Fix the behavior for metadata verification when no public key presents am: 6c70b934f2 am: 40bf7c184e
am: 2293b1a2ba
Change-Id: Ia45b753ef2595332c9071d77af5c2cbd0932b842
diff --git a/payload_consumer/delta_performer.cc b/payload_consumer/delta_performer.cc
index 4b80ae6..4aec00b 100644
--- a/payload_consumer/delta_performer.cc
+++ b/payload_consumer/delta_performer.cc
@@ -527,18 +527,19 @@
<< "Trusting metadata size in payload = " << metadata_size_;
}
- // Perform the verification unconditionally.
auto [payload_verifier, perform_verification] = CreatePayloadVerifier();
if (!payload_verifier) {
LOG(ERROR) << "Failed to create payload verifier.";
*error = ErrorCode::kDownloadMetadataSignatureVerificationError;
- return MetadataParseResult::kError;
+ if (perform_verification) {
+ return MetadataParseResult::kError;
+ }
+ } else {
+ // We have the full metadata in |payload|. Verify its integrity
+ // and authenticity based on the information we have in Omaha response.
+ *error = payload_metadata_.ValidateMetadataSignature(
+ payload, payload_->metadata_signature, *payload_verifier);
}
-
- // We have the full metadata in |payload|. Verify its integrity
- // and authenticity based on the information we have in Omaha response.
- *error = payload_metadata_.ValidateMetadataSignature(
- payload, payload_->metadata_signature, *payload_verifier);
if (*error != ErrorCode::kSuccess) {
if (install_plan_->hash_checks_mandatory) {
// The autoupdate_CatchBadSignatures test checks for this string