From ed1aa13e5b705751a4dae1afe46981a517500a26 Mon Sep 17 00:00:00 2001
From: Remi NGUYEN VAN <reminv@google.com>
Date: Thu, 22 Apr 2021 16:43:23 +0900
Subject: [PATCH] Add AOSP certificates for connectivity resources

Instead of the platform certificate, use a dedicated certificate.

The AOSP certificates are only used for testing as they have known keys,
and are replaced when resigning production images.

Key generated with:
openssl req -x509 -newkey rsa:4096 -nodes -days 999999 -keyout key.pem \
    -out com.android.connectivity.resources.x509.pem
openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem -out \
    com.android.connectivity.resources.pk8 -nocrypt

Fixes: 184808224
Fixes: 185462051
Test: m
Change-Id: I25cddc8d5ab948da9d3a2dbcd202ece1f61dd5a2
---
 .../ServiceConnectivityResources/Android.bp   |   8 ++-
 .../com.android.connectivity.resources.pk8    | Bin 0 -> 2375 bytes
 ...om.android.connectivity.resources.x509.pem |  36 ++++++++++++
 .../resources-certs/key.pem                   |  52 ++++++++++++++++++
 4 files changed, 94 insertions(+), 2 deletions(-)
 create mode 100644 service/ServiceConnectivityResources/resources-certs/com.android.connectivity.resources.pk8
 create mode 100644 service/ServiceConnectivityResources/resources-certs/com.android.connectivity.resources.x509.pem
 create mode 100644 service/ServiceConnectivityResources/resources-certs/key.pem

diff --git a/service/ServiceConnectivityResources/Android.bp b/service/ServiceConnectivityResources/Android.bp
index fa4501ac7f..552a0778d3 100644
--- a/service/ServiceConnectivityResources/Android.bp
+++ b/service/ServiceConnectivityResources/Android.bp
@@ -30,6 +30,10 @@ android_app {
     apex_available: [
         "com.android.tethering",
     ],
-    // TODO: use a dedicated cert once generated
-    certificate: "platform",
+    certificate: ":com.android.connectivity.resources.certificate",
+}
+
+android_app_certificate {
