diff options
Diffstat (limited to 'monitor/josef_lib.py')
| -rw-r--r-- | monitor/josef_lib.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/monitor/josef_lib.py b/monitor/josef_lib.py index 0f64ef6..db9dad3 100644 --- a/monitor/josef_lib.py +++ b/monitor/josef_lib.py @@ -48,6 +48,26 @@ def get_all_roots(base_url): root_cert = base64.decodestring(accepted_cert) return certs +def verify_inclusion_by_hash(base_url, leaf_hash): + try: + tmp_sth = get_sth(base_url) + proof = get_proof_by_hash(base_url, leaf_hash, tmp_sth["tree_size"]) + + decoded_inclusion_proof = [] + for item in proof["audit_path"]: + decoded_inclusion_proof.append(base64.b64decode(item)) + + root = base64.b64encode(verify_inclusion_proof(decoded_inclusion_proof, proof["leaf_index"], tmp_sth["tree_size"], leaf_hash)) + + if tmp_sth["sha256_root_hash"] == root: + return True + else: + # print time.strftime('%H:%M:%S') + " ERROR: Could not prove inclusion for entry " + str(proof["leaf_index"]) + " in " + base_url + return False + except: + # print time.strftime('%H:%M:%S') + " ERROR: Could not prove inclusion for hashed entry in " + base_url + return False + def check_domain(raw_entry, log=None): orig_entry = extract_original_entry(raw_entry) try: |