diff options
Diffstat (limited to 'tools/initlog.py')
-rwxr-xr-x | tools/initlog.py | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/tools/initlog.py b/tools/initlog.py new file mode 100755 index 0000000..270ebc5 --- /dev/null +++ b/tools/initlog.py @@ -0,0 +1,79 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# +# Copyright (c) 2016, NORDUnet A/S. +# See LICENSE for licensing information. +# +# Initialise a new CT log. +# + +import sys +import os +import argparse +import yaml +import errno +from time import time +from base64 import b64encode +from certtools import build_merkle_tree, generate_tree_head_signature, \ + write_file +from mergetools import get_sth + +def parse_args(): + parser = argparse.ArgumentParser(description="") + parser.add_argument('--config', help="System configuration", + required=True) + parser.add_argument('--localconfig', help="Local configuration", + required=True) + + args = parser.parse_args() + config = yaml.load(open(args.config)) + localconfig = yaml.load(open(args.localconfig)) + + return (args, config, localconfig) + +def main(): + """ + """ + args, config, localconfig = parse_args() + signingnodes = config["signingnodes"] + paths = localconfig["paths"] + own_key = (localconfig["nodename"], + "%s/%s-private.pem" % (paths["privatekeys"], + localconfig["nodename"])) + mergedb = paths["mergedb"] + sthfile = mergedb + "/sth" + + sth = get_sth(sthfile) + if sth['tree_size'] >= 0: + print >>sys.stderr, \ + "This log has an STH file with tree size %s." % sth['tree_size'] + print >>sys.stderr, "I refuse to destroy this log." + return 1 + + try: + os.stat(own_key[1]) + except OSError, e: + if e.errno == errno.ENOENT: + print >>sys.stderr, "Unable to open keyfile: %s" % own_key[1] + return 1 + raise + + tree_size = 0 + timestamp = int(time() * 1000) + root_hash = build_merkle_tree('')[-1][0] + tree_head_signature = \ + generate_tree_head_signature(signingnodes, own_key, + tree_size, timestamp, root_hash) + if tree_head_signature == None: + return 1 + + sth = {"tree_size": 0, + "timestamp": timestamp, + "sha256_root_hash": b64encode(root_hash), + "tree_head_signature": b64encode(tree_head_signature)} + + write_file(sthfile, sth) + return 0 + +if __name__ == '__main__': + sys.exit(main()) |