summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2015-03-03 15:33:39 +0100
committerMagnus Ahltorp <map@kth.se>2015-03-03 15:33:39 +0100
commitff18e0fdd57a6b485f427173fe7febee03345037 (patch)
treed3f223fcdeb889a09fd8bb4fd250bd00373daf69
parent4e1bcab3f91f975a19710a4350bbee0e9af5168e (diff)
merge.py: use external signing
-rw-r--r--test/config/signing-1.config2
-rw-r--r--tools/certtools.py20
-rwxr-xr-xtools/merge.py5
-rwxr-xr-xtools/testcase1.py2
4 files changed, 18 insertions, 11 deletions
diff --git a/test/config/signing-1.config b/test/config/signing-1.config
index 3b553a4..189843b 100644
--- a/test/config/signing-1.config
+++ b/test/config/signing-1.config
@@ -30,6 +30,6 @@
{log_public_key, "test/eckey-public.pem"},
{own_key, {"signing-1", "privatekeys/signing-1-private.pem"}},
{allowed_clients, [{"/ct/signing/sct", ["frontend-1"]},
- {"/ct/signing/sth", ["frontend-1"]}
+ {"/ct/signing/sth", ["frontend-1", "merge-1"]}
]}
]}].
diff --git a/tools/certtools.py b/tools/certtools.py
index ad90e5c..222497f 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -200,10 +200,18 @@ def http_request(url, data=None, key=None):
result = urllib2.urlopen(req).read()
return result
-def create_signature(privatekey, data):
- sk = ecdsa.SigningKey.from_der(privatekey)
- unpacked_signature = sk.sign(data, hashfunc=hashlib.sha256,
- sigencode=ecdsa.util.sigencode_der)
+def get_signature(baseurl, data, key=None):
+ try:
+ params = json.dumps({"plop_version":1, "data": base64.b64encode(data)})
+ result = http_request(baseurl + "ct/signing/sth", params, key=key)
+ parsed_result = json.loads(result)
+ return base64.b64decode(parsed_result.get(u"result"))
+ except urllib2.HTTPError, e:
+ print "ERROR: get_signature", e.read()
+ sys.exit(1)
+
+def create_signature(baseurl, data, key=None):
+ unpacked_signature = get_signature(baseurl, data, key)
return encode_signature(4, 3, unpacked_signature)
def check_sth_signature(baseurl, sth):
@@ -218,14 +226,14 @@ def check_sth_signature(baseurl, sth):
check_signature(baseurl, signature, tree_head)
-def create_sth_signature(tree_size, timestamp, root_hash, privatekey):
+def create_sth_signature(tree_size, timestamp, root_hash, baseurl, key=None):
version = struct.pack(">b", 0)
signature_type = struct.pack(">b", 1)
timestamp_packed = struct.pack(">Q", timestamp)
tree_size_packed = struct.pack(">Q", tree_size)
tree_head = version + signature_type + timestamp_packed + tree_size_packed + root_hash
- return create_signature(privatekey, tree_head)
+ return create_signature(baseurl, tree_head, key=key)
def check_sct_signature(baseurl, leafcert, sct):
publickey = base64.decodestring(publickeys[baseurl])
diff --git a/tools/merge.py b/tools/merge.py
index c9f99af..0996ec9 100755
--- a/tools/merge.py
+++ b/tools/merge.py
@@ -21,7 +21,7 @@ parser.add_argument("--baseurl", metavar="url", help="Base URL for CT server", r
parser.add_argument("--frontend", action="append", metavar="url", help="Base URL for frontend server", required=True)
parser.add_argument("--storage", action="append", metavar="url", help="Base URL for storage server", required=True)
parser.add_argument("--mergedb", metavar="dir", help="Merge database directory", required=True)
-parser.add_argument("--keyfile", metavar="keyfile", help="File containing log key", required=True)
+parser.add_argument("--signing", metavar="url", help="Base URL for signing server", required=True)
parser.add_argument("--own-keyname", metavar="keyname", help="The key name of the merge node", required=True)
parser.add_argument("--own-keyfile", metavar="keyfile", help="The file containing the private key of the merge node", required=True)
parser.add_argument("--nomerge", action='store_true', help="Don't actually do merge")
@@ -215,10 +215,9 @@ tree = build_merkle_tree(logorder)
tree_size = len(logorder)
root_hash = tree[-1][0]
timestamp = int(time.time() * 1000)
-privatekey = get_eckey_from_file(args.keyfile)
tree_head_signature = create_sth_signature(tree_size, timestamp,
- root_hash, privatekey)
+ root_hash, args.signing, key=own_key)
sth = {"tree_size": tree_size, "timestamp": timestamp,
"sha256_root_hash": base64.b64encode(root_hash),
diff --git a/tools/testcase1.py b/tools/testcase1.py
index c87e8eb..0c0f728 100755
--- a/tools/testcase1.py
+++ b/tools/testcase1.py
@@ -136,7 +136,7 @@ def get_and_check_entry(timestamp, chain, leaf_index):
len(submittedcertchain))
def merge():
- return subprocess.call(["./merge.py", "--baseurl", "https://127.0.0.1:8080/", "--frontend", "https://127.0.0.1:8082/", "--storage", "https://127.0.0.1:8081/", "--mergedb", "../rel/mergedb", "--keyfile", "../rel/test/eckey.pem", "--own-keyname", "merge-1", "--own-keyfile", "../rel/privatekeys/merge-1-private.pem"])
+ return subprocess.call(["./merge.py", "--baseurl", "https://127.0.0.1:8080/", "--frontend", "https://127.0.0.1:8082/", "--storage", "https://127.0.0.1:8081/", "--mergedb", "../rel/mergedb", "--signing", "https://127.0.0.1:8088/", "--own-keyname", "merge-1", "--own-keyfile", "../rel/privatekeys/merge-1-private.pem"])
print_and_check_tree_size(0)