| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "net/cert/ct_log_response_parser.h" |
| |
| #include "base/base64.h" |
| #include "base/json/json_reader.h" |
| #include "base/json/json_value_converter.h" |
| #include "base/logging.h" |
| #include "base/strings/string_piece.h" |
| #include "base/time/time.h" |
| #include "base/values.h" |
| #include "net/cert/ct_serialization.h" |
| #include "net/cert/signed_tree_head.h" |
| |
| namespace net { |
| |
| namespace ct { |
| |
| namespace { |
| |
| // Structure for making JSON decoding easier. The string fields |
| // are base64-encoded so will require further decoding. |
| struct JsonSignedTreeHead { |
| int tree_size; |
| double timestamp; |
| std::string sha256_root_hash; |
| DigitallySigned signature; |
| |
| static void RegisterJSONConverter( |
| base::JSONValueConverter<JsonSignedTreeHead>* converted); |
| }; |
| |
| bool ConvertSHA256RootHash(const base::StringPiece& s, std::string* result) { |
| if (!base::Base64Decode(s, result)) { |
| DVLOG(1) << "Failed decoding sha256_root_hash"; |
| return false; |
| } |
| |
| if (result->length() != kSthRootHashLength) { |
| DVLOG(1) << "sha256_root_hash is expected to be 32 bytes, but is " |
| << result->length() << " bytes."; |
| return false; |
| } |
| |
| return true; |
| } |
| |
| bool ConvertTreeHeadSignature(const base::StringPiece& s, |
| DigitallySigned* result) { |
| std::string tree_head_signature; |
| if (!base::Base64Decode(s, &tree_head_signature)) { |
| DVLOG(1) << "Failed decoding tree_head_signature"; |
| return false; |
| } |
| |
| base::StringPiece sp(tree_head_signature); |
| if (!DecodeDigitallySigned(&sp, result)) { |
| DVLOG(1) << "Failed decoding signature to DigitallySigned"; |
| return false; |
| } |
| return true; |
| } |
| |
| void JsonSignedTreeHead::RegisterJSONConverter( |
| base::JSONValueConverter<JsonSignedTreeHead>* converter) { |
| converter->RegisterIntField("tree_size", &JsonSignedTreeHead::tree_size); |
| converter->RegisterDoubleField("timestamp", &JsonSignedTreeHead::timestamp); |
| converter->RegisterCustomField("sha256_root_hash", |
| &JsonSignedTreeHead::sha256_root_hash, |
| &ConvertSHA256RootHash); |
| converter->RegisterCustomField<DigitallySigned>( |
| "tree_head_signature", |
| &JsonSignedTreeHead::signature, |
| &ConvertTreeHeadSignature); |
| } |
| |
| bool IsJsonSTHStructurallyValid(const JsonSignedTreeHead& sth) { |
| if (sth.tree_size < 0) { |
| DVLOG(1) << "Tree size in Signed Tree Head JSON is negative: " |
| << sth.tree_size; |
| return false; |
| } |
| |
| if (sth.timestamp < 0) { |
| DVLOG(1) << "Timestamp in Signed Tree Head JSON is negative: " |
| << sth.timestamp; |
| return false; |
| } |
| |
| if (sth.sha256_root_hash.empty()) { |
| DVLOG(1) << "Missing SHA256 root hash from Signed Tree Head JSON."; |
| return false; |
| } |
| |
| if (sth.signature.signature_data.empty()) { |
| DVLOG(1) << "Missing SHA256 root hash from Signed Tree Head JSON."; |
| return false; |
| } |
| |
| return true; |
| } |
| |
| } // namespace |
| |
| bool FillSignedTreeHead(const base::StringPiece& json_signed_tree_head, |
| SignedTreeHead* signed_tree_head) { |
| base::JSONReader json_reader; |
| scoped_ptr<base::Value> json(json_reader.Read(json_signed_tree_head)); |
| if (json.get() == NULL) { |
| DVLOG(1) << "Empty Signed Tree Head JSON."; |
| return false; |
| } |
| |
| JsonSignedTreeHead parsed_sth; |
| base::JSONValueConverter<JsonSignedTreeHead> converter; |
| if (!converter.Convert(*json.get(), &parsed_sth)) { |
| DVLOG(1) << "Invalid Signed Tree Head JSON."; |
| return false; |
| } |
| |
| if (!IsJsonSTHStructurallyValid(parsed_sth)) |
| return false; |
| |
| signed_tree_head->version = SignedTreeHead::V1; |
| signed_tree_head->tree_size = parsed_sth.tree_size; |
| signed_tree_head->timestamp = |
| base::Time::UnixEpoch() + |
| base::TimeDelta::FromMilliseconds(parsed_sth.timestamp); |
| signed_tree_head->signature = parsed_sth.signature; |
| memcpy(signed_tree_head->sha256_root_hash, |
| parsed_sth.sha256_root_hash.c_str(), |
| kSthRootHashLength); |
| return true; |
| } |
| |
| } // namespace ct |
| |
| } // namespace net |