Merge changes Ide254542,Id3ad2c75 into main
* changes:
Rename the CTLogger APIs to reflect the atom name change
Remove the threshold logic for logging log list update failures
diff --git a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyDownloader.java b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyDownloader.java
index 9ead1f8..1478fd1 100644
--- a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyDownloader.java
+++ b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyDownloader.java
@@ -17,7 +17,7 @@
package com.android.server.net.ct;
import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_HTTP_ERROR;
-import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND;
+import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_PUBLIC_KEY_NOT_FOUND;
import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION;
import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_VERSION_ALREADY_EXISTS;
@@ -29,7 +29,6 @@
import android.content.IntentFilter;
import android.net.Uri;
import android.os.Build;
-import android.provider.DeviceConfig;
import android.util.Log;
import androidx.annotation.VisibleForTesting;
@@ -237,15 +236,15 @@
try {
success = mSignatureVerifier.verify(contentUri, metadataUri);
} catch (MissingPublicKeyException e) {
- if (updateFailureCount()) {
- failureReason =
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND;
- }
+ updateFailureCount();
+ failureReason =
+ CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_PUBLIC_KEY_NOT_FOUND;
+ Log.e(TAG, "No public key found for log list verification", e);
} catch (InvalidKeyException e) {
- if (updateFailureCount()) {
- failureReason =
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION;
- }
+ updateFailureCount();
+ failureReason =
+ CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION;
+ Log.e(TAG, "Signature invalid for log list verification", e);
} catch (IOException | GeneralSecurityException e) {
Log.e(TAG, "Could not verify new log list", e);
}
@@ -254,13 +253,14 @@
Log.w(TAG, "Log list did not pass verification");
// Avoid logging failure twice
- if (failureReason == -1 && updateFailureCount()) {
+ if (failureReason == -1) {
+ updateFailureCount();
failureReason =
CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION;
}
if (failureReason != -1) {
- mLogger.logCTLogListUpdateFailedEvent(
+ mLogger.logCTLogListUpdateStateChangedEvent(
failureReason,
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0));
@@ -280,42 +280,38 @@
mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* value= */ 0);
mDataStore.store();
} else {
- if (updateFailureCount()) {
- mLogger.logCTLogListUpdateFailedEvent(
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_VERSION_ALREADY_EXISTS,
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0));
+ updateFailureCount();
+ mLogger.logCTLogListUpdateStateChangedEvent(
+ CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_VERSION_ALREADY_EXISTS,
+ mDataStore.getPropertyInt(
+ Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0));
}
}
- }
private void handleDownloadFailed(DownloadStatus status) {
Log.e(TAG, "Download failed with " + status);
- if (updateFailureCount()) {
- int failureCount =
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0);
+ updateFailureCount();
+ int failureCount =
+ mDataStore.getPropertyInt(
+ Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0);
- if (status.isHttpError()) {
- mLogger.logCTLogListUpdateFailedEvent(
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_HTTP_ERROR,
- failureCount,
- status.reason());
- } else {
- // TODO(b/384935059): handle blocked domain logging
- mLogger.logCTLogListUpdateFailedEventWithDownloadStatus(
- status.reason(), failureCount);
- }
+ if (status.isHttpError()) {
+ mLogger.logCTLogListUpdateStateChangedEvent(
+ CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_HTTP_ERROR,
+ failureCount,
+ status.reason());
+ } else {
+ // TODO(b/384935059): handle blocked domain logging
+ mLogger.logCTLogListUpdateStateChangedEventWithDownloadStatus(
+ status.reason(), failureCount);
}
}
/**
* Updates the data store with the current number of consecutive log list update failures.
- *
- * @return whether the failure count exceeds the threshold and should be logged.
*/
- private boolean updateFailureCount() {
+ private void updateFailureCount() {
int failure_count =
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0);
@@ -323,17 +319,6 @@
mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, new_failure_count);
mDataStore.store();
-
- int threshold = DeviceConfig.getInt(
- Config.NAMESPACE_NETWORK_SECURITY,
- Config.FLAG_LOG_FAILURE_THRESHOLD,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
-
- boolean shouldReport = new_failure_count >= threshold;
- if (shouldReport) {
- Log.d(TAG, "Log list update failure count exceeds threshold: " + new_failure_count);
- }
- return shouldReport;
}
private long download(String url) {
diff --git a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyLogger.java b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyLogger.java
index 913c472..a6b15ab 100644
--- a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyLogger.java
+++ b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyLogger.java
@@ -20,29 +20,30 @@
public interface CertificateTransparencyLogger {
/**
- * Logs a CTLogListUpdateFailed event to statsd, when failure is provided by DownloadManager.
