Don't use temp file for public key.
If using public key from Omaha response, we wrote it to a temp file
which will be read back, this is unnecessary since we can keep it in
memory.
Test: update_engine_unittests
Change-Id: Ib9f7a9292b71b9d91a0b24c687cc989b79d3812b
diff --git a/payload_consumer/payload_metadata.cc b/payload_consumer/payload_metadata.cc
index 3079feb..b631c87 100644
--- a/payload_consumer/payload_metadata.cc
+++ b/payload_consumer/payload_metadata.cc
@@ -155,8 +155,8 @@
ErrorCode PayloadMetadata::ValidateMetadataSignature(
const brillo::Blob& payload,
- std::string metadata_signature,
- base::FilePath path_to_public_key) const {
+ const std::string& metadata_signature,
+ const std::string& pem_public_key) const {
if (payload.size() < metadata_size_ + metadata_signature_size_)
return ErrorCode::kDownloadMetadataSignatureError;
@@ -182,9 +182,6 @@
return ErrorCode::kDownloadMetadataSignatureMissingError;
}
- LOG(INFO) << "Verifying metadata hash signature using public key: "
- << path_to_public_key.value();
-
brillo::Blob calculated_metadata_hash;
if (!HashCalculator::RawHashOfBytes(
payload.data(), metadata_size_, &calculated_metadata_hash)) {
@@ -200,9 +197,8 @@
if (!metadata_signature_blob.empty()) {
brillo::Blob expected_metadata_hash;
- if (!PayloadVerifier::GetRawHashFromSignature(metadata_signature_blob,
- path_to_public_key.value(),
- &expected_metadata_hash)) {
+ if (!PayloadVerifier::GetRawHashFromSignature(
+ metadata_signature_blob, pem_public_key, &expected_metadata_hash)) {
LOG(ERROR) << "Unable to compute expected hash from metadata signature";
return ErrorCode::kDownloadMetadataSignatureError;
}
@@ -215,7 +211,7 @@
}
} else {
if (!PayloadVerifier::VerifySignature(metadata_signature_protobuf_blob,
- path_to_public_key.value(),
+ pem_public_key,
calculated_metadata_hash)) {
LOG(ERROR) << "Manifest hash verification failed.";
return ErrorCode::kDownloadMetadataSignatureMismatch;
