Remove the threshold logic for logging log list update failures
Previously, we would only log to statsd if a default threshold of 10 had
been met to avoid noise in the logs. Because we will instead be logging
every time a log list update happens (success or failure), we are
removing this threshold logic.
Flag: com.android.net.ct.flags.certificate_transparency_service
Bug: 378626065
Test: atest NetworkSecurityUnitTests
Change-Id: Id3ad2c75fcceb3c15add70d4263f6c443f145348
diff --git a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyDownloader.java b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyDownloader.java
index 9ead1f8..c81b32b 100644
--- a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyDownloader.java
+++ b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyDownloader.java
@@ -17,7 +17,7 @@
package com.android.server.net.ct;
import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_HTTP_ERROR;
-import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND;
+import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_PUBLIC_KEY_NOT_FOUND;
import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION;
import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_VERSION_ALREADY_EXISTS;
@@ -29,7 +29,6 @@
import android.content.IntentFilter;
import android.net.Uri;
import android.os.Build;
-import android.provider.DeviceConfig;
import android.util.Log;
import androidx.annotation.VisibleForTesting;
@@ -237,15 +236,13 @@
try {
success = mSignatureVerifier.verify(contentUri, metadataUri);
} catch (MissingPublicKeyException e) {
- if (updateFailureCount()) {
- failureReason =
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND;
- }
+ updateFailureCount();
+ failureReason = CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_PUBLIC_KEY_NOT_FOUND;
+ Log.e(TAG, "No public key found for log list verification", e);
} catch (InvalidKeyException e) {
- if (updateFailureCount()) {
- failureReason =
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION;
- }
+ updateFailureCount();
+ failureReason = CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION;
+ Log.e(TAG, "Signature invalid for log list verification", e);
} catch (IOException | GeneralSecurityException e) {
Log.e(TAG, "Could not verify new log list", e);
}
@@ -254,9 +251,9 @@
Log.w(TAG, "Log list did not pass verification");
// Avoid logging failure twice
- if (failureReason == -1 && updateFailureCount()) {
- failureReason =
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION;
+ if (failureReason == -1) {
+ updateFailureCount();
+ failureReason = CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION;
}
if (failureReason != -1) {
@@ -280,42 +277,38 @@
mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* value= */ 0);
mDataStore.store();
} else {
- if (updateFailureCount()) {
- mLogger.logCTLogListUpdateFailedEvent(
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_VERSION_ALREADY_EXISTS,
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0));
+ updateFailureCount();
+ mLogger.logCTLogListUpdateFailedEvent(
+ CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_VERSION_ALREADY_EXISTS,
+ mDataStore.getPropertyInt(
+ Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0));
}
}
- }
private void handleDownloadFailed(DownloadStatus status) {
Log.e(TAG, "Download failed with " + status);
- if (updateFailureCount()) {
- int failureCount =
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0);
+ updateFailureCount();
+ int failureCount =
+ mDataStore.getPropertyInt(
+ Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0);
- if (status.isHttpError()) {
- mLogger.logCTLogListUpdateFailedEvent(
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_HTTP_ERROR,
- failureCount,
- status.reason());
- } else {
- // TODO(b/384935059): handle blocked domain logging
- mLogger.logCTLogListUpdateFailedEventWithDownloadStatus(
- status.reason(), failureCount);
- }
+ if (status.isHttpError()) {
+ mLogger.logCTLogListUpdateFailedEvent(
+ CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_HTTP_ERROR,
+ failureCount,
+ status.reason());
+ } else {
+ // TODO(b/384935059): handle blocked domain logging
+ mLogger.logCTLogListUpdateFailedEventWithDownloadStatus(
+ status.reason(), failureCount);
}
}
/**
* Updates the data store with the current number of consecutive log list update failures.
- *
- * @return whether the failure count exceeds the threshold and should be logged.