+ * Logs a CTLogListUpdateStateChanged event to statsd, when failure is from DownloadManager.
*
* @param downloadStatus DownloadManager failure status why the log list wasn't updated
* @param failureCount number of consecutive log list update failures
*/
- void logCTLogListUpdateFailedEventWithDownloadStatus(int downloadStatus, int failureCount);
+ void logCTLogListUpdateStateChangedEventWithDownloadStatus(
+ int downloadStatus, int failureCount);
/**
- * Logs a CTLogListUpdateFailed event to statsd, when no HTTP error status code is present.
+ * Logs a CTLogListUpdateStateChanged event to statsd without a HTTP error status code.
*
* @param failureReason reason why the log list wasn't updated
* @param failureCount number of consecutive log list update failures
*/
- void logCTLogListUpdateFailedEvent(int failureReason, int failureCount);
+ void logCTLogListUpdateStateChangedEvent(int failureReason, int failureCount);
/**
- * Logs a CTLogListUpdateFailed event to statsd, when an HTTP error status code is provided.
+ * Logs a CTLogListUpdateStateChanged event to statsd with an HTTP error status code.
*
* @param failureReason reason why the log list wasn't updated (e.g. DownloadManager failures)
* @param failureCount number of consecutive log list update failures
* @param httpErrorStatusCode if relevant, the HTTP error status code from DownloadManager
*/
- void logCTLogListUpdateFailedEvent(
+ void logCTLogListUpdateStateChangedEvent(
int failureReason, int failureCount, int httpErrorStatusCode);
}
\ No newline at end of file
diff --git a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyLoggerImpl.java b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyLoggerImpl.java
index 7499cce..3f5d1aa 100644
--- a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyLoggerImpl.java
+++ b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyLoggerImpl.java
@@ -31,18 +31,20 @@
class CertificateTransparencyLoggerImpl implements CertificateTransparencyLogger {
@Override
- public void logCTLogListUpdateFailedEventWithDownloadStatus(
+ public void logCTLogListUpdateStateChangedEventWithDownloadStatus(
int downloadStatus, int failureCount) {
- logCTLogListUpdateFailedEvent(downloadStatusToFailureReason(downloadStatus), failureCount);
+ logCTLogListUpdateStateChangedEvent(
+ downloadStatusToFailureReason(downloadStatus), failureCount);
}
@Override
- public void logCTLogListUpdateFailedEvent(int failureReason, int failureCount) {
- logCTLogListUpdateFailedEvent(failureReason, failureCount, /* httpErrorStatusCode= */ 0);
+ public void logCTLogListUpdateStateChangedEvent(int failureReason, int failureCount) {
+ logCTLogListUpdateStateChangedEvent(
+ failureReason, failureCount, /* httpErrorStatusCode= */ 0);
}
@Override
- public void logCTLogListUpdateFailedEvent(
+ public void logCTLogListUpdateStateChangedEvent(
int failureReason, int failureCount, int httpErrorStatusCode) {
CertificateTransparencyStatsLog.write(
CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED,
diff --git a/networksecurity/service/src/com/android/server/net/ct/Config.java b/networksecurity/service/src/com/android/server/net/ct/Config.java
index bc4efab..5fdba09 100644
--- a/networksecurity/service/src/com/android/server/net/ct/Config.java
+++ b/networksecurity/service/src/com/android/server/net/ct/Config.java
@@ -45,7 +45,6 @@
static final String FLAG_METADATA_URL = FLAGS_PREFIX + "metadata_url";
static final String FLAG_VERSION = FLAGS_PREFIX + "version";
static final String FLAG_PUBLIC_KEY = FLAGS_PREFIX + "public_key";
- static final String FLAG_LOG_FAILURE_THRESHOLD = FLAGS_PREFIX + "log_list_failure_threshold";
// properties
static final String VERSION = "version";
@@ -59,7 +58,4 @@
static final String URL_LOG_LIST = URL_PREFIX + "log_list.json";
static final String URL_SIGNATURE = URL_PREFIX + "log_list.sig";
static final String URL_PUBLIC_KEY = URL_PREFIX + "log_list.pub";
-
- // Threshold amounts
- static final int DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD = 10;
