# Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

from autotest_lib.client.common_lib import utils

AUTHOR = "Chromium OS"
NAME = "autoupdate_CatchBadSignatures"
TIME = "MEDIUM"
TEST_CATEGORY = "Functional"
TEST_CLASS = "platform"
TEST_TYPE = "server"
JOB_RETRIES = 2
# TODO(jorgelo): move this to bvt-cq after crbug.com/427384 is fixed.
ATTRIBUTES = "suite:bvt-perbuild"
BUG_TEMPLATE = {
    'cc': ['chromeos-installer-alerts@google.com'],
    'components': ['Internals>Installer'],
}

DOC = """
This is a test to verify that update_engine correctly checks
signatures in the metadata hash and the update payload itself. This is
achieved by feeding updates to update_engine where the private key
used to make the signature, intentionally does not match with the
public key used for verification.

To run locally, you need to choose a devserver and a DUT that can reach each
other. You cannot use a devserver on your workstation because it will not be
accessible from any DUTs (due to SNAX).

So lock a DUT that is not in use by the lab.
Next, look up the dev_server_common.ini.erb (in repo chromeos_admin) for
dev_server & restricted_subnet fields to pick a devserver in the same
subnet with the testing DUT.

Test that they can ping each other.

You tell the test which devserver you want to use in this file:
  src/third_party/autotest/files/shadow_config.ini

by adding these lines:

  [CROS]
  dev_server = http://<hostname of devserver>:<port>

With this in place, you can now run the test:

  $ test_that <DUT_IP> autoupdate_CatchBadSignatures -b ${BOARD}

"""

def run_test(machine):
    """Execute a test configuration on a given machine."""
    host = hosts.create_host(machine)
    job.run_test("autoupdate_CatchBadSignatures", host=host)

# Invoke parallel tests.
parallel_simple(run_test, machines)