*/
- private boolean updateFailureCount() {
+ private void updateFailureCount() {
int failure_count =
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0);
@@ -323,17 +316,6 @@
mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, new_failure_count);
mDataStore.store();
-
- int threshold = DeviceConfig.getInt(
- Config.NAMESPACE_NETWORK_SECURITY,
- Config.FLAG_LOG_FAILURE_THRESHOLD,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
-
- boolean shouldReport = new_failure_count >= threshold;
- if (shouldReport) {
- Log.d(TAG, "Log list update failure count exceeds threshold: " + new_failure_count);
- }
- return shouldReport;
}
private long download(String url) {
diff --git a/networksecurity/service/src/com/android/server/net/ct/Config.java b/networksecurity/service/src/com/android/server/net/ct/Config.java
index bc4efab..5fdba09 100644
--- a/networksecurity/service/src/com/android/server/net/ct/Config.java
+++ b/networksecurity/service/src/com/android/server/net/ct/Config.java
@@ -45,7 +45,6 @@
static final String FLAG_METADATA_URL = FLAGS_PREFIX + "metadata_url";
static final String FLAG_VERSION = FLAGS_PREFIX + "version";
static final String FLAG_PUBLIC_KEY = FLAGS_PREFIX + "public_key";
- static final String FLAG_LOG_FAILURE_THRESHOLD = FLAGS_PREFIX + "log_list_failure_threshold";
// properties
static final String VERSION = "version";
@@ -59,7 +58,4 @@
static final String URL_LOG_LIST = URL_PREFIX + "log_list.json";
static final String URL_SIGNATURE = URL_PREFIX + "log_list.sig";
static final String URL_PUBLIC_KEY = URL_PREFIX + "log_list.pub";
-
- // Threshold amounts
- static final int DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD = 10;
}
diff --git a/networksecurity/tests/unit/src/com/android/server/net/ct/CertificateTransparencyDownloaderTest.java b/networksecurity/tests/unit/src/com/android/server/net/ct/CertificateTransparencyDownloaderTest.java
index d44e538..8004a51 100644
--- a/networksecurity/tests/unit/src/com/android/server/net/ct/CertificateTransparencyDownloaderTest.java
+++ b/networksecurity/tests/unit/src/com/android/server/net/ct/CertificateTransparencyDownloaderTest.java
@@ -16,6 +16,7 @@
package com.android.server.net.ct;
+import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_PUBLIC_KEY_NOT_FOUND;
import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND;
import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION;
import static com.android.server.net.ct.CertificateTransparencyStatsLog.CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_VERSION_ALREADY_EXISTS;
@@ -198,13 +199,9 @@
}
@Test
- public void testDownloader_publicKeyDownloadFail_failureThresholdExceeded_logsFailure()
+ public void testDownloader_publicKeyDownloadFail_logsFailure()
throws Exception {
mCertificateTransparencyDownloader.startPublicKeyDownload();
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
mCertificateTransparencyDownloader.onReceive(
mContext,
@@ -213,30 +210,11 @@
assertThat(
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ .isEqualTo(1);
verify(mLogger, times(1))
.logCTLogListUpdateFailedEventWithDownloadStatus(
DownloadManager.ERROR_INSUFFICIENT_SPACE,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
- }
-
- @Test
- public void testDownloader_publicKeyDownloadFail_failureThresholdNotMet_doesNotLog()
- throws Exception {
- mCertificateTransparencyDownloader.startPublicKeyDownload();
- // Set the failure count to well below the threshold
- mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, 0);
-
- mCertificateTransparencyDownloader.onReceive(
- mContext, makePublicKeyDownloadFailedIntent(DownloadManager.ERROR_HTTP_DATA_ERROR));
-
- assertThat(
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(1);
- verify(mLogger, never()).logCTLogListUpdateFailedEvent(anyInt(), anyInt());
- verify(mLogger, never())
- .logCTLogListUpdateFailedEventWithDownloadStatus(anyInt(), anyInt());
+ /* failureCount= */ 1);
}
@Test
@@ -269,35 +247,9 @@
}
@Test
- public void testDownloader_metadataDownloadFail_failureThresholdExceeded_logsFailure()
+ public void testDownloader_metadataDownloadFail_logsFailure()
throws Exception {
mCertificateTransparencyDownloader.startMetadataDownload();
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
-
- mCertificateTransparencyDownloader.onReceive(
- mContext,
- makeMetadataDownloadFailedIntent(
- mCompatVersion, DownloadManager.ERROR_INSUFFICIENT_SPACE));
-
