1 files changed, 51 insertions, 32 deletions

diff --git a/monitor/josef_experimental.py b/monitor/josef_experimental.py
index 46e4b2e..3c7e590 100755
--- a/monitor/josef_experimental.py
+++ b/monitor/josef_experimental.py
@@ -8,44 +8,63 @@ import argparse
 import json
 from josef_leveldb import *
 from datetime import datetime as dt
+from josef_monitor import verify_inclusion_by_hash
 
 
+def verify_sct(baseurl, sctentry, key, sth_in=None):
+    if sth_in is None:
+        if baseurl:
+            sth = get_sth(baseurl)
+        else:
+            print "No sth provided!"
+    else:
+        sth = sth_in
+
+    # Verify signature
+    leafcert = base64.b64decode(sctentry["leafcert"])
+    if "issuer_key_hash" in sctentry:
+        issuer_key_hash = base64.b64decode(sctentry["issuer_key_hash"])
+    else:
+        issuer_key_hash = None
+    try:
+        if issuer_key_hash:
+            signed_entry = pack_precert(leafcert, issuer_key_hash)
+        else:
+            signed_entry = pack_cert(leafcert)
+        check_sct_signature(baseurl, signed_entry, sctentry["sct"], precert=issuer_key_hash, publickey=key)
+        print "Signature OK"
+    except AssertionError, e:
+        print "ERROR:", e
+    except urllib2.HTTPError, e:
+        print "ERROR:", e
+    except ecdsa.keys.BadSignatureError, e:
+        print "ERROR: bad signature"
+    
+    # Verify inclusion
+    h = get_leaf_hash(base64.b64decode(sctentry["leafcert"]))
+    
+    verify_inclusion_by_hash("https://localhost:8080/", h)
 
-f = open("sct_example")
-s = f.read()
-sctentry = json.loads(s)
-sct = sctentry["sct"]
-# print sct
 
-baseurl = None
-logpublickey = get_public_key_from_file("sct_example_logkey.pem")
-# print key
-# print base64.b64encode(key)
-# keyhash = hashlib.sha256(key).digest()
-# print base64.b64encode(keyhash)
 
-# print check_sct_signature(None, sctentry, sct, False, key)
 
 
-timing = timing_point()
+if __name__ == '__main__':
+    f = open("sct_example")
+    s = f.read()
+    sctentry = json.loads(s)
 
-leafcert = base64.b64decode(sctentry["leafcert"])
-if "issuer_key_hash" in sctentry:
-    issuer_key_hash = base64.b64decode(sctentry["issuer_key_hash"])
-else:
-    issuer_key_hash = None
-try:
-    if issuer_key_hash:
-        signed_entry = pack_precert(leafcert, issuer_key_hash)
+    logpublickey = get_public_key_from_file("sct_example_logkey.pem")
+    if "sth" in sctentry:
+        print "found sth in sct"
+        sth = sctentry["sth"]
     else:
-        signed_entry = pack_cert(leafcert)
-    check_sct_signature(baseurl, signed_entry, sctentry["sct"], precert=issuer_key_hash, publickey=logpublickey)
-    timing_point(timing, "checksig")
-except AssertionError, e:
-    print "ERROR:", e
-except urllib2.HTTPError, e:
-    print "ERROR:", e
-except ecdsa.keys.BadSignatureError, e:
-    print "ERROR: bad signature"
-
-# print sctentry
+        sth = None
+
+
+    verify_sct(None, sctentry, logpublickey, sth)
+
+
+    # print sctentry
+    # print base64.b64decode(sctentry["leafcert"])
+    # print base64.b64decode(get_entries("https://plausible.ct.nordu.net:/", 1234,1234)["entries"][0]["leaf_input"])