🔬 Check for either fingerprint in OriginVerifierTest.

Bug: 1005736 Change-Id: I83b26daa7b15dd74df138c14cd58811deeb8712f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1854126Reviewed-by: Ben Mason <benmason@chromium.org> Commit-Queue: Peter Conn <peconn@chromium.org> Cr-Commit-Position: refs/heads/master@{#705072}

🔬 Check for either fingerprint in OriginVerifierTest.
Bug: 1005736 Change-Id: I83b26daa7b15dd74df138c14cd58811deeb8712f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1854126Reviewed-by: Ben Mason <benmason@chromium.org> Commit-Queue: Peter Conn <peconn@chromium.org> Cr-Commit-Position: refs/heads/master@{#705072}
d1eb2ebd · Peter E Conn · Commit Bot · 687008f1 · d1eb2ebd
Commit d1eb2ebd authored Oct 11, 2019 by Peter E Conn Committed by Commit Bot Oct 11, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 8 deletions

chrome/android/javatests/src/org/chromium/chrome/browser/browserservices/OriginVerifierTest.java ...um/chrome/browser/browserservices/OriginVerifierTest.java +12 -8

No files found.
--- a/chrome/android/javatests/src/org/chromium/chrome/browser/browserservices/OriginVerifierTest.java
+++ b/chrome/android/javatests/src/org/chromium/chrome/browser/browserservices/OriginVerifierTest.java
@@ -7,8 +7,6 @@ package org.chromium.chrome.browser.browserservices;
 import android.net.Uri;
 import android.support.test.filters.SmallTest;
-import androidx.browser.customtabs.CustomTabsService;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Rule;
@@ -21,7 +19,6 @@ import org.chromium.base.test.util.CallbackHelper;
 import org.chromium.base.test.util.CommandLineFlags;
 import org.chromium.chrome.browser.ChromeActivity;
 import org.chromium.chrome.browser.ChromeSwitches;
-import org.chromium.chrome.browser.ChromeVersionInfo;
 import org.chromium.chrome.browser.browserservices.OriginVerifier.OriginVerificationListener;
 import org.chromium.chrome.browser.browsing_data.BrowsingDataType;
 import org.chromium.chrome.browser.browsing_data.TimePeriod;
@@ -39,6 +36,8 @@ import java.util.concurrent.Semaphore;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
+import androidx.browser.customtabs.CustomTabsService;
 /** Tests for OriginVerifier. */
 @RunWith(ChromeJUnit4ClassRunner.class)
 @CommandLineFlags.Add({ChromeSwitches.DISABLE_FIRST_RUN_EXPERIENCE})
@@ -60,9 +59,6 @@ public class OriginVerifierTest {
    private static final String SHA_256_FINGERPRINT_OFFICIAL =
            "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5"
            + ":3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00";
-    private static final String SHA_256_FINGERPRINT = ChromeVersionInfo.isOfficialBuild()
-            ? SHA_256_FINGERPRINT_OFFICIAL
-            : SHA_256_FINGERPRINT_PUBLIC;
    private Origin mHttpsOrigin;
    private Origin mHttpOrigin;
@@ -103,8 +99,16 @@ public class OriginVerifierTest {
    @SmallTest
    public void testSHA256CertificateChecks() {
        Assert.assertEquals(STRING_ARRAY, OriginVerifier.byteArrayToHexString(BYTE_ARRAY));
-        Assert.assertEquals(SHA_256_FINGERPRINT,
-                OriginVerifier.getCertificateSHA256FingerprintForPackage(PACKAGE_NAME));
+        String fingerprint = OriginVerifier.getCertificateSHA256FingerprintForPackage(PACKAGE_NAME);
+        // We could try to determine which fingerprint we should be signed with, but it's easier to
+        // just check that we match either of the fingerprints. The chances of our code returning
+        // an incorrect value that just happens to match the wrong fingerprint is incredibly small.
+        if (SHA_256_FINGERPRINT_OFFICIAL.equals(fingerprint)) return;
+        if (SHA_256_FINGERPRINT_PUBLIC.equals(fingerprint)) return;
+        Assert.fail("Generated fingerprint matches neither official nor public.");
    }
    @Test