diff options
author | Josef Gustafsson <josef.gson@gmail.com> | 2015-09-23 17:21:42 +0200 |
---|---|---|
committer | Josef Gustafsson <josef.gson@gmail.com> | 2015-09-23 17:21:42 +0200 |
commit | a503084f23a35de24ce09b2c9a60cbfafcefa9df (patch) | |
tree | 08ce73eecdf357f96d5c64e6362f207b774f688a /monitor | |
parent | e2de391a1f385da19bb4d22bfd90472841260630 (diff) |
sct signature validation working
Diffstat (limited to 'monitor')
-rwxr-xr-x | monitor/josef_experimental.py | 27 | ||||
-rwxr-xr-x | monitor/josef_mover.py | 42 | ||||
-rw-r--r-- | monitor/monitor_conf.py | 29 | ||||
-rwxr-xr-x | monitor/verify_sct.py | 8 |
4 files changed, 78 insertions, 28 deletions
diff --git a/monitor/josef_experimental.py b/monitor/josef_experimental.py index 97ea876..1119a22 100755 --- a/monitor/josef_experimental.py +++ b/monitor/josef_experimental.py @@ -105,8 +105,31 @@ def update_roots(log): if __name__ == '__main__': - for log in ctlogs: - update_roots(log) + # for log in ctlogs: + # update_roots(log) + + submission = ['MIIE1jCCA76gAwIBAgISESGwNq1DK/7r1wGrSndrRcJ9MA0GCSqGSIb3DQEBBQUAMC4xETAPBgNVBAoTCEFscGhhU1NMMRkwFwYDVQQDExBBbHBoYVNTTCBDQSAtIEcyMB4XDTE0MDYwNjEwMTYyNVoXDTE1MDYwNTEyMTE0NVowVTELMAkGA1UEBhMCR0IxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEjMCEGA1UEAwwad3d3LnNwZWNpYWxpc3QtdGFwZXMuY28udWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcGP5Pur9sf7kX0hVCAxydmUoke6quqcFjV1f+FsnOOTfliCxFn15Ezg1sbq0fFPK9tL8CWlewJO8vA0AIYAYTDyyWhaeNfHVdOR0Emus5u61NOibG24juB/KePrPy4KsCyYHeO9I4eaDgEJ4ha06RTusr49+UeQ04sKhSZLZbqIsAPUdUZrm+SwjHt0yBDrJGmQC0JueF6eGzcUwFG9Rdn++zi0si0n7j84JFjvzNXxsgHdiO0vGmeLsfizOC/cbU/4NYFDVML/Do6oimeleanTQDPj0Xt1DpAqC2cSI4C6IEBpy/kIo7Yy6qlC8c0qpVg8lAB8wDdx2qAr1Mq5i9AgMBAAGjggHFMIIBwTAOBgNVHQ8BAf8EBAMCBaAwSQYDVR0gBEIwQDA+BgZngQwBAgEwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wPQYDVR0RBDYwNIIad3d3LnNwZWNpYWxpc3QtdGFwZXMuY28udWuCFnNwZWNpYWxpc3QtdGFwZXMuY28udWswCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDIuYWxwaGFzc2wuY29tL2dzL2dzYWxwaGFnMi5jcmwwfwYIKwYBBQUHAQEEczBxMDwGCCsGAQUFBzAChjBodHRwOi8vc2VjdXJlMi5hbHBoYXNzbC5jb20vY2FjZXJ0L2dzYWxwaGFnMi5jcnQwMQYIKwYBBQUHMAGGJWh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc2FscGhhZzIwHQYDVR0OBBYEFPNVIQa7tlmkqxbVnJ+vcaz/7PQdMB8GA1UdIwQYMBaAFBTqGVXwDg0yxh90M7eOZhpMEjEeMA0GCSqGSIb3DQEBBQUAA4IBAQB4PzM03rndHWb3a02GzAZF3kLw6d0OkRM4PSIIwAT9KX1PgTAncD1JPGFCU1OQ0xyDCV/+iT8kKuGxW9fjEC/KiVSxJxZGfE3OiA6auquMOQB5X5GN0GW5uDocqKJE2i51Fj3zEqiJ3uIur+0Nk2TVUF1Q+5+/N8qEjmecb0mcLr75Lxa6IOAFYHmMdAt2gAjHegkcH7w53teM+QZw3usekqSeKiQKXUgrW8HWnr2+fumfuZeevtx3mcRBiHadj/UV+1PvCsxfSia/8Sw4CWWwWUCKYGdm1YBxCN1qK6yyOgS6guXPFnyKBHyQTV9AfLDW68tWGadmUiFQIEaLz0m5', 