- assertThat(
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
- verify(mLogger, times(1))
- .logCTLogListUpdateFailedEventWithDownloadStatus(
- DownloadManager.ERROR_INSUFFICIENT_SPACE,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
- }
-
- @Test
- public void testDownloader_metadataDownloadFail_failureThresholdNotMet_doesNotLog()
- throws Exception {
- mCertificateTransparencyDownloader.startMetadataDownload();
- // Set the failure count to well below the threshold
- mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, 0);
mCertificateTransparencyDownloader.onReceive(
mContext,
@@ -308,9 +260,10 @@
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
.isEqualTo(1);
- verify(mLogger, never()).logCTLogListUpdateFailedEvent(anyInt(), anyInt());
- verify(mLogger, never())
- .logCTLogListUpdateFailedEventWithDownloadStatus(anyInt(), anyInt());
+ verify(mLogger, times(1))
+ .logCTLogListUpdateFailedEventWithDownloadStatus(
+ DownloadManager.ERROR_INSUFFICIENT_SPACE,
+ /* failureCount= */ 1);
}
@Test
@@ -347,13 +300,9 @@
}
@Test
- public void testDownloader_contentDownloadFail_failureThresholdExceeded_logsFailure()
+ public void testDownloader_contentDownloadFail_logsFailure()
throws Exception {
mCertificateTransparencyDownloader.startContentDownload(mCompatVersion);
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
mCertificateTransparencyDownloader.onReceive(
mContext,
@@ -363,32 +312,11 @@
assertThat(
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ .isEqualTo(1);
verify(mLogger, times(1))
.logCTLogListUpdateFailedEventWithDownloadStatus(
DownloadManager.ERROR_INSUFFICIENT_SPACE,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
- }
-
- @Test
- public void testDownloader_contentDownloadFail_failureThresholdNotMet_doesNotLog()
- throws Exception {
- mCertificateTransparencyDownloader.startContentDownload(mCompatVersion);
- // Set the failure count to well below the threshold
- mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, 0);
-
- mCertificateTransparencyDownloader.onReceive(
- mContext,
- makeContentDownloadFailedIntent(
- mCompatVersion, DownloadManager.ERROR_HTTP_DATA_ERROR));
-
- assertThat(
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(1);
- verify(mLogger, never()).logCTLogListUpdateFailedEvent(anyInt(), anyInt());
- verify(mLogger, never())
- .logCTLogListUpdateFailedEventWithDownloadStatus(anyInt(), anyInt());
+ /* failureCount= */ 1);
}
@Test
@@ -410,16 +338,12 @@
@Test
public void
- testDownloader_contentDownloadSuccess_noSignatureFound_failureThresholdExceeded_logsSingleFailure()
+ testDownloader_contentDownloadSuccess_noSignatureFound_logsSingleFailure()
throws Exception {
File logListFile = makeLogListFile("456");
File metadataFile = sign(logListFile);
mSignatureVerifier.setPublicKey(mPublicKey);
mCertificateTransparencyDownloader.startMetadataDownload();
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
// Set the public key to be missing
mSignatureVerifier.resetPublicKey();
@@ -431,11 +355,16 @@
assertThat(
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ .isEqualTo(1);
verify(mLogger, times(1))
.logCTLogListUpdateFailedEvent(
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_PUBLIC_KEY_NOT_FOUND,
+ /* failureCount= */ 1);
+ verify(mLogger, never())
+ .logCTLogListUpdateFailedEvent(
+ eq(
+ CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND),
+ anyInt());
verify(mLogger, never())
.logCTLogListUpdateFailedEvent(
eq(
@@ -445,7 +374,7 @@
@Test
public void
- testDownloader_contentDownloadSuccess_wrongSignatureAlgo_failureThresholdExceeded_logsSingleFailure()
+ testDownloader_contentDownloadSuccess_wrongSignatureAlgo_logsSingleFailure()
throws Exception {
// Arrange
File logListFile = makeLogListFile("456");
@@ -455,11 +384,6 @@
KeyPairGenerator instance = KeyPairGenerator.getInstance("EC");
mSignatureVerifier.setPublicKey(instance.generateKeyPair().getPublic());
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
-
// Act
mCertificateTransparencyDownloader.startMetadataDownload();
mCertificateTransparencyDownloader.onReceive(
@@ -471,7 +395,7 @@
assertThat(
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ .isEqualTo(1);
verify(mLogger, never())
.logCTLogListUpdateFailedEvent(
eq(
@@ -480,12 +404,12 @@
verify(mLogger, times(1))
.logCTLogListUpdateFailedEvent(
CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ /* failureCount= */ 1);
}
@Test
public void
