_prop_file="$1"
  local flavor_prop=""

  if ! flavor_prop=$(grep -a "^ro\.build\.flavor=" "${build_prop_file}"); then
    return 1
  fi
  flavor_prop=$(echo "${flavor_prop}" | cut -d "=" -f2)
  echo "${flavor_prop}"
  return 0
}

#######################################
# Pick the expected keyset ('cheets', 'aosp') depending on the build flavor.
# Globals:
#   None
# Arguments:
#   flavor_prop: the value of the build flavor property.
# Outputs:
#   Writes the name of the keyset to stdout.
# Returns:
#   0 on success, non-zero on error.
#######################################
android_choose_signing_keyset() {
  local flavor_prop="$1"

  # Property ro.build.flavor follows those patterns:
  # - cheets builds:
  #   ro.build.flavor=cheets_${arch}-user(debug)
  # - SDK builds:
  #   ro.build.flavor=sdk_google_cheets_${arch}-user(debug)
  # - AOSP builds:
  #   ro.build.flavor=aosp_cheets_${arch}-user(debug)
  # "cheets" and "SDK" builds both use the same signing keys, cheetskeys. "AOSP"
  # builds use the public AOSP signing keys.
  if [[ "${flavor_prop}" == aosp_cheets_* ]]; then
    keyset="aosp"
  elif [[ "${flavor_prop}" == cheets_* ||
    "${flavor_prop}" == sdk_google_cheets_* ]]; then
    keyset="cheets"
  else
    return 1
  fi
  echo "${keyset}"
  return 0
}