// Copyright 2014 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/cert/ct_log_response_parser.h" #include "base/base64.h" #include "base/json/json_reader.h" #include "base/json/json_value_converter.h" #include "base/logging.h" #include "base/strings/string_piece.h" #include "base/time/time.h" #include "base/values.h" #include "net/cert/ct_serialization.h" #include "net/cert/signed_tree_head.h" namespace net { namespace ct { namespace { // Structure for making JSON decoding easier. The string fields // are base64-encoded so will require further decoding. struct JsonSignedTreeHead { int tree_size; double timestamp; std::string sha256_root_hash; DigitallySigned signature; static void RegisterJSONConverter( base::JSONValueConverter<JsonSignedTreeHead>* converted); }; bool ConvertSHA256RootHash(const base::StringPiece& s, std::string* result) { if (!base::Base64Decode(s, result)) { DVLOG(1) << "Failed decoding sha256_root_hash"; return false; } if (result->length() != kSthRootHashLength) { DVLOG(1) << "sha256_root_hash is expected to be 32 bytes, but is " << result->length() << " bytes."; return false; } return true; } bool ConvertTreeHeadSignature(const base::StringPiece& s, DigitallySigned* result) { std::string tree_head_signature; if (!base::Base64Decode(s, &tree_head_signature)) { DVLOG(1) << "Failed decoding tree_head_signature"; return false; } base::StringPiece sp(tree_head_signature); if (!DecodeDigitallySigned(&sp, result)) { DVLOG(1) << "Failed decoding signature to DigitallySigned"; return false; } return true; } void JsonSignedTreeHead::RegisterJSONConverter( base::JSONValueConverter<JsonSignedTreeHead>* converter) { converter->RegisterIntField("tree_size", &JsonSignedTreeHead::tree_size); converter->RegisterDoubleField("timestamp", &JsonSignedTreeHead::timestamp); converter->RegisterCustomField("sha256_root_hash", &JsonSignedTreeHead::sha256_root_hash, &ConvertSHA256RootHash); converter->RegisterCustomField<DigitallySigned>( "tree_head_signature", &JsonSignedTreeHead::signature, &ConvertTreeHeadSignature); } bool IsJsonSTHStructurallyValid(const JsonSignedTreeHead& sth) { if (sth.tree_size < 0) { DVLOG(1) << "Tree size in Signed Tree Head JSON is negative: " << sth.tree_size; return false; } if (sth.timestamp < 0) { DVLOG(1) << "Timestamp in Signed Tree Head JSON is negative: " << sth.timestamp; return false; } if (sth.sha256_root_hash.empty()) { DVLOG(1) << "Missing SHA256 root hash from Signed Tree Head JSON."; return false; } if (sth.signature.signature_data.empty()) { DVLOG(1) << "Missing SHA256 root hash from Signed Tree Head JSON."; return false; } return true; } } // namespace bool FillSignedTreeHead(const base::StringPiece& json_signed_tree_head, SignedTreeHead* signed_tree_head) { base::JSONReader json_reader; scoped_ptr<base::Value> json(json_reader.Read(json_signed_tree_head)); if (json.get() == NULL) { DVLOG(1) << "Empty Signed Tree Head JSON."; return false; } JsonSignedTreeHead parsed_sth; base::JSONValueConverter<JsonSignedTreeHead> converter; if (!converter.Convert(*json.get(), &parsed_sth)) { DVLOG(1) << "Invalid Signed Tree Head JSON."; return false; } if (!IsJsonSTHStructurallyValid(parsed_sth)) return false; signed_tree_head->version = SignedTreeHead::V1; signed_tree_head->tree_size = parsed_sth.tree_size; signed_tree_head->timestamp = base::Time::UnixEpoch() + base::TimeDelta::FromMilliseconds(parsed_sth.timestamp); signed_tree_head->signature = parsed_sth.signature; memcpy(signed_tree_head->sha256_root_hash, parsed_sth.sha256_root_hash.c_str(), kSthRootHashLength); return true; } } // namespace ct } // namespace net