1#!/usr/bin/env bash
2DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]:-$0}";)" &> /dev/null && pwd 2> /dev/null;)"
3
4# Generating the APKs for certain methods
5# Run this script from the repo's top-level directory.
6
7# testInstallV4WithV2NoVeritySigner (without verity)
8apksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha256withDSA.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
9apksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha256withEC.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
10apksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha256withRSA.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
11apksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha512withEC.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
12apksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-4096.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-4096.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha512withRSA.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
13
14# testInstallV4WithV2VeritySigner (with verity, and only for the DSA key / the smaller-sized keys of RSA/EC, since the verity algorithm is not used otherwise)
15apksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --verity-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha256withDSA-Verity.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
16apksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --verity-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha256withEC-Verity.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
17apksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --verity-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha256withRSA-Verity.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
18
19# testInstallV4WithV3NoVeritySigner (without verity)
20apksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha256withDSA.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
21apksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha256withEC.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
22apksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha256withRSA.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
23apksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha512withEC.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
24apksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-4096.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-4096.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha512withRSA.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
25
26# testInstallV4WithV3VeritySigner (with verity, and only for the DSA key / the smaller-sized keys of RSA/EC, since the verity algorithm is not used otherwise)
27apksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --verity-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha256withDSA-Verity.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
28apksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --verity-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha256withEC-Verity.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
29apksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --verity-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha256withRSA-Verity.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
30
31# testV4IncToV3NonInc* tests
32apksigner rotate --out ~/tmp/rotated_key --old-signer   --key /ssd/android/cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert /ssd/android/cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem --new-signer  --key /ssd/android/cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.pk8 --cert /ssd/android/cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.x509.pem
33apksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled  --key cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v3-noninc-dsa-3072-appv1.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
34apksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled  --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v3-noninc-ec-p256-appv1.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
35apksigner sign --v1-signing-enabled false --v2-signing-enabled false --v3-signing-enabled true  --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v3-noninc-ec-p384-rotated-ec-p256-appv2.apk --lineage /tmp/ec_p256_to_ec_384_rotated_key cts/hostsidetests/appsecurity/res/pkgsigverify/originalv2.apk
36apksigner sign --v1-signing-enabled false --v2-signing-enabled false --v3-signing-enabled true  --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v3-noninc-ec-p384-appv2.apk cts/hostsidetests/appsecurity/res/pkgsigverify/originalv2.apk
37apksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled  --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v3-noninc-ec-p256-appv2.apk cts/hostsidetests/appsecurity/res/pkgsigverify/originalv2.apk
38
39# testV4IncToV2NonInc* tests
40apksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled  --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v2-noninc-ec-p256-appv1.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
41apksigner sign --v1-signing-enabled false --v2-signing-enabled true --v3-signing-enabled false  --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v2-noninc-ec-p384-appv2.apk cts/hostsidetests/appsecurity/res/pkgsigverify/originalv2.apk
42apksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled  --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v2-noninc-ec-p256-appv2.apk cts/hostsidetests/appsecurity/res/pkgsigverify/originalv2.apk
43
44# testInstallV4With* tests
45apksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --key vendor/google/certs/devkeys/devkey.pk8 --cert vendor/google/certs/devkeys/devkey.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-128bytes-additional-data.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
46
47# testInstallV41* tests
48apksigner sign --in "${DIR}"/CtsSignatureQueryService_v2-tgt-33.apk --cert "${DIR}"/../../certs/pkgsigverify/ec-p256.x509.pem --key "${DIR}"/../../certs/pkgsigverify/ec-p256.pk8 --next-signer --cert "${DIR}"/../../certs/pkgsigverify/ec-p256_2.x509.pem --key "${DIR}"/../../certs/pkgsigverify/ec-p256_2.pk8 --lineage "${DIR}"/../../certs/pkgsigverify/ec-p256-por_1_2-default-caps --rotation-min-sdk-version 33 --v4-signing-enabled
49apksigner sign --in "${DIR}"/CtsSignatureQueryService_v3-tgt-33.apk --cert "${DIR}"/../../certs/pkgsigverify/ec-p256.x509.pem --key "${DIR}"/../../certs/pkgsigverify/ec-p256.pk8 --next-signer --cert "${DIR}"/../../certs/pkgsigverify/ec-p256_2.x509.pem --key "${DIR}"/../../certs/pkgsigverify/ec-p256_2.pk8 --lineage "${DIR}"/../../certs/pkgsigverify/ec-p256-por_1_2-default-caps --rotation-min-sdk-version 33 --v4-signing-enabled
50apksigner sign --in "${DIR}"/CtsSignatureQueryServiceTest_v2-tgt-33.apk --cert "${DIR}"/../../certs/pkgsigverify/ec-p256.x509.pem --key "${DIR}"/../../certs/pkgsigverify/ec-p256.pk8 --next-signer --cert "${DIR}"/../../certs/pkgsigverify/ec-p256_2.x509.pem --key "${DIR}"/../../certs/pkgsigverify/ec-p256_2.pk8 --lineage "${DIR}"/../../certs/pkgsigverify/ec-p256-por_1_2-default-caps --rotation-min-sdk-version 33 --v4-signing-enabled
51