summaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
Diffstat (limited to 'tools')
-rw-r--r--tools/certtools.py9
-rwxr-xr-xtools/compileconfig.py1
-rwxr-xr-xtools/storagegc.py66
3 files changed, 76 insertions, 0 deletions
diff --git a/tools/certtools.py b/tools/certtools.py
index ed8ab30..dfd5b24 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -15,6 +15,7 @@ import ecdsa
import datetime
import cStringIO
import zipfile
+import shutil
from certkeys import publickeys
def get_cert_info(s):
@@ -734,3 +735,11 @@ def extract_original_entry(entry):
leaf_cert = precert
certchain = decode_certificate_chain(extra_data)
return ([leaf_cert] + certchain, timestamp, issuer_key_hash)
+
+def mv_file(fromfn, tofn):
+ shutil.move(fromfn, tofn)
+
+def write_file(fn, sth):
+ tempname = fn + ".new"
+ open(tempname, 'w').write(json.dumps(sth))
+ mv_file(tempname, fn)
diff --git a/tools/compileconfig.py b/tools/compileconfig.py
index 1e1fa41..d493226 100755
--- a/tools/compileconfig.py
+++ b/tools/compileconfig.py
@@ -237,6 +237,7 @@ def gen_config(nodename, config, localconfig):
elif nodetype == "storagenodes":
plopconfig += [
(Symbol("newentries_path"), paths["db"] + "newentries"),
+ (Symbol("lastverifiednewentry_path"), paths["db"] + "lastverifiednewentry"),
]
if nodetype in ("frontendnodes", "storagenodes"):
plopconfig += [
diff --git a/tools/storagegc.py b/tools/storagegc.py
new file mode 100755
index 0000000..c13dcb5
--- /dev/null
+++ b/tools/storagegc.py
@@ -0,0 +1,66 @@
+#!/usr/bin/env python
+
+# Copyright (c) 2014, NORDUnet A/S.
+# See LICENSE for licensing information.
+
+import argparse
+import urllib2
+import urllib
+import json
+import base64
+import sys
+import yaml
+from certtools import *
+
+parser = argparse.ArgumentParser(description='')
+parser.add_argument('--config', help="System configuration", required=True)
+parser.add_argument('--localconfig', help="Local configuration", required=True)
+args = parser.parse_args()
+
+config = yaml.load(open(args.config))
+localconfig = yaml.load(open(args.localconfig))
+
+paths = localconfig["paths"]
+db_path = paths["db"]
+create_ssl_context(cafile=paths["https_cacertfile"])
+
+baseurl = config["baseurl"]
+
+sth = get_sth(baseurl)
+
+def verifyleafhash(leaf_hash):
+ try:
+ proof = get_proof_by_hash(baseurl, leaf_hash, sth["tree_size"])
+ except SystemExit:
+ return False
+
+ leaf_index = proof["leaf_index"]
+ inclusion_proof = [base64.b64decode(e) for e in proof["audit_path"]]
+
+ calc_root_hash = verify_inclusion_proof(inclusion_proof, leaf_index, sth["tree_size"], leaf_hash)
+
+ root_hash = base64.b64decode(sth["sha256_root_hash"])
+ if root_hash != calc_root_hash:
+ print "sth calculation incorrect:"
+ print base64.b16encode(root_hash)
+ print base64.b16encode(calc_root_hash)
+ sys.exit(1)
+
+ return True
+
+starttime = datetime.datetime.now()
+
+lastverified = (-1, None)
+
+try:
+ for i, line in enumerate(open(db_path + "newentries")):
+ leaf_hash = base64.b16decode(line.strip(), casefold=True)
+ result = verifyleafhash(leaf_hash)
+ if not result:
+ break
+ lastverified = {"index": i, "hash": base64.b16encode(leaf_hash).lower()}
+ if lastverified["index"] >= 0:
+ write_file(db_path + "lastverifiednewentry", lastverified)
+ print "lastverified", lastverified
+except KeyboardInterrupt:
+ pass