#!/usr/bin/python # -*- coding: utf-8 -*- import time import base64 import urllib import urllib2 import sys import subprocess # from pympler.asizeof import asizeof from certtools import * from Crypto.Signature import PKCS1_v1_5 def reduce_leafs_to_root(layer0): if len(layer0) == 0: return [[hashlib.sha256().digest()]] current_layer = layer0 while len(current_layer) > 1: current_layer = next_merkle_layer(current_layer) return current_layer def reduce_layer(layer): new_layer = [] while len(layer) > 1: e1 = layer.pop(0) e2 = layer.pop(0) new_layer.append(internal_hash((e1,e2))) return new_layer def reduce_tree(entries, layers): if len(entries) == 0 and layers is []: return [[hashlib.sha256().digest()]] layer_idx = 0 layers[layer_idx] += entries while len(layers[layer_idx]) > 1: if len(layers) == layer_idx + 1: layers.append([]) layers[layer_idx + 1] += reduce_layer(layers[layer_idx]) layer_idx += 1 return layers def reduce_subtree_to_root(layers): while len(layers) > 1: layers[1] += next_merkle_layer(layers[0]) del layers[0] if len(layers[0]) > 1: return next_merkle_layer(layers[0]) return layers[0] def get_proof_by_index(baseurl, index, tree_size): try: params = urllib.urlencode({"leaf_index":index, "tree_size":tree_size}) result = \ urlopen(baseurl + "ct/v1/get-entry-and-proof?" + params).read() return json.loads(result) except urllib2.HTTPError, e: print "ERROR:", e.read() sys.exit(1) def my_get_cert_info(s): p = subprocess.Popen( ["openssl", "x509", "-text", "-noout", "-certopt", "no_header,no_version,no_serial,no_signame,no_validity,no_aux", "-inform", "der"], # ["openssl", "x509", "-noout", "-subject", "-issuer", "-inform", "der"], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) parsed = p.communicate(s) if parsed[1]: print "ERROR:", parsed[1] sys.exit(1) result = {} for line in parsed[0].split("\n"): (key, sep, value) = line.partition("=") if sep == "=": result[key] = value return result base_urls = [ "https://plausible.ct.nordu.net/", # "https://ct1.digicert-ct.com/log/", # "https://ct.izenpe.com/", # "https://log.certly.io/", # "https://ctlog.api.venafi.com/", # "https://ct.googleapis.com/aviator/", # "https://ct.googleapis.com/pilot/", # "https://ct.googleapis.com/rocketeer/", # "https://ct.ws.symantec.com/", ] logkeys = {} logkeys["https://plausible.ct.nordu.net/"] = get_public_key_from_file("../../plausible-logkey.pem") logkeys["https://ct.googleapis.com/rocketeer/"] = get_public_key_from_file("../../rocketeer-logkey.pem") logkeys["https://ct.googleapis.com/aviator/"] = get_public_key_from_file("../../aviator-logkey.pem") logkeys["https://ct.googleapis.com/pilot/"] = get_public_key_from_file("../../pilot-logkey.pem") logkeys["https://log.certly.io/"] = get_public_key_from_file("../../certly-logkey.pem") logkeys["https://ct.izenpe.com/"] = get_public_key_from_file("../../izenpe-logkey.pem") logkeys["https://ct1.digicert-ct.com/log/"] = get_public_key_from_file("../../digicert-logkey.pem") logkeys["https://ctlog.api.venafi.com/"] = get_public_key_from_file("../../venafi-logkey.pem") import Crypto.PublicKey.RSA as RSA from Crypto.Hash import SHA256 monitored_domains = [ "google.com", "preishelden.de", "liu.se", "nordu.net", "symantec.com", ] raw_entry = get_entries(base_urls[0], 1000, 1005)["entries"] orig_entries = [] for item in raw_entry: # print item orig_entry = extract_original_entry(item) cert_info = my_get_cert_info(orig_entry[0][0]) print cert_info # for md in monitored_domains: # if md in cert_info["subject"]: # print md + " certifed by " + cert_info["issuer"] # print "\n\n" # print item