diff options
Diffstat (limited to 'tools')
-rw-r--r-- | tools/certtools.py | 9 | ||||
-rwxr-xr-x | tools/compileconfig.py | 1 | ||||
-rwxr-xr-x | tools/storagegc.py | 66 |
3 files changed, 76 insertions, 0 deletions
diff --git a/tools/certtools.py b/tools/certtools.py index ed8ab30..dfd5b24 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -15,6 +15,7 @@ import ecdsa import datetime import cStringIO import zipfile +import shutil from certkeys import publickeys def get_cert_info(s): @@ -734,3 +735,11 @@ def extract_original_entry(entry): leaf_cert = precert certchain = decode_certificate_chain(extra_data) return ([leaf_cert] + certchain, timestamp, issuer_key_hash) + +def mv_file(fromfn, tofn): + shutil.move(fromfn, tofn) + +def write_file(fn, sth): + tempname = fn + ".new" + open(tempname, 'w').write(json.dumps(sth)) + mv_file(tempname, fn) diff --git a/tools/compileconfig.py b/tools/compileconfig.py index 1e1fa41..d493226 100755 --- a/tools/compileconfig.py +++ b/tools/compileconfig.py @@ -237,6 +237,7 @@ def gen_config(nodename, config, localconfig): elif nodetype == "storagenodes": plopconfig += [ (Symbol("newentries_path"), paths["db"] + "newentries"), + (Symbol("lastverifiednewentry_path"), paths["db"] + "lastverifiednewentry"), ] if nodetype in ("frontendnodes", "storagenodes"): plopconfig += [ diff --git a/tools/storagegc.py b/tools/storagegc.py new file mode 100755 index 0000000..c13dcb5 --- /dev/null +++ b/tools/storagegc.py @@ -0,0 +1,66 @@ +#!/usr/bin/env python + +# Copyright (c) 2014, NORDUnet A/S. +# See LICENSE for licensing information. + +import argparse +import urllib2 +import urllib +import json +import base64 +import sys +import yaml +from certtools import * + +parser = argparse.ArgumentParser(description='') +parser.add_argument('--config', help="System configuration", required=True) +parser.add_argument('--localconfig', help="Local configuration", required=True) +args = parser.parse_args() + +config = yaml.load(open(args.config)) +localconfig = yaml.load(open(args.localconfig)) + +paths = localconfig["paths"] +db_path = paths["db"] +create_ssl_context(cafile=paths["https_cacertfile"]) + +baseurl = config["baseurl"] + +sth = get_sth(baseurl) + +def verifyleafhash(leaf_hash): + try: + proof = get_proof_by_hash(baseurl, leaf_hash, sth["tree_size"]) + except SystemExit: + return False + + leaf_index = proof["leaf_index"] + inclusion_proof = [base64.b64decode(e) for e in proof["audit_path"]] + + calc_root_hash = verify_inclusion_proof(inclusion_proof, leaf_index, sth["tree_size"], leaf_hash) + + root_hash = base64.b64decode(sth["sha256_root_hash"]) + if root_hash != calc_root_hash: + print "sth calculation incorrect:" + print base64.b16encode(root_hash) + print base64.b16encode(calc_root_hash) + sys.exit(1) + + return True + +starttime = datetime.datetime.now() + +lastverified = (-1, None) + +try: + for i, line in enumerate(open(db_path + "newentries")): + leaf_hash = base64.b16decode(line.strip(), casefold=True) + result = verifyleafhash(leaf_hash) + if not result: + break + lastverified = {"index": i, "hash": base64.b16encode(leaf_hash).lower()} + if lastverified["index"] >= 0: + write_file(db_path + "lastverifiednewentry", lastverified) + print "lastverified", lastverified +except KeyboardInterrupt: + pass |