diff options
author | Josef Gustafsson <josef.gson@gmail.com> | 2015-09-22 15:01:44 +0200 |
---|---|---|
committer | Josef Gustafsson <josef.gson@gmail.com> | 2015-09-22 15:01:44 +0200 |
commit | e2de391a1f385da19bb4d22bfd90472841260630 (patch) | |
tree | 496dd769486cefd6908ee81bd526f9d3de2d3e5f | |
parent | c3a1c82a82aaf83dca11746601d8e3865ff1570b (diff) |
monitoring root certificates
-rwxr-xr-x | monitor/josef_monitor.py | 62 | ||||
-rwxr-xr-x | monitor/josef_reader.py | 10 | ||||
-rw-r--r-- | monitor/monitor_conf.py | 30 |
3 files changed, 51 insertions, 51 deletions
diff --git a/monitor/josef_monitor.py b/monitor/josef_monitor.py index 0e02a3c..bce3080 100755 --- a/monitor/josef_monitor.py +++ b/monitor/josef_monitor.py @@ -154,37 +154,35 @@ class ctlog: added, removed = compare_lists(hash_list, loaded_list) if len(added) != 0: - print str(len(added)) + " new roots found for " + self.name - if len(removed) != 0: - print str(len(removed)) + " roots removed for " + self.name + self.log(str(len(added)) + " new roots found") + for item in added: + root_cert = base64.decodestring(roots[hash_list.index(item)]) + subject = get_cert_info(root_cert)["subject"] + issuer = get_cert_info(root_cert)["issuer"] + if subject == issuer: + self.log("New Root: " + item + ", " + subject) + else: + self.log("WTF? Not a root...") + + fn = cert_dir + "/" + item + tempname = fn + ".new" + data = roots[hash_list.index(item)] + open(tempname, 'w').write(data) + mv_file(tempname, fn) - for item in removed: - data = open(cert_dir + "/" + item).read() - - root_cert = base64.decodestring(data) - subject = get_cert_info(root_cert)["subject"] - issuer = get_cert_info(root_cert)["issuer"] - if subject == issuer: - print "Removed Root: " + item + ", " + subject - self.log("Removed Root: " + item + ", " + subject) - else: - print "WTF? Not a root..." - - for item in added: - root_cert = base64.decodestring(roots[hash_list.index(item)]) - subject = get_cert_info(root_cert)["subject"] - issuer = get_cert_info(root_cert)["issuer"] - if subject == issuer: - print "New Root: " + item + ", " + subject - self.log("New Root: " + item + ", " + subject) - else: - print "WTF? Not a root..." - - fn = cert_dir + "/" + item - tempname = fn + ".new" - data = roots[hash_list.index(item)] - open(tempname, 'w').write(data) - mv_file(tempname, fn) + + if len(removed) != 0: + self.log(str(len(removed)) + " roots removed") + for item in removed: + data = open(cert_dir + "/" + item).read() + root_cert = base64.decodestring(data) + subject = get_cert_info(root_cert)["subject"] + issuer = get_cert_info(root_cert)["issuer"] + if subject == issuer: + self.log("Removed Root: " + item + ", " + subject) + else: + self.log("WTF? Not a root...") + def verify_progress(self, old): @@ -359,7 +357,7 @@ def get_proof_by_index(baseurl, index, tree_size): def get_all_roots(base_url): result = urlopen(base_url + "ct/v1/get-roots").read() certs = json.loads(result)["certificates"] - print time.strftime('%H:%M:%S') + " Received " + str(len(certs)) + " certs from " + base_url + # print time.strftime('%H:%M:%S') + " Received " + str(len(certs)) + " root certs from " + base_url return certs @@ -409,6 +407,8 @@ def main(args): while True: time.sleep(INTERVAL) for log in logs: + log.update_roots() + old_sth = log.sth log.update_sth() # Should this be done is later checks fail? (reorder?) if old_sth["timestamp"] != log.sth["timestamp"]: diff --git a/monitor/josef_reader.py b/monitor/josef_reader.py index b6fe55e..eadd120 100755 --- a/monitor/josef_reader.py +++ b/monitor/josef_reader.py @@ -176,11 +176,11 @@ def db_monitor_domain(domain, log=None, exclude_invalid=None, get_cert=None, iss res.append(me) - print str(count_all) + " matches found. " \ - + str(count_valid) + " valid, " \ - + str(count_expired) + " expired and " \ - + str(count_not_yet_valid) + " not yet valid for " \ - + domain + # print str(count_all) + " matches found. " \ + # + str(count_valid) + " valid, " \ + # + str(count_expired) + " expired and " \ + # + str(count_not_yet_valid) + " not yet valid for " \ + # + domain return res if __name__ == "__main__": diff --git a/monitor/monitor_conf.py b/monitor/monitor_conf.py index 913c466..57a245f 100644 --- a/monitor/monitor_conf.py +++ b/monitor/monitor_conf.py @@ -1,7 +1,7 @@ # All configuration for the CT monitor is done from this file! # interval (in seconds) between updates -INTERVAL = 30 +INTERVAL = 120 # Directories for various output files OUTPUT_DIR = "output/" @@ -29,20 +29,20 @@ MONITORED_DOMAINS = [ # CT logs and associated keys ctlogs = [ - {"name" : "pilot", - "url" : "https://ct.googleapis.com/pilot/", - "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==", - "id" : "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA="}, - - {"name" : "plausible", - "url" : "https://plausible.ct.nordu.net/", - "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9UV9+jO2MCTzkabodO2F7LM03MUBc8MrdAtkcW6v6GA9taTTw9QJqofm0BbdAsbtJL/unyEf0zIkRgXjjzaYqQ==", - "id" : "qucLfzy41WbIbC8Wl5yfRF9pqw60U1WJsvd6AwEE880="}, - - {"name" : "digicert", - "url" : "https://ct1.digicert-ct.com/log/", - "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==", - "id" : "VhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0="}, + # {"name" : "pilot", + # "url" : "https://ct.googleapis.com/pilot/", + # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==", + # "id" : "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA="}, + + # {"name" : "plausible", + # "url" : "https://plausible.ct.nordu.net/", + # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9UV9+jO2MCTzkabodO2F7LM03MUBc8MrdAtkcW6v6GA9taTTw9QJqofm0BbdAsbtJL/unyEf0zIkRgXjjzaYqQ==", + # "id" : "qucLfzy41WbIbC8Wl5yfRF9pqw60U1WJsvd6AwEE880="}, + + # {"name" : "digicert", + # "url" : "https://ct1.digicert-ct.com/log/", + # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==", + # "id" : "VhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0="}, {"name" : "izenpe", "url" : "https://ct.izenpe.com/", |