implementing root monitoring

1 files changed, 23 insertions, 29 deletions

diff --git a/tools/josef_experimental_auditor.py b/tools/josef_experimental_auditor.py
index 6bb8baa..7e5dc65 100755
--- a/tools/josef_experimental_auditor.py
+++ b/tools/josef_experimental_auditor.py
@@ -18,14 +18,14 @@ DEFAULT_CUR_FILE = 'all-sth.json'
 DEFAULT_CERT_FILE = "cert_data.json"
 
 base_urls = [
-    # "https://plausible.ct.nordu.net/",
-    # "https://ct1.digicert-ct.com/log/", 
-    # "https://ct.izenpe.com/",
-    # "https://log.certly.io/", 
-    # "https://ct.googleapis.com/aviator/", 
-    # "https://ct.googleapis.com/pilot/",
-    # "https://ct.googleapis.com/rocketeer/",
-    # "https://ctlog.api.venafi.com/",
+    "https://plausible.ct.nordu.net/",
+    "https://ct1.digicert-ct.com/log/", 
+    "https://ct.izenpe.com/",
+    "https://log.certly.io/", 
+    "https://ct.googleapis.com/aviator/", 
+    "https://ct.googleapis.com/pilot/",
+    "https://ct.googleapis.com/rocketeer/",
+    "https://ctlog.api.venafi.com/",
     "https://ct.ws.symantec.com/",
 ]
 
@@ -47,7 +47,7 @@ parser.add_argument('--cur-sth',
 timings = {}
 errors = []
 
-monitored_domains = [
+# monitored_domains = [
     # "google.com",
     # "preishelden.de",
     # "liu.se",
@@ -55,7 +55,7 @@ monitored_domains = [
     # "symantec.com",
     # "sunet.se",
     # ".se",
-]
+# ]
 
 class UTC(datetime.tzinfo):
     def utcoffset(self, dt):
@@ -325,17 +325,8 @@ def get_proof_by_index(baseurl, index, tree_size):
 def get_all_roots(base_url):
     result = urlopen(base_url + "ct/v1/get-roots").read()
     certs = json.loads(result)["certificates"]
-    print time.strftime('%H:%M:%S') + " Received " + str(len(certs)) + " certs from " + base_url
-
-    for accepted_cert in certs:
-        subject = get_cert_info(base64.decodestring(accepted_cert))["subject"]
-        issuer = get_cert_info(base64.decodestring(accepted_cert))["issuer"]
-        if subject == issuer:
-            root_cert = base64.decodestring(accepted_cert)
-            try:
-                print get_cert_info(root_cert)["subject"].split("CN=")[1]
-            except:
-                print get_cert_info(root_cert)["subject"]
+    # print time.strftime('%H:%M:%S') + " Received " + str(len(certs)) + " certs from " + base_url
+
     return certs
 
 def print_errors(errors):
@@ -454,14 +445,14 @@ def main(args):
 
 if __name__ == '__main__':
     # try:
-        main(parser.parse_args())
-        if len(errors) == 0:
-            print time.strftime('%H:%M:%S') + " Everything OK."
-            sys.exit(NAGIOS_OK)
-        else:
-            # print "errors found!"
-            print_errors(errors)
-            sys.exit(NAGIOS_WARN)
+        # main(parser.parse_args())
+        # if len(errors) == 0:
+        #     print time.strftime('%H:%M:%S') + " Everything OK."
+        #     sys.exit(NAGIOS_OK)
+        # else:
+        #     # print "errors found!"
+        #     print_errors(errors)
+        #     sys.exit(NAGIOS_WARN)
     # except:
     #     pass
     # finally:
@@ -469,6 +460,9 @@ if __name__ == '__main__':
     #     print_errors(errors)
 
 
+    for url in base_urls:
+        roots = get_all_roots(url)
+        print "Got " + str(len(roots)) + " roots from " + url