diff options
| author | Josef Gustafsson <josef.gson@gmail.com> | 2015-09-14 14:54:12 +0200 |
|---|---|---|
| committer | Josef Gustafsson <josef.gson@gmail.com> | 2015-09-14 14:54:12 +0200 |
| commit | 7e5ddc38362991048946b3c23eae8565920f0ce7 (patch) | |
| tree | 2caabbce00c1de4f8ef5d87aea316eea8f4521c4 | |
| parent | afac2e3cbc8572dfa099ccbc419372ba691fa53a (diff) | |
checking for changes in domain certs
| -rw-r--r-- | monitor/josef_lib.py | 10 | ||||
| -rwxr-xr-x | monitor/josef_reader.py | 86 | ||||
| -rw-r--r-- | monitor/monitor_conf.py | 8 |
3 files changed, 76 insertions, 28 deletions
diff --git a/monitor/josef_lib.py b/monitor/josef_lib.py index 61b315e..7eca306 100644 --- a/monitor/josef_lib.py +++ b/monitor/josef_lib.py @@ -22,16 +22,6 @@ from Crypto.Hash import SHA256 import Crypto.PublicKey.RSA as RSA from Crypto.Signature import PKCS1_v1_5 -# def read_sth(fn): -# try: -# f = open(fn) -# except IOError, e: -# if e.errno == errno.ENOENT: -# return None -# raise e -# return json.loads(f.read()) - - def check_domain_all(raw_entry, log=None): orig_entry = extract_original_entry(raw_entry) try: diff --git a/monitor/josef_reader.py b/monitor/josef_reader.py index c1ff10c..3abadb2 100755 --- a/monitor/josef_reader.py +++ b/monitor/josef_reader.py @@ -11,7 +11,7 @@ import subprocess from josef_leveldb import * from datetime import datetime as dt import ast -from monitor_conf import DB_PATH +from monitor_conf import DB_PATH, MONITORED_DOMAINS @@ -23,13 +23,35 @@ class monitored_domain: def add(self, item): self.entries.appent(item) + def set(self): + self.entries = db_monitor_domain(self.url, None, True, None) + print "Got " + str(len(self.entries)) + " certs for " + self.url + + def update(self): + new = db_monitor_domain(self.url, None, True, None) + if len(new) != len(self.entries): + # print self.entries + # print new + compare_entry_lists(new, self.entries) + self.entries = new + else: + for i in range(len(new)): + if new[i] == self.entries[i]: + pass + else: + print "ITEM CHANGED!" + + class monitored_entry: - def __init__(self, subject, issuer, log, status): + def __init__(self, subject, issuer, log, status, leaf_hash): self.issuer = issuer self.subject = subject self.log = log self.status = status + self.leaf_hash = leaf_hash + def __eq__(self, other): + return self.leaf_hash == other.leaf_hash def __str__(self): s = self.subject + \ @@ -51,15 +73,34 @@ parser.add_argument('--get-cert', action='store_true') args = parser.parse_args() -monitored_domains = [ - monitored_domain("*.preishelden.de"), - monitored_domain("*.liu.se"), - monitored_domain("*.kth.se"), - monitored_domain("*.nordu.net"), -] +monitored_domains = [] +for md in MONITORED_DOMAINS: + monitored_domains.append(monitored_domain(md)) db = DB_PATH +def compare_entry_lists(new, old): + added_items = [] + removed_items = [] + + for item in new: + if not item in old: + added_items.append(item) + + for item in old: + if not item in new: + removed_items.append(item) + + if len(added_items) != 0: + print str(len(added_items)) + " new item(s):" + for item in added_items: + print item + + if len(removed_items) != 0: + print str(len(removed_items)) + " removed item(s):" + for item in removed_items: + print item + def db_monitor_domain(domain, log=None, exclude_invalid=None, get_cert=None): @@ -76,7 +117,9 @@ def db_monitor_domain(domain, log=None, exclude_invalid=None, get_cert=None): try: entry = ast.literal_eval(item) except: - print (item + '}').replace("'", '"') + print "Failed to parse item: " + item + continue + success = True not_after_time = dt.strptime(entry["not_after"], "%b %d %H:%M:%S %Y GMT") not_before_time = dt.strptime(entry["not_before"], "%b %d %H:%M:%S %Y GMT") @@ -115,19 +158,24 @@ def db_monitor_domain(domain, log=None, exclude_invalid=None, get_cert=None): # Print matching if success: - me = monitored_entry(entry["subject"].split("CN=")[1], entry["issuer"].split("CN=")[1], entry["log"],valid) - print str(me) + me = monitored_entry(entry["subject"].split("CN=")[1], \ + entry["issuer"].split("CN=")[1], \ + entry["log"], \ + valid, \ + entry["leaf_hash"]) + # print str(me) if get_cert: print get_full_cert(entry) - res.append(me) + if me not in res: + res.append(me) - print str(count_all) + " matches found. " \ - + str(count_valid) + " valid, " \ - + str(count_expired) + " expired and " \ - + str(count_not_yet_valid) + " not yet valid for " \ - + domain + # print str(count_all) + " matches found. " \ + # + str(count_valid) + " valid, " \ + # + str(count_expired) + " expired and " \ + # + str(count_not_yet_valid) + " not yet valid for " \ + # + domain return res @@ -136,7 +184,9 @@ if args.domain: else: print "Running on " + str(len(monitored_domains)) + " monitored domains." for d in monitored_domains: - db_monitor_domain(d.url, args.log, args.exclude_invalid, args.get_cert) + d.set() + for d in monitored_domains: + d.update() diff --git a/monitor/monitor_conf.py b/monitor/monitor_conf.py index 4a472a4..d1a21fb 100644 --- a/monitor/monitor_conf.py +++ b/monitor/monitor_conf.py @@ -14,6 +14,14 @@ DEFAULT_CERT_FILE = None # Set to None to disable database output DB_PATH = './tmpdb/' +MONITORED_DOMAINS = [ + "*.preishelden.de", + "*.liu.se", + "*.kth.se", + "*.nordu.net", + "mail.google.com", +] + # CT logs and associated keys ctlogs = { # "pilot": |