}
diff --git a/networksecurity/tests/unit/src/com/android/server/net/ct/CertificateTransparencyDownloaderTest.java b/networksecurity/tests/unit/src/com/android/server/net/ct/CertificateTransparencyDownloaderTest.java
index d44e538..dc8e54b 100644
--- a/networksecurity/tests/unit/src/com/android/server/net/ct/CertificateTransparencyDownloaderTest.java
+++ b/networksecurity/tests/unit/src/com/android/server/net/ct/CertificateTransparencyDownloaderTest.java
@@ -16,6 +16,7 @@
package com.android.server.net.ct;
+import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_PUBLIC_KEY_NOT_FOUND;
import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND;
import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION;
import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_VERSION_ALREADY_EXISTS;
@@ -198,13 +199,9 @@
}
@Test
- public void testDownloader_publicKeyDownloadFail_failureThresholdExceeded_logsFailure()
+ public void testDownloader_publicKeyDownloadFail_logsFailure()
throws Exception {
mCertificateTransparencyDownloader.startPublicKeyDownload();
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
mCertificateTransparencyDownloader.onReceive(
mContext,
@@ -213,30 +210,11 @@
assertThat(
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
- verify(mLogger, times(1))
- .logCTLogListUpdateFailedEventWithDownloadStatus(
- DownloadManager.ERROR_INSUFFICIENT_SPACE,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
- }
-
- @Test
- public void testDownloader_publicKeyDownloadFail_failureThresholdNotMet_doesNotLog()
- throws Exception {
- mCertificateTransparencyDownloader.startPublicKeyDownload();
- // Set the failure count to well below the threshold
- mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, 0);
-
- mCertificateTransparencyDownloader.onReceive(
- mContext, makePublicKeyDownloadFailedIntent(DownloadManager.ERROR_HTTP_DATA_ERROR));
-
- assertThat(
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
.isEqualTo(1);
- verify(mLogger, never()).logCTLogListUpdateFailedEvent(anyInt(), anyInt());
- verify(mLogger, never())
- .logCTLogListUpdateFailedEventWithDownloadStatus(anyInt(), anyInt());
+ verify(mLogger, times(1))
+ .logCTLogListUpdateStateChangedEventWithDownloadStatus(
+ DownloadManager.ERROR_INSUFFICIENT_SPACE,
+ /* failureCount= */ 1);
}
@Test
@@ -269,35 +247,9 @@
}
@Test
- public void testDownloader_metadataDownloadFail_failureThresholdExceeded_logsFailure()
+ public void testDownloader_metadataDownloadFail_logsFailure()
throws Exception {
mCertificateTransparencyDownloader.startMetadataDownload();
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
-
- mCertificateTransparencyDownloader.onReceive(
- mContext,
- makeMetadataDownloadFailedIntent(
- mCompatVersion, DownloadManager.ERROR_INSUFFICIENT_SPACE));
-
- assertThat(
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
- verify(mLogger, times(1))
- .logCTLogListUpdateFailedEventWithDownloadStatus(
- DownloadManager.ERROR_INSUFFICIENT_SPACE,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
- }
-
- @Test
- public void testDownloader_metadataDownloadFail_failureThresholdNotMet_doesNotLog()
- throws Exception {
- mCertificateTransparencyDownloader.startMetadataDownload();
- // Set the failure count to well below the threshold
- mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, 0);
mCertificateTransparencyDownloader.onReceive(
mContext,
@@ -308,9 +260,10 @@
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
.isEqualTo(1);
- verify(mLogger, never()).logCTLogListUpdateFailedEvent(anyInt(), anyInt());
- verify(mLogger, never())
- .logCTLogListUpdateFailedEventWithDownloadStatus(anyInt(), anyInt());
+ verify(mLogger, times(1))
+ .logCTLogListUpdateStateChangedEventWithDownloadStatus(
+ DownloadManager.ERROR_INSUFFICIENT_SPACE,
+ /* failureCount= */ 1);
}
@Test
@@ -347,13 +300,9 @@
}
@Test
- public void testDownloader_contentDownloadFail_failureThresholdExceeded_logsFailure()
+ public void testDownloader_contentDownloadFail_logsFailure()
