Magisk/app/src/main/java/com/topjohnwu/magisk/utils/BootSigner.java

package com.topjohnwu.magisk.utils;

import android.support.annotation.Keep;

import com.topjohnwu.crypto.SignBoot;

import java.io.FileInputStream;
import java.io.InputStream;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

public class BootSigner {

    @Keep
    public static void main(String[] args) throws Exception {
        if (args.length > 0 && "-verify".equals(args[0])) {
            String certPath = "";
            if (args.length >= 3 && "-certificate".equals(args[1])) {
                /* args[2] is the path to a public key certificate */
                certPath = args[2];
            }
            /* args[1] is the path to a signed boot image */
            boolean signed = SignBoot.verifySignature(System.in,
                    certPath.isEmpty() ? null : new FileInputStream(certPath));
            System.exit(signed ? 0 : 1);
        } else if (args.length > 0 && "-sign".equals(args[0])) {
            InputStream keyIn, certIn;
            if (args.length >= 3) {
                keyIn = new FileInputStream(args[1]);
                certIn = new FileInputStream(args[2]);
            } else {
                /* Use internal test keys */
                JarFile apk = new JarFile(System.getProperty("java.class.path"));
                JarEntry keyEntry = apk.getJarEntry("assets/" + Const.PRIVATE_KEY_NAME);
                JarEntry sigEntry = apk.getJarEntry("assets/" + Const.PUBLIC_KEY_NAME);

                keyIn = apk.getInputStream(keyEntry);
                certIn = apk.getInputStream(sigEntry);
            }

            boolean success = SignBoot.doSignature("/boot", System.in, System.out, keyIn, certIn);
            System.exit(success ? 0 : 1);
        } else {
            System.err.println(
                    "BootSigner <actions> [args]\n" +
                    "Input from stdin, outputs to stdout\n" +
                    "\n" +
                    "Actions:\n" +
                    "   -verify [x509.pem]\n" +
                    "      verify image, cert is optional\n" +
                    "   -sign [pk8] [x509.pem]\n" +
                    "      sign image, key and cert are optional\n"
            );
        }
    }
}
Add boot signing 2017-10-30 03:45:22 +08:00			`package com.topjohnwu.magisk.utils;`

Finalize bootsigner commandline 2017-10-31 02:55:50 +08:00			`import android.support.annotation.Keep;`
Add boot signing 2017-10-30 03:45:22 +08:00
			`import com.topjohnwu.crypto.SignBoot;`

			`import java.io.FileInputStream;`
			`import java.io.InputStream;`
Finalize bootsigner commandline 2017-10-31 02:55:50 +08:00			`import java.util.jar.JarEntry;`
			`import java.util.jar.JarFile;`
Add boot signing 2017-10-30 03:45:22 +08:00
			`public class BootSigner {`

Finalize bootsigner commandline 2017-10-31 02:55:50 +08:00			`@Keep`
Add boot signing 2017-10-30 03:45:22 +08:00			`public static void main(String[] args) throws Exception {`
Finalize bootsigner commandline 2017-10-31 02:55:50 +08:00			`if (args.length > 0 && "-verify".equals(args[0])) {`
Add boot signing 2017-10-30 03:45:22 +08:00			`String certPath = "";`
Finalize bootsigner commandline 2017-10-31 02:55:50 +08:00			`if (args.length >= 3 && "-certificate".equals(args[1])) {`
			`/* args[2] is the path to a public key certificate */`
			`certPath = args[2];`
Add boot signing 2017-10-30 03:45:22 +08:00			`}`
			`/* args[1] is the path to a signed boot image */`
Finalize bootsigner commandline 2017-10-31 02:55:50 +08:00			`boolean signed = SignBoot.verifySignature(System.in,`
Add boot signing 2017-10-30 03:45:22 +08:00			`certPath.isEmpty() ? null : new FileInputStream(certPath));`
			`System.exit(signed ? 0 : 1);`
Finalize bootsigner commandline 2017-10-31 02:55:50 +08:00			`} else if (args.length > 0 && "-sign".equals(args[0])) {`
			`InputStream keyIn, certIn;`
			`if (args.length >= 3) {`
			`keyIn = new FileInputStream(args[1]);`
			`certIn = new FileInputStream(args[2]);`
Add boot signing 2017-10-30 03:45:22 +08:00			`} else {`
			`/* Use internal test keys */`
Finalize bootsigner commandline 2017-10-31 02:55:50 +08:00			`JarFile apk = new JarFile(System.getProperty("java.class.path"));`
Organize constants 2017-11-06 04:41:23 +08:00			`JarEntry keyEntry = apk.getJarEntry("assets/" + Const.PRIVATE_KEY_NAME);`
			`JarEntry sigEntry = apk.getJarEntry("assets/" + Const.PUBLIC_KEY_NAME);`
Finalize bootsigner commandline 2017-10-31 02:55:50 +08:00
			`keyIn = apk.getInputStream(keyEntry);`
			`certIn = apk.getInputStream(sigEntry);`
Add boot signing 2017-10-30 03:45:22 +08:00			`}`

Finalize bootsigner commandline 2017-10-31 02:55:50 +08:00			`boolean success = SignBoot.doSignature("/boot", System.in, System.out, keyIn, certIn);`
			`System.exit(success ? 0 : 1);`
			`} else {`
			`System.err.println(`
			`"BootSigner <actions> [args]\n" +`
			`"Input from stdin, outputs to stdout\n" +`
			`"\n" +`
			`"Actions:\n" +`
			`" -verify [x509.pem]\n" +`
			`" verify image, cert is optional\n" +`
			`" -sign [pk8] [x509.pem]\n" +`
			`" sign image, key and cert are optional\n"`
			`);`
Add boot signing 2017-10-30 03:45:22 +08:00			`}`
			`}`
			`}`