+    name: "com.android.connectivity.resources.certificate",
+    certificate: "resources-certs/com.android.connectivity.resources",
 }
diff --git a/service/ServiceConnectivityResources/resources-certs/com.android.connectivity.resources.pk8 b/service/ServiceConnectivityResources/resources-certs/com.android.connectivity.resources.pk8
new file mode 100644
index 0000000000000000000000000000000000000000..bfdc28b313ec197438aa5fa9a0ab16c2a2d711f8
GIT binary patch
literal 2375
zcmV-N3Apw!f(b(c0RS)!1_>&LNQU<f0RaI800e>wEii%!DFOii0)heo0JrN?Q}(2@
zhkJ`~utV#y%@b4?-zhK~EIhlhG0v)NsIaqU!-5qOP$iFop12KY4D>a3jkg}dE}H!~
zC6;V$N=*;IHdK6rtU{_#B;yxi#=s{cP*fxzbom)%acbp=MmswPDkAOi{-?g>M0bj^
z1!UkUG;^l!tq+YEdsSd3VUWK*85Ytau$&u&_orPvf?W8kqNpbiDfwU*kK>uK(`W8(
zy;XRsN9euI_~3cawF&|bh7s{<Y$pBKFPv)v{`{kLf=4`h#}IybNlB*cvV4c0+EoG@
zg7V@x4zXsgrgb2cu+Bz&|1ZbkhI()Fd<$w`#L*~mva9oDmfO_=?!d*e`{*Cd(C-;%
zun{f6bs=fw+!$GO24!TV5J6iaDk~`~t5Z{_^y~rBH2)u9e+U6eV3amj=uqH}&l~Lh
zr?y2k9)@MMZiGty4w|(K3rO8=Ig2{?M3@|NVh`x(`~7gXGGc}@rew*mR&w^UcOVQO
zIXw}Q0Z(JAyLV?gUG7yy4|$Yq#T@Er4GaQYqxfQdyEufeb+wP>H3(5BHEU%L`08;m
zFqxyQpHZP(BLJgPj;x>PEy8cYPEY?u#L4Mm@9@%6k)vWDAXvfH2<iQ^rkKNa1#jR#
zN(J}-;Ybc9|Gae9i@u3v^Rx;23bC<62!BdA%c&gCL_2rwLjnT<009Dm0s#P*Gx3V5
z&=&-NPEYfxvp}|=cvv&gQOi{z4HAtfA-6d!Bq5Ci3B1RJNvV=SFid5!^RD?M9ydz9
zg9Sk8ob+(aPw}q!;Bf>JzMv}OL))SlVN>;lXF4%ig+;A&yM@4SdxX_sXbiSiL_3Os
zSk@?48E)pkS@YX$SdArjI2g!2PV0w;+I2{Z-kASgY3h(BO%4_)b_^nJ@lXw{i8IIG
zzXk2YG4hl##IioCm6|^69%{f)N)S6B2RlzuA}tYOv?HuqQeT1oj%&IT!WRHq9?3f=
z{uYiNj#`z$#PB-HI$-0*f$qzJ1*_zG4n?=BPUYa6FU#SdIru;UH0w3yYlmk0E<JRn
zTc|Z`D7?<}9E?&I-&}!K4>OU`yjd5s7Z{b4-xL%Kc&`dH-Joo&Je1&Iv7tb37xO*m
zekIldj>^3ul@2tW4kQJp+na0_IG~lzV#KsrmS5CW(%9FeOH&G{EE-z~%98TiU#_DM
z5(bFjk)N?S5QW)zuNv->D%<cH_~~JKSFDbMH-hkxeo5q961!B5W6NhCLPVNB2r)W-
zR}Hk21657T9Sdp63^<<5o2KCUnMKuzy6R>HY}XHW?=gCZnLReJl+gH8K!PL-EnxFB
z1`H)iAI{=1$;&v1?@T!H<B)WmzD^Ala_h`cQf=Hm!YxC0Jj}TQf&l>l=L~f0?pquY
z@@~$prwf_UJBi%l6<#0caMe+PBZ5fCtH0v7yLi)~d?S4|)N|QfpWxn|lj#~|78gqy
z^L(vlZC({v24<7`_l-iqq@Hig#<B*)$&wIFQVV_yay&d8whOd(QYreHWA)6}ntV)S
