StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SignApk - change signature of readPassword to use char[] instead

Browse Source 
Summary:
Use char[] is more conventional for password handling. See this question
for reference.
https://stackoverflow.com/questions/8881291

This is to address a concern raised in
https://android-review.googlesource.com/c/platform/build/+/1890395/2

Test: mma
Change-Id: I8d60efc557d7641c057e49a2aa4613fea67cd1e6
This commit is contained in:
Lingfeng Guan
2021-11-23 15:44:36 -08:00
parent 65672df61f
commit c549841617
1 changed files with 6 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
tools/signapk/src/com/android/signapk/SignApk.java
View File

@@ -206,25 +206,21 @@ class SignApk {
* *
* @param keyFileName Name of the file containing the private key. Used to prompt the user. * @param keyFileName Name of the file containing the private key. Used to prompt the user.
*/ */
private static String readPassword(String keyFileName) { private static char[] readPassword(String keyFileName) {
Console console; Console console;
char[] pwd;
if ((console = System.console()) == null) { if ((console = System.console()) == null) {
System.out.print( System.out.print(
"Enter password for " + keyFileName + " (password will not be hidden): "); "Enter password for " + keyFileName + " (password will not be hidden): ");
System.out.flush(); System.out.flush();
BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in)); BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in));
try { try {
return stdin.readLine(); String result = stdin.readLine();
return result == null ? null : result.toCharArray();
} catch (IOException ex) { } catch (IOException ex) {
return null; return null;
} }
} else { } else {
if ((pwd = console.readPassword("[%s]", "Enter password for " + keyFileName)) != null) { return console.readPassword("[%s]", "Enter password for " + keyFileName);
return String.valueOf(pwd);
} else {
return null;
}
} }
} }
@@ -247,11 +243,8 @@ class SignApk {
return null; return null;
} }
final String password = readPassword(keyFile.getPath());
SecretKeyFactory skFactory = SecretKeyFactory.getInstance(epkInfo.getAlgName()); SecretKeyFactory skFactory = SecretKeyFactory.getInstance(epkInfo.getAlgName());
Key key = skFactory.generateSecret( Key key = skFactory.generateSecret(new PBEKeySpec(readPassword(keyFile.getPath())));
new PBEKeySpec(password != null ? password.toCharArray() : null));
Cipher cipher = Cipher.getInstance(epkInfo.getAlgName()); Cipher cipher = Cipher.getInstance(epkInfo.getAlgName());
cipher.init(Cipher.DECRYPT_MODE, key, epkInfo.getAlgParameters()); cipher.init(Cipher.DECRYPT_MODE, key, epkInfo.getAlgParameters());
@@ -309,8 +302,7 @@ class SignApk {
final KeyStore keyStore, final String keyName) final KeyStore keyStore, final String keyName)
throws CertificateException, KeyStoreException, NoSuchAlgorithmException, throws CertificateException, KeyStoreException, NoSuchAlgorithmException,
UnrecoverableKeyException, UnrecoverableEntryException { UnrecoverableKeyException, UnrecoverableEntryException {
final String password = readPassword(keyName); final Key key = keyStore.getKey(keyName, readPassword(keyName));
final Key key = keyStore.getKey(keyName, password != null ? password.toCharArray() : null);
final PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry(keyName, null); final PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry(keyName, null);
if (privateKeyEntry == null) { if (privateKeyEntry == null) {
throw new Error( throw new Error(