Merge remote-tracking branch 'refs/remotes/map/compileconfig2'

Conflicts:
	.gitignore

1 files changed, 14 insertions, 3 deletions

diff --git a/tools/verifysct.py b/tools/verifysct.py
index 699a0ad..27ab4c9 100755
--- a/tools/verifysct.py
+++ b/tools/verifysct.py
@@ -34,8 +34,16 @@ def verifysct(sctentry):
     timing = timing_point()
 
     leafcert = base64.b64decode(sctentry["leafcert"])
+    if "issuer_key_hash" in sctentry:
+        issuer_key_hash = base64.b64decode(sctentry["issuer_key_hash"])
+    else:
+        issuer_key_hash = None
     try:
-        check_sct_signature(baseurl, leafcert, sctentry["sct"])
+        if issuer_key_hash:
+            signed_entry = pack_precert(leafcert, issuer_key_hash)
+        else:
+            signed_entry = pack_cert(leafcert)
+        check_sct_signature(baseurl, signed_entry, sctentry["sct"], precert=issuer_key_hash)
         timing_point(timing, "checksig")
     except AssertionError, e:
         print "ERROR:", e
@@ -47,7 +55,10 @@ def verifysct(sctentry):
         print "ERROR: bad signature"
         return (None, None)
 
-    merkle_tree_leaf = pack_mtl(sctentry["sct"]["timestamp"], leafcert)
+    if issuer_key_hash:
+        merkle_tree_leaf = pack_mtl_precert(sctentry["sct"]["timestamp"], leafcert, issuer_key_hash)
+    else:
+        merkle_tree_leaf = pack_mtl(sctentry["sct"]["timestamp"], leafcert)
 
     leaf_hash = get_leaf_hash(merkle_tree_leaf)
 
@@ -76,7 +87,7 @@ def verifysct(sctentry):
 p = Pool(args.parallel, lambda: signal.signal(signal.SIGINT, signal.SIG_IGN))
 
 sctfile = open(args.sct_file)
-scts = [json.loads(row) for row in sctfile]
+scts = (json.loads(row) for row in sctfile)
 
 nverified = 0
 lastprinted = 0