z`tBU%^$v|xeVPDJ4RW+{QjAiR>c)VCdfk)VY@s!CbMZI2j?~~+^e@l%wLQZCL0H5!
z)ChkT*oIl_HE))w&mV`S#>3b%s_i2Rx!SjmOtWzd<b_G8ivP{CyH84vK5Rpw%9iqp
z79#m=Le{&9UY>y85Zxu750IjgQ-PYe{@4yK>A2i4*>^+63)Ff)0)hbn0L#bkKCBFY
z_RVU^;`X7H8{uDwSAW1mC4i|_R;a#PF?zHhCtM^KUJbzPT1!H;{Do4TGdb$O_zdI)
z&)`#_xDid0u3UwgkBcx!P&3KlGe;xATp9;4Y@x3W)km>PTK*nuCR^1QvQsHu3XRJX
zj$Un*8wuma(teOlKzdRtP^`f|qmI|24UUnPeFhYy2q-b?r*b-GeMI9Y-H43+R&x)2
z4PS0BUPrq%%-rRz9|OPI3ijDEBayYiCf&|UAlU6{+S}k-wrflPH&YI*JwqS2OXTF7
zI%}YdlD8jgEBC}P@Vw9XKXKqc$o*Ll8n?@B9+$(RY^~k)ccdGm{Q`mk01c}V`?fk0
zmIyX~>5KVBw>JZK+O!hpW>n63%--?kCSmHY8R(TnN61w@A_EwEVq9MAEPO<a_%H8X
z)d4Sk{*pJpp?-I92d2Mgl$Q;BWvkbENeB0-89CxkDU~mE3i#^=Sq!#G3Hu@5WnR%e
zpQwkAlotdpUNSTL62VC5-QIpkpkSvjktWBM=)rYk`5A%ApE0%UGpEsTM<OJyHH4@j
zt73@4Bl6id){jZEs|EtXevcfa+@YTLw7I+Uq3Ug~AzAu-nivcF`bPP1+N)f$KaT;C
z1%(#6l(`^;<)VO7^<G5=<*VEck_33AQ;t{fw%o$M+u+QKXxr#a_X2_e01_7~yb6{H
zl;2~GjG~Njs!8>$D(PZw6O=l1BL7qN(2K4W^r(+xtE<@NqLpvdtQbMxM!xHUIs+Q>
z5hFhdQ;p@XD4BX1$<23p)AZ#9BLX|XT&Bw4u3jW2JUZhTP`{#otfm%X+~L_6N+Xa}
zsvG0#ioNs%pocHiOV<z>MU^m$nFfPO6`llov6`xuZA$brdaeIeJ>{{i##8G6N`7c>
zu1q|E`n<1q^*P@G;c)rICzu9oEy^#lcly-lf`I>muJ1Y-lYB1$4d_R+F0~lRvgsWP
zX?;k6TY~yM4`?lTsepNn_CxEwecw;ov1)^ws!p24XWD;@^Uo8_83KX<0RV$8HW*(R
zW;zpt%TdG3(6&J0(m%mEUSLL{x^*>$Vi=?NnFrb(*|@V2<{01`WXviA<&~ITq~M6m
zP2v)Gx$u7G>6zdYv>PmVr*FuUYp>K5?)%}JGvvs5;bv$UbkWr9jmIf@kpqC)BLMEv
zhtZYVC*|JgYJ)>36@0KgMfO&0o0|j|o%MaejgwvjrUc!dq)<)*vT%qFNPS<MN~OXS
zEPQ?pj#`rqtKYK?7kVfshsp=J;izVe$U>dUbvW?PX<wk7M_^bnoXZ9v(4;TBmrJ-I
tU%uxjv1$j}+-y~v*A^DJT_ZUEgW`X1BjitAn_T2l)=6Oo$Rm`BL*A2ict`*M

literal 0
HcmV?d00001

diff --git a/service/ServiceConnectivityResources/resources-certs/com.android.connectivity.resources.x509.pem b/service/ServiceConnectivityResources/resources-certs/com.android.connectivity.resources.x509.pem
new file mode 100644
index 0000000000..70eca1cee1
--- /dev/null
+++ b/service/ServiceConnectivityResources/resources-certs/com.android.connectivity.resources.x509.pem
