#!/usr/bin/env python import urllib2 import urllib import json import base64 import sys import struct import hashlib from certtools import * baseurl = sys.argv[1] certfile = sys.argv[2] lookup_in_log = True publickeys = { "https://ct.googleapis.com/pilot/": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTD" "M0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==", "https://127.0.0.1:8080/": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4qWq6afhBUi0OdcWUYhyJLNXTkGqQ9" "PMS5lqoCgkV2h1ZvpNjBH2u8UbgcOQwqDo66z6BWQJGolozZYmNHE2kQ==", "https://flimsy.ct.nordu.net/": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4qWq6afhBUi0OdcWUYhyJLNXTkGqQ9" "PMS5lqoCgkV2h1ZvpNjBH2u8UbgcOQwqDo66z6BWQJGolozZYmNHE2kQ==", } certs = get_certs_from_file(certfile) result = add_chain(baseurl, {"chain":certs}) print result publickey = base64.decodestring(publickeys[baseurl]) check_signature(publickey, base64.decodestring(certs[0]), result) for cert in certs: print get_cert_info(base64.decodestring(cert)) if lookup_in_log: last_issuer = get_cert_info(base64.decodestring(certs[-1]))["issuer"] last_subject = get_cert_info(base64.decodestring(certs[-1]))["subject"] entry_type = struct.pack(">H", 0) extensions = "" timestamped_entry = struct.pack(">Q", result["timestamp"]) + entry_type + \ tls_array(base64.decodestring(certs[0]), 3) + tls_array(extensions, 2) version = struct.pack(">b", 0) leaf_type = struct.pack(">b", 0) merkle_tree_leaf = version + leaf_type + timestamped_entry print "merkle_tree_leaf:", base64.b64encode(merkle_tree_leaf) leaf_hash = hashlib.sha256() leaf_hash.update(struct.pack(">b", 0)) leaf_hash.update(merkle_tree_leaf) print base64.b64encode(leaf_hash.digest()) sth = get_sth(baseurl) print sth proof = get_proof_by_hash(baseurl, leaf_hash.digest(), sth["tree_size"]) print proof leaf_index = proof["leaf_index"] entries = get_entries(baseurl, leaf_index, leaf_index) fetched_entry = entries["entries"][0] print fetched_entry print "does the leaf_input of the fetched entry match what we calculated:", \ base64.decodestring(fetched_entry["leaf_input"]) == merkle_tree_leaf extra_data = fetched_entry["extra_data"] certchain = decode_certificate_chain(base64.decodestring(extra_data)) print [base64.b64encode(cert) for cert in certchain]