#!/usr/bin/python # -*- coding: utf-8 -*- import sys from josef_lib import * import leveldb import argparse import json from josef_leveldb import * from datetime import datetime as dt from josef_monitor import verify_inclusion_by_hash def verify_sct(baseurl, sctentry, key, sth_in=None): if sth_in is None: if baseurl: sth = get_sth(baseurl) else: print "No sth provided!" else: sth = sth_in # Verify signature leafcert = base64.b64decode(sctentry["leafcert"]) if "issuer_key_hash" in sctentry: issuer_key_hash = base64.b64decode(sctentry["issuer_key_hash"]) else: issuer_key_hash = None try: if issuer_key_hash: signed_entry = pack_precert(leafcert, issuer_key_hash) else: signed_entry = pack_cert(leafcert) check_sct_signature(baseurl, signed_entry, sctentry["sct"], precert=issuer_key_hash, publickey=key) print "Signature OK" except AssertionError, e: print "ERROR:", e except urllib2.HTTPError, e: print "ERROR:", e except ecdsa.keys.BadSignatureError, e: print "ERROR: bad signature" # Verify inclusion h = get_leaf_hash(base64.b64decode(sctentry["leafcert"])) verify_inclusion_by_hash("https://localhost:8080/", h) if __name__ == '__main__':