From 0a76e4d080a8349456d04434dcb2d4b381eb8ec4 Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Wed, 18 Mar 2015 14:27:18 +0100
Subject: Added precert handling for SCT calculation

---
 tools/verifysct.py | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

(limited to 'tools/verifysct.py')

diff --git a/tools/verifysct.py b/tools/verifysct.py
index 699a0ad..27ab4c9 100755
--- a/tools/verifysct.py
+++ b/tools/verifysct.py
@@ -34,8 +34,16 @@ def verifysct(sctentry):
     timing = timing_point()
 
     leafcert = base64.b64decode(sctentry["leafcert"])
+    if "issuer_key_hash" in sctentry:
+        issuer_key_hash = base64.b64decode(sctentry["issuer_key_hash"])
+    else:
+        issuer_key_hash = None
     try:
-        check_sct_signature(baseurl, leafcert, sctentry["sct"])
+        if issuer_key_hash:
+            signed_entry = pack_precert(leafcert, issuer_key_hash)
+        else:
+            signed_entry = pack_cert(leafcert)
+        check_sct_signature(baseurl, signed_entry, sctentry["sct"], precert=issuer_key_hash)
         timing_point(timing, "checksig")
     except AssertionError, e:
         print "ERROR:", e
@@ -47,7 +55,10 @@ def verifysct(sctentry):
         print "ERROR: bad signature"
         return (None, None)
 
-    merkle_tree_leaf = pack_mtl(sctentry["sct"]["timestamp"], leafcert)
+    if issuer_key_hash:
+        merkle_tree_leaf = pack_mtl_precert(sctentry["sct"]["timestamp"], leafcert, issuer_key_hash)
+    else:
+        merkle_tree_leaf = pack_mtl(sctentry["sct"]["timestamp"], leafcert)
 
     leaf_hash = get_leaf_hash(merkle_tree_leaf)
 
@@ -76,7 +87,7 @@ def verifysct(sctentry):
 p = Pool(args.parallel, lambda: signal.signal(signal.SIGINT, signal.SIG_IGN))
 
 sctfile = open(args.sct_file)
-scts = [json.loads(row) for row in sctfile]
+scts = (json.loads(row) for row in sctfile)
 
 nverified = 0
 lastprinted = 0
-- 
cgit v1.1