1*7594170eSAndroid Build Coastguard Worker# Copyright (C) 2021 The Android Open Source Project 2*7594170eSAndroid Build Coastguard Worker# 3*7594170eSAndroid Build Coastguard Worker# Licensed under the Apache License, Version 2.0 (the "License"); 4*7594170eSAndroid Build Coastguard Worker# you may not use this file except in compliance with the License. 5*7594170eSAndroid Build Coastguard Worker# You may obtain a copy of the License at 6*7594170eSAndroid Build Coastguard Worker# 7*7594170eSAndroid Build Coastguard Worker# http://www.apache.org/licenses/LICENSE-2.0 8*7594170eSAndroid Build Coastguard Worker# 9*7594170eSAndroid Build Coastguard Worker# Unless required by applicable law or agreed to in writing, software 10*7594170eSAndroid Build Coastguard Worker# distributed under the License is distributed on an "AS IS" BASIS, 11*7594170eSAndroid Build Coastguard Worker# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*7594170eSAndroid Build Coastguard Worker# See the License for the specific language governing permissions and 13*7594170eSAndroid Build Coastguard Worker# limitations under the License. 14*7594170eSAndroid Build Coastguard Worker 15*7594170eSAndroid Build Coastguard Workerload("@bazel_skylib//lib:paths.bzl", "paths") 16*7594170eSAndroid Build Coastguard Workerload("@bazel_skylib//rules:common_settings.bzl", "BuildSettingInfo") 17*7594170eSAndroid Build Coastguard Worker 18*7594170eSAndroid Build Coastguard WorkerApexKeyInfo = provider( 19*7594170eSAndroid Build Coastguard Worker "Info needed to sign APEX bundles", 20*7594170eSAndroid Build Coastguard Worker fields = { 21*7594170eSAndroid Build Coastguard Worker "private_key": "File containing the private key", 22*7594170eSAndroid Build Coastguard Worker "public_key": "File containing the public_key", 23*7594170eSAndroid Build Coastguard Worker }, 24*7594170eSAndroid Build Coastguard Worker) 25*7594170eSAndroid Build Coastguard Worker 26*7594170eSAndroid Build Coastguard Workerdef _apex_key_rule_impl(ctx): 27*7594170eSAndroid Build Coastguard Worker public_key = ctx.file.public_key 28*7594170eSAndroid Build Coastguard Worker private_key = ctx.file.private_key 29*7594170eSAndroid Build Coastguard Worker 30*7594170eSAndroid Build Coastguard Worker # If the DefaultAppCertificate directory is specified, then look for this 31*7594170eSAndroid Build Coastguard Worker # key in that directory instead, with the exact same basenames for both the 32*7594170eSAndroid Build Coastguard Worker # avbpubkey and pem files. 33*7594170eSAndroid Build Coastguard Worker product_var_cert = ctx.attr._default_app_certificate[BuildSettingInfo].value 34*7594170eSAndroid Build Coastguard Worker cert_files_to_search = ctx.attr._default_app_certificate_filegroup[DefaultInfo] 35*7594170eSAndroid Build Coastguard Worker if product_var_cert and cert_files_to_search: 36*7594170eSAndroid Build Coastguard Worker for f in cert_files_to_search.files.to_list(): 37*7594170eSAndroid Build Coastguard Worker if f.basename == ctx.file.public_key.basename: 38*7594170eSAndroid Build Coastguard Worker public_key = f 39*7594170eSAndroid Build Coastguard Worker elif f.basename == ctx.file.private_key.basename: 40*7594170eSAndroid Build Coastguard Worker private_key = f 41*7594170eSAndroid Build Coastguard Worker 42*7594170eSAndroid Build Coastguard Worker public_keyname = paths.split_extension(public_key.basename)[0] 43*7594170eSAndroid Build Coastguard Worker private_keyname = paths.split_extension(private_key.basename)[0] 44*7594170eSAndroid Build Coastguard Worker if public_keyname != private_keyname: 45*7594170eSAndroid Build Coastguard Worker fail("public_key %s (keyname:%s) and private_key %s (keyname:%s) do