diff options
| author | Josef Gustafsson <josef.gson@gmail.com> | 2015-09-22 09:11:30 +0200 |
|---|---|---|
| committer | Josef Gustafsson <josef.gson@gmail.com> | 2015-09-22 09:11:30 +0200 |
| commit | 95ff3d4fcd68e238667d12a9038af87d47d022b8 (patch) | |
| tree | f8bde9086ae4d1b6af6618a32638a3d04b8d4075 | |
| parent | 4f3be5f797b16519c69fa2e34f999941bd6ce821 (diff) | |
adding issuer filter to reader
| -rwxr-xr-x | monitor/josef_experimental.py | 17 | ||||
| -rwxr-xr-x | monitor/josef_logreader.py | 2 | ||||
| -rwxr-xr-x | monitor/josef_mover.py | 7 | ||||
| -rwxr-xr-x | monitor/josef_reader.py | 17 | ||||
| -rwxr-xr-x | tools/josef_experimental_auditor.py | 10 |
5 files changed, 27 insertions, 26 deletions
diff --git a/monitor/josef_experimental.py b/monitor/josef_experimental.py index 3c7e590..3e34584 100755 --- a/monitor/josef_experimental.py +++ b/monitor/josef_experimental.py @@ -50,21 +50,10 @@ def verify_sct(baseurl, sctentry, key, sth_in=None): if __name__ == '__main__': - f = open("sct_example") - s = f.read() - sctentry = json.loads(s) - - logpublickey = get_public_key_from_file("sct_example_logkey.pem") - if "sth" in sctentry: - print "found sth in sct" - sth = sctentry["sth"] - else: - sth = None - verify_sct(None, sctentry, logpublickey, sth) - # print sctentry - # print base64.b64decode(sctentry["leafcert"]) - # print base64.b64decode(get_entries("https://plausible.ct.nordu.net:/", 1234,1234)["entries"][0]["leaf_input"]) + + + diff --git a/monitor/josef_logreader.py b/monitor/josef_logreader.py index d261fd4..4be2a55 100755 --- a/monitor/josef_logreader.py +++ b/monitor/josef_logreader.py @@ -87,7 +87,7 @@ def print_errors(l): if "ERROR" in line: print item[:-1] if line[:len(START_STR)] == START_STR: - # break # comment this line to print all errors ever + break # comment this line to print all errors ever pass diff --git a/monitor/josef_mover.py b/monitor/josef_mover.py index 3de0cb4..511a156 100755 --- a/monitor/josef_mover.py +++ b/monitor/josef_mover.py @@ -34,10 +34,10 @@ def print_reply(rep, entry, precert): source = ctlogs[0] -dests = [ctlogs[8]] +dests = [ctlogs[1]] -first = 20001 -last = 20100 +first = 21001 +last = 22000 entries = get_entries(source["url"], first, last)["entries"] @@ -61,6 +61,7 @@ for log in dests: res = add_chain(log["url"], {"chain" : submission}) print_reply(res, entry, precert) + time.sleep(5) diff --git a/monitor/josef_reader.py b/monitor/josef_reader.py index 1906587..1a1bdec 100755 --- a/monitor/josef_reader.py +++ b/monitor/josef_reader.py @@ -138,6 +138,12 @@ def db_monitor_domain(domain, log=None, exclude_invalid=None, get_cert=None): else: success = False + if issuer: + if issuer in entry["issuer"]: + pass: + else: + success = False + if cur_time > not_after_time: valid = False expired = True @@ -178,11 +184,11 @@ def db_monitor_domain(domain, log=None, exclude_invalid=None, get_cert=None): res.append(me) - # print str(count_all) + " matches found. " \ - # + str(count_valid) + " valid, " \ - # + str(count_expired) + " expired and " \ - # + str(count_not_yet_valid) + " not yet valid for " \ - # + domain + print str(count_all) + " matches found. " \ + + str(count_valid) + " valid, " \ + + str(count_expired) + " expired and " \ + + str(count_not_yet_valid) + " not yet valid for " \ + + domain return res if __name__ == "__main__": @@ -190,6 +196,7 @@ if __name__ == "__main__": parser = argparse.ArgumentParser(description="") parser.add_argument('--domain', default=None) parser.add_argument('--log', default=None) + parser.add_argument('--issuer', default=None) parser.add_argument('--exclude-invalid', action='store_true') parser.add_argument('--get-cert', action='store_true') diff --git a/tools/josef_experimental_auditor.py b/tools/josef_experimental_auditor.py index e40e77e..6bb8baa 100755 --- a/tools/josef_experimental_auditor.py +++ b/tools/josef_experimental_auditor.py @@ -20,12 +20,12 @@ DEFAULT_CERT_FILE = "cert_data.json" base_urls = [ # "https://plausible.ct.nordu.net/", # "https://ct1.digicert-ct.com/log/", - "https://ct.izenpe.com/", + # "https://ct.izenpe.com/", # "https://log.certly.io/", # "https://ct.googleapis.com/aviator/", # "https://ct.googleapis.com/pilot/", # "https://ct.googleapis.com/rocketeer/", - "https://ctlog.api.venafi.com/", + # "https://ctlog.api.venafi.com/", "https://ct.ws.symantec.com/", ] @@ -332,7 +332,11 @@ def get_all_roots(base_url): issuer = get_cert_info(base64.decodestring(accepted_cert))["issuer"] if subject == issuer: root_cert = base64.decodestring(accepted_cert) - print get_cert_info(root_cert)["subject"] + try: + print get_cert_info(root_cert)["subject"].split("CN=")[1] + except: + print get_cert_info(root_cert)["subject"] + return certs def print_errors(errors): print "Encountered " + str(len(errors)) + " errors:" |