'MIIELzCCAxegAwIBAgILBAAAAAABL07hNwIwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAwMDBaFw0yMjA0MTMxMDAwMDBaMC4xETAPBgNVBAoTCEFscGhhU1NMMRkwFwYDVQQDExBBbHBoYVNTTCBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/BliN8b3caChy/JC7pUxmM/RnWsSxQfmHKLHBD/CalSbi9l32WEP1+BstjxT9fwWrvJr9Ax3SZGKpme2KmjtrgHxMlx95WE79LqH1Sg5b7kQSFWMRBkfR5jjpxxXDygLt5n3MiaIPB1yLC2J4Hrlw3uIkWlwi80J+zgWRJRsx4F5Tgg0mlZelkXvhpLOQgSeTObZGj+WIHdiAxqulm0ryRPYeDK/Bda0jxyq6dMt7nqLeP0P5miTcgdWPh/UzWO1yKIt2F2CBMTaWawV1kTMQpwgiuT1/biQBXQHQFyxxNYalrsGYkWPODIjYYq+jfwNTLd7OX+gI73BWe0i0J1NQIDAQABo4IBIzCCAR8wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFBTqGVXwDg0yxh90M7eOZhpMEjEeMEUGA1UdIAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hbHBoYXNzbC5jb20vcmVwb3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEABjBCm89JAn6J6fWDWj0C87yyRt5KUO65mpBz2qBcJsqCrA6ts5T6KC6y5kk/UHcOlS9o82U8nxTyaGCStvwEDfakGKFpYA3jnWhbvJ4LOFmNIdoj+pmKCbkfpy61VWxH50Hs5uJ/r1VEOeCsdO5l0/qrUUgw8T53be3kD0CY7kd/jbZYJ82Sb2AjzAKbWSh4olGd0Eqc5ZNemI/L7z/K/uCvpMlbbkBYpZItvV1lVcW/fARB2aS1gOmUYAIQOGoICNdTHC2Tr8kTe9RsxDrE+4CsuzpOVHrNTrM+7fH8EU6f9fMUvLmxMc72qi+l+MPpZqmyIJ3E+LgDYqeF0RhjWw==', 'MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQUYHtmGkUNl8qJUC99BM00qP/8/UswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOCAQEArqqf/LfSyx9fOSkoGJ40yWxPbxrwZKJwSk8ThptgKJ7ogUmYfQq75bCdPTbbjwVR/wkxKh/diXeeDy5slQTthsu0AD+EAk2AaioteAuubyuig0SDH81Qgkwkr733pbTIWg/050deSY43lv6aiAU62cDbKYfmGZZHpzqmjIs8d/5GY6dT2iHRrH5Jokvmw2dZL7OKDrssvamqQnw1wdh/1acxOk5jQzmvCLBhNIzTmKlDNPYPhyk7ncJWWJh3w/cbrPad+D6qp1RF8PX51TFl/mtYnHGzHtdS6jIX/EBgHcl5JLL2bP2oZg6C3ZjL2sJETy6ge/L3ayx2EYRGinij4w=='] + leaf = base64.b64decode(submission[0]) + # print leaf + # print base64.b64decode(submission[0]) + # entry = json.loads('{"extra_data": "AAeyAAQzMIIELzCCAxegAwIBAgILBAAAAAABL07hNwIwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAwMDBaFw0yMjA0MTMxMDAwMDBaMC4xETAPBgNVBAoTCEFscGhhU1NMMRkwFwYDVQQDExBBbHBoYVNTTCBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/BliN8b3caChy/JC7pUxmM/RnWsSxQfmHKLHBD/CalSbi9l32WEP1+BstjxT9fwWrvJr9Ax3SZGKpme2KmjtrgHxMlx95WE79LqH1Sg5b7kQSFWMRBkfR5jjpxxXDygLt5n3MiaIPB1yLC2J4Hrlw3uIkWlwi80J+zgWRJRsx4F5Tgg0mlZelkXvhpLOQgSeTObZGj+WIHdiAxqulm0ryRPYeDK/Bda0jxyq6dMt7nqLeP0P5miTcgdWPh/UzWO1yKIt2F2CBMTaWawV1kTMQpwgiuT1/biQBXQHQFyxxNYalrsGYkWPODIjYYq+jfwNTLd7OX+gI73BWe0i0J1NQIDAQABo4IBIzCCAR8wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFBTqGVXwDg0yxh90M7eOZhpMEjEeMEUGA1UdIAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hbHBoYXNzbC5jb20vcmVwb3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEABjBCm89JAn6J6fWDWj0C87yyRt5KUO65mpBz2qBcJsqCrA6ts5T6KC6y5kk/UHcOlS9o82U8nxTyaGCStvwEDfakGKFpYA3jnWhbvJ4LOFmNIdoj+pmKCbkfpy61VWxH50Hs5uJ/r1VEOeCsdO5l0/qrUUgw8T53be3kD0CY7kd/jbZYJ82Sb2AjzAKbWSh4olGd0Eqc5ZNemI/L7z/K/uCvpMlbbkBYpZItvV1lVcW/fARB2aS1gOmUYAIQOGoICNdTHC2Tr8kTe9RsxDrE+4CsuzpOVHrNTrM+7fH8EU6f9fMUvLmxMc72qi+l+MPpZqmyIJ3E+LgDYqeF0RhjWwADeTCCA3UwggJdoAMCAQICCwIAAAAAANZ4t5QFMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNOTgwOTAxMTIwMDAwWhcNMTQwMTI4MTIwMDAwWjBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2g7mmY3Oo+NPin778YuDJWvqSB/xKrC5lREEvfBj0eJnZs8c3c8bSCvujYmOmq8pgGWr6cctEsurHExwB6E9CjDNFY1P+N3UjFAVHO9Q7sQu9/zpUvKRfeBt1TUwjl5Dc/JB6dVq47KJOlY5OG8GPIhpWypNxadUuGyJzJv5PMrl/Yn1EjySeJbW3HRuk0Rh0Y3HRrJ1DoboGYrVbWzVeBaVounICjjr8iQTT3NUkxOFOhu8HjS1iwWMuXeLsdsfIJGrCVNukM57N3S5cEeRIlFjFnmusa5BJgjIGSvRRqpI1mQq14M0/ywqwWwZQ0oHhefTfPYhaO/q8lKff5OQzwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAAYwHQYDVR0OBBYEFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBAK6qn/y30ssfXzkpKBieNMlsT28a8GSicEpPE4abYCie6IFJmH0Ku+WwnT02248FUf8JMSof3Yl3ng8ubJUE7YbLtAA/hAJNgGoqLXgLrm8rooNEgx/NUIJMJK+996W0yFoP9OdHXkmON5b+mogFOtnA2ymH5hmWR6c6poyLPHf+RmOnU9oh0ax+SaJL5sNnWS+zig67LL2pqkJ8NcHYf9WnMTpOY0M5rwiwYTSM05ipQzT2D4cpO53CVliYd8P3G6z2nfg+qqdURfD1+dUxZf5rWJxxsx7XUuoyF/xAYB3JeSSy9mz9qGYOgt2Yy9rCRE8uoHvy92ssdhGERop4o+M=", "leaf_input": "AAAAAAFNYSr/0QAAAATaMIIE1jCCA76gAwIBAgISESGwNq1DK/7r1wGrSndrRcJ9MA0GCSqGSIb3DQEBBQUAMC4xETAPBgNVBAoTCEFscGhhU1NMMRkwFwYDVQQDExBBbHBoYVNTTCBDQSAtIEcyMB4XDTE0MDYwNjEwMTYyNVoXDTE1MDYwNTEyMTE0NVowVTELMAkGA1UEBhMCR0IxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEjMCEGA1UEAwwad3d3LnNwZWNpYWxpc3QtdGFwZXMuY28udWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcGP5Pur9sf7kX0hVCAxydmUoke6quqcFjV1f+FsnOOTfliCxFn15Ezg1sbq0fFPK9tL8CWlewJO8vA0AIYAYTDyyWhaeNfHVdOR0Emus5u61NOibG24juB/KePrPy4KsCyYHeO9I4eaDgEJ4ha06RTusr49+UeQ04sKhSZLZbqIsAPUdUZrm+SwjHt0yBDrJGmQC0JueF6eGzcUwFG9Rdn++zi0si0n7j84JFjvzNXxsgHdiO0vGmeLsfizOC/cbU/4NYFDVML/Do6oimeleanTQDPj0Xt1DpAqC2cSI4C6IEBpy/kIo7Yy6qlC8c0qpVg8lAB8wDdx2qAr1Mq5i9AgMBAAGjggHFMIIBwTAOBgNVHQ8BAf8EBAMCBaAwSQYDVR0gBEIwQDA+BgZngQwBAgEwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wPQYDVR0RBDYwNIIad3d3LnNwZWNpYWxpc3QtdGFwZXMuY28udWuCFnNwZWNpYWxpc3QtdGFwZXMuY28udWswCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDIuYWxwaGFzc2wuY29tL2dzL2dzYWxwaGFnMi5jcmwwfwYIKwYBBQUHAQEEczBxMDwGCCsGAQUFBzAChjBodHRwOi8vc2VjdXJlMi5hbHBoYXNzbC5jb20vY2FjZXJ0L2dzYWxwaGFnMi5jcnQwMQYIKwYBBQUHMAGGJWh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc2FscGhhZzIwHQYDVR0OBBYEFPNVIQa7tlmkqxbVnJ+vcaz/7PQdMB8GA1UdIwQYMBaAFBTqGVXwDg0yxh90M7eOZhpMEjEeMA0GCSqGSIb3DQEBBQUAA4IBAQB4PzM03rndHWb3a02GzAZF3kLw6d0OkRM4PSIIwAT9KX1PgTAncD1JPGFCU1OQ0xyDCV/+iT8kKuGxW9fjEC/KiVSxJxZGfE3OiA6auquMOQB5X5GN0GW5uDocqKJE2i51Fj3zEqiJ3uIur+0Nk2TVUF1Q+5+/N8qEjmecb0mcLr75Lxa6IOAFYHmMdAt2gAjHegkcH7w53teM+QZw3usekqSeKiQKXUgrW8HWnr2+fumfuZeevtx3mcRBiHadj/UV+1PvCsxfSia/8Sw4CWWwWUCKYGdm1YBxCN1qK6yyOgS6guXPFnyKBHyQTV9AfLDW68tWGadmUiFQIEaLz0m5AAA="}') + # print