From 0e779011e0663ecfd2c088c38cbc78d3457af871 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Fri, 21 Aug 2015 16:07:45 +0200 Subject: Correct copyright year. --- tools/storagegc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/storagegc.py b/tools/storagegc.py index c13dcb5..f18074a 100755 --- a/tools/storagegc.py +++ b/tools/storagegc.py @@ -1,6 +1,6 @@ #!/usr/bin/env python -# Copyright (c) 2014, NORDUnet A/S. +# Copyright (c) 2015, NORDUnet A/S. # See LICENSE for licensing information. import argparse -- cgit v1.1 From 7893d7dcc660194b66fad9220ebb54f592ccb420 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Sun, 23 Aug 2015 13:13:44 +0200 Subject: storagegc: start from lastverifiednewentry and write file periodically --- tools/storagegc.py | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/tools/storagegc.py b/tools/storagegc.py index c13dcb5..e5d6d9d 100755 --- a/tools/storagegc.py +++ b/tools/storagegc.py @@ -50,15 +50,34 @@ def verifyleafhash(leaf_hash): starttime = datetime.datetime.now() -lastverified = (-1, None) try: - for i, line in enumerate(open(db_path + "newentries")): + lastverifiedstring = open(db_path + "lastverifiednewentry").read() + lastverified = json.loads(lastverifiedstring) +except IOError: + lastverified = {"index": -1, "hash": None} +print "starting at", lastverified + +newentriesfile = open(db_path + "newentries") +if lastverified["index"] >= 0: + newentriesfile.seek(lastverified["index"]*65) + assert(newentriesfile.read(64).lower() == lastverified["hash"]) +newentriesfile.seek((lastverified["index"]+1)*65) + +try: + i = lastverified["index"] + 1 + sincewritten = 0 + for line in newentriesfile: leaf_hash = base64.b16decode(line.strip(), casefold=True) result = verifyleafhash(leaf_hash) if not result: break lastverified = {"index": i, "hash": base64.b16encode(leaf_hash).lower()} + i += 1 + sincewritten += 1 + if sincewritten > 1000: + write_file(db_path + "lastverifiednewentry", lastverified) + sincewritten = 0 if lastverified["index"] >= 0: write_file(db_path + "lastverifiednewentry", lastverified) print "lastverified", lastverified -- cgit v1.1 From 00ddbf7b7cb158141fd5e641782ef7c2e59d5997 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Mon, 24 Aug 2015 00:39:44 +0200 Subject: Use paths/public_cacertfile config variable for public https cert --- test/catlfish-test-local-1.cfg | 1 + tools/storagegc.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/test/catlfish-test-local-1.cfg b/test/catlfish-test-local-1.cfg index 88eda59..cbe04d8 100644 --- a/test/catlfish-test-local-1.cfg +++ b/test/catlfish-test-local-1.cfg @@ -18,6 +18,7 @@ paths: https_certfile: tests/httpscert/httpscert-1.pem https_keyfile: tests/httpscert/httpskey-1.pem https_cacertfile: tests/httpsca/demoCA/cacert.pem + public_cacertfile: tests/httpsca/demoCA/cacert.pem db: tests/machine/machine-1/db/ publickeys: tests/publickeys logpublickey: tests/keys/logkey.pem diff --git a/tools/storagegc.py b/tools/storagegc.py index e5d6d9d..2ec0720 100755 --- a/tools/storagegc.py +++ b/tools/storagegc.py @@ -22,7 +22,7 @@ localconfig = yaml.load(open(args.localconfig)) paths = localconfig["paths"] db_path = paths["db"] -create_ssl_context(cafile=paths["https_cacertfile"]) +create_ssl_context(cafile=paths.get("public_cacertfile", None)) baseurl = config["baseurl"] -- cgit v1.1 From 74dd0360bda561bdd88ec85d9bb07398bf404261 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Mon, 24 Aug 2015 15:59:11 +0200 Subject: Add missing root CA in tests. --- test/testdata/known_roots/GPKIRootCA.pem | 81 ++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 test/testdata/known_roots/GPKIRootCA.pem diff --git a/test/testdata/known_roots/GPKIRootCA.pem b/test/testdata/known_roots/GPKIRootCA.pem new file mode 100644 index 0000000..5663dea --- /dev/null +++ b/test/testdata/known_roots/GPKIRootCA.