summaryrefslogtreecommitdiff
path: root/tools/fetchallcerts.py
blob: 2276e6849eae6b543b9f0f4e1256e0bc233ad1c9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

#!/usr/bin/env python
# -*- coding: utf-8 -*-

# Copyright (c) 2014, NORDUnet A/S.
# See LICENSE for licensing information.

import argparse
import urllib2
import urllib
import json
import base64
import sys
import struct
import hashlib
import itertools
from certtools import *

parser = argparse.ArgumentParser(description='')
parser.add_argument('baseurl', help="Base URL for CT server")
parser.add_argument('--store', default=None, metavar="dir", help='Store certificates in directory dir')
parser.add_argument('--start', default=0, metavar="n", type=int, help='Start at index n')
parser.add_argument('--verify', action='store_true', help='Verify STH')
args = parser.parse_args()

def extract_original_entry(entry):
    leaf_input =  base64.decodestring(entry["leaf_input"])
    (leaf_cert, timestamp) = unpack_mtl(leaf_input)
    extra_data = base64.decodestring(entry["extra_data"])
    certchain = decode_certificate_chain(extra_data)
    return [leaf_cert] + certchain

def get_entries_wrapper(baseurl, start, end):
    fetched_entries = 0
    while start + fetched_entries < (end + 1):
        print "fetching from", start + fetched_entries
        entries = get_entries(baseurl, start + fetched_entries, end)["entries"]
        if len(entries) == 0:
            break
        for entry in entries:
            fetched_entries += 1
            yield entry

def print_layer(layer):
    for entry in layer:
        print base64.b16encode(entry)

sth = get_sth(args.baseurl)
tree_size = sth["tree_size"]
root_hash = base64.decodestring(sth["sha256_root_hash"])

print "tree size", tree_size
print "root hash", base64.b16encode(root_hash)

entries = get_entries_wrapper(args.baseurl, args.start, tree_size - 1)

if args.verify:
    layer0 = [get_leaf_hash(base64.decodestring(entry["leaf_input"])) for entry in entries]

    tree = build_merkle_tree(layer0)

    calculated_root_hash = tree[-1][0]

    print "calculated root hash", base64.b16encode(calculated_root_hash)

    if calculated_root_hash != root_hash:
        print "fetched root hash and calculated root hash different, aborting"
        sys.exit(1)

elif args.store:
    for entry, i in itertools.izip(entries, itertools.count(args.start)):
        try:
            chain = extract_original_entry(entry)
            f = open(args.store + "/" + ("%08d" % i), "w")
            for cert in chain:
                print >> f, "-----BEGIN CERTIFICATE-----"
                print >> f, base64.encodestring(cert).rstrip()
                print >> f, "-----END CERTIFICATE-----"
                print >> f, ""
        except AssertionError:
            print "error for cert", i
generated by cgit v1.1 at 2024-12-26 06:20:19 +0000