If a public key is present, disallow old style full payloads.

This is necessary to ensure that if a public key is present the payload is
signed and the signature passes verification.

BUG=chromium-os:11760
TEST=unit tests, tested on device

Change-Id: I6af61ead0e918c0b971dbcfeabcab3be03e6eb97

Review URL: http://codereview.chromium.org/6574009
diff --git a/omaha_response_handler_action.cc b/omaha_response_handler_action.cc
index fdbd80a..74e149f 100644
--- a/omaha_response_handler_action.cc
+++ b/omaha_response_handler_action.cc
@@ -19,6 +19,11 @@
 const char OmahaResponseHandlerAction::kDeadlineFile[] =
     "/tmp/update-check-response-deadline";
 
+OmahaResponseHandlerAction::OmahaResponseHandlerAction(PrefsInterface* prefs)
+    : prefs_(prefs),
+      got_no_update_response_(false),
+      key_path_(DeltaPerformer::kUpdatePayloadPublicKeyPath) {}
+
 void OmahaResponseHandlerAction::PerformAction() {
   CHECK(HasInputObject());
   ScopedActionCompleter completer(processor_, this);
@@ -49,6 +54,11 @@
       utils::BootKernelDevice(install_plan_.install_path);
 
   install_plan_.is_full_update = !response.is_delta;
+  if (!response.is_delta && utils::FileExists(key_path_.c_str())) {
+    // Can't sign old style full payloads but signature is required so bail out.
+    completer.set_code(kActionCodeSignedDeltaPayloadExpectedError);
+    return;
+  }
 
   TEST_AND_RETURN(HasOutputPipe());
   if (HasOutputPipe())