| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/cert/ct_log_response_parser.h" |
| 6 |
| 7 #include "base/base64.h" |
| 8 #include "base/json/json_reader.h" |
| 9 #include "base/json/json_value_converter.h" |
| 10 #include "base/logging.h" |
| 11 #include "base/strings/string_piece.h" |
| 12 #include "base/time/time.h" |
| 13 #include "base/values.h" |
| 14 #include "net/cert/ct_serialization.h" |
| 15 #include "net/cert/signed_tree_head.h" |
| 16 |
| 17 namespace net { |
| 18 |
| 19 namespace ct { |
| 20 |
| 21 namespace { |
| 22 |
| 23 // Structure for making JSON decoding easier. The string fields |
| 24 // are base64-encoded so will require further decoding. |
| 25 struct JsonSignedTreeHead { |
| 26 int tree_size; |
| 27 double timestamp; |
| 28 std::string sha256_root_hash; |
| 29 DigitallySigned signature; |
| 30 |
| 31 static void RegisterJSONConverter( |
| 32 base::JSONValueConverter<JsonSignedTreeHead>* converted); |
| 33 }; |
| 34 |
| 35 bool ConvertSHA256RootHash(const base::StringPiece& s, std::string* result) { |
| 36 if (!base::Base64Decode(s, result)) { |
| 37 DVLOG(1) << "Failed decoding sha256_root_hash"; |
| 38 return false; |
| 39 } |
| 40 |
| 41 if (result->length() != kSthRootHashLength) { |
| 42 DVLOG(1) << "sha256_root_hash is expected to be 32 bytes, but is " |
| 43 << result->length() << " bytes."; |
| 44 return false; |
| 45 } |
| 46 |
| 47 return true; |
| 48 } |
| 49 |
| 50 bool ConvertTreeHeadSignature(const base::StringPiece& s, |
| 51 DigitallySigned* result) { |
| 52 std::string tree_head_signature; |
| 53 if (!base::Base64Decode(s, &tree_head_signature)) { |
| 54 DVLOG(1) << "Failed decoding tree_head_signature"; |
| 55 return false; |
| 56 } |
| 57 |
| 58 base::StringPiece sp(tree_head_signature); |
| 59 if (!DecodeDigitallySigned(&sp, result)) { |
| 60 DVLOG(1) << "Failed decoding signature to DigitallySigned"; |
| 61 return false; |
| 62 } |
| 63 return true; |
| 64 } |
| 65 |
| 66 void JsonSignedTreeHead::RegisterJSONConverter( |
| 67 base::JSONValueConverter<JsonSignedTreeHead>* converter) { |
| 68 converter->RegisterIntField("tree_size", &JsonSignedTreeHead::tree_size); |
| 69 converter->RegisterDoubleField("timestamp", &JsonSignedTreeHead::timestamp); |
| 70 converter->RegisterCustomField("sha256_root_hash", |
| 71 &JsonSignedTreeHead::sha256_root_hash, |
| 72 &ConvertSHA256RootHash); |
| 73 converter->RegisterCustomField<DigitallySigned>( |
| 74 "tree_head_signature", |
| 75 &JsonSignedTreeHead::signature, |
| 76 &ConvertTreeHeadSignature); |
| 77 } |
| 78 |
| 79 bool IsJsonSTHStructurallyValid(const JsonSignedTreeHead& sth) { |
| 80 if (sth.tree_size < 0) { |
| 81 DVLOG(1) << "Tree size in Signed Tree Head JSON is negative: " |
| 82 << sth.tree_size; |
| 83 return false; |
| 84 } |
| 85 |
| 86 if (sth.timestamp < 0) { |
| 87 DVLOG(1) << "Timestamp in Signed Tree Head JSON is negative: " |
| 88 << sth.timestamp; |
| 89 return false; |
| 90 } |
| 91 |
| 92 if (sth.sha256_root_hash.empty()) { |
| 93 DVLOG(1) << "Missing SHA256 root hash from Signed Tree Head JSON."; |
| 94 return false; |
| 95 } |
| 96 |
| 97 if (sth.signature.signature_data.empty()) { |
| 98 DVLOG(1) << "Missing SHA256 root hash from Signed Tree Head JSON."; |
| 99 return false; |
| 100 } |
| 101 |
| 102 return true; |
| 103 } |
| 104 |
| 105 } // namespace |
| 106 |
| 107 bool FillSignedTreeHead(const base::StringPiece& json_signed_tree_head, |
| 108 SignedTreeHead* signed_tree_head) { |
| 109 base::JSONReader json_reader; |
| 110 scoped_ptr<base::Value> json(json_reader.Read(json_signed_tree_head)); |
| 111 if (json.get() == NULL) { |
| 112 DVLOG(1) << "Empty Signed Tree Head JSON."; |
| 113 return false; |
| 114 } |
| 115 |
| 116 JsonSignedTreeHead parsed_sth; |
| 117 base::JSONValueConverter<JsonSignedTreeHead> converter; |
| 118 if (!converter.Convert(*json.get(), &parsed_sth)) { |
| 119 DVLOG(1) << "Invalid Signed Tree Head JSON."; |
| 120 return false; |
| 121 } |
| 122 |
| 123 if (!IsJsonSTHStructurallyValid(parsed_sth)) |
| 124 return false; |
| 125 |
| 126 signed_tree_head->version = SignedTreeHead::V1; |
| 127 signed_tree_head->tree_size = parsed_sth.tree_size; |
| 128 signed_tree_head->timestamp = |
| 129 base::Time::UnixEpoch() + |
| 130 base::TimeDelta::FromMilliseconds(parsed_sth.timestamp); |
| 131 signed_tree_head->signature = parsed_sth.signature; |
| 132 memcpy(signed_tree_head->sha256_root_hash, |
| 133 parsed_sth.sha256_root_hash.c_str(), |
| 134 kSthRootHashLength); |
| 135 return true; |
| 136 } |
| 137 |
| 138 } // namespace ct |
| 139 |
| 140 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 230713002:
Certificate Transparency: Parse Signed Tree Heads and validate them (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master