verifier: update to support certificates using SHA-256
(cherry picked from commit bac7fba02763ae5e78e8e4ba0bea727330ad953e)
Change-Id: I01c38d7fea088622a8b0bbf2c833fa2d969417af
diff --git a/verifier_test.sh b/verifier_test.sh
index 378b0e5..65f77f4 100755
--- a/verifier_test.sh
+++ b/verifier_test.sh
@@ -64,33 +64,39 @@
expect_succeed() {
testname "$1 (should succeed)"
$ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
- run_command $WORK_DIR/verifier_test $WORK_DIR/package.zip || fail
+ shift
+ run_command $WORK_DIR/verifier_test "$@" $WORK_DIR/package.zip || fail
}
expect_fail() {
testname "$1 (should fail)"
$ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
- run_command $WORK_DIR/verifier_test $WORK_DIR/package.zip && fail
+ shift
+ run_command $WORK_DIR/verifier_test "$@" $WORK_DIR/package.zip && fail
}
-expect_succeed_f4() {
- testname "$1 (should succeed)"
- $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
- run_command $WORK_DIR/verifier_test -f4 $WORK_DIR/package.zip || fail
-}
-
-expect_fail_f4() {
- testname "$1 (should fail)"
- $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
- run_command $WORK_DIR/verifier_test -f4 $WORK_DIR/package.zip && fail
-}
-
+# not signed at all
expect_fail unsigned.zip
+# signed in the pre-donut way
expect_fail jarsigned.zip
+
+# success cases
expect_succeed otasigned.zip
-expect_fail_f4 otasigned.zip
-expect_succeed_f4 otasigned_f4.zip
+expect_succeed otasigned_f4.zip -f4
+expect_succeed otasigned_sha256.zip -sha256
+expect_succeed otasigned_f4_sha256.zip -sha256 -f4
+
+# verified against different key
+expect_fail otasigned.zip -f4
expect_fail otasigned_f4.zip
+
+# verified against right key but wrong hash algorithm
+expect_fail otasigned.zip -sha256
+expect_fail otasigned_f4.zip -sha256 -f4
+expect_fail otasigned_sha256.zip
+expect_fail otasigned_f4_sha256.zip -f4
+
+# various other cases
expect_fail random.zip
expect_fail fake-eocd.zip
expect_fail alter-metadata.zip