bugfixes and more stuff..

2 files changed, 49 insertions, 21 deletions

diff --git a/tools/josef_experimental.py b/tools/josef_experimental.py
index 4cb16f8..e44dcd4 100755
--- a/tools/josef_experimental.py
+++ b/tools/josef_experimental.py
@@ -6,6 +6,8 @@ import base64
 import urllib
 import urllib2
 import sys
+import subprocess
+
 # from pympler.asizeof import asizeof
 from certtools import *
 from Crypto.Signature import PKCS1_v1_5 
@@ -61,6 +63,23 @@ def get_proof_by_index(baseurl, index, tree_size):
         print "ERROR:", e.read()
         sys.exit(1)
 
+def my_get_cert_info(s):
+    p = subprocess.Popen(
+        ["openssl", "x509", "-text", "-noout", 
+        "-certopt", "no_header,no_version,no_serial,no_signame,no_validity,no_aux", "-inform", "der"],
+        # ["openssl", "x509", "-noout", "-subject", "-issuer", "-inform", "der"],
+        stdin=subprocess.PIPE, stdout=subprocess.PIPE,
+        stderr=subprocess.PIPE)
+    parsed = p.communicate(s)
+    if parsed[1]:
+        print "ERROR:", parsed[1]
+        sys.exit(1)
+    result = {}
+    for line in parsed[0].split("\n"):
+        (key, sep, value) = line.partition("=")
+        if sep == "=":
+            result[key] = value
+    return result
 
 base_urls = [
             "https://plausible.ct.nordu.net/",
@@ -96,19 +115,21 @@ monitored_domains = [
     "symantec.com",
 ]
 
-raw_entry = get_entries(base_urls[0], 1000, 1000)["entries"]
+raw_entry = get_entries(base_urls[0], 1000, 1005)["entries"]
 orig_entries = []
 
 for item in raw_entry:
-    print  item
+    # print  item
+    orig_entry = extract_original_entry(item)
+    cert_info = my_get_cert_info(orig_entry[0][0])
 
-    cert_info = get_cert_info(item)
-    for md in monitored_domains:
-        if md in cert_info["subject"]:
-            print md + " certifed by " + cert_info["issuer"]    
+    print cert_info
+    # for md in monitored_domains:
+    #     if md in cert_info["subject"]:
+    #         print md + " certifed by " + cert_info["issuer"]    
 
-    print "\n\n"
-    print item
+    # print "\n\n"
+    # print item
 
 
 
diff --git a/tools/josef_experimental_auditor.py b/tools/josef_experimental_auditor.py
index 690f883..e8e7b52 100755
--- a/tools/josef_experimental_auditor.py
+++ b/tools/josef_experimental_auditor.py
@@ -18,13 +18,13 @@ DEFAULT_CUR_FILE = 'all-sth.json'
 base_urls = [
     # "https://plausible.ct.nordu.net/",
     # "https://ct1.digicert-ct.com/log/", 
-    "https://ct.izenpe.com/",
+    # "https://ct.izenpe.com/",
     # "https://log.certly.io/", 
     # "https://ct.googleapis.com/aviator/", 
     # "https://ct.googleapis.com/pilot/",
     # "https://ct.googleapis.com/rocketeer/",
-    "https://ct.ws.symantec.com/",
     "https://ctlog.api.venafi.com/",
+    "https://ct.ws.symantec.com/",
 ]
 
 parser = argparse.ArgumentParser(description="")
@@ -47,11 +47,12 @@ errors = []
 
 monitored_domains = [
     # "google.com",
-    "preishelden.de",
-    "liu.se",
-    "nordu.net",
-    "symantec.com",
-    ".se",
+    # "preishelden.de",
+    # "liu.se",
+    # "nordu.net",
+    # "symantec.com",
+    # "sunet.se",
+    # ".se",
 ]
 
 class UTC(datetime.tzinfo):
@@ -220,7 +221,8 @@ def fetch_and_increment_subtree(old_sth, new_sth_in, subtree, base_url):
                 check_domain(item)
                 new_leafs.append(get_leaf_hash(base64.b64decode(item["leaf_input"])))
             idx += len(new_leafs)
-            print time.strftime('%H:%M:%S') + " Got entries " + str(pre_size) + " to " + str(idx) + " from " + base_url
+            print time.strftime('%H:%M:%S') + " Got entries " + str(pre_size) + " to " \
+                + str(idx -1) + " (" + str(len(new_leafs)) +" entries) from " + base_url
             subtree = reduce_tree(new_leafs, subtree)
 
     except:
@@ -259,8 +261,10 @@ def verify_subtree(old_sth, subtree, base_url):
         if root == sth["sha256_root_hash"]:
             print time.strftime('%H:%M:%S') + " Verifying root hashes for " + base_url + "...OK."
         else:
-            print time.strftime('%H:%M:%S') + " ERROR: Failed to verify root hashes! STH root: " + sth["sha256_root_hash"] + ", Tree root: " + root
-            errors.append(time.strftime('%H:%M:%S') + " ERROR: Failed to verify root hash for " + base_url + ", tre size " + sth["tree_size"])
+            print time.strftime('%H:%M:%S') + " ERROR: Failed to verify root hashes! STH root: " \
+                + sth["sha256_root_hash"] + ", Tree root: " + root
+            errors.append(time.strftime('%H:%M:%S') + " ERROR: Failed to verify root hash for " 
+                + base_url + ", tre size " + sth["tree_size"])
     except:
         print time.strftime('%H:%M:%S') + " ERROR: Failed to build STH for " + base_url
         errors.append(time.strftime('%H:%M:%S') + " ERROR: Failed to build STH for " + base_url)
@@ -446,8 +450,11 @@ def main(args):
         all_subtrees = {}
         print time.strftime('%H:%M:%S') + " Building trees from entries. This may take a while, go get coffee or something..."
         for url in base_urls:
+            sth[url]["tree_size"] -= 10
+            sth[url]["sha256_root_hash"] = "na"
             all_subtrees[url] = fetch_and_build_subtree(sth, url)
-            verify_subtree(sth, all_subtrees[url], url)
+            # verify_subtree(sth, all_subtrees[url], url)
+
         
         while True:
             time.sleep(30)
@@ -455,8 +462,8 @@ def main(args):
             for url in base_urls:
                 if sth[url]["tree_size"] != new_sth[url]["tree_size"]:
                     all_subtrees[url] = fetch_and_increment_subtree(sth, new_sth, all_subtrees[url], url)
-                    verify_subtree(sth, all_subtrees[url], url)
-                    sth = new_sth
+                    verify_subtree(new_sth, all_subtrees[url], url)
+            sth = new_sth
 
 
 if __name__ == '__main__':