summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2014-10-27 14:37:48 +0100
committerMagnus Ahltorp <map@kth.se>2014-10-27 14:37:48 +0100
commit44f48b0f96aba0009bd43036eea443f07cec71b9 (patch)
treed419a3ef2d4da2cb8ff025a4f204f84b81c5e3bb
parent91e5b7f4b85cdbc399ccaa1bb1d813e0d829f3d5 (diff)
Added fetchallcerts.py
-rw-r--r--tools/certtools.py8
-rw-r--r--tools/fetchallcerts.py53
2 files changed, 61 insertions, 0 deletions
diff --git a/tools/certtools.py b/tools/certtools.py
index 7b901cf..16c2105 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -199,6 +199,14 @@ def pack_mtl(timestamp, leafcert):
merkle_tree_leaf = version + leaf_type + timestamped_entry
return merkle_tree_leaf
+def unpack_mtl(merkle_tree_leaf):
+ version = merkle_tree_leaf[0:1]
+ leaf_type = merkle_tree_leaf[1:2]
+ timestamped_entry = merkle_tree_leaf[2:]
+ (timestamp, entry_type) = struct.unpack(">QH", timestamped_entry[0:10])
+ (leafcert, rest_entry) = unpack_tls_array(timestamped_entry[10:], 3)
+ return (leafcert, timestamp)
+
def get_leaf_hash(merkle_tree_leaf):
leaf_hash = hashlib.sha256()
leaf_hash.update(struct.pack(">b", 0))
diff --git a/tools/fetchallcerts.py b/tools/fetchallcerts.py
new file mode 100644
index 0000000..801e296
--- /dev/null
+++ b/tools/fetchallcerts.py
@@ -0,0 +1,53 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2014, NORDUnet A/S.
+# See LICENSE for licensing information.
+
+import urllib2
+import urllib
+import json
+import base64
+import sys
+import struct
+import hashlib
+import itertools
+from certtools import *
+
+def extract_original_entry(entry):
+ leaf_input = base64.decodestring(entry["leaf_input"])
+ (leaf_cert, timestamp) = unpack_mtl(leaf_input)
+ extra_data = base64.decodestring(entry["extra_data"])
+ certchain = decode_certificate_chain(extra_data)
+ return [leaf_cert] + certchain
+
+def get_entries_wrapper(baseurl, start, end):
+ fetched_entries = []
+ while len(fetched_entries) < (end - start + 1):
+ print "fetching from", start + len(fetched_entries)
+ entries = get_entries(baseurl, start + len(fetched_entries), end)["entries"]
+ if len(entries) == 0:
+ break
+ fetched_entries.extend(entries)
+ return fetched_entries
+
+baseurl = sys.argv[1]
+destination_directory = sys.argv[2]
+
+sth = get_sth(baseurl)
+tree_size = sth["tree_size"]
+
+print tree_size
+
+entries = get_entries_wrapper(baseurl, 0, tree_size)
+
+print len(entries)
+
+for entry, i in zip(entries, range(0, len(entries))):
+ chain = extract_original_entry(entry)
+ f = open(destination_directory + "/" + ("%06d" % i), "w")
+ for cert in chain:
+ print >> f, "-----BEGIN CERTIFICATE-----"
+ print >> f, base64.encodestring(cert).rstrip()
+ print >> f, "-----END CERTIFICATE-----"
+ print >> f, ""