1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
#!/usr/bin/python
# -*- coding: utf-8 -*-
import time
import base64
import urllib
import urllib2
import sys
import subprocess
# from pympler.asizeof import asizeof
from certtools import *
from Crypto.Signature import PKCS1_v1_5
def reduce_leafs_to_root(layer0):
if len(layer0) == 0:
return [[hashlib.sha256().digest()]]
current_layer = layer0
while len(current_layer) > 1:
current_layer = next_merkle_layer(current_layer)
return current_layer
def reduce_layer(layer):
new_layer = []
while len(layer) > 1:
e1 = layer.pop(0)
e2 = layer.pop(0)
new_layer.append(internal_hash((e1,e2)))
return new_layer
def reduce_tree(entries, layers):
if len(entries) == 0 and layers is []:
return [[hashlib.sha256().digest()]]
layer_idx = 0
layers[layer_idx] += entries
while len(layers[layer_idx]) > 1:
if len(layers) == layer_idx + 1:
layers.append([])
layers[layer_idx + 1] += reduce_layer(layers[layer_idx])
layer_idx += 1
return layers
def reduce_subtree_to_root(layers):
while len(layers) > 1:
layers[1] += next_merkle_layer(layers[0])
del layers[0]
if len(layers[0]) > 1:
return next_merkle_layer(layers[0])
return layers[0]
def get_proof_by_index(baseurl, index, tree_size):
try:
params = urllib.urlencode({"leaf_index":index,
"tree_size":tree_size})
result = \
urlopen(baseurl + "ct/v1/get-entry-and-proof?" + params).read()
return json.loads(result)
except urllib2.HTTPError, e:
print "ERROR:", e.read()
sys.exit(1)
def my_get_cert_info(s):
p = subprocess.Popen(
["openssl", "x509", "-fingerprint", "-text", "-noout", "-inform", "der"],
# ["openssl", "x509", "-noout", "-subject", "-issuer", "-inform", "der"],
stdin=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
parsed = p.communicate(s)
if parsed[1]:
print "ERROR:", parsed[1]
sys.exit(1)
# result = []
result = {}
prev = ""
for line in parsed[0].split("\n"):
if "Subject:" in line:
result["subject"] = line.split("Subject: ")[1]
# print line.split("Subject: ")[1]
if "Issuer:" in line:
result["issuer"] = line.split("Issuer: ")[1]
# print line.split("Issuer: ")[1]
if "Subject Alternative Name" in prev:
result["SAN"] = line.lstrip()
# print line.lstrip()
if "Not After" in line:
result["not_after"] = line.split(": ")[1]
if "Not Before" in line:
result["not_before"] = line.split(": ")[1]
prev = line
return result
def read_sth(fn):
try:
f = open(fn)
except IOError, e:
if e.errno == errno.ENOENT:
return None
raise e
return json.loads(f.read())
base_urls = [
"https://plausible.ct.nordu.net/",
# "https://ct1.digicert-ct.com/log/",
# "https://ct.izenpe.com/",
# "https://log.certly.io/",
# "https://ctlog.api.venafi.com/",
# "https://ct.googleapis.com/aviator/",
# "https://ct.googleapis.com/pilot/",
# "https://ct.googleapis.com/rocketeer/",
# "https://ct.ws.symantec.com/",
]
logkeys = {}
logkeys["https://plausible.ct.nordu.net/"] = get_public_key_from_file("../../plausible-logkey.pem")
logkeys["https://ct.googleapis.com/rocketeer/"] = get_public_key_from_file("../../rocketeer-logkey.pem")
logkeys["https://ct.googleapis.com/aviator/"] = get_public_key_from_file("../../aviator-logkey.pem")
logkeys["https://ct.googleapis.com/pilot/"] = get_public_key_from_file("../../pilot-logkey.pem")
logkeys["https://log.certly.io/"] = get_public_key_from_file("../../certly-logkey.pem")
logkeys["https://ct.izenpe.com/"] = get_public_key_from_file("../../izenpe-logkey.pem")
logkeys["https://ct1.digicert-ct.com/log/"] = get_public_key_from_file("../../digicert-logkey.pem")
logkeys["https://ctlog.api.venafi.com/"] = get_public_key_from_file("../../venafi-logkey.pem")
import Crypto.PublicKey.RSA as RSA
from Crypto.Hash import SHA256
monitored_domains = [
"google.com",
"preishelden.de",
"liu.se",
"nordu.net",
"symantec.com",
]
data = []
# data = read_sth("cert_data.json")
f = open("cert_data.json")
for line in f:
data.append(json.loads(line))
ss = []
for item in data:
try:
s = item["subject"].split("CN=")[1]
print s
except:
# if not item["subject"] in ss:
# print item["subject"]
# ss.append(item["subject"])
pass
print "\nTotal entries: " + str(len(data))
# base_url = base_urls[0]
# entries = get_entries(base_url, 11, 11)["entries"]
# for item in entries:
# orig_entry = extract_original_entry(item)
# cert_info = my_get_cert_info(orig_entry[0][0])
# prev = ""
# res = {}
# for line in cert_info:
# if "Subject:" in line:
# res["subject"] = line.split("Subject: ")[1]
# # print line.split("Subject: ")[1]
# if "Issuer:" in line:
# res["issuer"] = line.split("Issuer: ")[1]
# # print line.split("Issuer: ")[1]
# if "Subject Alternative Name" in prev:
# res["SAN"] = line.lstrip()
# # print line.lstrip()
# if "Not After" in line:
# res["not_after"] = line.split(": ")[1]
# prev = line
# print cert_info
|
