Make public key verification check binding.
Until now, we've just warned on failure. This CL makes the update fail
if the check fails.
BUG=chromium-os:19872
TEST=unittests; tested on device
Change-Id: I485b2548849f46d2b802c478736671bb44a85aab
Reviewed-on: http://gerrit.chromium.org/gerrit/6998
Reviewed-by: Darin Petkov <petkov@chromium.org>
Tested-by: Andrew de los Reyes <adlr@chromium.org>
diff --git a/delta_performer_unittest.cc b/delta_performer_unittest.cc
index 3bdb2d8..6318806 100644
--- a/delta_performer_unittest.cc
+++ b/delta_performer_unittest.cc
@@ -452,21 +452,24 @@
strlen(new_data_string)));
EXPECT_TRUE(utils::FileExists(kUnittestPublicKeyPath));
- const bool expect_public_verify_failure =
- signature_test == kSignatureNone ||
- signature_test == kSignatureGeneratedShellBadKey;
- bool public_verify_failure = false;
- EXPECT_TRUE(performer.VerifyPayload(
+ ActionExitCode expect_verify_result = kActionCodeSuccess;
+ switch (signature_test) {
+ case kSignatureNone:
+ expect_verify_result = kActionCodeSignedDeltaPayloadExpectedError;
+ break;
+ case kSignatureGeneratedShellBadKey:
+ expect_verify_result = kActionCodeDownloadPayloadPubKeyVerificationError;
+ break;
+ default: break; // appease gcc
+ }
+ EXPECT_EQ(expect_verify_result, performer.VerifyPayload(
kUnittestPublicKeyPath,
OmahaHashCalculator::OmahaHashOfData(delta),
- delta.size(),
- &public_verify_failure));
- EXPECT_EQ(expect_public_verify_failure, public_verify_failure);
- EXPECT_TRUE(performer.VerifyPayload(
+ delta.size()));
+ EXPECT_EQ(kActionCodeSuccess, performer.VerifyPayload(
"/public/key/does/not/exists",
OmahaHashCalculator::OmahaHashOfData(delta),
- delta.size(),
- NULL));
+ delta.size()));
uint64_t new_kernel_size;
vector<char> new_kernel_hash;