1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Copyright (c) 2017, NORDUnet A/S.
# See LICENSE for licensing information.
#
# Initialise a new CT log.
#
import sys
import os
import argparse
import errno
from time import time
from base64 import b64encode
from certtools import build_merkle_tree, write_file, generate_tree_head_signature
from mergetools import get_sth, perm, get_logorder, hexencode, parse_args
# TODO: Add a `--init-secondary' option too?
def main():
"""
Initialise a log, either from scratch or by promoting a secondary
merge node (--promote-secondary).
Refuse to do anything if there's an sth file present.
When initialising from scratch, do
- touch logorder
- write -1 to fetched
- write 0 to minsize
- create perm database if it doesn't exist
When promoting a secondary (--promote-secondary), do
- read logorder, let n = length of logorder
- write n-1 to fetched
- write n to minsize
- create perm database if it doesn't exist
"""
parser = argparse.ArgumentParser(description="")
parser.add_argument('--promote-secondary', action='store_true')
parser.add_argument('--config', help="System configuration",
required=True)
parser.add_argument('--localconfig', help="Local configuration",
required=True)
args, config, localconfig = parse_args(parser=parser)
paths = localconfig["paths"]
own_key = (localconfig["nodename"],
"%s/%s-private.pem" % (paths["privatekeys"],
localconfig["nodename"]))
mergedb = paths["db"]
sthfile = mergedb + "/sth"
logorderfile = mergedb + "/logorder"
currentsizefile = mergedb + "/fetched"
minsizefile = mergedb + "/minsize"
# Make sure that we can find our keyfile.
if not file_exists(own_key[1]):
print >>sys.stderr, "Unable to open keyfile: %s" % own_key[1]
return 1
# Don't do anything if there's already an sth file.
if file_exists(sthfile):
print >>sys.stderr, "This log already has an STH file: %s" % sthfile
print >>sys.stderr, "I refuse to destroy this log."
return 2
# Read or touch logorder.
if args.promote_secondary:
logorder = get_logorder(logorderfile)
size = len(logorder)
last_hash = logorder[size-1]
else:
if file_exists(logorderfile):
print >>sys.stderr, "This log already has logorder file: %s" % logorderfile
print >>sys.stderr, "I refuse to destroy this log."
return 3
open(logorderfile, "a").close()
size = 0
last_hash = ''
# Write fetched.
currentsize = {"index": size - 1, "hash": hexencode(last_hash)}
write_file(currentsizefile, currentsize)
# Write minsize.
minsize = {"size": size}
write_file(minsizefile, minsize)
# Create a chains database.
perm(localconfig.get("dbbackend", "filedb"), mergedb + "/chains")
return 0
def file_exists(path):
try:
os.stat(path)
except OSError, e:
if e.errno == errno.ENOENT:
return False
raise
return True
if __name__ == '__main__':
sys.exit(main())
|