If a public key is present, disallow old style full payloads.
This is necessary to ensure that if a public key is present the payload is
signed and the signature passes verification.
BUG=chromium-os:11760
TEST=unit tests, tested on device
Change-Id: I6af61ead0e918c0b971dbcfeabcab3be03e6eb97
Review URL: http://codereview.chromium.org/6574009
diff --git a/omaha_response_handler_action_unittest.cc b/omaha_response_handler_action_unittest.cc
index 7f1ee15..4a60315 100644
--- a/omaha_response_handler_action_unittest.cc
+++ b/omaha_response_handler_action_unittest.cc
@@ -23,6 +23,7 @@
// If out is non-NULL, it's set w/ the response from the action.
bool DoTest(const OmahaResponse& in,
const string& boot_dev,
+ bool test_key,
InstallPlan* out);
};
@@ -58,6 +59,7 @@
bool OmahaResponseHandlerActionTest::DoTest(const OmahaResponse& in,
const string& boot_dev,
+ bool test_key,
InstallPlan* out) {
ActionProcessor processor;
OmahaResponseHandlerActionProcessorDelegate delegate;
@@ -71,6 +73,9 @@
.WillOnce(Return(true));
}
OmahaResponseHandlerAction response_handler_action(&prefs);
+ if (test_key) {
+ response_handler_action.set_key_path("/dev/null");
+ }
response_handler_action.set_boot_device(boot_dev);
BondActions(&feeder_action, &response_handler_action);
ObjectCollectorAction<InstallPlan> collector_action;
@@ -84,7 +89,9 @@
if (out)
*out = collector_action.object();
EXPECT_TRUE(delegate.code_set_);
- return delegate.code_ == kActionCodeSuccess;
+ ActionExitCode expected_code = test_key ?
+ kActionCodeSignedDeltaPayloadExpectedError : kActionCodeSuccess;
+ return delegate.code_ == expected_code;
}
TEST_F(OmahaResponseHandlerActionTest, SimpleTest) {
@@ -103,7 +110,7 @@
in.is_delta = false;
in.deadline = "20101020";
InstallPlan install_plan;
- EXPECT_TRUE(DoTest(in, "/dev/sda3", &install_plan));
+ EXPECT_TRUE(DoTest(in, "/dev/sda3", false, &install_plan));
EXPECT_TRUE(install_plan.is_full_update);
EXPECT_EQ(in.codebase, install_plan.download_url);
EXPECT_EQ(in.hash, install_plan.download_hash);
@@ -131,7 +138,7 @@
in.prompt = true;
in.is_delta = true;
InstallPlan install_plan;
- EXPECT_TRUE(DoTest(in, "/dev/sda5", &install_plan));
+ EXPECT_TRUE(DoTest(in, "/dev/sda5", false, &install_plan));
EXPECT_FALSE(install_plan.is_full_update);
EXPECT_EQ(in.codebase, install_plan.download_url);
EXPECT_EQ(in.hash, install_plan.download_hash);
@@ -154,7 +161,7 @@
in.is_delta = false;
in.deadline = "some-deadline";
InstallPlan install_plan;
- EXPECT_TRUE(DoTest(in, "/dev/sda3", &install_plan));
+ EXPECT_TRUE(DoTest(in, "/dev/sda3", false, &install_plan));
EXPECT_TRUE(install_plan.is_full_update);
EXPECT_EQ(in.codebase, install_plan.download_url);
EXPECT_EQ(in.hash, install_plan.download_hash);
@@ -167,11 +174,20 @@
}
}
+TEST_F(OmahaResponseHandlerActionTest, PublicKeyOldStyleTest) {
+ OmahaResponse in;
+ in.update_exists = true;
+ in.codebase = "http://foo/the_update_a.b.c.d.tgz";
+ in.is_delta = false;
+ InstallPlan install_plan;
+ EXPECT_TRUE(DoTest(in, "/dev/sda3", true, &install_plan));
+}
+
TEST_F(OmahaResponseHandlerActionTest, NoUpdatesTest) {
OmahaResponse in;
in.update_exists = false;
InstallPlan install_plan;
- EXPECT_FALSE(DoTest(in, "/dev/sda1", &install_plan));
+ EXPECT_FALSE(DoTest(in, "/dev/sda1", false, &install_plan));
EXPECT_FALSE(install_plan.is_full_update);
EXPECT_EQ("", install_plan.download_url);
EXPECT_EQ("", install_plan.download_hash);