- testDownloader_contentDownloadSuccess_signatureNotVerified_failureThresholdExceeded_logsSingleFailure()
+ testDownloader_contentDownloadSuccess_signatureNotVerified_logsSingleFailure()
throws Exception {
// Arrange
File logListFile = makeLogListFile("456");
@@ -495,11 +419,6 @@
KeyPairGenerator instance = KeyPairGenerator.getInstance("RSA");
mSignatureVerifier.setPublicKey(instance.generateKeyPair().getPublic());
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
-
// Act
mCertificateTransparencyDownloader.startMetadataDownload();
mCertificateTransparencyDownloader.onReceive(
@@ -511,63 +430,30 @@
assertThat(
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ .isEqualTo(1);
verify(mLogger, never())
.logCTLogListUpdateFailedEvent(
eq(
CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND),
anyInt());
+ verify(mLogger, never())
+ .logCTLogListUpdateFailedEvent(
+ eq(
+ CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_PUBLIC_KEY_NOT_FOUND),
+ anyInt());
verify(mLogger, times(1))
.logCTLogListUpdateFailedEvent(
CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ /* failureCount= */ 1);
}
@Test
public void
- testDownloader_contentDownloadSuccess_wrongSignature_failureThresholdNotMet_doesNotLog()
- throws Exception {
- File logListFile = makeLogListFile("456");
- File metadataFile = sign(logListFile);
- // Set the key to be deliberately wrong by using diff key pair
- KeyPairGenerator instance = KeyPairGenerator.getInstance("RSA");
- mSignatureVerifier.setPublicKey(instance.generateKeyPair().getPublic());
- // Set the failure count to well below the threshold
- mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, 0);
-
- mCertificateTransparencyDownloader.startMetadataDownload();
- mCertificateTransparencyDownloader.onReceive(
- mContext, makeMetadataDownloadCompleteIntent(mCompatVersion, metadataFile));
- mCertificateTransparencyDownloader.onReceive(
- mContext, makeContentDownloadCompleteIntent(mCompatVersion, logListFile));
-
- assertThat(
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(1);
- verify(mLogger, never())
- .logCTLogListUpdateFailedEvent(
- eq(
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_NOT_FOUND),
- anyInt());
- verify(mLogger, never())
- .logCTLogListUpdateFailedEvent(
- eq(
- CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_SIGNATURE_VERIFICATION),
- anyInt());
- }
-
- @Test
- public void
- testDownloader_contentDownloadSuccess_installFail_failureThresholdExceeded_logsFailure()
+ testDownloader_contentDownloadSuccess_installFail_logsFailure()
throws Exception {
File invalidLogListFile = writeToFile("not_a_json_log_list".getBytes());
File metadataFile = sign(invalidLogListFile);
mSignatureVerifier.setPublicKey(mPublicKey);
- // Set the failure count to just below the threshold
- mDataStore.setPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD - 1);
mCertificateTransparencyDownloader.startMetadataDownload();
mCertificateTransparencyDownloader.onReceive(
@@ -578,36 +464,11 @@
assertThat(
mDataStore.getPropertyInt(
Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
+ .isEqualTo(1);
verify(mLogger, times(1))
.logCTLogListUpdateFailedEvent(
CERTIFICATE_TRANSPARENCY_LOG_LIST_UPDATE_STATE_CHANGED__UPDATE_STATUS__FAILURE_VERSION_ALREADY_EXISTS,
- Config.DEFAULT_LOG_LIST_UPDATE_FAILURE_THRESHOLD);
- }
-
- @Test
- public void
- testDownloader_contentDownloadSuccess_installFail_failureThresholdNotMet_doesNotLog()
- throws Exception {
- File invalidLogListFile = writeToFile("not_a_json_log_list".getBytes());
- File metadataFile = sign(invalidLogListFile);
- mSignatureVerifier.setPublicKey(mPublicKey);
- // Set the failure count to well below the threshold
- mDataStore.setPropertyInt(Config.LOG_LIST_UPDATE_FAILURE_COUNT, 0);
-
- mCertificateTransparencyDownloader.startMetadataDownload();
- mCertificateTransparencyDownloader.onReceive(
- mContext, makeMetadataDownloadCompleteIntent(mCompatVersion, metadataFile));
- mCertificateTransparencyDownloader.onReceive(
- mContext, makeContentDownloadCompleteIntent(mCompatVersion, invalidLogListFile));
-
- assertThat(
- mDataStore.getPropertyInt(
- Config.LOG_LIST_UPDATE_FAILURE_COUNT, /* defaultValue= */ 0))
- .isEqualTo(1);
- verify(mLogger, never()).logCTLogListUpdateFailedEvent(anyInt(), anyInt());
- verify(mLogger, never())
- .logCTLogListUpdateFailedEventWithDownloadStatus(anyInt(), anyInt());
+ /* failureCount= */ 1);
}
@Test