Certificate Transparency: Parse Signed Tree Heads and validate them

net/cert/ct_log_response_parser_unittest.cc

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/ct_log_response_parser.h"
+
+#include <string>
+
+#include "base/base64.h"
+#include "base/strings/stringprintf.h"
+#include "base/time/time.h"
+#include "net/cert/ct_serialization.h"
+#include "net/cert/signed_tree_head.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+namespace ct {
+
+// Basic fields, sha256_root_hash, tree_head_signature.
+const char kSTHFormatString[] =
+  "{%s\"%s\",\"tree_head_signature\":\"%s\"}";
+const char kBasicSTHFields[] =
+  "\"tree_size\":2903698,\"timestamp\":1395761621447,\"sha256_root_hash\":";
+
+const char kSHA256RootHash[] =
+    "/WHFMgXtI/umKKuACJIN0Bb73TcILm9WkeU6qszvoAo=";
+
+const char kTreeHeadSignature[] =
+  "BAMARzBFAiAB+IIYrkRsZDW0/6TzPgR+aJ26twCQ1JDTwq/" \
+  "mpinCjAIhAKDXdXMtqbvQ42r9dBIwV5RM/KpEzNQdIhXHesd9HPv3";
+
+class CTLogResponseParserTest : public ::testing::Test {
+ public:
+  CTLogResponseParserTest() {}
+
+  virtual void SetUp() OVERRIDE {
+    sample_sth_ = base::StringPrintf(
+        kSTHFormatString, kBasicSTHFields, kSHA256RootHash, kTreeHeadSignature);
+    base::Base64Decode(kSHA256RootHash, &expected_sha256_root_hash_);
+
+    std::string tree_head_signature;
+    base::Base64Decode(kTreeHeadSignature, &tree_head_signature);
+    base::StringPiece sp(tree_head_signature);
+    ASSERT_TRUE(DecodeDigitallySigned(&sp, &expected_signature_));
+  }
+
+ protected:
+  std::string sample_sth_;
+  std::string expected_sha256_root_hash_;
+  DigitallySigned expected_signature_;
+};
+
+TEST_F(CTLogResponseParserTest, ParsesValidJsonSTH) {
+  SignedTreeHead tree_head;
+  EXPECT_TRUE(CTLogResponseParser::FillSignedTreeHead(sample_sth_, &tree_head));
+
+  base::Time expected_timestamp =
+      base::Time::UnixEpoch() +
+      base::TimeDelta::FromMilliseconds(1395761621447);
+
+  ASSERT_EQ(SignedTreeHead::V1, tree_head.version);
+  ASSERT_EQ(expected_timestamp, tree_head.timestamp);
+  ASSERT_EQ(2903698u, tree_head.tree_size);
+
+  // Copy the field from the SignedTreeHead because it's not null terminated
+  // there and ASSERT_STREQ expects null-terminated strings.
+  char actual_hash[kSthRootHashLength + 1];
+  memcpy(actual_hash, tree_head.sha256_root_hash, kSthRootHashLength);
+  actual_hash[kSthRootHashLength] = '\0';
+  ASSERT_STREQ(expected_sha256_root_hash_.c_str(), actual_hash);
+  ASSERT_EQ(tree_head.signature.hash_algorithm,
+            expected_signature_.hash_algorithm);
+  ASSERT_EQ(tree_head.signature.signature_algorithm,
+            expected_signature_.signature_algorithm);
+  ASSERT_EQ(tree_head.signature.signature_data,
+            expected_signature_.signature_data);
+}
+
+TEST_F(CTLogResponseParserTest, FailsToParseMissingFields) {
+  std::string missing_fields_sth = base::StringPrintf(
+      "{%s\"%s\"}", kBasicSTHFields, kSHA256RootHash);
+
+  SignedTreeHead tree_head;
+  ASSERT_FALSE(
+      CTLogResponseParser::FillSignedTreeHead(missing_fields_sth, &tree_head));
+}
+
+TEST_F(CTLogResponseParserTest, FailsToParseIncorrectLengthRootHash) {
+  SignedTreeHead tree_head;
+
+  std::string too_long_hash = base::StringPrintf(
+      kSTHFormatString,
+      kBasicSTHFields,
+      kSHA256RootHash,
+      "/WHFMgXtI/umKKuACJIN0Bb73TcILm9WkeU6qszvoArK\n");
+  ASSERT_FALSE(
+      CTLogResponseParser::FillSignedTreeHead(too_long_hash, &tree_head));
+
+  std::string too_short_hash =  base::StringPrintf(
+      kSTHFormatString,
+      kBasicSTHFields,
+      kSHA256RootHash,
+      "/WHFMgXtI/umKKuACJIN0Bb73TcILm9WkeU6qszvoA==\n");
+  ASSERT_FALSE(
+      CTLogResponseParser::FillSignedTreeHead(too_short_hash, &tree_head));
+}
+
+}  // namespace ct
+
+}  // namespace net