Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / update_engine / 33e91e78bfe98c063b0c3b6d590976e275685686^! / . / common / certificate_checker_unittest.cc
commit33e91e78bfe98c063b0c3b6d590976e275685686[log] [tgz]
authorAlex Deymo <deymo@google.com>Tue Dec 01 18:26:08 2015 -0300
committerAlex Deymo <deymo@google.com>Fri Dec 04 19:27:34 2015 -0800
tree1912f6dbc00b546af84865eaf8da1e1b0b5df9db
parent2b4268c8f89d115b0895b3f0172f42c11d9b1d7c [diff] [blame]
Fix certificate checker callback lifetime.

OpenSSL's SSL_CTX_set_verify() function allows us to set a callback
called after certificate validation but doesn't provide a way to pass
private data to this callback. CL:183832 was passing the pointer to the
CertificateChecker instance using a global pointer, nevertheless the
lifetime of this pointer was wrong since libcurl can trigger this
callback asynchronously when the SSL certificates are downloaded.

This patch converts the CertificateChecker into a singleton class and
uses the same trick previously used to pass the ServerToCheck value
using different callbacks.

Bug: 25818567
Test: Run an update on edison-userdebug; FEATURES=test emerge-link update_engine

Change-Id: I84cdb2f8c5ac86d1463634e73e867f213f7a2f5a

diff --git a/common/certificate_checker_unittest.cc b/common/certificate_checker_unittest.cc
index 15811c0..c30acc5 100644
--- a/common/certificate_checker_unittest.cc
+++ b/common/certificate_checker_unittest.cc

@@ -50,6 +50,7 @@
                                    cert_key_prefix_.c_str(),
                                    static_cast<int>(server_to_check_),
                                    depth_);
+    cert_checker.Init();
     cert_checker.SetObserver(&observer_);
   }
 
@@ -70,7 +71,7 @@
   string cert_key_;
 
   testing::StrictMock<MockCertificateCheckObserver> observer_;
-  CertificateChecker cert_checker{&prefs_, &openssl_wrapper_, server_to_check_};
+  CertificateChecker cert_checker{&prefs_, &openssl_wrapper_};
 };
 
 // check certificate change, new
@@ -86,7 +87,8 @@
   EXPECT_CALL(observer_,
               CertificateChecked(server_to_check_,
                                  CertificateCheckResult::kValid));
-  ASSERT_TRUE(cert_checker.CheckCertificateChange(1, nullptr));
+  ASSERT_TRUE(
+      cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
 }
 
 // check certificate change, unchanged
@@ -103,7 +105,8 @@
   EXPECT_CALL(observer_,
               CertificateChecked(server_to_check_,
                                  CertificateCheckResult::kValid));
-  ASSERT_TRUE(cert_checker.CheckCertificateChange(1, nullptr));
+  ASSERT_TRUE(
+      cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
 }
 
 // check certificate change, changed
@@ -120,7 +123,8 @@
               CertificateChecked(server_to_check_,
                                  CertificateCheckResult::kValidChanged));
   EXPECT_CALL(prefs_, SetString(cert_key_, digest_hex_)).WillOnce(Return(true));
-  ASSERT_TRUE(cert_checker.CheckCertificateChange(1, nullptr));
+  ASSERT_TRUE(
+      cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
 }
 
 // check certificate change, failed
@@ -129,7 +133,8 @@
                                             CertificateCheckResult::kFailed));
   EXPECT_CALL(prefs_, GetString(_, _)).Times(0);
   EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(_, _, _, _)).Times(0);
-  ASSERT_FALSE(cert_checker.CheckCertificateChange(0, nullptr));
+  ASSERT_FALSE(
+      cert_checker.CheckCertificateChange(0, nullptr, server_to_check_));
 }
 
 }  // namespace chromeos_update_engine