1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
#!/usr/bin/python
# -*- coding: utf-8 -*-
import sys
from josef_lib import *
import leveldb
import argparse
import json
from josef_leveldb import *
from datetime import datetime as dt
from josef_monitor import verify_inclusion_by_hash
def verify_sct(baseurl, sctentry, key, sth_in=None):
if sth_in is None:
if baseurl:
sth = get_sth(baseurl)
else:
print "No sth provided!"
else:
sth = sth_in
# Verify signature
leafcert = base64.b64decode(sctentry["leafcert"])
if "issuer_key_hash" in sctentry:
issuer_key_hash = base64.b64decode(sctentry["issuer_key_hash"])
else:
issuer_key_hash = None
try:
if issuer_key_hash:
signed_entry = pack_precert(leafcert, issuer_key_hash)
else:
signed_entry = pack_cert(leafcert)
check_sct_signature(baseurl, signed_entry, sctentry["sct"], precert=issuer_key_hash, publickey=key)
print "Signature OK"
except AssertionError, e:
print "ERROR:", e
except urllib2.HTTPError, e:
print "ERROR:", e
except ecdsa.keys.BadSignatureError, e:
print "ERROR: bad signature"
# Verify inclusion
h = get_leaf_hash(base64.b64decode(sctentry["leafcert"]))
verify_inclusion_by_hash("https://localhost:8080/", h)
if __name__ == '__main__':
f = open("sct_example")
s = f.read()
sctentry = json.loads(s)
logpublickey = get_public_key_from_file("sct_example_logkey.pem")
if "sth" in sctentry:
print "found sth in sct"
sth = sctentry["sth"]
else:
sth = None
verify_sct(None, sctentry, logpublickey, sth)
# print sctentry
# print base64.b64decode(sctentry["leafcert"])
# print base64.b64decode(get_entries("https://plausible.ct.nordu.net:/", 1234,1234)["entries"][0]["leaf_input"])
|
