paycheck: move default pubkey handling inside the library

This is a more sensible choice given that the pubkey ships within the library directory and hence should not be specified explicitly by an outside entity (like paycheck). From the practical standpoint, it makes this useful feature available to clients who use the library directly. BUG=chromium:241283 TEST=Unit + integration tests Change-Id: I059302326af1e0e394829466ee97ad2f60de4986 Reviewed-on: https://gerrit.chromium.org/gerrit/56335 Tested-by: Gilad Arnold <garnold@chromium.org> Reviewed-by: Don Garrett <dgarrett@chromium.org> Commit-Queue: Gilad Arnold <garnold@chromium.org>
author: Gilad Arnold <garnold@chromium.org> 2013-05-22 17:12:56 -0700
committer: ChromeBot <chrome-bot@google.com> 2013-05-22 19:15:54 -0700
commit: 9b90c93edcaa16f6c734f421ccf00201a474d9ea (patch)
tree: 791c5a1c3c7ee0076d98cfc3d465fc8832781f69 /scripts/update_payload/checker.py
parent: 432d601e236bf8b9110fdb497e5f5c87899346e2 (diff)
1 files changed, 9 insertions, 7 deletions
diff --git a/scripts/update_payload/checker.py b/scripts/update_payload/checker.py
index a9edce3f..eabcedb4 100644
--- a/scripts/update_payload/checker.py
+++ b/scripts/update_payload/checker.py
@@ -16,6 +16,7 @@ follows:
 import array
 import base64
 import hashlib
+import os
 import subprocess
 
 import common
@@ -26,7 +27,7 @@ import update_metadata_pb2
 
 
 #
-# Constants / helper functions.
+# Constants.
 #
 _CHECK_DST_PSEUDO_EXTENTS = 'dst-pseudo-extents'
 _CHECK_MOVE_SAME_SRC_DST_BLOCK = 'move-same-src-dst-block'
@@ -42,6 +43,10 @@ _TYPE_DELTA = 'delta'
 
 _DEFAULT_BLOCK_SIZE = 4096
 
+_DEFAULT_PUBKEY_BASE_NAME = 'update-payload-key.pub.pem'
+_DEFAULT_PUBKEY_FILE_NAME = os.path.join(os.path.dirname(__file__),
+                                         _DEFAULT_PUBKEY_BASE_NAME)
+
 
 #
 # Helper functions.
@@ -1058,6 +1063,9 @@ class PayloadChecker(object):
       PayloadError if payload verification failed.
 
     """
+    if not pubkey_file_name:
+      pubkey_file_name = _DEFAULT_PUBKEY_FILE_NAME
+
     report = _PayloadReport()
 
     # Get payload file size.
@@ -1068,9 +1076,6 @@ class PayloadChecker(object):
     try:
       # Check metadata signature (if provided).
       if metadata_sig_file:
-        if not pubkey_file_name:
-          raise PayloadError(
-              'no public key provided, cannot verify metadata signature')
         metadata_sig = base64.b64decode(metadata_sig_file.read())
         self._CheckSha256Signature(metadata_sig, pubkey_file_name,
                                    self.payload.manifest_hasher.digest(),
@@ -1116,9 +1121,6 @@ class PayloadChecker(object):
 
       # Part 5: handle payload signatures message.
       if self.check_payload_sig and self.sigs_size:
-        if not pubkey_file_name:
-          raise PayloadError(
-              'no public key provided, cannot verify payload signature')
         self._CheckSignatures(report, pubkey_file_name)
 
       # Part 6: summary.
author	Gilad Arnold <garnold@chromium.org>	2013-05-22 17:12:56 -0700
committer	ChromeBot <chrome-bot@google.com>	2013-05-22 19:15:54 -0700
commit	9b90c93edcaa16f6c734f421ccf00201a474d9ea (patch)
tree	791c5a1c3c7ee0076d98cfc3d465fc8832781f69 /scripts/update_payload/checker.py
parent	432d601e236bf8b9110fdb497e5f5c87899346e2 (diff)