#!/usr/bin/env python # -*- coding: utf-8 -*- # # Copyright (c) 2016, NORDUnet A/S. # See LICENSE for licensing information. # # Initialise a new CT log. # import sys import os import argparse import yaml import errno from time import time from base64 import b64encode from certtools import build_merkle_tree, generate_tree_head_signature, \ write_file from mergetools import get_sth def parse_args(): parser = argparse.ArgumentParser(description="") parser.add_argument('--config', help="System configuration", required=True) parser.add_argument('--localconfig', help="Local configuration", required=True) args = parser.parse_args() config = yaml.load(open(args.config)) localconfig = yaml.load(open(args.localconfig)) return (args, config, localconfig) def main(): """ """ args, config, localconfig = parse_args() signingnodes = config["signingnodes"] paths = localconfig["paths"] own_key = (localconfig["nodename"], "%s/%s-private.pem" % (paths["privatekeys"], localconfig["nodename"])) mergedb = paths["mergedb"] sthfile = mergedb + "/sth" sth = get_sth(sthfile) if sth['tree_size'] >= 0: print >>sys.stderr, \ "This log has an STH file with tree size %s." % sth['tree_size'] print >>sys.stderr, "I refuse to destroy this log." return 1 try: os.stat(own_key[1]) except OSError, e: if e.errno == errno.ENOENT: print >>sys.stderr, "Unable to open keyfile: %s" % own_key[1] return 1 raise tree_size = 0 timestamp = int(time() * 1000) root_hash = build_merkle_tree('')[-1][0] tree_head_signature = \ generate_tree_head_signature(signingnodes, own_key, tree_size, timestamp, root_hash) if tree_head_signature == None: return 1 sth = {"tree_size": 0, "timestamp": timestamp, "sha256_root_hash": b64encode(root_hash), "tree_head_signature": b64encode(tree_head_signature)} write_file(sthfile, sth) return 0 if __name__ == '__main__': sys.exit(main())