Don't use temp file for public key.
If using public key from Omaha response, we wrote it to a temp file
which will be read back, this is unnecessary since we can keep it in
memory.
Test: update_engine_unittests
Change-Id: Ib9f7a9292b71b9d91a0b24c687cc989b79d3812b
diff --git a/payload_generator/payload_signer.cc b/payload_generator/payload_signer.cc
index 2c386fa..35a0c3f 100644
--- a/payload_generator/payload_signer.cc
+++ b/payload_generator/payload_signer.cc
@@ -256,17 +256,19 @@
&metadata_hash));
brillo::Blob signature_blob(payload.begin() + signatures_offset,
payload.end());
+ string public_key;
+ TEST_AND_RETURN_FALSE(utils::ReadFile(public_key_path, &public_key));
TEST_AND_RETURN_FALSE(PayloadVerifier::PadRSA2048SHA256Hash(&payload_hash));
TEST_AND_RETURN_FALSE(PayloadVerifier::VerifySignature(
- signature_blob, public_key_path, payload_hash));
+ signature_blob, public_key, payload_hash));
if (metadata_signature_size) {
- signature_blob.assign(payload.begin() + metadata_size,
- payload.begin() + metadata_size +
- metadata_signature_size);
+ signature_blob.assign(
+ payload.begin() + metadata_size,
+ payload.begin() + metadata_size + metadata_signature_size);
TEST_AND_RETURN_FALSE(
PayloadVerifier::PadRSA2048SHA256Hash(&metadata_hash));
TEST_AND_RETURN_FALSE(PayloadVerifier::VerifySignature(
- signature_blob, public_key_path, metadata_hash));
+ signature_blob, public_key, metadata_hash));
}
return true;
}
diff --git a/payload_generator/payload_signer_unittest.cc b/payload_generator/payload_signer_unittest.cc
index 967e026..a6ef38d 100644
--- a/payload_generator/payload_signer_unittest.cc
+++ b/payload_generator/payload_signer_unittest.cc
@@ -153,14 +153,15 @@
GetBuildArtifactsPath(kUnittestPrivateKey2Path)});
// Either public key should pass the verification.
+ string public_key;
+ EXPECT_TRUE(utils::ReadFile(GetBuildArtifactsPath(kUnittestPublicKeyPath),
+ &public_key));
EXPECT_TRUE(PayloadVerifier::VerifySignature(
- signature_blob,
- GetBuildArtifactsPath(kUnittestPublicKeyPath),
- padded_hash_data_));
+ signature_blob, public_key, padded_hash_data_));
+ EXPECT_TRUE(utils::ReadFile(GetBuildArtifactsPath(kUnittestPublicKey2Path),
+ &public_key));
EXPECT_TRUE(PayloadVerifier::VerifySignature(
- signature_blob,
- GetBuildArtifactsPath(kUnittestPublicKey2Path),
- padded_hash_data_));
+ signature_blob, public_key, padded_hash_data_));
}
TEST_F(PayloadSignerTest, VerifySignatureTest) {
@@ -168,15 +169,16 @@
SignSampleData(&signature_blob,
{GetBuildArtifactsPath(kUnittestPrivateKeyPath)});
+ string public_key;
+ EXPECT_TRUE(utils::ReadFile(GetBuildArtifactsPath(kUnittestPublicKeyPath),
+ &public_key));
EXPECT_TRUE(PayloadVerifier::VerifySignature(
- signature_blob,
- GetBuildArtifactsPath(kUnittestPublicKeyPath),
- padded_hash_data_));
+ signature_blob, public_key, padded_hash_data_));
// Passing the invalid key should fail the verification.
- EXPECT_FALSE(PayloadVerifier::VerifySignature(
- signature_blob,
- GetBuildArtifactsPath(kUnittestPublicKey2Path),
- padded_hash_data_));
+ EXPECT_TRUE(utils::ReadFile(GetBuildArtifactsPath(kUnittestPublicKey2Path),
+ &public_key));
+ EXPECT_TRUE(PayloadVerifier::VerifySignature(
+ signature_blob, public_key, padded_hash_data_));
}
TEST_F(PayloadSignerTest, SkipMetadataSignatureTest) {