throws Exception {
mCertificateTransparencyDownloader.startContentDownload(mCompatVersion);
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
mCertificateTransparencyDownloader.onReceive(
mContext,
@@ -363,32 +312,11 @@
assertThat(
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
- verify(mLogger, times(1))
- .logCTLogListUpdateFailedEventWithDownloadStatus(
- DownloadManager.ERROR_INSUFFICIENT_SPACE,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
- }
-
- @Test
- public void testDownloader_contentDownloadFail_failureThresholdNotMet_doesNotLog()
- throws Exception {
- mCertificateTransparencyDownloader.startContentDownload(mCompatVersion);
- // Set the failure count to well below the threshold
- mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, 0);
-
- mCertificateTransparencyDownloader.onReceive(
- mContext,
- makeContentDownloadFailedIntent(
- mCompatVersion, DownloadManager.ERROR_HTTP_DATA_ERROR));
-
- assertThat(
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
.isEqualTo(1);
- verify(mLogger, never()).logCTLogListUpdateFailedEvent(anyInt(), anyInt());
- verify(mLogger, never())
- .logCTLogListUpdateFailedEventWithDownloadStatus(anyInt(), anyInt());
+ verify(mLogger, times(1))
+ .logCTLogListUpdateStateChangedEventWithDownloadStatus(
+ DownloadManager.ERROR_INSUFFICIENT_SPACE,
+ /* failureCount= */ 1);
}
@Test
@@ -410,16 +338,12 @@
@Test
public void
- testDownloader_contentDownloadSuccess_noSignatureFound_failureThresholdExceeded_logsSingleFailure()
+ testDownloader_contentDownloadSuccess_noSignatureFound_logsSingleFailure()
throws Exception {
File logListFile = makeLogListFile("456");
File metadataFile = sign(logListFile);
mSignatureVerifier.setPublicKey(mPublicKey);
mCertificateTransparencyDownloader.startMetadataDownload();
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
// Set the public key to be missing
mSignatureVerifier.resetPublicKey();
@@ -431,13 +355,18 @@
assertThat(
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ .isEqualTo(1);
verify(mLogger, times(1))
- .logCTLogListUpdateFailedEvent(
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ .logCTLogListUpdateStateChangedEvent(
+ CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_PUBLIC_KEY_NOT_FOUND,
+ /* failureCount= */ 1);
verify(mLogger, never())
- .logCTLogListUpdateFailedEvent(
+ .logCTLogListUpdateStateChangedEvent(
+ eq(
+ CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND),
+ anyInt());
+ verify(mLogger, never())
+ .logCTLogListUpdateStateChangedEvent(
eq(
CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION),
anyInt());
@@ -445,7 +374,7 @@
@Test
public void
- testDownloader_contentDownloadSuccess_wrongSignatureAlgo_failureThresholdExceeded_logsSingleFailure()
+ testDownloader_contentDownloadSuccess_wrongSignatureAlgo_logsSingleFailure()
throws Exception {
// Arrange
File logListFile = makeLogListFile("456");
@@ -455,11 +384,6 @@
KeyPairGenerator instance = KeyPairGenerator.getInstance("EC");
mSignatureVerifier.setPublicKey(instance.generateKeyPair().getPublic());
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
-
// Act
mCertificateTransparencyDownloader.startMetadataDownload();
mCertificateTransparencyDownloader.onReceive(
@@ -471,21 +395,21 @@
assertThat(
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ .isEqualTo(1);
verify(mLogger, never())
- .logCTLogListUpdateFailedEvent(
+ .logCTLogListUpdateStateChangedEvent(
eq(
CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND),
anyInt());
verify(mLogger, times(1))
- .logCTLogListUpdateFailedEvent(
+ .logCTLogListUpdateStateChangedEvent(
CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ /* failureCount= */ 1);
}
@Test
public void
- testDownloader_contentDownloadSuccess_signatureNotVerified_failureThresholdExceeded_logsSingleFailure()
+ testDownloader_contentDownloadSuccess_signatureNotVerified_logsSingleFailure()
throws Exception {
// Arrange
File logListFile = makeLogListFile("456");
@@ -495,11 +419,6 @@
