Allow update engine read public keys from otacerts.zip
The android build system installs both otacerts.zip and
update-payload-key.pub.pem on the device. And the latter is
converted from the X509 certificates inside the otacerts.zip
during the build time.
We can consolidate these two by letting update engine to parse
the public keys from otacerts.zip directly. This also allows
update engine to use multiple keys to verify the payload.
Bug: 116660991
Test: unittests pass
Change-Id: I0a499405f2835e1ff8b7916452cb3123046306a7
diff --git a/payload_consumer/payload_metadata.h b/payload_consumer/payload_metadata.h
index 1b4c5c8..75ef8f9 100644
--- a/payload_consumer/payload_metadata.h
+++ b/payload_consumer/payload_metadata.h
@@ -27,6 +27,7 @@
#include "update_engine/common/error_code.h"
#include "update_engine/common/platform_constants.h"
+#include "update_engine/payload_consumer/payload_verifier.h"
#include "update_engine/update_metadata.pb.h"
namespace chromeos_update_engine {
@@ -65,9 +66,10 @@
// metadata is parsed so that a man-in-the-middle attack on the SSL connection
// to the payload server doesn't exploit any vulnerability in the code that
// parses the protocol buffer.
- ErrorCode ValidateMetadataSignature(const brillo::Blob& payload,
- const std::string& metadata_signature,
- const std::string& pem_public_key) const;
+ ErrorCode ValidateMetadataSignature(
+ const brillo::Blob& payload,
+ const std::string& metadata_signature,
+ const PayloadVerifier& payload_verifier) const;
// Returns the major payload version. If the version was not yet parsed,
// returns zero.