experimental...

1 files changed, 61 insertions, 50 deletions

diff --git a/tools/josef_experimental.py b/tools/josef_experimental.py
index dc1dc7e..7f79788 100755
--- a/tools/josef_experimental.py
+++ b/tools/josef_experimental.py
@@ -3,13 +3,69 @@
 
 import time
 import base64
-from certtools import get_sth, get_consistency_proof, check_sth_signature, get_public_key_from_file, verify_consistency_proof
+import urllib
+import urllib2
+import sys
+# from pympler.asizeof import asizeof
+from certtools import *
+
+def reduce_leafs_to_root(layer0):
+	if len(layer0) == 0:
+		return [[hashlib.sha256().digest()]]
+	current_layer = layer0
+	while len(current_layer) > 1:
+		current_layer = next_merkle_layer(current_layer)
+	return current_layer
+
+def reduce_layer(layer):
+	new_layer = []
+	while len(layer) > 1:
+		e1 = layer.pop(0)
+		e2 = layer.pop(0)
+		new_layer.append(internal_hash((e1,e2)))
+	return new_layer
+
+def reduce_tree(entries, layers):
+	if len(entries) == 0 and layers is []:
+		return [[hashlib.sha256().digest()]]
+  
+	layer_idx = 0
+	layers[layer_idx] += entries
+
+	while len(layers[layer_idx]) > 1:
+		if len(layers) == layer_idx + 1:
+			layers.append([])
+
+		layers[layer_idx + 1] += reduce_layer(layers[layer_idx]) 
+		layer_idx += 1
+	return layers
+
+def reduce_subtree_to_root(layers):
+	while len(layers) > 1:
+		layers[1] += next_merkle_layer(layers[0])
+		del layers[0]
+
+	if len(layers[0]) > 1:
+		return next_merkle_layer(layers[0])
+	return layers[0]
+
+def get_proof_by_index(baseurl, index, tree_size):
+    try:
+        params = urllib.urlencode({"leaf_index":index,
+                                   "tree_size":tree_size})
+        result = \
+          urlopen(baseurl + "ct/v1/get-entry-and-proof?" + params).read()
+        return json.loads(result)
+    except urllib2.HTTPError, e:
+        print "ERROR:", e.read()
+        sys.exit(1)
 
 
 base_urls = ["https://plausible.ct.nordu.net/",
 			"https://ct1.digicert-ct.com/log/", 
 			"https://ct.izenpe.com/",
 			"https://log.certly.io/", 
+			"https://ctlog.api.venafi.com/",
 			"https://ct.googleapis.com/aviator/", 
 			"https://ct.googleapis.com/pilot/",
 			"https://ct.googleapis.com/rocketeer/",
@@ -23,57 +79,12 @@ logkeys["https://ct.googleapis.com/pilot/"] = get_public_key_from_file("../../pi
 logkeys["https://log.certly.io/"] = get_public_key_from_file("../../certly-logkey.pem")
 logkeys["https://ct.izenpe.com/"] = get_public_key_from_file("../../izenpe-logkey.pem")
 logkeys["https://ct1.digicert-ct.com/log/"] = get_public_key_from_file("../../digicert-logkey.pem")
-old_sth = {}
-
-# Get initial sth
-print time.strftime("%H:%M:%S", time.gmtime())
-for base_url in base_urls:
-	
-	old_sth[base_url] =  get_sth(base_url)
-	print "Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) 
-
-	try:
-		check_sth_signature(base_url, old_sth[base_url], logkeys[base_url])
-	except:
-		print "Could not verify signature!!"
-
-
-while True:
-	time.sleep(1*60-4)
-	print time.strftime("%H:%M:%S", time.gmtime())
-	for base_url in base_urls:
-		new_sth =  get_sth(base_url)
-		print "Received STH from " + base_url + ", timestamp: " + str(new_sth["timestamp"]) + ", size: " + str(new_sth["tree_size"])
-		try:
-			check_sth_signature(base_url, new_sth, logkeys[base_url])
-		except:
-			print "Could not verify signature!!"
-
-		if old_sth[base_url]["tree_size"]!= new_sth["tree_size"]:
-			print "Wohoo, new STH! Checking..."
-			try:
-				# Hashes are base64 encoded from the server and needs to be decoded before checking proofs.
-				consistency_proof = get_consistency_proof(base_url, old_sth[base_url]["tree_size"], new_sth["tree_size"] )
-				decoded_consistency_proof = []
-				for item in consistency_proof:
-					decoded_consistency_proof.append(base64.b64decode(item))
-				res = verify_consistency_proof(decoded_consistency_proof, old_sth[base_url]["tree_size"], new_sth["tree_size"], old_sth[base_url]["sha256_root_hash"])
-				
-				if old_sth[base_url]["sha256_root_hash"] != str(base64.b64encode(res[0])):
-					print "Verification of old hash failed!!!"
-					print old_sth[base_url]["sha256_root_hash"], str(base64.b64encode(res[0]))
-				if new_sth["sha256_root_hash"] != str(base64.b64encode(res[1])):
-					print "Verification of new hash failed!!!"
-					print new_sth["sha256_root_hash"], str(base64.b64encode(res[1]))
-
-			except Exception, err:
-				print Exception, err
-			finally:
-				old_sth[base_url] = new_sth
-
-
+logkeys["https://ctlog.api.venafi.com/"] = get_public_key_from_file("../../venafi-logkey.pem")
 
 
+from Crypto import Signature
 
+sth = get_sth(base_urls[4])
 
+print sth