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQzCCBCugAwIBAgIUZY8nxBMINp/79sziXU77MLPpEXowDQYJKoZIhvcNAQEL
+BQAwga8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
+DA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdBbmRyb2lkMRAwDgYDVQQLDAdBbmRy
+b2lkMSswKQYDVQQDDCJjb20uYW5kcm9pZC5jb25uZWN0aXZpdHkucmVzb3VyY2Vz
+MSIwIAYJKoZIhvcNAQkBFhNhbmRyb2lkQGFuZHJvaWQuY29tMCAXDTIxMDQyMjA3
+MjkxMFoYDzQ3NTkwMzE5MDcyOTEwWjCBrzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+CkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB0Fu
+ZHJvaWQxEDAOBgNVBAsMB0FuZHJvaWQxKzApBgNVBAMMImNvbS5hbmRyb2lkLmNv
+bm5lY3Rpdml0eS5yZXNvdXJjZXMxIjAgBgkqhkiG9w0BCQEWE2FuZHJvaWRAYW5k
+cm9pZC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC361NT9qSz
+h3uLcLBD67HNE1QX3ykwGyw8u7ExzqpsqLCzZsOCFRJQJY+CnrgNaAz0NXeNtx7D
+Lpr9OCWWbG1KTQ/ANlR8g6xCqlAk4xdixsAnIlBUJB90+RlkcWrliEY7OwcqIu3x
+/qe+5UR3irIFZOApNHOm760PjRl7VWAnYZC/PhkW0iKwnBuE96ddPIJc+KuiqCcP
+KflgF4/jmbHTZ+5uvVV4qkfovc744HnQtQoCDoYR8WpsJv3YL5xrAv78o3WCRzx6
+xxB+eUlJpuyyfIee2lUCG4Ly4jgOsWaupnUglLDORnz/L8fhhnpv83wLal7E0Shx
+sqvzZZbb1QLuwMWy++gfzdDvGWewES3BdSFp5NwYWXQGZWSkEEFbIiorKSurU1On
+9OwB0jT/H2B/CAFKYJQ2V+hQ4I7PG+z9p7ZFNR6GZbZuhEr+Dpq1CwtI3W45izr3
+RJgcc2IP6Oj7/XC2MmKGMqZkybBWcvazdyAMHzk9EZIBT2Oru3dnOl3uVUUPeZRs
+xRzqaA0MAlyj+GJ9uziEr3W1j+U1CFEnNWtlD/jqcTAwmaOsn1GhWyMAo1KOrJ/o
+LcJvwk5P/0XEyeli7/DSUpGjYiAgWMHWCOn9s6aYw3YFb+A/SgX3/+FIDib/vHTX
+i76JZfO0CfoKsbFDCH9KOMupHM9EO3ftQwIDAQABo1MwUTAdBgNVHQ4EFgQU/KGg
+gmMqXD5YOe5+B0W+YezN9LcwHwYDVR0jBBgwFoAU/KGggmMqXD5YOe5+B0W+YezN
+9LcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAhr+AaNaIlRyM
+WKyJ+2Aa35fH5e44Xr/xPpriM5HHxsj0evjMCODqCQ7kzfwSEmtXh5uZYYNKb/JP
+ZMDHIFcYi1QCvm6E6YOd+Qn9CVxrwaDhigJv7ylhVf8q201GTvHhJIU99yFIrzJQ
+RNhxw+pNo7FYMZr3J7JZPAy60DN1KZvRV4FjZx5qiPUMyu4zVygzDkr0v5Ilncdp
+l9VVjOi7ocHyBKI+7RkXl97xN4SUe3vszwZQHCVyVopBw+YrMbDBCrknrQzUEgie
+BuI+kj5oOeiQ0P1i1K+UCCAjrLwhNyc9H02rKUtBHxa2AVjw7YpAJlBesb49Qvq+
