bin/store-android-build-keys-in-keystore - vendor/fairphone/tools - Gitiles

 #!/bin/sh
 #
 # Copyright 2018 Fairphone B.V.
 #
 # Copy a PKCS8 key (as used for AOSP builds) into a JKS keystore for
 # signing Android apps using Gradle (and Android Studio).
 #
 # This script expects environment variables containing password to use for
 # encrypting key and keystore:
 #
 #     export KEY_PASSWORD=abcd1234
 #     export STORE_PASSWORD=efgh5678
 #
 # The original key is assumed to not be password protected.
 #
 # Default variables can be overwritten by setting environment variables:
 #
 # - ORIGINAL_KEY_DIR
 #    Location of existing keys. Default: ./fp2-keys/security
 # - ORIGINAL_KEY_STEM
 #    Basename of the key to store. Default: platform
 # - KEYSTORE_DIR
 #    Path of output keystore. Default: Current working directory
 # - STORE_FILENAME
 #    Filename of new keystore. Default: release.keystore
 # - KEY_ALIAS
 #    Alias of key in new keystore. Default: ReleaseKey

 set -e
 set -u
 set -x

 readonly ORIGINAL_KEY_DIR="${ORIGINAL_KEY_DIR:-./fp2-keys/security}"
 readonly ORIGINAL_KEY_STEM="${ORIGINAL_KEY_STEM:-platform}"
 readonly KEYSTORE_DIR="${KEYSTORE_DIR:-.}"

 readonly KEY_ALIAS="${KEY_ALIAS:-ReleaseKey}"
 readonly STORE_FILENAME="${STORE_FILENAME:-release.keystore}"

 readonly KEY_STEM="${ORIGINAL_KEY_DIR}/${ORIGINAL_KEY_STEM}"
 readonly STORE_PATH="${KEYSTORE_DIR}/${STORE_FILENAME}"

 # Convert *.pk8 private key to PEM format
 openssl pkcs8 \
     -nocrypt \
     -in "${KEY_STEM}.pk8" \
     -inform DER \
     -out "${KEY_STEM}.priv.pem" \
     -outform PEM \
     -passout env:KEY_PASSWORD

 # Create PKCS12 keystore from PEM (private and public) keys
 openssl pkcs12 -export \
     -in "${KEY_STEM}.x509.pem" \
     -inkey "${KEY_STEM}.priv.pem" \
     -out "${STORE_PATH}.pk12" \
     -name "${KEY_ALIAS}" \
     -password env:STORE_PASSWORD

 # Convert PKCS12 keystore to JKS format used by gradle
 keytool -importkeystore \
     -srckeystore "${STORE_PATH}.pk12" \
     -srcstoretype PKCS12 \
     -destkeystore "${STORE_PATH}" \
     -deststoretype JKS \
     -alias "${KEY_ALIAS}" \
     -srcstorepass:env STORE_PASSWORD \
     -deststorepass:env STORE_PASSWORD \
     -destkeypass:env KEY_PASSWORD

 # Clean up intermediary files
 rm -f \
     "${KEY_STEM}.priv.pem" \
     "${STORE_PATH}.pk12"
	#!/bin/sh
	#
	# Copyright 2018 Fairphone B.V.
	#
	# Copy a PKCS8 key (as used for AOSP builds) into a JKS keystore for
	# signing Android apps using Gradle (and Android Studio).
	#
	# This script expects environment variables containing password to use for
	# encrypting key and keystore:
	#
	# export KEY_PASSWORD=abcd1234
	# export STORE_PASSWORD=efgh5678
	#
	# The original key is assumed to not be password protected.
	#
	# Default variables can be overwritten by setting environment variables:
	#
	# - ORIGINAL_KEY_DIR
	# Location of existing keys. Default: ./fp2-keys/security
	# - ORIGINAL_KEY_STEM
	# Basename of the key to store. Default: platform
	# - KEYSTORE_DIR
	# Path of output keystore. Default: Current working directory
	# - STORE_FILENAME
	# Filename of new keystore. Default: release.keystore
	# - KEY_ALIAS
	# Alias of key in new keystore. Default: ReleaseKey

	set -e
	set -u
	set -x

	readonly ORIGINAL_KEY_DIR="${ORIGINAL_KEY_DIR:-./fp2-keys/security}"
	readonly ORIGINAL_KEY_STEM="${ORIGINAL_KEY_STEM:-platform}"
	readonly KEYSTORE_DIR="${KEYSTORE_DIR:-.}"

	readonly KEY_ALIAS="${KEY_ALIAS:-ReleaseKey}"
	readonly STORE_FILENAME="${STORE_FILENAME:-release.keystore}"

	readonly KEY_STEM="${ORIGINAL_KEY_DIR}/${ORIGINAL_KEY_STEM}"
	readonly STORE_PATH="${KEYSTORE_DIR}/${STORE_FILENAME}"

	# Convert *.pk8 private key to PEM format
	openssl pkcs8 \
	-nocrypt \
	-in "${KEY_STEM}.pk8" \
	-inform DER \
	-out "${KEY_STEM}.priv.pem" \
	-outform PEM \
	-passout env:KEY_PASSWORD

	# Create PKCS12 keystore from PEM (private and public) keys
	openssl pkcs12 -export \
	-in "${KEY_STEM}.x509.pem" \
	-inkey "${KEY_STEM}.priv.pem" \
	-out "${STORE_PATH}.pk12" \
	-name "${KEY_ALIAS}" \
	-password env:STORE_PASSWORD

	# Convert PKCS12 keystore to JKS format used by gradle
	keytool -importkeystore \
	-srckeystore "${STORE_PATH}.pk12" \
	-srcstoretype PKCS12 \
	-destkeystore "${STORE_PATH}" \
	-deststoretype JKS \
	-alias "${KEY_ALIAS}" \
	-srcstorepass:env STORE_PASSWORD \
	-deststorepass:env STORE_PASSWORD \
	-destkeypass:env KEY_PASSWORD

	# Clean up intermediary files
	rm -f \
	"${KEY_STEM}.priv.pem" \
	"${STORE_PATH}.pk12"