#!/bin/sh

# Creates an apex stub in a subdirectory named after the input package name.

# Exit early if any subcommands fail.
set -e

usage() {
  echo "Usage $0 [options] apex_package_name"
  echo "  -v"
  echo "       Whether this is a vendor APEX"
  echo "  -k existing_apex_keyname"
  echo "       Use existing key instead of creating a new key"
  echo "  -m"
  echo "       Whether this is a Mainline module"
  exit -1
}

is_vendor=0
mainline_module=0

while getopts "vmk:" opt; do
  case $opt in
    v)
      is_vendor=1
      ;;
    k)
      APEX_KEY=${OPTARG}
      ;;
    m)
      mainline_module=1
      ;;
    *)
      usage
  esac
done

shift $((OPTIND-1))
APEX_NAME=$1
if [ -z ${APEX_NAME} ]
then
  echo "Missing apex package name"
  usage
fi

YEAR=$(date +%Y)

# For Mainline module, add the apex at the root apex/ directory.
if ((mainline_module == 0)); then
mkdir -p ${APEX_NAME}
cd ${APEX_NAME}
fi

cat > Android.bp <<EOF
// Copyright (C) ${YEAR} The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package {
    default_applicable_licenses: ["Android-Apache-2.0"],
}

EOF

if [ -z ${APEX_KEY} ]
then
APEX_KEY=${APEX_NAME}

openssl genrsa -out ${APEX_KEY}.pem 4096
avbtool extract_public_key --key ${APEX_KEY}.pem --output ${APEX_KEY}.avbpubkey

cat > csr.conf <<EOF
[req]
default_bits = 4096
distinguished_name = dn
prompt             = no

[dn]
C="US"
ST="California"
L="Mountain View"
O="Android"
OU="Android"
emailAddress="android@android.com"
CN="${APEX_KEY}"
EOF

openssl req -x509 -config csr.conf -newkey rsa:4096 -nodes -days 999999 -keyout key.pem -out ${APEX_KEY}.x509.pem
rm csr.conf
openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem -out ${APEX_KEY}.pk8 -nocrypt
rm key.pem

cat >> Android.bp <<EOF
apex_key {
    name: "${APEX_KEY}.key",
    public_key: "${APEX_KEY}.avbpubkey",
    private_key: "${APEX_KEY}.pem",
}

android_app_certificate {
    name: "${APEX_KEY}.certificate",
    certificate: "${APEX_KEY}",
}

EOF

fi

if ((is_vendor == 0)); then

if ((mainline_module == 1)); then

cat >> Android.bp <<EOF
apex {
    name: "${APEX_NAME}",
    manifest: "manifest.json",
    file_contexts: ":${APEX_NAME}-file_contexts",
    key: "${APEX_KEY}.key",
    certificate: ":${APEX_KEY}.certificate",
}
EOF

else

cat >> Android.bp <<EOF
apex {
    name: "${APEX_NAME}",
    manifest: "manifest.json",
    file_contexts: ":apex.test-file_contexts",  // Default, please edit, see go/android-apex-howto
    key: "${APEX_KEY}.key",
    certificate: ":${APEX_KEY}.certificate",
    updatable: false,
}
EOF

fi

cat > manifest.json << EOF
{
    "name": "${APEX_NAME}",

    // Placeholder module version to be replaced during build.
    // Do not change!
    "version": 0
}
EOF

else

cat >> Android.bp <<EOF
apex {
    name: "${APEX_NAME}",
    manifest: "manifest.json",
    file_contexts: "file_contexts",
    key: "${APEX_KEY}.key",
    certificate: ":${APEX_KEY}.certificate",
    updatable: false,
    vendor: true,
}
EOF

cat > manifest.json << EOF
{
    "name": "${APEX_NAME}",
    "version": 1
}
EOF

cat > file_contexts << EOF
(/.*)?                                                          u:object_r:vendor_file:s0
/etc(/.*)?                                                      u:object_r:vendor_configs_file:s0
# Add more ...
# /bin/hw/foo                                                   u:object_r:hal_foo_exec:s0
EOF

fi