Use string for Signatures protobuf.
To avoid conversion between brillo::Blob and string.
Also use SerializeToString() instead of AppendToString().
Test: update_engine_unittests
Change-Id: I0ad0fb5f45223f9f51f940de727660a9e62052bb
diff --git a/payload_consumer/payload_metadata.cc b/payload_consumer/payload_metadata.cc
index b631c87..8b3eb4e 100644
--- a/payload_consumer/payload_metadata.cc
+++ b/payload_consumer/payload_metadata.cc
@@ -25,6 +25,8 @@
#include "update_engine/payload_consumer/payload_constants.h"
#include "update_engine/payload_consumer/payload_verifier.h"
+using std::string;
+
namespace chromeos_update_engine {
const uint64_t PayloadMetadata::kDeltaVersionOffset = sizeof(kDeltaMagic);
@@ -155,12 +157,16 @@
ErrorCode PayloadMetadata::ValidateMetadataSignature(
const brillo::Blob& payload,
- const std::string& metadata_signature,
- const std::string& pem_public_key) const {
+ const string& metadata_signature,
+ const string& pem_public_key) const {
if (payload.size() < metadata_size_ + metadata_signature_size_)
return ErrorCode::kDownloadMetadataSignatureError;
- brillo::Blob metadata_signature_blob, metadata_signature_protobuf_blob;
+ // A single signature in raw bytes.
+ brillo::Blob metadata_signature_blob;
+ // The serialized Signatures protobuf message stored in major version >=2
+ // payload, it may contain multiple signatures.
+ string metadata_signature_protobuf;
if (!metadata_signature.empty()) {
// Convert base64-encoded signature to raw bytes.
if (!brillo::data_encoding::Base64Decode(metadata_signature,
@@ -170,13 +176,12 @@
return ErrorCode::kDownloadMetadataSignatureError;
}
} else if (major_payload_version_ == kBrilloMajorPayloadVersion) {
- metadata_signature_protobuf_blob.assign(
+ metadata_signature_protobuf.assign(
payload.begin() + metadata_size_,
payload.begin() + metadata_size_ + metadata_signature_size_);
}
- if (metadata_signature_blob.empty() &&
- metadata_signature_protobuf_blob.empty()) {
+ if (metadata_signature_blob.empty() && metadata_signature_protobuf.empty()) {
LOG(ERROR) << "Missing mandatory metadata signature in both Omaha "
<< "response and payload.";
return ErrorCode::kDownloadMetadataSignatureMissingError;
@@ -210,7 +215,7 @@
return ErrorCode::kDownloadMetadataSignatureMismatch;
}
} else {
- if (!PayloadVerifier::VerifySignature(metadata_signature_protobuf_blob,
+ if (!PayloadVerifier::VerifySignature(metadata_signature_protobuf,
pem_public_key,
calculated_metadata_hash)) {
LOG(ERROR) << "Manifest hash verification failed.";
