monitoring root certificates

author: Josef Gustafsson <josef.gson@gmail.com> 2015-09-22 15:01:44 +0200
committer: Josef Gustafsson <josef.gson@gmail.com> 2015-09-22 15:01:44 +0200
commit: e2de391a1f385da19bb4d22bfd90472841260630 (patch)
tree: 496dd769486cefd6908ee81bd526f9d3de2d3e5f
parent: c3a1c82a82aaf83dca11746601d8e3865ff1570b (diff)
3 files changed, 51 insertions, 51 deletions
diff --git a/monitor/josef_monitor.py b/monitor/josef_monitor.py
index 0e02a3c..bce3080 100755
--- a/monitor/josef_monitor.py
+++ b/monitor/josef_monitor.py
@@ -154,37 +154,35 @@ class ctlog:
             added, removed = compare_lists(hash_list, loaded_list)
 
             if len(added) != 0:
-                print str(len(added)) + " new roots found for " + self.name
-            if len(removed) != 0:
-                print str(len(removed)) + " roots removed for " + self.name
+                self.log(str(len(added)) + " new roots found")
+                for item in added:
+                    root_cert = base64.decodestring(roots[hash_list.index(item)])
+                    subject = get_cert_info(root_cert)["subject"]
+                    issuer = get_cert_info(root_cert)["issuer"]
+                    if subject == issuer:
+                        self.log("New Root: " + item + ", " + subject)
+                    else: 
+                        self.log("WTF? Not a root...")
+
+                    fn = cert_dir + "/" + item
+                    tempname = fn + ".new"
+                    data = roots[hash_list.index(item)]
+                    open(tempname, 'w').write(data)
+                    mv_file(tempname, fn)
             
-            for item in removed:
-                data = open(cert_dir + "/" + item).read()
-
-                root_cert = base64.decodestring(data)
-                subject = get_cert_info(root_cert)["subject"]
-                issuer = get_cert_info(root_cert)["issuer"]
-                if subject == issuer:
-                    print "Removed Root: " + item + ", " + subject
-                    self.log("Removed Root: " + item + ", " + subject)
-                else: 
-                    print "WTF? Not a root..."
-
-            for item in added:
-                root_cert = base64.decodestring(roots[hash_list.index(item)])
-                subject = get_cert_info(root_cert)["subject"]
-                issuer = get_cert_info(root_cert)["issuer"]
-                if subject == issuer:
-                    print "New Root: " + item + ", " + subject
-                    self.log("New Root: " + item + ", " + subject)
-                else: 
-                    print "WTF? Not a root..."
-
-                fn = cert_dir + "/" + item
-                tempname = fn + ".new"
-                data = roots[hash_list.index(item)]
-                open(tempname, 'w').write(data)
-                mv_file(tempname, fn)
+
+            if len(removed) != 0:
+                self.log(str(len(removed)) + " roots removed")
+                for item in removed:
+                    data = open(cert_dir + "/" + item).read()
+                    root_cert = base64.decodestring(data)
+                    subject = get_cert_info(root_cert)["subject"]
+                    issuer = get_cert_info(root_cert)["issuer"]
+                    if subject == issuer:
+                        self.log("Removed Root: " + item + ", " + subject)
+                    else: 
+                        self.log("WTF? Not a root...")
+
 
 
     def verify_progress(self, old):
@@ -359,7 +357,7 @@ def get_proof_by_index(baseurl, index, tree_size):
 def get_all_roots(base_url):
     result = urlopen(base_url + "ct/v1/get-roots").read()
     certs = json.loads(result)["certificates"]
-    print time.strftime('%H:%M:%S') + " Received " + str(len(certs)) + " certs from " + base_url
+    # print time.strftime('%H:%M:%S') + " Received " + str(len(certs)) + " root certs from " + base_url
     return certs
 
 
@@ -409,6 +407,8 @@ def main(args):
         while True:
             time.sleep(INTERVAL)
             for log in logs:
+                log.update_roots()
+
                 old_sth = log.sth
                 log.update_sth() # Should this be done is later checks fail? (reorder?)
                 if old_sth["timestamp"] != log.sth["timestamp"]:
diff --git a/monitor/josef_reader.py b/monitor/josef_reader.py
index b6fe55e..eadd120 100755
--- a/monitor/josef_reader.py
+++ b/monitor/josef_reader.py
@@ -176,11 +176,11 @@ def db_monitor_domain(domain, log=None, exclude_invalid=None, get_cert=None, iss
                 res.append(me)
 
 
-    print str(count_all) + " matches found. " \
-    + str(count_valid) + " valid, " \
-    + str(count_expired) + " expired and " \
-    + str(count_not_yet_valid) + " not yet valid for " \
-    + domain
+    # print str(count_all) + " matches found. " \
+    # + str(count_valid) + " valid, " \
+    # + str(count_expired) + " expired and " \
+    # + str(count_not_yet_valid) + " not yet valid for " \
+    # + domain
     return res
 
 if __name__ == "__main__":
diff --git a/monitor/monitor_conf.py b/monitor/monitor_conf.py
index 913c466..57a245f 100644
--- a/monitor/monitor_conf.py
+++ b/monitor/monitor_conf.py
@@ -1,7 +1,7 @@
 # All configuration for the CT monitor is done from this file!
 
 # interval (in seconds) between updates
-INTERVAL = 30 
+INTERVAL = 120 
 
 # Directories for various output files
 OUTPUT_DIR = "output/"
@@ -29,20 +29,20 @@ MONITORED_DOMAINS = [
 
 # CT logs and associated keys
 ctlogs = [
-    {"name" : "pilot",
-    "url" : "https://ct.googleapis.com/pilot/",
-    "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==",
-    "id" : "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA="},
-
-    {"name" : "plausible",
-    "url" : "https://plausible.ct.nordu.net/",
-    "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9UV9+jO2MCTzkabodO2F7LM03MUBc8MrdAtkcW6v6GA9taTTw9QJqofm0BbdAsbtJL/unyEf0zIkRgXjjzaYqQ==",
-    "id" : "qucLfzy41WbIbC8Wl5yfRF9pqw60U1WJsvd6AwEE880="},
-
-    {"name" : "digicert",
-    "url" : "https://ct1.digicert-ct.com/log/",
-    "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==",
-    "id" : "VhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0="},
+    # {"name" : "pilot",
+    # "url" : "https://ct.googleapis.com/pilot/",
+    # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==",
+    # "id" : "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA="},
+
+    # {"name" : "plausible",
+    # "url" : "https://plausible.ct.nordu.net/",
+    # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9UV9+jO2MCTzkabodO2F7LM03MUBc8MrdAtkcW6v6GA9taTTw9QJqofm0BbdAsbtJL/unyEf0zIkRgXjjzaYqQ==",
+    # "id" : "qucLfzy41WbIbC8Wl5yfRF9pqw60U1WJsvd6AwEE880="},
+
+    # {"name" : "digicert",
+    # "url" : "https://ct1.digicert-ct.com/log/",
+    # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==",
+    # "id" : "VhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0="},
 
     {"name" : "izenpe",
     "url" : "https://ct.izenpe.com/",
author	Josef Gustafsson <josef.gson@gmail.com>	2015-09-22 15:01:44 +0200
committer	Josef Gustafsson <josef.gson@gmail.com>	2015-09-22 15:01:44 +0200
commit	e2de391a1f385da19bb4d22bfd90472841260630 (patch)
tree	496dd769486cefd6908ee81bd526f9d3de2d3e5f
parent	c3a1c82a82aaf83dca11746601d8e3865ff1570b (diff)