4 files changed, 73 insertions, 44 deletions

diff --git a/monitor/josef_experimental.py b/monitor/josef_experimental.py
index 46e4b2e..3c7e590 100755
--- a/monitor/josef_experimental.py
+++ b/monitor/josef_experimental.py
@@ -8,44 +8,63 @@ import argparse
 import json
 from josef_leveldb import *
 from datetime import datetime as dt
+from josef_monitor import verify_inclusion_by_hash
 
 
+def verify_sct(baseurl, sctentry, key, sth_in=None):
+    if sth_in is None:
+        if baseurl:
+            sth = get_sth(baseurl)
+        else:
+            print "No sth provided!"
+    else:
+        sth = sth_in
+
+    # Verify signature
+    leafcert = base64.b64decode(sctentry["leafcert"])
+    if "issuer_key_hash" in sctentry:
+        issuer_key_hash = base64.b64decode(sctentry["issuer_key_hash"])
+    else:
+        issuer_key_hash = None
+    try:
+        if issuer_key_hash:
+            signed_entry = pack_precert(leafcert, issuer_key_hash)
+        else:
+            signed_entry = pack_cert(leafcert)
+        check_sct_signature(baseurl, signed_entry, sctentry["sct"], precert=issuer_key_hash, publickey=key)
+        print "Signature OK"
+    except AssertionError, e:
+        print "ERROR:", e
+    except urllib2.HTTPError, e:
+        print "ERROR:", e
+    except ecdsa.keys.BadSignatureError, e:
+        print "ERROR: bad signature"
+    
+    # Verify inclusion
+    h = get_leaf_hash(base64.b64decode(sctentry["leafcert"]))
+    
+    verify_inclusion_by_hash("https://localhost:8080/", h)
 
-f = open("sct_example")
-s = f.read()
-sctentry = json.loads(s)
-sct = sctentry["sct"]
-# print sct
 
-baseurl = None
-logpublickey = get_public_key_from_file("sct_example_logkey.pem")
-# print key
-# print base64.b64encode(key)
-# keyhash = hashlib.sha256(key).digest()
-# print base64.b64encode(keyhash)
 
-# print check_sct_signature(None, sctentry, sct, False, key)
 
 
-timing = timing_point()
+if __name__ == '__main__':
+    f = open("sct_example")
+    s = f.read()
+    sctentry = json.loads(s)
 
-leafcert = base64.b64decode(sctentry["leafcert"])
-if "issuer_key_hash" in sctentry:
-    issuer_key_hash = base64.b64decode(sctentry["issuer_key_hash"])
-else:
-    issuer_key_hash = None
-try:
-    if issuer_key_hash:
-        signed_entry = pack_precert(leafcert, issuer_key_hash)
+    logpublickey = get_public_key_from_file("sct_example_logkey.pem")
+    if "sth" in sctentry:
+        print "found sth in sct"
+        sth = sctentry["sth"]
     else:
-        signed_entry = pack_cert(leafcert)
-    check_sct_signature(baseurl, signed_entry, sctentry["sct"], precert=issuer_key_hash, publickey=logpublickey)
-    timing_point(timing, "checksig")
-except AssertionError, e:
-    print "ERROR:", e
-except urllib2.HTTPError, e:
-    print "ERROR:", e
-except ecdsa.keys.BadSignatureError, e:
-    print "ERROR: bad signature"
-
-# print sctentry
+        sth = None
+
+
+    verify_sct(None, sctentry, logpublickey, sth)
+
+
+    # print sctentry
+    # print base64.b64decode(sctentry["leafcert"])
+    # print base64.b64decode(get_entries("https://plausible.ct.nordu.net:/", 1234,1234)["entries"][0]["leaf_input"])
diff --git a/monitor/josef_lib.py b/monitor/josef_lib.py
index f886b6d..28ea0c0 100644
--- a/monitor/josef_lib.py
+++ b/monitor/josef_lib.py
@@ -512,7 +512,6 @@ def unpack_mtl(merkle_tree_leaf):
         issuer_key_hash = timestamped_entry[10:42]
         (leafcert, rest_entry) = unpack_tls_array(timestamped_entry[42:], 3)
     return (leafcert, timestamp, issuer_key_hash)
-
 def get_leaf_hash(merkle_tree_leaf):
     leaf_hash = hashlib.sha256()
     leaf_hash.update(struct.pack(">b", 0))
diff --git a/monitor/josef_monitor.py b/monitor/josef_monitor.py
index 83e3663..aacc59c 100755
--- a/monitor/josef_monitor.py
+++ b/monitor/josef_monitor.py
@@ -34,10 +34,11 @@ if not os.path.exists(DB_PATH):
 parser = argparse.ArgumentParser(description="")
 
