From 74a4460cba73877830b73742be76cd2bf0d5f47b Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Thu, 19 Feb 2015 16:23:25 +0100
Subject: Added verification of consistency proofs

---
 tools/fetchallcerts.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'tools/fetchallcerts.py')

diff --git a/tools/fetchallcerts.py b/tools/fetchallcerts.py
index 866bb43..39ffd64 100755
--- a/tools/fetchallcerts.py
+++ b/tools/fetchallcerts.py
@@ -168,6 +168,12 @@ else:
 
 print "calculated root hash", base64.b16encode(calculated_root_hash)
 
+if oldsth and oldsth["tree_size"] > 0 and oldsth["tree_size"] != tree_size:
+    consistency_proof = [base64.decodestring(entry) for entry in get_consistency_proof(args.baseurl, oldsth["tree_size"], tree_size)]
+    (old_treehead, new_treehead) = verify_consistency_proof(consistency_proof, oldsth["tree_size"], tree_size)
+    assert old_treehead == base64.b64decode(oldsth["sha256_root_hash"])
+    assert new_treehead == base64.b64decode(sth["sha256_root_hash"])
+
 if calculated_root_hash != root_hash:
     print "fetched root hash and calculated root hash different"
     sys.exit(1)
-- 
cgit v1.1