not have same keyname" % ( 46*7594170eSAndroid Build Coastguard Worker ctx.attr.public_key.label, 47*7594170eSAndroid Build Coastguard Worker public_keyname, 48*7594170eSAndroid Build Coastguard Worker ctx.attr.private_key.label, 49*7594170eSAndroid Build Coastguard Worker private_keyname, 50*7594170eSAndroid Build Coastguard Worker )) 51*7594170eSAndroid Build Coastguard Worker 52*7594170eSAndroid Build Coastguard Worker return [ 53*7594170eSAndroid Build Coastguard Worker ApexKeyInfo( 54*7594170eSAndroid Build Coastguard Worker public_key = public_key, 55*7594170eSAndroid Build Coastguard Worker private_key = private_key, 56*7594170eSAndroid Build Coastguard Worker ), 57*7594170eSAndroid Build Coastguard Worker ] 58*7594170eSAndroid Build Coastguard Worker 59*7594170eSAndroid Build Coastguard Worker_apex_key = rule( 60*7594170eSAndroid Build Coastguard Worker implementation = _apex_key_rule_impl, 61*7594170eSAndroid Build Coastguard Worker attrs = { 62*7594170eSAndroid Build Coastguard Worker "private_key": attr.label(mandatory = True, allow_single_file = True), 63*7594170eSAndroid Build Coastguard Worker "public_key": attr.label(mandatory = True, allow_single_file = True), 64*7594170eSAndroid Build Coastguard Worker "_default_app_certificate": attr.label( 65*7594170eSAndroid Build Coastguard Worker default = "//build/bazel/product_config:default_app_certificate", 66*7594170eSAndroid Build Coastguard Worker ), 67*7594170eSAndroid Build Coastguard Worker "_default_app_certificate_filegroup": attr.label( 68*7594170eSAndroid Build Coastguard Worker default = "//build/bazel/product_config:default_app_certificate_filegroup", 69*7594170eSAndroid Build Coastguard Worker ), 70*7594170eSAndroid Build Coastguard Worker }, 71*7594170eSAndroid Build Coastguard Worker) 72*7594170eSAndroid Build Coastguard Worker 73*7594170eSAndroid Build Coastguard Workerdef _get_key_label(label, name): 74*7594170eSAndroid Build Coastguard Worker if label and name: 75*7594170eSAndroid Build Coastguard Worker fail("Cannot use both {public,private}_key_name and {public,private}_key attributes together. " + 76*7594170eSAndroid Build Coastguard Worker "Use only one of them.") 77*7594170eSAndroid Build Coastguard Worker 78*7594170eSAndroid Build Coastguard Worker if label: 79*7594170eSAndroid Build Coastguard Worker return label 80*7594170eSAndroid Build Coastguard Worker 81*7594170eSAndroid Build Coastguard Worker # Ensure that the name references the calling package's local BUILD target 82*7594170eSAndroid Build Coastguard Worker return ":" + name 83*7594170eSAndroid Build Coastguard Worker 84*7594170eSAndroid Build Coastguard Workerdef apex_key( 85*7594170eSAndroid Build Coastguard Worker name, 86*7594170eSAndroid Build Coastguard Worker public_key = None, 87*7594170eSAndroid Build Coastguard Worker private_key = None, 88*7594170eSAndroid Build Coastguard Worker public_key_name = None, 89*7594170eSAndroid Build Coastguard Worker private_key_name = None, 90*7594170eSAndroid Build Coastguard Worker **kwargs): 91*7594170eSAndroid Build Coastguard Worker # The keys are labels that point to either a file, or a target that provides 92*7594170eSAndroid Build Coastguard Worker # a single file (e.g. a filegroup or rule that provides the key itself only). 93*7594170eSAndroid Build Coastguard Worker _apex_key( 94*7594170eSAndroid Build Coastguard Worker name = name, 95*7594170eSAndroid Build Coastguard Worker public_key = _get_key_label(public_key, public_key_name), 96*7594170eSAndroid Build Coastguard Worker private_key = _get_key_label(private_key, private_key_name), 97*7594170eSAndroid Build Coastguard Worker **kwargs 98*7594170eSAndroid Build Coastguard Worker ) 99