my_get_all_cert_info(leaf) + precert = False + + # if issuer_key_hash: + # signed_entry = pack_precert(leaf, issuer_key_hash) + # else: + signed_entry = pack_cert(leaf) + + log = { + "name" : "pilot", + "url" : "https://ct.googleapis.com/pilot/", + "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==", + "id" : "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA="} + + + sct = json.loads('{"timestamp": 1419573511033, "signature": "BAMARzBFAiAz6UTsDV6PcHdW/iZ1JqeF91KbjrpG2ubRVW0z5trPIwIhANtReTFlwkxDfVIvGscTdDk5monwBL702DkYd0oKM0xE", "sct_version": 0, "id": "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA=", "extensions": ""}') + check_sct_signature(log["url"], signed_entry, sct, precert, base64.b64decode(log["key"])) diff --git a/monitor/josef_mover.py b/monitor/josef_mover.py index 5fb22da..bc7f4a0 100755 --- a/monitor/josef_mover.py +++ b/monitor/josef_mover.py @@ -7,6 +7,7 @@ import datetime import os import json +from precerttools import cleanprecert from monitor_conf import * from josef_lib import * @@ -14,7 +15,8 @@ def print_reply(rep, entry, precert): t = datetime.datetime.fromtimestamp(rep['timestamp'] / 1000, UTC()).strftime("%Y-%m-%d %H:%M:%S") log_id = rep["id"] - # print res + # print json.dumps(rep) + # print entry print "Time:", t @@ -27,17 +29,30 @@ def print_reply(rep, entry, precert): print "Log:", l["name"] - # check_sct_signature(log["url"], entry, rep, precert, log["key"]) + if precert: + print "Type: Precert" + print base64.b64encode(entry[2]) + signed_entry = pack_precert(cleanprecert(entry[0][0]), entry[2]) + else: + print "Type: Cert" + signed_entry = pack_cert(entry[0][0]) + + key = base64.b64decode(log["key"]) - # print "Signature: CHECKING NOT IMPLEMENTED YET!" - # print "" + # try: + check_sct_signature(log["url"], signed_entry, rep, precert, key) + print "Signature: OK" + # except: + # print "Could not verify signature!" + print "" -source = ctlogs[0] -dests = [ctlogs[1]] -first = 153357 -last = 154357 +source = ctlogs[1] +dests = [ctlogs[0]] + +first = 153363 +last = 153365 entries = get_entries(source["url"], first, last)["entries"] @@ -46,7 +61,9 @@ entries = get_entries(source["url"], first, last)["entries"] for log in dests: for item in entries: try: + # print item entry = extract_original_entry(item) + # print entry[2] if entry[2]: precert = True else: @@ -60,13 +77,14 @@ for log in dests: res = add_prechain(log["url"], {"chain" : submission}) else: res = add_chain(log["url"], {"chain" : submission}) - + print res + # print submission print_reply(res, entry, precert) - time.sleep(5) + # time.sleep(5) except KeyboardInterrupt: break - except: - print "FAILED!" + # except: + # print "FAILED!" diff --git a/monitor/monitor_conf.py b/monitor/monitor_conf.py index 57a245f..ffdb1bf 100644 --- a/monitor/monitor_conf.py +++ b/monitor/monitor_conf.py @@ -11,6 +11,7 @@ OUTPUT_DIR = "output/" DEFAULT_CERT_FILE = None # DEFAULT_CERT_FILE = OUTPUT_DIR + "cert_data.json" +# Set to None to disable database writing DOMAINS_FILE = OUTPUT_DIR + "domains.json" # Set to None to disable database output @@ -29,20 +30,20 @@ MONITORED_DOMAINS = [ # CT logs and associated keys ctlogs = [ - # {"name" : "pilot", - # "url" : "https://ct.googleapis.com/pilot/", - # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==", - # "id" : "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA="}, - - # {"name" : "plausible", - # "url" : "https://plausible.ct.nordu.net/", - # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9UV9+jO2MCTzkabodO2F7LM03MUBc8MrdAtkcW6v6GA9taTTw9QJqofm0BbdAsbtJL/unyEf0zIkRgXjjzaYqQ==", - # "id" : "qucLfzy41WbIbC8Wl5yfRF9pqw60U1WJsvd6AwEE880="}, - - # {"name" : "digicert", - # "url" : "https://ct1.digicert-ct.com/log/", - # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==", - # "id" : "VhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0="}, + {"name" : "pilot", + "url" : "https://ct.googleapis.com/pilot/", + "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==", + "id" : "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA="}, + + {"name" : "plausible", + "url" : "https://plausible.ct.nordu.net/", + "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9UV9+jO2MCTzkabodO2F7LM03MUBc8MrdAtkcW6v6GA9taTTw9QJqofm0BbdAsbtJL/unyEf0zIkRgXjjzaYqQ==", + "id" : "qucLfzy41WbIbC8Wl5yfRF9pqw60U1WJsvd6AwEE880="}, + + {"name" : "digicert", + "url" : "https://ct1.digicert-ct.com/log/", + "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==", + "id" : "VhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0="}, {"name" : "izenpe", "url" : "https://ct.izenpe.com/", diff --git a/monitor/verify_sct.py b/monitor/verify_sct.py index 54b08c7..e9bac19 100755 --- a/monitor/verify_sct.py +++ b/monitor/verify_sct.py @@ -217,6 +217,14 @@ def ReadSCT( SCT ): File.write( SCTSignature ) File.close() + # from josef_lib import check_sct_signature + # k = PubKey.replace('\n','').split('-')[10] + # print "\n\n START-------------" + # print base64.b64encode(SCTSignature) + # print base64.b64encode(Data) + # sct = {"id":Base64LogID, "signature":base64.b64encode(SCTSignature), "sct_version":0, "timestamp":SCTTimestamp,"extensions":""} + # print check_sct_signature(None, base64.b64encode(Data), sct, True, base64.b64decode(k)) + Args = [ OPENSSL_PATH ] Args.extend( [ "dgst", "-sha256", "-verify", "tmp-pubkey.pem", "-signature", "tmp-signature.bin", "tmp-signeddata.bin" ] ) |