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 45:f8:e0:e4:01:c5:3e:71:e6:bd:71:6d:97:9c:41:23 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, O=Government of Korea, OU=GPKI, CN=GPKIRootCA + Validity + Not Before: Mar 15 06:00:04 2007 GMT + Not After : Mar 15 06:00:04 2017 GMT + Subject: C=KR, O=Government of Korea, OU=GPKI, CN=GPKIRootCA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2047 bit) + Modulus: + 5a:2b:41:15:9b:db:76:26:01:f0:54:72:0b:87:13: + 1f:a0:d0:3f:96:aa:0d:b3:34:81:de:48:5a:9f:f3: + 70:5a:c2:f1:3a:9e:04:f0:4e:94:79:97:e1:f4:b5: + 14:4c:d7:6f:c4:8b:18:b7:dc:12:2b:1d:0a:9b:ee: + 20:0c:5b:8f:ff:f9:af:82:9e:98:46:d0:3d:5d:28: + f3:97:16:c1:5c:e5:56:bf:44:a4:00:a1:7a:cb:9b: + 7a:5b:dc:d4:ed:fb:f2:a0:02:67:00:1e:44:e5:8a: + 01:dc:a5:a3:4e:fe:d6:0c:67:ca:49:b9:f0:d0:a0: + f9:4d:1f:03:d3:86:ef:0d:85:75:4d:f3:ed:fb:cd: + 6a:66:04:57:f4:57:9b:ac:66:8a:4f:c2:a8:4f:71: + 89:09:dd:4c:00:df:96:bb:d5:90:0a:b4:b6:6a:6d: + c6:bf:d3:99:29:ff:62:f0:10:da:45:ac:09:72:0b: + 82:10:e8:15:a8:8b:5f:e2:a2:5a:79:1e:c2:67:fd: + e9:44:57:0b:03:d0:21:15:51:b0:00:f3:8f:6d:e2: + 23:f0:49:21:d9:6d:cf:62:3d:ec:eb:fd:28:92:01: + 3f:7a:a3:72:7c:eb:f3:ae:e7:f8:0a:ec:6e:ad:7a: + 9b:55:c9:30:4b:9c:b6:61:46:6b:58:1a:fe:9f:48: + 1d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:16:67:32:F4:68:5E:68:31:47:DB:ED:EC:CE:61:2E:9A:24:46:C4:7D + + X509v3 Subject Key Identifier: + 16:67:32:F4:68:5E:68:31:47:DB:ED:EC:CE:61:2E:9A:24:46:C4:7D + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 35:63:52:c6:60:18:1c:b7:c2:c1:5a:58:02:ec:07:d5:a1:90: + 93:fc:80:47:d0:52:78:ab:85:f8:76:d3:b8:b0:18:32:a0:b6: + 90:68:13:66:3d:6f:af:8e:dc:f6:a3:c4:ce:39:5f:af:ed:0a: + 66:e0:7c:11:c8:0c:cb:9e:1f:38:29:8a:8b:de:c8:63:2e:c7: + b4:d2:ce:36:91:94:e0:4f:84:92:b6:aa:22:a8:fd:31:a7:33: + 48:c9:5b:f6:13:d8:16:16:eb:1f:3f:a5:4e:06:93:3a:d9:06: + 65:30:96:fa:8d:06:db:a1:1a:f4:2b:fa:0f:68:f0:c1:2b:7c: + 9d:05:d7:09:42:3b:d2:2f:91:90:fc:0e:6b:38:5b:b2:75:a9: + 57:9c:57:64:f5:98:20:a4:ff:d4:30:04:e4:ce:1f:90:c9:2f: + c1:df:5a:56:b8:cb:aa:aa:b4:bf:eb:b8:f7:22:4a:4d:c1:35: + f4:65:bd:78:bc:6f:78:1b:56:3a:81:e8:0d:f5:c2:a5:17:30: + d3:8d:57:77:cb:a5:c1:4c:b1:30:dd:34:b8:ab:92:0a:22:02: + 36:8b:f6:6c:f7:61:b9:08:ee:30:ad:1a:a8:44:f1:2e:32:ec: + 83:a2:48:48:3a:67:5f:e9:6f:1b:17:33:08:2a:c1:c9:c3:67: + 9a:0e:85:67 +-----BEGIN CERTIFICATE----- +MIIDijCCAnKgAwIBAgIQRfjg5AHFPnHmvXFtl5xBIzANBgkqhkiG9w0BAQUFADBP +MQswCQYDVQQGEwJLUjEcMBoGA1UEChMTR292ZXJubWVudCBvZiBLb3JlYTENMAsG +A1UECxMER1BLSTETMBEGA1UEAxMKR1BLSVJvb3RDQTAeFw0wNzAzMTUwNjAwMDRa +Fw0xNzAzMTUwNjAwMDRaME8xCzAJBgNVBAYTAktSMRwwGgYDVQQKExNHb3Zlcm5t +ZW50IG9mIEtvcmVhMQ0wCwYDVQQLEwRHUEtJMRMwEQYDVQQDEwpHUEtJUm9vdENB +MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQBaK0EVm9t2JgHwVHILhxMf +oNA/lqoNszSB3khan/NwWsLxOp4E8E6UeZfh9LUUTNdvxIsYt9wSKx0Km+4gDFuP +//mvgp6YRtA9XSjzlxbBXOVWv0SkAKF6y5t6W9zU7fvyoAJnAB5E5YoB3KWjTv7W +DGfKSbnw0KD5TR8D04bvDYV1TfPt+81qZgRX9FebrGaKT8KoT3GJCd1MAN+Wu9WQ +CrS2am3Gv9OZKf9i8BDaRawJcguCEOgVqItf4qJaeR7CZ/3pRFcLA9AhFVGwAPOP +beIj8Ekh2W3PYj3s6/0okgE/eqNyfOvzruf4CuxurXqbVckwS5y2YUZrWBr+n0gd +AgMBAAGjYzBhMB8GA1UdIwQYMBaAFBZnMvRoXmgxR9vt7M5hLpokRsR9MB0GA1Ud +DgQWBBQWZzL0aF5oMUfb7ezOYS6aJEbEfTAOBgNVHQ8BAf8EBAMCAa4wDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEANWNSxmAYHLfCwVpYAuwH1aGQ +k/yAR9BSeKuF+HbTuLAYMqC2kGgTZj1vr47c9qPEzjlfr+0KZuB8EcgMy54fOCmK +i97IYy7HtNLONpGU4E+EkraqIqj9MaczSMlb9hPYFhbrHz+lTgaTOtkGZTCW+o0G +26Ea9Cv6D2jwwSt8nQXXCUI70i+RkPwOazhbsnWpV5xXZPWYIKT/1DAE5M4fkMkv +wd9aVrjLqqq0v+u49yJKTcE19GW9eLxveBtWOoHoDfXCpRcw041Xd8ulwUyxMN00 +uKuSCiICNov2bPdhuQjuMK0aqETxLjLsg6JISDpnX+lvGxczCCrBycNnmg6FZw== +-----END CERTIFICATE----- -- cgit v1.1