1 // 2 // Copyright (C) 2019 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include "update_engine/payload_consumer/certificate_parser_interface.h" 18 19 #include <string> 20 21 #include <gmock/gmock.h> 22 #include <gtest/gtest.h> 23 24 #include "update_engine/common/hash_calculator.h" 25 #include "update_engine/common/test_utils.h" 26 #include "update_engine/common/utils.h" 27 #include "update_engine/payload_consumer/payload_verifier.h" 28 #include "update_engine/payload_generator/payload_signer.h" 29 30 namespace chromeos_update_engine { 31 32 extern const char* kUnittestPrivateKeyPath; 33 const char* kUnittestOtacertsPath = "otacerts.zip"; 34 35 TEST(CertificateParserAndroidTest, ParseZipArchive) { 36 std::string ota_cert = 37 test_utils::GetBuildArtifactsPath(kUnittestOtacertsPath); 38 ASSERT_TRUE(utils::FileExists(ota_cert.c_str())); 39 40 std::vector<std::unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)>> keys; 41 auto parser = CreateCertificateParser(); 42 ASSERT_TRUE(parser->ReadPublicKeysFromCertificates(ota_cert, &keys)); 43 ASSERT_EQ(1u, keys.size()); 44 } 45 46 TEST(CertificateParserAndroidTest, VerifySignature) { 47 brillo::Blob hash_blob; 48 ASSERT_TRUE(HashCalculator::RawHashOfData({'x'}, &hash_blob)); 49 brillo::Blob sig_blob; 50 ASSERT_TRUE(PayloadSigner::SignHash( 51 hash_blob, 52 test_utils::GetBuildArtifactsPath(kUnittestPrivateKeyPath), 53 &sig_blob)); 54 55 auto verifier = PayloadVerifier::CreateInstanceFromZipPath( 56 test_utils::GetBuildArtifactsPath(kUnittestOtacertsPath)); 57 ASSERT_TRUE(verifier != nullptr); 58 ASSERT_TRUE(verifier->VerifyRawSignature(sig_blob, hash_blob, nullptr)); 59 } 60 61 } // namespace chromeos_update_engine 62