 class ctlog:
-    def __init__(self, name, url, key):
+    def __init__(self, name, url, key, log_id=None):
         self.name = name
         self.url = url
         self.key = key
+        self.log_id = log_id
         self.logfile = OUTPUT_DIR + name + ".log"
         self.savefile = OUTPUT_DIR + name + "-state-info.json"
         self.subtree = [[]]
@@ -197,6 +198,7 @@ class ctlog:
             self.log("ERROR: Could not verify consistency!")
             print "ERROR: Could not verify consistency for " + self.url
 
+
 def verify_inclusion_all(old, new):
     for url in old:
         try:
@@ -341,7 +343,7 @@ def main(args):
     logs = []
     try:
         for item in ctlogs:
-            logs.append(ctlog(item, ctlogs[item][0], ctlogs[item][1]))
+            logs.append(ctlog(item, ctlogs[item][0], ctlogs[item][1], ctlogs[item][2]))
 
         print time.strftime('%H:%M:%S') + " Setting up monitor for " + str(len(logs)) + " logs..."
         # Set up state 
diff --git a/monitor/monitor_conf.py b/monitor/monitor_conf.py
index 2628185..38de5ff 100644
--- a/monitor/monitor_conf.py
+++ b/monitor/monitor_conf.py
@@ -31,37 +31,46 @@ MONITORED_DOMAINS = [
 ctlogs = {
     # "pilot": 
     # ["https://ct.googleapis.com/pilot/",
-    # "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA=="],
+    # "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==",
+    # "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA="],
 
     # "plausible":
     # ["https://plausible.ct.nordu.net/",
-    # "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9UV9+jO2MCTzkabodO2F7LM03MUBc8MrdAtkcW6v6GA9taTTw9QJqofm0BbdAsbtJL/unyEf0zIkRgXjjzaYqQ=="],
+    # "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9UV9+jO2MCTzkabodO2F7LM03MUBc8MrdAtkcW6v6GA9taTTw9QJqofm0BbdAsbtJL/unyEf0zIkRgXjjzaYqQ==",
+    # "qucLfzy41WbIbC8Wl5yfRF9pqw60U1WJsvd6AwEE880="],
 
     # "digicert":
     # ["https://ct1.digicert-ct.com/log/",
-    # "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A=="],
+    # "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==",
+    # "VhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0="],
 
     "izenpe":
     ["https://ct.izenpe.com/",
-    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg=="],
+    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg==",
+    "dGG0oJz7PUHXUVlXWy52SaRFqNJ3CbDMVkpkgrfrQaM="],
     
     "certly":
     ["https://log.certly.io/",
-    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECyPLhWKYYUgEc+tUXfPQB4wtGS2MNvXrjwFCCnyYJifBtd2Sk7Cu+Js9DNhMTh35FftHaHu6ZrclnNBKwmbbSA=="], 
+    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECyPLhWKYYUgEc+tUXfPQB4wtGS2MNvXrjwFCCnyYJifBtd2Sk7Cu+Js9DNhMTh35FftHaHu6ZrclnNBKwmbbSA==",
+    "zbUXm3/BwEb+6jETaj+PAC5hgvr4iW/syLL1tatgSQA="], 
 
     # "aviator":
     # ["https://ct.googleapis.com/aviator/",
-    # "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q=="],
+    # "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q==",
+    # "aPaY+B9kgr46jO65KB1M/HFRXWeT1ETRCmesu09P+8Q="],
 
     # "rocketeer":
     # ["https://ct.googleapis.com/rocketeer/",
-   	# "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg=="],
+   	# "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg==",
+    # "7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/cs="],
 
     "symantec":
     ["https://ct.ws.symantec.com/",
-    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg=="],
+    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg==",
+    "3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvsw="],
     
     "venafi":
     ["https://ctlog.api.venafi.com/",
-    "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB"],
+    "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB",
+    "rDua7X+pZ0dXFZ5tfVdWcvnZgQCUHpve/+yhMTt1eC0="],
 }