+5L6JjHFVSSOEbIjboNib26zNackjbiefF74meSUbGVGfcJ1OdkZsXZWphmER8V7X
+Wz3Z8JwOXW1RLPgcbjilHUR5g8pEmWBv4KrTCSg5IvOJr4w3pyyMBiiVI9NI5sB7
+g5Mi9v3ifPD1OHA4Y3wYCb26mMEpRb8ogOhMHcGNbdnL3QtIUg4cmXGqGSY/LbpU
+np0sIQDSjc46o79F0boPsLlaN3US5WZIu0nc9SHkjoNhd0CJQ5r9aEn4/wNrZgxs
+s8OEKsqcS7OsWiIE6nG51TMDsCuyRBrGedtSUyFFSVSpivpYIrPVNKKlHsJ/o+Nv
+Udb6dBjCraPvJB8binB1aojwya3MwRs=
+-----END CERTIFICATE-----
diff --git a/service/ServiceConnectivityResources/resources-certs/key.pem b/service/ServiceConnectivityResources/resources-certs/key.pem
new file mode 100644
index 0000000000..38771c2615
--- /dev/null
+++ b/service/ServiceConnectivityResources/resources-certs/key.pem
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC361NT9qSzh3uL
+cLBD67HNE1QX3ykwGyw8u7ExzqpsqLCzZsOCFRJQJY+CnrgNaAz0NXeNtx7DLpr9
+OCWWbG1KTQ/ANlR8g6xCqlAk4xdixsAnIlBUJB90+RlkcWrliEY7OwcqIu3x/qe+
+5UR3irIFZOApNHOm760PjRl7VWAnYZC/PhkW0iKwnBuE96ddPIJc+KuiqCcPKflg
+F4/jmbHTZ+5uvVV4qkfovc744HnQtQoCDoYR8WpsJv3YL5xrAv78o3WCRzx6xxB+
+eUlJpuyyfIee2lUCG4Ly4jgOsWaupnUglLDORnz/L8fhhnpv83wLal7E0Shxsqvz
+ZZbb1QLuwMWy++gfzdDvGWewES3BdSFp5NwYWXQGZWSkEEFbIiorKSurU1On9OwB
+0jT/H2B/CAFKYJQ2V+hQ4I7PG+z9p7ZFNR6GZbZuhEr+Dpq1CwtI3W45izr3RJgc
+c2IP6Oj7/XC2MmKGMqZkybBWcvazdyAMHzk9EZIBT2Oru3dnOl3uVUUPeZRsxRzq
+aA0MAlyj+GJ9uziEr3W1j+U1CFEnNWtlD/jqcTAwmaOsn1GhWyMAo1KOrJ/oLcJv
+wk5P/0XEyeli7/DSUpGjYiAgWMHWCOn9s6aYw3YFb+A/SgX3/+FIDib/vHTXi76J
+ZfO0CfoKsbFDCH9KOMupHM9EO3ftQwIDAQABAoICAQCXM/GKqtAXBIBOT/Ops0C2
+n3hYM9BRy1UgDRKNJyG3OSwkIY0ECbzHhUmpkkEwTGWx8675JB43Sr6DBUDpnPRw
+zE/xrvjgcQQSvqAq40PbohhhU/WEZzoxWYVFrXS7hcBve4TVYGgMtlZEO4qBWNYo
+Vxlu5r9Z89tsWI0ldzgYyD5O64eG2nVIit6Y/11p6pAmTQ4WKHYMIm7xUA2siTPH
+4L8F7cQx8pQxxLI+q5WaPuweasBQShA7IAc7T1EiLRFitCOsWlJfgf6Oa7oTwhcA
+Wh7JOyf+Fo4ejlqVwcTwOss6YOPGge7LgQWr5HoORbeqTuXgmy/L4Z85+EABNOs1
+5muHZvsuPXSmW6g1bCi8zvQcjFIX31yBVg8zkdG8WRezFxiVlN8UFAx4rwo03aBs
+rDyU4GCxoUBvF/M9534l1gKOyr0hlQ40nQ4kBabbm2wWOKCVzmLEtFmWX9RV0tjX
+pEtTCqgsGlsIypLy21+uow8SBojhkZ+xORCF2XivGu6SKtvwGvjpYXpXrI6DN4Lw
