From c5498416177d8d2e34b799acf8140a9bf5eb434a Mon Sep 17 00:00:00 2001
From: Lingfeng Guan <lguan@fb.com>
Date: Tue, 23 Nov 2021 15:44:36 -0800
Subject: [PATCH] SignApk - change signature of readPassword to use char[]
 instead

Summary:
Use char[] is more conventional for password handling. See this question
for reference.
https://stackoverflow.com/questions/8881291

This is to address a concern raised in
https://android-review.googlesource.com/c/platform/build/+/1890395/2

Test: mma
Change-Id: I8d60efc557d7641c057e49a2aa4613fea67cd1e6
---
 .../src/com/android/signapk/SignApk.java      | 20 ++++++-------------
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/tools/signapk/src/com/android/signapk/SignApk.java b/tools/signapk/src/com/android/signapk/SignApk.java
index e29a654951..c127dbe9de 100644
--- a/tools/signapk/src/com/android/signapk/SignApk.java
+++ b/tools/signapk/src/com/android/signapk/SignApk.java
@@ -206,25 +206,21 @@ class SignApk {
      *
      * @param keyFileName Name of the file containing the private key.  Used to prompt the user.
      */
-    private static String readPassword(String keyFileName) {
+    private static char[] readPassword(String keyFileName) {
         Console console;
-        char[] pwd;
         if ((console = System.console()) == null) {
             System.out.print(
                 "Enter password for " + keyFileName + " (password will not be hidden): ");
             System.out.flush();
             BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in));
             try {
-                return stdin.readLine();
+                String result = stdin.readLine();
+                return result == null ? null : result.toCharArray();
             } catch (IOException ex) {
                 return null;
             }
         } else {
-            if ((pwd = console.readPassword("[%s]", "Enter password for " + keyFileName)) != null) {
-                return String.valueOf(pwd);
-            } else {
-                return null;
-            }
+            return console.readPassword("[%s]", "Enter password for " + keyFileName);
         }
     }
 
@@ -247,11 +243,8 @@ class SignApk {
             return null;
         }
 
-        final String password = readPassword(keyFile.getPath());
-
         SecretKeyFactory skFactory = SecretKeyFactory.getInstance(epkInfo.getAlgName());
-        Key key = skFactory.generateSecret(
-                new PBEKeySpec(password != null ? password.toCharArray() : null));
+        Key key = skFactory.generateSecret(new PBEKeySpec(readPassword(keyFile.getPath())));
         Cipher cipher = Cipher.getInstance(epkInfo.getAlgName());
         cipher.init(Cipher.DECRYPT_MODE, key, epkInfo.getAlgParameters());
 
@@ -309,8 +302,7 @@ class SignApk {
             final KeyStore keyStore, final String keyName)
             throws CertificateException, KeyStoreException, NoSuchAlgorithmException,
                     UnrecoverableKeyException, UnrecoverableEntryException {
-        final String password = readPassword(keyName);
-        final Key key = keyStore.getKey(keyName, password != null ? password.toCharArray() : null);
+        final Key key = keyStore.getKey(keyName, readPassword(keyName));
         final PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry(keyName, null);
         if (privateKeyEntry == null) {
         throw new Error(