summaryrefslogtreecommitdiff
path: root/tools/submitcert.py
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2014-10-29 15:59:10 +0100
committerLinus Nordberg <linus@nordberg.se>2014-10-29 15:59:10 +0100
commitd79c260758e7544dd46de2adfad85d1c0bee859b (patch)
treeb580925a77d14eaf1722b410bd0dabd795191a2e /tools/submitcert.py
parent5a10cf6fa6fff3cbca3340a7c75120603bda18ca (diff)
parent87e02103ea3f47b825b415c415f7d2940d009b42 (diff)
Merge remote-tracking branch 'refs/remotes/map/external-merge3' into merging-external-merge
Conflicts: src/v1.erl tools/merge.py tools/testcase1.py
Diffstat (limited to 'tools/submitcert.py')
-rwxr-xr-xtools/submitcert.py104
1 files changed, 64 insertions, 40 deletions
diff --git a/tools/submitcert.py b/tools/submitcert.py
index 4f1609c..80a3e37 100755
--- a/tools/submitcert.py
+++ b/tools/submitcert.py
@@ -12,63 +12,87 @@ import struct
import hashlib
import itertools
from certtools import *
+import os
+
+from multiprocessing import Pool
baseurl = sys.argv[1]
-certfile = sys.argv[2]
+certfilepath = sys.argv[2]
+
+lookup_in_log = False
+check_sig = False
+
+if certfilepath[-1] == "/":
+ certfiles = [certfilepath + filename for filename in sorted(os.listdir(certfilepath))]
+else:
+ certfiles = [certfilepath]
+
+def submitcert(certfile):
+ timing = timing_point()
+ certs = get_certs_from_file(certfile)
+ timing_point(timing, "readcerts")
+
+ result = add_chain(baseurl, {"chain":map(base64.b64encode, certs)})
+
+ timing_point(timing, "addchain")
+
+ try:
+ if check_sig:
+ check_sct_signature(baseurl, certs[0], result)
+ timing_point(timing, "checksig")
+ except AssertionError, e:
+ print "ERROR:", e
+ sys.exit(1)
+ except ecdsa.keys.BadSignatureError, e:
+ print "ERROR: bad signature"
+ sys.exit(1)
-lookup_in_log = True
+ if lookup_in_log:
-certs = get_certs_from_file(certfile)
+ merkle_tree_leaf = pack_mtl(result["timestamp"], certs[0])
-result = add_chain(baseurl, {"chain":map(base64.b64encode, certs)})
+ leaf_hash = get_leaf_hash(merkle_tree_leaf)
-try:
- check_sct_signature(baseurl, certs[0], result)
-except AssertionError, e:
- print "ERROR:", e
- sys.exit(1)
-except ecdsa.keys.BadSignatureError, e:
- print "ERROR: bad signature"
- sys.exit(1)
-print "signature check succeeded"
+ sth = get_sth(baseurl)
-if lookup_in_log:
+ proof = get_proof_by_hash(baseurl, leaf_hash, sth["tree_size"])
- merkle_tree_leaf = pack_mtl(result["timestamp"], certs[0])
+ leaf_index = proof["leaf_index"]
- leaf_hash = get_leaf_hash(merkle_tree_leaf)
+ entries = get_entries(baseurl, leaf_index, leaf_index)
- sth = get_sth(baseurl)
+ fetched_entry = entries["entries"][0]
- proof = get_proof_by_hash(baseurl, leaf_hash, sth["tree_size"])
+ print "does the leaf_input of the fetched entry match what we calculated:", \
+ base64.decodestring(fetched_entry["leaf_input"]) == merkle_tree_leaf
- leaf_index = proof["leaf_index"]
+ extra_data = fetched_entry["extra_data"]
- entries = get_entries(baseurl, leaf_index, leaf_index)
+ certchain = decode_certificate_chain(base64.decodestring(extra_data))
- fetched_entry = entries["entries"][0]
+ submittedcertchain = certs[1:]
- print "does the leaf_input of the fetched entry match what we calculated:", \
- base64.decodestring(fetched_entry["leaf_input"]) == merkle_tree_leaf
+ for (submittedcert, fetchedcert, i) in zip(submittedcertchain,
+ certchain, itertools.count(1)):
+ print "cert", i, "in chain is the same:", submittedcert == fetchedcert
- extra_data = fetched_entry["extra_data"]
+ if len(certchain) == len(submittedcertchain) + 1:
+ last_issuer = get_cert_info(certs[-1])["issuer"]
+ root_subject = get_cert_info(certchain[-1])["subject"]
+ print "issuer of last cert in submitted chain and " \
+ "subject of last cert in fetched chain is the same:", \
+ last_issuer == root_subject
+ elif len(certchain) == len(submittedcertchain):
+ print "cert chains are the same length"
+ else:
+ print "ERROR: fetched cert chain has length", len(certchain),
+ print "and submitted chain has length", len(submittedcertchain)
- certchain = decode_certificate_chain(base64.decodestring(extra_data))
+ timing_point(timing, "lookup")
+ return timing["deltatimes"]
- submittedcertchain = certs[1:]
+p = Pool(1)
- for (submittedcert, fetchedcert, i) in zip(submittedcertchain,
- certchain, itertools.count(1)):
- print "cert", i, "in chain is the same:", submittedcert == fetchedcert
+for timing in p.imap_unordered(submitcert, certfiles):
+ print timing
- if len(certchain) == len(submittedcertchain) + 1:
- last_issuer = get_cert_info(certs[-1])["issuer"]
- root_subject = get_cert_info(certchain[-1])["subject"]
- print "issuer of last cert in submitted chain and " \
- "subject of last cert in fetched chain is the same:", \
- last_issuer == root_subject
- elif len(certchain) == len(submittedcertchain):
- print "cert chains are the same length"
- else:
- print "ERROR: fetched cert chain has length", len(certchain),
- print "and submitted chain has length", len(submittedcertchain)