1 files changed, 55 insertions, 6 deletions

diff --git a/monitor/josef_monitor.py b/monitor/josef_monitor.py
index dfdeacf..0e02a3c 100755
--- a/monitor/josef_monitor.py
+++ b/monitor/josef_monitor.py
@@ -44,6 +44,7 @@ class ctlog:
         self.subtree = [[]]
         self.sth = None
         self.entries = 0
+        self.root_hash = None
 
         self.log("Starting monitor")
 
@@ -133,6 +134,59 @@ class ctlog:
             self.sth = new_sth
 
 
+    def update_roots(self):
+        roots = get_all_roots(self.url)
+        new_root_hash = str(hash(str(roots)))
+        
+        if new_root_hash != self.root_hash:
+            self.root_hash = new_root_hash
+            cert_dir = OUTPUT_DIR + self.name + "-roots"
+            if not os.path.exists(cert_dir):
+                os.makedirs(cert_dir)
+
+            hash_list = []
+            for cert in roots:
+                h = str(hash(str(cert)))
+                hash_list.append(h)
+
+            loaded_list = os.listdir(cert_dir)
+
+            added, removed = compare_lists(hash_list, loaded_list)
+
+            if len(added) != 0:
+                print str(len(added)) + " new roots found for " + self.name
+            if len(removed) != 0:
+                print str(len(removed)) + " roots removed for " + self.name
+            
+            for item in removed:
+                data = open(cert_dir + "/" + item).read()
+
+                root_cert = base64.decodestring(data)
+                subject = get_cert_info(root_cert)["subject"]
+                issuer = get_cert_info(root_cert)["issuer"]
+                if subject == issuer:
+                    print "Removed Root: " + item + ", " + subject
+                    self.log("Removed Root: " + item + ", " + subject)
+                else: 
+                    print "WTF? Not a root..."
+
+            for item in added:
+                root_cert = base64.decodestring(roots[hash_list.index(item)])
+                subject = get_cert_info(root_cert)["subject"]
+                issuer = get_cert_info(root_cert)["issuer"]
+                if subject == issuer:
+                    print "New Root: " + item + ", " + subject
+                    self.log("New Root: " + item + ", " + subject)
+                else: 
+                    print "WTF? Not a root..."
+
+                fn = cert_dir + "/" + item
+                tempname = fn + ".new"
+                data = roots[hash_list.index(item)]
+                open(tempname, 'w').write(data)
+                mv_file(tempname, fn)
+
+
     def verify_progress(self, old):
         new = self.sth
         try:
@@ -306,13 +360,8 @@ def get_all_roots(base_url):
     result = urlopen(base_url + "ct/v1/get-roots").read()
     certs = json.loads(result)["certificates"]
     print time.strftime('%H:%M:%S') + " Received " + str(len(certs)) + " certs from " + base_url
+    return certs
 
-    for accepted_cert in certs:
-        subject = get_cert_info(base64.decodestring(accepted_cert))["subject"]
-        issuer = get_cert_info(base64.decodestring(accepted_cert))["issuer"]
-        if subject == issuer:
-            root_cert = base64.decodestring(accepted_cert)
-            print get_cert_info(root_cert)["subject"]
 
 def setup_domain_monitoring():
     monitored_domains = []