|  | // Copyright 2014 The Chromium Authors. All rights reserved. | 
|  | // Use of this source code is governed by a BSD-style license that can be | 
|  | // found in the LICENSE file. | 
|  |  | 
|  | #include "net/cert/ct_log_response_parser.h" | 
|  |  | 
|  | #include <memory> | 
|  |  | 
|  | #include "base/base64.h" | 
|  | #include "base/json/json_value_converter.h" | 
|  | #include "base/logging.h" | 
|  | #include "base/strings/string_piece.h" | 
|  | #include "base/time/time.h" | 
|  | #include "base/values.h" | 
|  | #include "net/cert/ct_serialization.h" | 
|  | #include "net/cert/signed_tree_head.h" | 
|  | #include "starboard/memory.h" | 
|  |  | 
|  | namespace net { | 
|  |  | 
|  | namespace ct { | 
|  |  | 
|  | namespace { | 
|  |  | 
|  | // Structure for making JSON decoding easier. The string fields | 
|  | // are base64-encoded so will require further decoding. | 
|  | struct JsonSignedTreeHead { | 
|  | int tree_size; | 
|  | double timestamp; | 
|  | std::string sha256_root_hash; | 
|  | DigitallySigned signature; | 
|  |  | 
|  | static void RegisterJSONConverter( | 
|  | base::JSONValueConverter<JsonSignedTreeHead>* converted); | 
|  | }; | 
|  |  | 
|  | bool ConvertSHA256RootHash(base::StringPiece s, std::string* result) { | 
|  | if (!base::Base64Decode(s, result)) { | 
|  | DVLOG(1) << "Failed decoding sha256_root_hash"; | 
|  | return false; | 
|  | } | 
|  |  | 
|  | if (result->length() != kSthRootHashLength) { | 
|  | DVLOG(1) << "sha256_root_hash is expected to be 32 bytes, but is " | 
|  | << result->length() << " bytes."; | 
|  | return false; | 
|  | } | 
|  |  | 
|  | return true; | 
|  | } | 
|  |  | 
|  | bool ConvertTreeHeadSignature(base::StringPiece s, DigitallySigned* result) { | 
|  | std::string tree_head_signature; | 
|  | if (!base::Base64Decode(s, &tree_head_signature)) { | 
|  | DVLOG(1) << "Failed decoding tree_head_signature"; | 
|  | return false; | 
|  | } | 
|  |  | 
|  | base::StringPiece sp(tree_head_signature); | 
|  | if (!DecodeDigitallySigned(&sp, result)) { | 
|  | DVLOG(1) << "Failed decoding signature to DigitallySigned"; | 
|  | return false; | 
|  | } | 
|  | return true; | 
|  | } | 
|  |  | 
|  | void JsonSignedTreeHead::RegisterJSONConverter( | 
|  | base::JSONValueConverter<JsonSignedTreeHead>* converter) { | 
|  | converter->RegisterIntField("tree_size", &JsonSignedTreeHead::tree_size); | 
|  | converter->RegisterDoubleField("timestamp", &JsonSignedTreeHead::timestamp); | 
|  | converter->RegisterCustomField("sha256_root_hash", | 
|  | &JsonSignedTreeHead::sha256_root_hash, | 
|  | &ConvertSHA256RootHash); | 
|  | converter->RegisterCustomField<DigitallySigned>( | 
|  | "tree_head_signature", | 
|  | &JsonSignedTreeHead::signature, | 
|  | &ConvertTreeHeadSignature); | 
|  | } | 
|  |  | 
|  | bool IsJsonSTHStructurallyValid(const JsonSignedTreeHead& sth) { | 
|  | if (sth.tree_size < 0) { | 
|  | DVLOG(1) << "Tree size in Signed Tree Head JSON is negative: " | 
|  | << sth.tree_size; | 
|  | return false; | 
|  | } | 
|  |  | 
|  | if (sth.timestamp < 0) { | 
|  | DVLOG(1) << "Timestamp in Signed Tree Head JSON is negative: " | 
|  | << sth.timestamp; | 
|  | return false; | 
|  | } | 
|  |  | 
|  | if (sth.sha256_root_hash.empty()) { | 