+kH5J5FwSu1SNY8tnIEJEmj8IMTp+Vw20kwNVTcwdC2nJDDiezJum4PqZRdWIuupm
+BWzXD3fvMXqHmT02sJTQ+FRAgiQLLWDzNAYMJUofzuIwycs4iO9MOPHjkHScvk4N
+FXLrzFBSbdw+wi1DdzzMuQKCAQEA5wx07O5bHBHybs6tpwuZ0TuJ3OIVXh/ocNVR
+gSOCSMirv+K4u3jToXwjfTXUc9lcn+DenZPpGmUWF0sZ83ytZm1eFVgGZpP6941C
+waSeb8zGsgbEyZIQTVILfgtyPDwdtgu0d1Ip+ppj9czXmnxMY/ruHOX1Do1UfZoA
+UA1ytHJSjFKU6saAhHrdk91soTVzc/E3uo7U4Ff0L8/3tT3DAEFYxDXUCH8W2IZZ
+6zVvlqnPH4elxsPYM6rtIwq52reOTLNxC+SFSamK/82zu09Kjj5sQ6HKlvKJFiL5
+bULWu4lenoDfEN0lng+QopJTgZq4/tgOLum43C/Zd0PGC9R6PwKCAQEAy8fvPqwM
+gPbNasni9qGVG+FfiFd/wEMlgKlVVqi+WzF6tCAnXCQXXg3A7FpLQrX8hVKdMznq
+wPgM5AXP4FOguBFNk65chZmPizBIUDPJ4TNHI8FcGgcxbKGvDdVHsUpa/h5rJlvV
+GLJTKV4KjcsTjl5tlRsJ48bSfpBNQHpSKlCswT6jjteiDY6Rln0GFKQIKDHqp3I6
+Zn1E4yfdiIz9VnMPfg1fbjBeR7s1zNzlrR8Dv9oK9tkzI5G1wSbdzksg2O1q2tvg
+WrZrTAA3Uw6sPUMft0vk5Jw6a6CLkrcfayv3xDHwvM/4P3HgP8j9WQ8at8ttHpfD
+oWyt3fZ3pBuj/QKCAQANqxH7tjoTlgg2f+mL+Ua3NwN32rQS5mZUznnM3vHlJmHq
+rxnolURHyFU9IgMYe2JcXuwsfESM+C/vXtUBL33+kje/oX53cQemv2eUlw18ZavX
+ekkH96kZOeJOKZUvdQr46wZZDLZJCfsh3mVe0T2fqIePlBcELl4yM/sSwUjo3d5+
+SKBgpy+RJseW6MF1Y/kZgcqfMbXsM6fRcEciJK41hKggq2KIwiPy2TfWj0mzqwYC
+wn6PHKTcoZ73tLm786Hqba8hWfp8mhgL+/pG+XDaq1yyP48BkQWFFrqUuSCE5aKA
+U/VeRQblq9wNkgR4pVOOV++23MK/2+DMimjb6Ez3AoIBABIXK7wKlgmU32ONjKKM
+capJ9asq6WJuE5Q6dCL/U/bQi64V9KiPY6ur2OailW/UrBhB30a+64I6AxrzESM/
+CVON5a8omXoayc13edP05QUjAjvAXKbK4K5eJCY8OuMYUL+if6ymFmLc4dkYSiOQ
+Vaob4+qKvfQEoIcv1EvXEBhFlTCKmQaDShWeBHqxmqqWbUr0M3qt/1U95bGsxlPr
+AEp+aG+uTDyB+ryvd/U53wHhcPnFJ5gGbC3KL7J3+tTngoD/gq7vOhmTfC8BDehH
+sy61GMmy6R0KaX1IgVuC+j0PaC14qYB5jfZD675930/asWqDmqpOmsVn2n+L888T
+zRkCggEBAIMuNhhfGGY6E4PLUcPM0LZA4tI/wTpeYEahunU1hWIYo/iZB9od2biz
+EeYY4BtkzCoE5ZWYXqTgiMxN4hJ4ufB+5umZ4BO0Gyx4p2/Ik2uv1BXu++GbM+TI
+eeFmaBh00dTtjccpeZEDgNkjAO7Rh9GV2ifl3uhqg0MnFXywPUX2Vm2bmwQXnfV9
+wY2TXgOmBN2epFBOArJwiA5IfV+bSqXCFCx8fgyOWpMNq9+zDRd6KCeHyge54ahm
+jMhCncp1OPDPaV+gnUdgWDGcywYg0KQvu5dLuCFfvucnsWoH2txsVZrXFha5XSM4
+/4Pif3Aj5E9dm1zkUtZJYQbII5SKQ94=
+-----END PRIVATE KEY-----