1# Copyright (C) 2021 The Android Open Source Project
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#     http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15load("@bazel_skylib//lib:paths.bzl", "paths")
16load("@bazel_skylib//rules:common_settings.bzl", "BuildSettingInfo")
17
18ApexKeyInfo = provider(
19    "Info needed to sign APEX bundles",
20    fields = {
21        "private_key": "File containing the private key",
22        "public_key": "File containing the public_key",
23    },
24)
25
26def _apex_key_rule_impl(ctx):
27    public_key = ctx.file.public_key
28    private_key = ctx.file.private_key
29
30    # If the DefaultAppCertificate directory is specified, then look for this
31    # key in that directory instead, with the exact same basenames for both the
32    # avbpubkey and pem files.
33    product_var_cert = ctx.attr._default_app_certificate[BuildSettingInfo].value
34    cert_files_to_search = ctx.attr._default_app_certificate_filegroup[DefaultInfo]
35    if product_var_cert and cert_files_to_search:
36        for f in cert_files_to_search.files.to_list():
37            if f.basename == ctx.file.public_key.basename:
38                public_key = f
39            elif f.basename == ctx.file.private_key.basename:
40                private_key = f
41
42    public_keyname = paths.split_extension(public_key.basename)[0]
43    private_keyname = paths.split_extension(private_key.basename)[0]
44    if public_keyname != private_keyname:
45        fail("public_key %s (keyname:%s) and private_key %s (keyname:%s) do not have same keyname" % (
46            ctx.attr.public_key.label,
47            public_keyname,
48            ctx.attr.private_key.label,
49            private_keyname,
50        ))
51
52    return [
53        ApexKeyInfo(
54            public_key = public_key,
55            private_key = private_key,
56        ),
57    ]
58
59_apex_key = rule(
60    implementation = _apex_key_rule_impl,
61    attrs = {
62        "private_key": attr.label(mandatory = True, allow_single_file = True),
63        "public_key": attr.label(mandatory = True, allow_single_file = True),
64        "_default_app_certificate": attr.label(
65            default = "//build/bazel/product_config:default_app_certificate",
66        ),
67        "_default_app_certificate_filegroup": attr.label(
68            default = "//build/bazel/product_config:default_app_certificate_filegroup",
69        ),
70    },
71)
72
73def _get_key_label(label, name):
74    if label and name:
75        fail("Cannot use both {public,private}_key_name and {public,private}_key attributes together. " +
76             "Use only one of them.")
77
78    if label:
79        return label
80
81    # Ensure that the name references the calling package's local BUILD target
82    return ":" + name
83
84def apex_key(
85        name,
86        public_key = None,
87        private_key = None,
88        public_key_name = None,
89        private_key_name = None,
90        **kwargs):
91    # The keys are labels that point to either a file, or a target that provides
92    # a single file (e.g. a filegroup or rule that provides the key itself only).
93    _apex_key(
94        name = name,
95        public_key = _get_key_label(public_key, public_key_name),
96        private_key = _get_key_label(private_key, private_key_name),
97        **kwargs
98    )
99