xref: /aosp_15_r20/external/cronet/net/cert/ct_log_response_parser.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2014 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/cert/ct_log_response_parser.h"
6 
7 #include <memory>
8 #include <string_view>
9 
10 #include "base/base64.h"
11 #include "base/json/json_value_converter.h"
12 #include "base/logging.h"
13 #include "base/time/time.h"
14 #include "base/values.h"
15 #include "net/cert/ct_serialization.h"
16 #include "net/cert/signed_tree_head.h"
17 
18 namespace net::ct {
19 
20 namespace {
21 
22 // Structure for making JSON decoding easier. The string fields
23 // are base64-encoded so will require further decoding.
24 struct JsonSignedTreeHead {
25   int tree_size;
26   double timestamp;
27   std::string sha256_root_hash;
28   DigitallySigned signature;
29 
30   static void RegisterJSONConverter(
31       base::JSONValueConverter<JsonSignedTreeHead>* converted);
32 };
33 
ConvertSHA256RootHash(std::string_view s,std::string * result)34 bool ConvertSHA256RootHash(std::string_view s, std::string* result) {
35   return base::Base64Decode(s, result) && result->size() == kSthRootHashLength;
36 }
37 
ConvertTreeHeadSignature(std::string_view s,DigitallySigned * result)38 bool ConvertTreeHeadSignature(std::string_view s, DigitallySigned* result) {
39   std::string tree_head_signature;
40   if (!base::Base64Decode(s, &tree_head_signature)) {
41     return false;
42   }
43 
44   std::string_view sp(tree_head_signature);
45   return DecodeDigitallySigned(&sp, result);
46 }
47 
RegisterJSONConverter(base::JSONValueConverter<JsonSignedTreeHead> * converter)48 void JsonSignedTreeHead::RegisterJSONConverter(
49     base::JSONValueConverter<JsonSignedTreeHead>* converter) {
50   converter->RegisterIntField("tree_size", &JsonSignedTreeHead::tree_size);
51   converter->RegisterDoubleField("timestamp", &JsonSignedTreeHead::timestamp);
52   converter->RegisterCustomField("sha256_root_hash",
53                                  &JsonSignedTreeHead::sha256_root_hash,
54                                  &ConvertSHA256RootHash);
55   converter->RegisterCustomField<DigitallySigned>(
56       "tree_head_signature",
57       &JsonSignedTreeHead::signature,
58       &ConvertTreeHeadSignature);
59 }
60 
IsJsonSTHStructurallyValid(const JsonSignedTreeHead & sth)61 bool IsJsonSTHStructurallyValid(const JsonSignedTreeHead& sth) {
62   return sth.tree_size >= 0 && sth.timestamp >= 0 &&
63          !sth.sha256_root_hash.empty() && !sth.signature.signature_data.empty();
64 }
65 
66 // Structure for making JSON decoding easier. The string fields
67 // are base64-encoded so will require further decoding.
68 struct JsonConsistencyProof {
69   std::vector<std::unique_ptr<std::string>> proof_nodes;
70 
71   static void RegisterJSONConverter(
72       base::JSONValueConverter<JsonConsistencyProof>* converter);
73 };
74 
ConvertIndividualProofNode(const base::Value * value,std::string * result)75 bool ConvertIndividualProofNode(const base::Value* value, std::string* result) {
76   const std::string* b64_encoded_node = value->GetIfString();
77   return b64_encoded_node && ConvertSHA256RootHash(*b64_encoded_node, result);
78 }
79 
RegisterJSONConverter(base::JSONValueConverter<JsonConsistencyProof> * converter)80 void JsonConsistencyProof::RegisterJSONConverter(
81     base::JSONValueConverter<JsonConsistencyProof>* converter) {
82   converter->RegisterRepeatedCustomValue<std::string>(
83       "consistency", &JsonConsistencyProof::proof_nodes,
84       &ConvertIndividualProofNode);
85 }
86 
87 }  // namespace
88 
FillSignedTreeHead(const base::Value & json_signed_tree_head,SignedTreeHead * signed_tree_head)89 bool FillSignedTreeHead(const base::Value& json_signed_tree_head,
90                         SignedTreeHead* signed_tree_head) {
91   JsonSignedTreeHead parsed_sth;
92   base::JSONValueConverter<JsonSignedTreeHead> converter;
93   if (!converter.Convert(json_signed_tree_head, &parsed_sth) ||
94       !IsJsonSTHStructurallyValid(parsed_sth)) {
95     return false;
96   }
97 
98   signed_tree_head->version = SignedTreeHead::V1;
99   signed_tree_head->tree_size = parsed_sth.tree_size;
100   signed_tree_head->timestamp =
101       base::Time::FromMillisecondsSinceUnixEpoch(parsed_sth.timestamp);
102   signed_tree_head->signature = parsed_sth.signature;
103   memcpy(signed_tree_head->sha256_root_hash,
104          parsed_sth.sha256_root_hash.c_str(),
105          kSthRootHashLength);
106   return true;
107 }
108 
FillConsistencyProof(const base::Value & json_consistency_proof,std::vector<std::string> * consistency_proof)109 bool FillConsistencyProof(const base::Value& json_consistency_proof,
110                           std::vector<std::string>* consistency_proof) {
111   JsonConsistencyProof parsed_proof;
112   base::JSONValueConverter<JsonConsistencyProof> converter;
113   if (!converter.Convert(json_consistency_proof, &parsed_proof)) {
114     return false;
115   }
116 
117   const base::Value::Dict* dict_value = json_consistency_proof.GetIfDict();
118   if (!dict_value || !dict_value->Find("consistency")) {
119     return false;
120   }
121 
122   consistency_proof->reserve(parsed_proof.proof_nodes.size());
123   for (const auto& proof_node : parsed_proof.proof_nodes) {
124     consistency_proof->push_back(*proof_node);
125   }
126 
127   return true;
128 }
129 
130 }  // namespace net::ct
131