From 8a40d214037d6a9169a262d14016e8b44d898b04 Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Fri, 26 Sep 2014 17:14:08 +0200
Subject: Added basic system test

---
 tools/certtools.py | 49 ++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 36 insertions(+), 13 deletions(-)

(limited to 'tools/certtools.py')

diff --git a/tools/certtools.py b/tools/certtools.py
index fe345cd..a62d58f 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -100,11 +100,19 @@ def unpack_tls_array(packed_data, length_len):
 
 def add_chain(baseurl, submission):
     try:
-        return json.loads(urllib2.urlopen(baseurl + "ct/v1/add-chain",
-                                          json.dumps(submission)).read())
+        result = urllib2.urlopen(baseurl + "ct/v1/add-chain",
+            json.dumps(submission)).read()
+        return json.loads(result)
     except urllib2.HTTPError, e:
         print "ERROR:", e.read()
         sys.exit(1)
+    except ValueError, e:
+        print "==== FAILED REQUEST ===="
+        print submission
+        print "======= RESPONSE ======="
+        print result
+        print "========================"
+        raise e
 
 def get_entries(baseurl, start, end):
     try:
@@ -131,7 +139,31 @@ def decode_signature(signature):
     assert rest == ""
     return (hash_alg, signature_alg, unpacked_signature)
 
-def check_signature(baseurl, leafcert, sct):
+def check_signature(baseurl, signature, data):
+    publickey = base64.decodestring(publickeys[baseurl])
+    (hash_alg, signature_alg, unpacked_signature) = decode_signature(signature)
+    assert hash_alg == 4, \
+        "hash_alg is %d, expected 4" % (hash_alg,) # sha256
+    assert signature_alg == 3, \
+        "signature_alg is %d, expected 3" % (signature_alg,) # ecdsa
+
+    vk = ecdsa.VerifyingKey.from_der(publickey)
+    vk.verify(unpacked_signature, data, hashfunc=hashlib.sha256,
+              sigdecode=ecdsa.util.sigdecode_der)
+
+def check_sth_signature(baseurl, sth):
+    signature = base64.decodestring(sth["tree_head_signature"])
+
+    version = struct.pack(">b", 0)
+    signature_type = struct.pack(">b", 1)
+    timestamp = struct.pack(">Q", sth["timestamp"])
+    tree_size = struct.pack(">Q", sth["tree_size"])
+    hash = base64.decodestring(sth["sha256_root_hash"])
+    tree_head = version + signature_type + timestamp + tree_size + hash
+
+    check_signature(baseurl, signature, tree_head)
+
+def check_sct_signature(baseurl, leafcert, sct):
     publickey = base64.decodestring(publickeys[baseurl])
     calculated_logid = hashlib.sha256(publickey).digest()
     received_logid = base64.decodestring(sct["id"])
@@ -150,16 +182,7 @@ def check_signature(baseurl, leafcert, sct):
       entry_type + tls_array(leafcert, 3) + \
       tls_array(base64.decodestring(sct["extensions"]), 2)
 
-    (hash_alg, signature_alg, unpacked_signature) = decode_signature(signature)
-    assert hash_alg == 4 # sha256
-    assert signature_alg == 3 # ecdsa
-
-    hash = hashlib.sha256()
-    hash.update(signed_struct)
-
-    vk = ecdsa.VerifyingKey.from_der(publickey)
-    vk.verify(unpacked_signature, signed_struct, hashfunc=hashlib.sha256,
-              sigdecode=ecdsa.util.sigdecode_der)
+    check_signature(baseurl, signature, signed_struct)
 
 def pack_mtl(timestamp, leafcert):
     entry_type = struct.pack(">H", 0)
-- 
cgit v1.1