KeyPairGenerator instance = KeyPairGenerator.getInstance("RSA");
mSignatureVerifier.setPublicKey(instance.generateKeyPair().getPublic());
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
-
// Act
mCertificateTransparencyDownloader.startMetadataDownload();
mCertificateTransparencyDownloader.onReceive(
@@ -511,63 +430,30 @@
assertThat(
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ .isEqualTo(1);
verify(mLogger, never())
- .logCTLogListUpdateFailedEvent(
+ .logCTLogListUpdateStateChangedEvent(
eq(
CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND),
anyInt());
+ verify(mLogger, never())
+ .logCTLogListUpdateStateChangedEvent(
+ eq(
+ CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_PUBLIC_KEY_NOT_FOUND),
+ anyInt());
verify(mLogger, times(1))
- .logCTLogListUpdateFailedEvent(
+ .logCTLogListUpdateStateChangedEvent(
CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ /* failureCount= */ 1);
}
@Test
public void
- testDownloader_contentDownloadSuccess_wrongSignature_failureThresholdNotMet_doesNotLog()
- throws Exception {
- File logListFile = makeLogListFile("456");
- File metadataFile = sign(logListFile);
- // Set the key to be deliberately wrong by using diff key pair
- KeyPairGenerator instance = KeyPairGenerator.getInstance("RSA");
- mSignatureVerifier.setPublicKey(instance.generateKeyPair().getPublic());
- // Set the failure count to well below the threshold
- mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, 0);
-
- mCertificateTransparencyDownloader.startMetadataDownload();
- mCertificateTransparencyDownloader.onReceive(
- mContext, makeMetadataDownloadCompleteIntent(mCompatVersion, metadataFile));
- mCertificateTransparencyDownloader.onReceive(
- mContext, makeContentDownloadCompleteIntent(mCompatVersion, logListFile));
-
- assertThat(
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(1);
- verify(mLogger, never())
- .logCTLogListUpdateFailedEvent(
- eq(
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND),
- anyInt());
- verify(mLogger, never())
- .logCTLogListUpdateFailedEvent(
- eq(
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION),
- anyInt());
- }
-
- @Test
- public void
- testDownloader_contentDownloadSuccess_installFail_failureThresholdExceeded_logsFailure()
+ testDownloader_contentDownloadSuccess_installFail_logsFailure()
throws Exception {
File invalidLogListFile = writeToFile("not_a_json_log_list".getBytes());
File metadataFile = sign(invalidLogListFile);
mSignatureVerifier.setPublicKey(mPublicKey);
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
mCertificateTransparencyDownloader.startMetadataDownload();
mCertificateTransparencyDownloader.onReceive(
@@ -578,36 +464,11 @@
assertThat(
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ .isEqualTo(1);
verify(mLogger, times(1))
- .logCTLogListUpdateFailedEvent(
+ .logCTLogListUpdateStateChangedEvent(
CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_VERSION_ALREADY_EXISTS,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
- }
-
- @Test
- public void
- testDownloader_contentDownloadSuccess_installFail_failureThresholdNotMet_doesNotLog()
- throws Exception {
- File invalidLogListFile = writeToFile("not_a_json_log_list".getBytes());
- File metadataFile = sign(invalidLogListFile);
- mSignatureVerifier.setPublicKey(mPublicKey);
- // Set the failure count to well below the threshold
- mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, 0);
-
- mCertificateTransparencyDownloader.startMetadataDownload();
- mCertificateTransparencyDownloader.onReceive(
- mContext, makeMetadataDownloadCompleteIntent(mCompatVersion, metadataFile));
- mCertificateTransparencyDownloader.onReceive(
- mContext, makeContentDownloadCompleteIntent(mCompatVersion, invalidLogListFile));
-
- assertThat(
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(1);
- verify(mLogger, never()).logCTLogListUpdateFailedEvent(anyInt(), anyInt());
- verify(mLogger, never())
- .logCTLogListUpdateFailedEventWithDownloadStatus(anyInt(), anyInt());
+ /* failureCount= */ 1);
}
@Test