#!/usr/bin/python # -*- coding: utf-8 -*- import sys import os from josef_lib import * import leveldb import argparse import json from josef_leveldb import * from datetime import datetime as dt from josef_monitor import verify_inclusion_by_hash from monitor_conf import * # def verify_sct(baseurl, sctentry, key, sth_in=None): # if sth_in is None: # if baseurl: # sth = get_sth(baseurl) # else: # print "No sth provided!" # else: # sth = sth_in # # Verify signature # leafcert = base64.b64decode(sctentry["leafcert"]) # if "issuer_key_hash" in sctentry: # issuer_key_hash = base64.b64decode(sctentry["issuer_key_hash"]) # else: # issuer_key_hash = None # try: # if issuer_key_hash: # signed_entry = pack_precert(leafcert, issuer_key_hash) # else: # signed_entry = pack_cert(leafcert) # check_sct_signature(baseurl, signed_entry, sctentry["sct"], precert=issuer_key_hash, publickey=key) # print "Signature OK" # except AssertionError, e: # print "ERROR:", e # except urllib2.HTTPError, e: # print "ERROR:", e # except ecdsa.keys.BadSignatureError, e: # print "ERROR: bad signature" # # Verify inclusion # h = get_leaf_hash(base64.b64decode(sctentry["leafcert"])) # verify_inclusion_by_hash("https://localhost:8080/", h) def update_roots(log): roots_hash = None roots = get_all_roots(log["url"]) new_roots_hash = str(hash(str(roots))) if new_roots_hash != roots_hash: cert_dir = OUTPUT_DIR + log["name"] + "-roots" if not os.path.exists(cert_dir): os.makedirs(cert_dir) hash_list = [] for cert in roots: h = str(hash(str(cert))) hash_list.append(h) loaded_list = os.listdir(cert_dir) added, removed = compare_lists(hash_list[:-1], loaded_list) # TODO log changes if len(added) != 0: print str(len(added)) + " new roots found!" if len(removed) != 0: print str(len(removed)) + " roots removed!" for item in removed: data = open(cert_dir + "/" + item).read() root_cert = base64.decodestring(data) subject = get_cert_info(root_cert)["subject"] issuer = get_cert_info(root_cert)["issuer"] if subject == issuer: print "Removed Root: " + item + ", " + subject else: print "WTF? Not a root..." for item in added: root_cert = base64.decodestring(roots[hash_list.index(item)]) subject = get_cert_info(root_cert)["subject"] issuer = get_cert_info(root_cert)["issuer"] if subject == issuer: print "New Root: " + item + ", " + subject else: print "WTF? Not a root..." fn = cert_dir + "/" + item tempname = fn + ".new" data = roots[hash_list.index(item)] open(tempname, 'w').write(data) mv_file(tempname, fn) if __name__ == '__main__': # for log in ctlogs: # update_roots(log) # submission = ['MIIE1jCCA76gAwIBAgISESGwNq1DK/7r1wGrSndrRcJ9MA0GCSqGSIb3DQEBBQUAMC4xETAPBgNVBAoTCEFscGhhU1NMMRkwFwYDVQQDExBBbHBoYVNTTCBDQSAtIEcyMB4XDTE0MDYwNjEwMTYyNVoXDTE1MDYwNTEyMTE0NVowVTELMAkGA1UEBhMCR0IxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEjMCEGA1UEAwwad3d3LnNwZWNpYWxpc3QtdGFwZXMuY28udWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcGP5Pur9sf7kX0hVCAxydmUoke6quqcFjV1f+FsnOOTfliCxFn15Ezg1sbq0fFPK9tL8CWlewJO8vA0AIYAYTDyyWhaeNfHVdOR0Emus5u61NOibG24juB/KePrPy4KsCyYHeO9I4eaDgEJ4ha06RTusr49+UeQ04sKhSZLZbqIsAPUdUZrm+SwjHt0yBDrJGmQC0JueF6eGzcUwFG9Rdn++zi0si0n7j84JFjvzNXxsgHdiO0vGmeLsfizOC/cbU/4NYFDVML/Do6oimeleanTQDPj0Xt1DpAqC2cSI4C6IEBpy/kIo7Yy6qlC8c0qpVg8lAB8wDdx2qAr1Mq5i9AgMBAAGjggHFMIIBwTAOBgNVHQ8BAf8EBAMCBaAwSQYDVR0gBEIwQDA+BgZngQwBAgEwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wPQYDVR0RBDYwNIIad3d3LnNwZWNpYWxpc3QtdGFwZXMuY28udWuCFnNwZWNpYWxpc3QtdGFwZXMuY28udWswCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDIuYWxwaGFzc2wuY29tL2dzL2dzYWxwaGFnMi5jcmwwfwYIKwYBBQUHAQEEczBxMDwGCCsGAQUFBzAChjBodHRwOi8vc2VjdXJlMi5hbHBoYXNzbC5jb20vY2FjZXJ0L2dzYWxwaGFnMi5jcnQwMQYIKwYBBQUHMAGGJWh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc2FscGhhZzIwHQYDVR0OBBYEFPNVIQa7tlmkqxbVnJ+vcaz/7PQdMB8GA1UdIwQYMBaAFBTqGVXwDg0yxh90M7eOZhpMEjEeMA0GCSqGSIb3DQEBBQUAA4IBAQB4PzM03rndHWb3a02GzAZF3kLw6d0OkRM4PSIIwAT9KX1PgTAncD1JPGFCU1OQ0xyDCV/+iT8kKuGxW9fjEC/KiVSxJxZGfE3OiA6auquMOQB5X5GN0GW5uDocqKJE2i51Fj3zEqiJ3uIur+0Nk2TVUF1Q+5+/N8qEjmecb0mcLr75Lxa6IOAFYHmMdAt2gAjHegkcH7w53teM+QZw3usekqSeKiQKXUgrW8HWnr2+fumfuZeevtx3mcRBiHadj/UV+1PvCsxfSia/8Sw4CWWwWUCKYGdm1YBxCN1qK6yyOgS6guXPFnyKBHyQTV9AfLDW68tWGadmUiFQIEaLz0m5', 'MIIELzCCAxegAwIBAgILBAAAAAABL07hNwIwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAwMDBaFw0yMjA0MTMxMDAwMDBaMC4xETAPBgNVBAoTCEFscGhhU1NMMRkwFwYDVQQDExBBbHBoYVNTTCBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/BliN8b3caChy/JC7pUxmM/RnWsSxQfmHKLHBD/CalSbi9l32WEP1+BstjxT9fwWrvJr9Ax3SZGKpme2KmjtrgHxMlx95WE79LqH1Sg5b7kQSFWMRBkfR5jjpxxXDygLt5n3MiaIPB1yLC2J4Hrlw3uIkWlwi80J+zgWRJRsx4F5Tgg0mlZelkXvhpLOQgSeTObZGj+WIHdiAxqulm0ryRPYeDK/Bda0jxyq6dMt7nqLeP0P5miTcgdWPh/UzWO1yKIt2F2CBMTaWawV1kTMQpwgiuT1/biQBXQHQFyxxNYalrsGYkWPODIjYYq+jfwNTLd7OX+gI73BWe0i0J1NQIDAQABo4IBIzCCAR8wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFBTqGVXwDg0yxh90M7eOZhpMEjEeMEUGA1UdIAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hbHBoYXNzbC5jb20vcmVwb3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEABjBCm89JAn6J6fWDWj0C87yyRt5KUO65mpBz2qBcJsqCrA6ts5T6KC6y5kk/UHcOlS9o82U8nxTyaGCStvwEDfakGKFpYA3jnWhbvJ4LOFmNIdoj+pmKCbkfpy61VWxH50Hs5uJ/r1VEOeCsdO5l0/qrUUgw8T53be3kD0CY7kd/jbZYJ82Sb2AjzAKbWSh4olGd0Eqc5ZNemI/L7z/K/uCvpMlbbkBYpZItvV1lVcW/fARB2aS1gOmUYAIQOGoICNdTHC2Tr8kTe9RsxDrE+4CsuzpOVHrNTrM+7fH8EU6f9fMUvLmxMc72qi+l+MPpZqmyIJ3E+LgDYqeF0RhjWw==', 'MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQUYHtmGkUNl8qJUC99BM00qP/8/UswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOCAQEArqqf/LfSyx9fOSkoGJ40yWxPbxrwZKJwSk8ThptgKJ7ogUmYfQq75bCdPTbbjwVR/wkxKh/diXeeDy5slQTthsu0AD+EAk2AaioteAuubyuig0SDH81Qgkwkr733pbTIWg/050deSY43lv6aiAU62cDbKYfmGZZHpzqmjIs8d/5GY6dT2iHRrH5Jokvmw2dZL7OKDrssvamqQnw1wdh/1acxOk5jQzmvCLBhNIzTmKlDNPYPhyk7ncJWWJh3w/cbrPad+D6qp1RF8PX51TFl/mtYnHGzHtdS6jIX/EBgHcl5JLL2bP2oZg6C3ZjL2sJETy6ge/L3ayx2EYRGinij4w=='] # leaf = base64.b64decode(submission[0]) # # print leaf # # print base64.b64decode(submission[0]) # # entry = json.loads('{"extra_data": "AAeyAAQzMIIELzCCAxegAwIBAgILBAAAAAABL07hNwIwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAwMDBaFw0yMjA0MTMxMDAwMDBaMC4xETAPBgNVBAoTCEFscGhhU1NMMRkwFwYDVQQDExBBbHBoYVNTTCBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/BliN8b3caChy/JC7pUxmM/RnWsSxQfmHKLHBD/CalSbi9l32WEP1+BstjxT9fwWrvJr9Ax3SZGKpme2KmjtrgHxMlx95WE79LqH1Sg5b7kQSFWMRBkfR5jjpxxXDygLt5n3MiaIPB1yLC2J4Hrlw3uIkWlwi80J+zgWRJRsx4F5Tgg0mlZelkXvhpLOQgSeTObZGj+WIHdiAxqulm0ryRPYeDK/Bda0jxyq6dMt7nqLeP0P5miTcgdWPh/UzWO1yKIt2F2CBMTaWawV1kTMQpwgiuT1/biQBXQHQFyxxNYalrsGYkWPODIjYYq+jfwNTLd7OX+gI73BWe0i0J1NQIDAQABo4IBIzCCAR8wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFBTqGVXwDg0yxh90M7eOZhpMEjEeMEUGA1UdIAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hbHBoYXNzbC5jb20vcmVwb3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEABjBCm89JAn6J6fWDWj0C87yyRt5KUO65mpBz2qBcJsqCrA6ts5T6KC6y5kk/UHcOlS9o82U8nxTyaGCStvwEDfakGKFpYA3jnWhbvJ4LOFmNIdoj+pmKCbkfpy61VWxH50Hs5uJ/r1VEOeCsdO5l0/qrUUgw8T53be3kD0CY7kd/jbZYJ82Sb2AjzAKbWSh4olGd0Eqc5ZNemI/L7z/K/uCvpMlbbkBYpZItvV1lVcW/fARB2aS1gOmUYAIQOGoICNdTHC2Tr8kTe9RsxDrE+4CsuzpOVHrNTrM+7fH8EU6f9fMUvLmxMc72qi+l+MPpZqmyIJ3E+LgDYqeF0RhjWwADeTCCA3UwggJdoAMCAQICCwIAAAAAANZ4t5QFMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNOTgwOTAxMTIwMDAwWhcNMTQwMTI4MTIwMDAwWjBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2g7mmY3Oo+NPin778YuDJWvqSB/xKrC5lREEvfBj0eJnZs8c3c8bSCvujYmOmq8pgGWr6cctEsurHExwB6E9CjDNFY1P+N3UjFAVHO9Q7sQu9/zpUvKRfeBt1TUwjl5Dc/JB6dVq47KJOlY5OG8GPIhpWypNxadUuGyJzJv5PMrl/Yn1EjySeJbW3HRuk0Rh0Y3HRrJ1DoboGYrVbWzVeBaVounICjjr8iQTT3NUkxOFOhu8HjS1iwWMuXeLsdsfIJGrCVNukM57N3S5cEeRIlFjFnmusa5BJgjIGSvRRqpI1mQq14M0/ywqwWwZQ0oHhefTfPYhaO/q8lKff5OQzwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAAYwHQYDVR0OBBYEFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBAK6qn/y30ssfXzkpKBieNMlsT28a8GSicEpPE4abYCie6IFJmH0Ku+WwnT02248FUf8JMSof3Yl3ng8ubJUE7YbLtAA/hAJNgGoqLXgLrm8rooNEgx/NUIJMJK+996W0yFoP9OdHXkmON5b+mogFOtnA2ymH5hmWR6c6poyLPHf+RmOnU9oh0ax+SaJL5sNnWS+zig67LL2pqkJ8NcHYf9WnMTpOY0M5rwiwYTSM05ipQzT2D4cpO53CVliYd8P3G6z2nfg+qqdURfD1+dUxZf5rWJxxsx7XUuoyF/xAYB3JeSSy9mz9qGYOgt2Yy9rCRE8uoHvy92ssdhGERop4o+M=", "leaf_input": "AAAAAAFNYSr/0QAAAATaMIIE1jCCA76gAwIBAgISESGwNq1DK/7r1wGrSndrRcJ9MA0GCSqGSIb3DQEBBQUAMC4xETAPBgNVBAoTCEFscGhhU1NMMRkwFwYDVQQDExBBbHBoYVNTTCBDQSAtIEcyMB4XDTE0MDYwNjEwMTYyNVoXDTE1MDYwNTEyMTE0NVowVTELMAkGA1UEBhMCR0IxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEjMCEGA1UEAwwad3d3LnNwZWNpYWxpc3QtdGFwZXMuY28udWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcGP5Pur9sf7kX0hVCAxydmUoke6quqcFjV1f+FsnOOTfliCxFn15Ezg1sbq0fFPK9tL8CWlewJO8vA0AIYAYTDyyWhaeNfHVdOR0Emus5u61NOibG24juB/KePrPy4KsCyYHeO9I4eaDgEJ4ha06RTusr49+UeQ04sKhSZLZbqIsAPUdUZrm+SwjHt0yBDrJGmQC0JueF6eGzcUwFG9Rdn++zi0si0n7j84JFjvzNXxsgHdiO0vGmeLsfizOC/cbU/4NYFDVML/Do6oimeleanTQDPj0Xt1DpAqC2cSI4C6IEBpy/kIo7Yy6qlC8c0qpVg8lAB8wDdx2qAr1Mq5i9AgMBAAGjggHFMIIBwTAOBgNVHQ8BAf8EBAMCBaAwSQYDVR0gBEIwQDA+BgZngQwBAgEwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wPQYDVR0RBDYwNIIad3d3LnNwZWNpYWxpc3QtdGFwZXMuY28udWuCFnNwZWNpYWxpc3QtdGFwZXMuY28udWswCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDIuYWxwaGFzc2wuY29tL2dzL2dzYWxwaGFnMi5jcmwwfwYIKwYBBQUHAQEEczBxMDwGCCsGAQUFBzAChjBodHRwOi8vc2VjdXJlMi5hbHBoYXNzbC5jb20vY2FjZXJ0L2dzYWxwaGFnMi5jcnQwMQYIKwYBBQUHMAGGJWh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc2FscGhhZzIwHQYDVR0OBBYEFPNVIQa7tlmkqxbVnJ+vcaz/7PQdMB8GA1UdIwQYMBaAFBTqGVXwDg0yxh90M7eOZhpMEjEeMA0GCSqGSIb3DQEBBQUAA4IBAQB4PzM03rndHWb3a02GzAZF3kLw6d0OkRM4PSIIwAT9KX1PgTAncD1JPGFCU1OQ0xyDCV/+iT8kKuGxW9fjEC/KiVSxJxZGfE3OiA6auquMOQB5X5GN0GW5uDocqKJE2i51Fj3zEqiJ3uIur+0Nk2TVUF1Q+5+/N8qEjmecb0mcLr75Lxa6IOAFYHmMdAt2gAjHegkcH7w53teM+QZw3usekqSeKiQKXUgrW8HWnr2+fumfuZeevtx3mcRBiHadj/UV+1PvCsxfSia/8Sw4CWWwWUCKYGdm1YBxCN1qK6yyOgS6guXPFnyKBHyQTV9AfLDW68tWGadmUiFQIEaLz0m5AAA="}') # # print my_get_all_cert_info(leaf) # precert = False # # if issuer_key_hash: # # signed_entry = pack_precert(leaf, issuer_key_hash) # # else: # signed_entry = pack_cert(leaf) # log = { # "name" : "pilot", # "url" : "https://ct.googleapis.com/pilot/", # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==", # "id" : "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA="} # sct = json.loads('{"timestamp": 1419573511033, "signature": "BAMARzBFAiAz6UTsDV6PcHdW/iZ1JqeF91KbjrpG2ubRVW0z5trPIwIhANtReTFlwkxDfVIvGscTdDk5monwBL702DkYd0oKM0xE", "sct_version": 0, "id": "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA=", "extensions": ""}') # check_sct_signature(log["url"], signed_entry, sct, precert, base64.b64decode(log["key"])) entry = get_entries(ctlogs[0]["url"], 1,1)["entries"] print extract_original_entry(entry[0])