|  | DVLOG(1) << "Missing SHA256 root hash from Signed Tree Head JSON."; | 
|  | return false; | 
|  | } | 
|  |  | 
|  | if (sth.signature.signature_data.empty()) { | 
|  | DVLOG(1) << "Missing signature from Signed Tree Head JSON."; | 
|  | return false; | 
|  | } | 
|  |  | 
|  | return true; | 
|  | } | 
|  |  | 
|  | // Structure for making JSON decoding easier. The string fields | 
|  | // are base64-encoded so will require further decoding. | 
|  | struct JsonConsistencyProof { | 
|  | std::vector<std::unique_ptr<std::string>> proof_nodes; | 
|  |  | 
|  | static void RegisterJSONConverter( | 
|  | base::JSONValueConverter<JsonConsistencyProof>* converter); | 
|  | }; | 
|  |  | 
|  | bool ConvertIndividualProofNode(const base::Value* value, std::string* result) { | 
|  | std::string b64_encoded_node; | 
|  | if (!value->GetAsString(&b64_encoded_node)) | 
|  | return false; | 
|  |  | 
|  | if (!ConvertSHA256RootHash(b64_encoded_node, result)) | 
|  | return false; | 
|  |  | 
|  | return true; | 
|  | } | 
|  |  | 
|  | void JsonConsistencyProof::RegisterJSONConverter( | 
|  | base::JSONValueConverter<JsonConsistencyProof>* converter) { | 
|  | converter->RegisterRepeatedCustomValue<std::string>( | 
|  | "consistency", &JsonConsistencyProof::proof_nodes, | 
|  | &ConvertIndividualProofNode); | 
|  | } | 
|  |  | 
|  | }  // namespace | 
|  |  | 
|  | bool FillSignedTreeHead(const base::Value& json_signed_tree_head, | 
|  | SignedTreeHead* signed_tree_head) { | 
|  | JsonSignedTreeHead parsed_sth; | 
|  | base::JSONValueConverter<JsonSignedTreeHead> converter; | 
|  | if (!converter.Convert(json_signed_tree_head, &parsed_sth)) { | 
|  | DVLOG(1) << "Invalid Signed Tree Head JSON."; | 
|  | return false; | 
|  | } | 
|  |  | 
|  | if (!IsJsonSTHStructurallyValid(parsed_sth)) | 
|  | return false; | 
|  |  | 
|  | signed_tree_head->version = SignedTreeHead::V1; | 
|  | signed_tree_head->tree_size = parsed_sth.tree_size; | 
|  | signed_tree_head->timestamp = base::Time::FromJsTime(parsed_sth.timestamp); | 
|  | signed_tree_head->signature = parsed_sth.signature; | 
|  | SbMemoryCopy(signed_tree_head->sha256_root_hash, | 
|  | parsed_sth.sha256_root_hash.c_str(), kSthRootHashLength); | 
|  | return true; | 
|  | } | 
|  |  | 
|  | bool FillConsistencyProof(const base::Value& json_consistency_proof, | 
|  | std::vector<std::string>* consistency_proof) { | 
|  | JsonConsistencyProof parsed_proof; | 
|  | base::JSONValueConverter<JsonConsistencyProof> converter; | 
|  | if (!converter.Convert(json_consistency_proof, &parsed_proof)) { | 
|  | DVLOG(1) << "Invalid consistency proof."; | 
|  | return false; | 
|  | } | 
|  |  | 
|  | const base::DictionaryValue* dict_value = NULL; | 
|  | if (!json_consistency_proof.GetAsDictionary(&dict_value) || | 
|  | !dict_value->HasKey("consistency")) { | 
|  | DVLOG(1) << "Missing consistency field."; | 
|  | return false; | 
|  | } | 
|  |  | 
|  | consistency_proof->reserve(parsed_proof.proof_nodes.size()); | 
|  | for (const auto& proof_node : parsed_proof.proof_nodes) { | 
|  | consistency_proof->push_back(*proof_node); | 
|  | } | 
|  |  | 
|  | return true; | 
|  | } | 
|  |  | 
|  | }  // namespace ct | 
|  |  | 
|  | }  // namespace net |