From 1075b68f287e957cd73c8cdb9517293b4c920eec Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Mon, 16 Mar 2015 10:06:42 +0100
Subject: Add submission of precerts

---
 tools/certtools.py  | 23 +++++++++++++++++++++++
 tools/submitcert.py |  8 +++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/tools/certtools.py b/tools/certtools.py
index 0e639f2..b0a1c97 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -61,6 +61,10 @@ def get_certs_from_string(s):
     f = cStringIO.StringIO(s)
     return get_pemlike_from_file(f, "CERTIFICATE")
 
+def get_precerts_from_string(s):
+    f = cStringIO.StringIO(s)
+    return get_pemlike_from_file(f, "PRECERTIFICATE")
+
 def get_eckey_from_file(keyfile):
     keys = get_pemlike(keyfile, "EC PRIVATE KEY")
     assert len(keys) == 1
@@ -137,6 +141,24 @@ def add_chain(baseurl, submission):
         print "========================"
         raise e
 
+def add_prechain(baseurl, submission):
+    try:
+        result = urllib2.urlopen(baseurl + "ct/v1/add-pre-chain",
+            json.dumps(submission)).read()
+        return json.loads(result)
+    except urllib2.HTTPError, e:
+        print "ERROR", e.code,":", e.read()
+        if e.code == 400:
+            return None
+        sys.exit(1)
+    except ValueError, e:
+        print "==== FAILED REQUEST ===="
+        print submission
+        print "======= RESPONSE ======="
+        print result
+        print "========================"
+        raise e
+
 def get_entries(baseurl, start, end):
     try:
         params = urllib.urlencode({"start":start, "end":end})
@@ -586,5 +608,6 @@ def verify_consistency_proof(consistency_proof, first, second, oldhash_input):
 
 def verify_inclusion_proof(inclusion_proof, index, treesize, leafhash):
     chain = zip([(index, 0)] + nodes_for_index(index, treesize), [leafhash] + inclusion_proof)
+    assert len(nodes_for_index(index, treesize)) == len(inclusion_proof)
     (_, hash) = reduce(lambda e1, e2: combine_two_hashes(e1, e2, treesize), chain)
     return hash
diff --git a/tools/submitcert.py b/tools/submitcert.py
index 9f0be67..1c79544 100755
--- a/tools/submitcert.py
+++ b/tools/submitcert.py
@@ -44,10 +44,16 @@ sth = get_sth(baseurl)
 def submitcert((certfile, cert)):
     timing = timing_point()
     certchain = get_certs_from_string(cert)
+    precerts = get_precerts_from_string(cert)
+    assert len(precerts) == 0 or len(precerts) == 1
+    precert = precerts[0] if precerts else None
     timing_point(timing, "readcerts")
 
     try:
-        result = add_chain(baseurl, {"chain":map(base64.b64encode, certchain)})
+        if precert:
+            result = add_prechain(baseurl, {"chain":map(base64.b64encode, [precert] + certchain)})
+        else:
+            result = add_chain(baseurl, {"chain":map(base64.b64encode, certchain)})
     except SystemExit:
         print "EXIT:", certfile
         select.select([], [], [], 1.0)
-- 
cgit v1.1