| // Copyright 2014 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "net/cert/ct_log_response_parser.h" |
| |
| #include <memory> |
| #include <string> |
| |
| #include "base/base64.h" |
| #include "base/json/json_reader.h" |
| #include "base/time/time.h" |
| #include "base/values.h" |
| #include "net/cert/ct_serialization.h" |
| #include "net/cert/signed_tree_head.h" |
| #include "net/test/ct_test_util.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| namespace net::ct { |
| |
| TEST(CTLogResponseParserTest, ParsesValidJsonSTH) { |
| absl::optional<base::Value> sample_sth_json = |
| base::JSONReader::Read(GetSampleSTHAsJson()); |
| SignedTreeHead tree_head; |
| EXPECT_TRUE(FillSignedTreeHead(*sample_sth_json, &tree_head)); |
| |
| SignedTreeHead sample_sth; |
| ASSERT_TRUE(GetSampleSignedTreeHead(&sample_sth)); |
| |
| ASSERT_EQ(SignedTreeHead::V1, tree_head.version); |
| ASSERT_EQ(sample_sth.timestamp, tree_head.timestamp); |
| ASSERT_EQ(sample_sth.tree_size, tree_head.tree_size); |
| |
| // Copy the field from the SignedTreeHead because it's not null terminated |
| // there and ASSERT_STREQ expects null-terminated strings. |
| char actual_hash[kSthRootHashLength + 1]; |
| memcpy(actual_hash, tree_head.sha256_root_hash, kSthRootHashLength); |
| actual_hash[kSthRootHashLength] = '\0'; |
| std::string expected_sha256_root_hash = GetSampleSTHSHA256RootHash(); |
| ASSERT_STREQ(expected_sha256_root_hash.c_str(), actual_hash); |
| |
| const DigitallySigned& expected_signature(sample_sth.signature); |
| |
| ASSERT_EQ(tree_head.signature.hash_algorithm, |
| expected_signature.hash_algorithm); |
| ASSERT_EQ(tree_head.signature.signature_algorithm, |
| expected_signature.signature_algorithm); |
| ASSERT_EQ(tree_head.signature.signature_data, |
| expected_signature.signature_data); |
| } |
| |
| TEST(CTLogResponseParserTest, FailsToParseMissingFields) { |
| absl::optional<base::Value> missing_signature_sth = base::JSONReader::Read( |
| CreateSignedTreeHeadJsonString(1 /* tree_size */, 123456u /* timestamp */, |
| GetSampleSTHSHA256RootHash(), "")); |
| |
| SignedTreeHead tree_head; |
| ASSERT_FALSE(FillSignedTreeHead(*missing_signature_sth, &tree_head)); |
| |
| absl::optional<base::Value> missing_root_hash_sth = base::JSONReader::Read( |
| CreateSignedTreeHeadJsonString(1 /* tree_size */, 123456u /* timestamp */, |
| "", GetSampleSTHTreeHeadSignature())); |
| ASSERT_FALSE(FillSignedTreeHead(*missing_root_hash_sth, &tree_head)); |
| } |
| |
| TEST(CTLogResponseParserTest, FailsToParseIncorrectLengthRootHash) { |
| SignedTreeHead tree_head; |
| |
| std::string too_long_hash; |
| base::Base64Decode( |
| base::StringPiece("/WHFMgXtI/umKKuACJIN0Bb73TcILm9WkeU6qszvoArK\n"), |
| &too_long_hash); |
| absl::optional<base::Value> too_long_hash_json = |
| base::JSONReader::Read(CreateSignedTreeHeadJsonString( |
| 1 /* tree_size */, 123456u /* timestamp */, |
| GetSampleSTHSHA256RootHash(), too_long_hash)); |
| ASSERT_FALSE(FillSignedTreeHead(*too_long_hash_json, &tree_head)); |
| |
| std::string too_short_hash; |
| base::Base64Decode( |
| base::StringPiece("/WHFMgXtI/umKKuACJIN0Bb73TcILm9WkeU6qszvoA==\n"), |
| &too_short_hash); |
| absl::optional<base::Value> too_short_hash_json = |
| base::JSONReader::Read(CreateSignedTreeHeadJsonString( |
| 1 /* tree_size */, 123456u /* timestamp */, |
| GetSampleSTHSHA256RootHash(), too_short_hash)); |
| ASSERT_FALSE(FillSignedTreeHead(*too_short_hash_json, &tree_head)); |
| } |
| |
| TEST(CTLogResponseParserTest, ParsesJsonSTHWithLargeTimestamp) { |
| SignedTreeHead tree_head; |
| |
| absl::optional<base::Value> large_timestamp_json = |
| base::JSONReader::Read(CreateSignedTreeHeadJsonString( |
| 100, INT64_C(1) << 34, GetSampleSTHSHA256RootHash(), |
| GetSampleSTHTreeHeadSignature())); |
| |
| ASSERT_TRUE(FillSignedTreeHead(*large_timestamp_json, &tree_head)); |
| |
| base::Time expected_time = |
| base::Time::UnixEpoch() + base::Milliseconds(INT64_C(1) << 34); |
| |
| EXPECT_EQ(tree_head.timestamp, expected_time); |
| } |
| |
| TEST(CTLogResponseParserTest, ParsesConsistencyProofSuccessfully) { |
| std::string first(32, 'a'); |
| std::string second(32, 'b'); |
| std::string third(32, 'c'); |
| |
| std::vector<std::string> raw_nodes; |
| raw_nodes.push_back(first); |
| raw_nodes.push_back(second); |
| raw_nodes.push_back(third); |
| absl::optional<base::Value> sample_consistency_proof = |
| base::JSONReader::Read(CreateConsistencyProofJsonString(raw_nodes)); |
| |
| std::vector<std::string> output; |
| |
| ASSERT_TRUE(FillConsistencyProof(*sample_consistency_proof, &output)); |
| |
| EXPECT_EQ(output[0], first); |
| EXPECT_EQ(output[1], second); |
| EXPECT_EQ(output[2], third); |
| } |
| |
| TEST(CTLogResponseParserTest, FailsOnInvalidProofJson) { |
| std::vector<std::string> output; |
| |
| absl::optional<base::Value> badly_encoded = |
| base::JSONReader::Read(std::string("{\"consistency\": [\"notbase64\"]}")); |
| EXPECT_FALSE(FillConsistencyProof(*badly_encoded, &output)); |
| |
| absl::optional<base::Value> not_a_string = |
| base::JSONReader::Read(std::string("{\"consistency\": [42, 16]}")); |
| EXPECT_FALSE(FillConsistencyProof(*badly_encoded, &output)); |
| |
| absl::optional<base::Value> missing_consistency = |
| base::JSONReader::Read(std::string("{}")); |
| EXPECT_FALSE(FillConsistencyProof(*missing_consistency, &output)); |
| |
| absl::optional<base::Value> not_a_dict = |
| base::JSONReader::Read(std::string("[]")); |
| EXPECT_FALSE(FillConsistencyProof(*not_a_dict, &output)); |
| } |
| |
| TEST(CTLogResponseParserTest, ParsesProofJsonWithExtraFields) { |
| std::vector<std::string> output; |
| |
| absl::optional<base::Value> badly_encoded = base::JSONReader::Read( |
| std::string("{\"consistency\": [], \"somethingelse\": 3}")); |
| EXPECT_TRUE(FillConsistencyProof(*badly_encoded, &output)); |
| } |
| |
| } // namespace net::ct |