1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
#!/usr/bin/python
# -*- coding: utf-8 -*-
import sys
import os
from josef_lib import *
# import leveldb
import argparse
import json
# from josef_leveldb import *
from datetime import datetime as dt
# from josef_monitor import verify_inclusion_by_hash
from monitor_conf import *
def update_roots(log):
roots_hash = None
roots = get_all_roots(log["url"])
new_roots_hash = str(hash(str(roots)))
if new_roots_hash != roots_hash:
cert_dir = OUTPUT_DIR + log["name"] + "-roots"
if not os.path.exists(cert_dir):
os.makedirs(cert_dir)
hash_list = []
for cert in roots:
h = str(hash(str(cert)))
hash_list.append(h)
loaded_list = os.listdir(cert_dir)
added, removed = compare_lists(hash_list[:-1], loaded_list)
# TODO log changes
if len(added) != 0:
print str(len(added)) + " new roots found!"
if len(removed) != 0:
print str(len(removed)) + " roots removed!"
for item in removed:
data = open(cert_dir + "/" + item).read()
root_cert = base64.decodestring(data)
subject = get_cert_info(root_cert)["subject"]
issuer = get_cert_info(root_cert)["issuer"]
if subject == issuer:
print "Removed Root: " + item + ", " + subject
else:
print "WTF? Not a root..."
for item in added:
root_cert = base64.decodestring(roots[hash_list.index(item)])
subject = get_cert_info(root_cert)["subject"]
issuer = get_cert_info(root_cert)["issuer"]
if subject == issuer:
print "New Root: " + item + ", " + subject
else:
print "WTF? Not a root..."
fn = cert_dir + "/" + item
tempname = fn + ".new"
data = roots[hash_list.index(item)]
open(tempname, 'w').write(data)
mv_file(tempname, fn)
if __name__ == '__main__':
for log in CTLOGS:
url = log["url"]
try:
get_entries(url,2001,2001)
except Exception, e:
print "Failed to get entry from " + log["name"], e
# dbdir = "tmpdb/"
# entry = get_entries(ctlogs[0]["url"], 1,1)["entries"]
# print extract_original_entry(entry[0])
# for url in [CTLOGS[6]["url"]]:
# for url in [CTLOGS[0]["url"],CTLOGS[5]["url"],CTLOGS[6]["url"]]:
# for log in CTLOGS:
# url = log["url"]
# url = CTLOGS[1]["url"]
# entries = get_entries(url, 3638637,3638637)["entries"]
# entries = get_entries(url, first, last)["entries"]
# tmp_cert_data = []
# for item in entries:
# tmp_data = check_domain(item, url)
# entry_hash = get_leaf_hash(base64.b64decode(item["leaf_input"]))
# if tmp_data:
# tmp_data["leaf_hash"] = base64.b64encode(entry_hash)
# tmp_cert_data.append(tmp_data)
# print tmp_data
# new_leafs.append(entry_hash)
# if self.dbdir:/
# db_add_certs(dbdir, tmp_cert_data)
# if CONFIG.DEFAULT_CERT_FILE:
# append_file(CONFIG.DEFAULT_CERT_FILE, tmp_cert_data)
# subtree = reduce_tree(new_leafs, subtree)
|
