summaryrefslogtreecommitdiff
path: root/tools/submitcert.py
blob: 702ffb387cd036bb7b9357b93c96d8f1de9f3e2b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

#!/usr/bin/env python
import urllib2
import urllib
import json
import base64
import sys
import struct
import hashlib
from certtools import *

baseurl = sys.argv[1]
certfile = sys.argv[2]

lookup_in_log = True

publickeys = {
    "https://ct.googleapis.com/pilot/":
    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTD"
    "M0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==",

    "https://127.0.0.1:8080/":
    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4qWq6afhBUi0OdcWUYhyJLNXTkGqQ9"
    "PMS5lqoCgkV2h1ZvpNjBH2u8UbgcOQwqDo66z6BWQJGolozZYmNHE2kQ==",

    "https://flimsy.ct.nordu.net/":
    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4qWq6afhBUi0OdcWUYhyJLNXTkGqQ9"
    "PMS5lqoCgkV2h1ZvpNjBH2u8UbgcOQwqDo66z6BWQJGolozZYmNHE2kQ==",
}


certs = get_certs_from_file(certfile)

result = add_chain(baseurl, {"chain":certs})

print result

publickey = base64.decodestring(publickeys[baseurl])

check_signature(publickey, base64.decodestring(certs[0]), result)

for cert in certs:
    print get_cert_info(base64.decodestring(cert))

if lookup_in_log:
    last_issuer = get_cert_info(base64.decodestring(certs[-1]))["issuer"]
    last_subject = get_cert_info(base64.decodestring(certs[-1]))["subject"]

    entry_type = struct.pack(">H", 0)

    extensions = ""

    timestamped_entry = struct.pack(">Q", result["timestamp"]) + entry_type + \
      tls_array(base64.decodestring(certs[0]), 3) + tls_array(extensions, 2)
    version = struct.pack(">b", 0)
    leaf_type = struct.pack(">b", 0)
    merkle_tree_leaf = version + leaf_type + timestamped_entry

    print "merkle_tree_leaf:", base64.b64encode(merkle_tree_leaf)

    leaf_hash = hashlib.sha256()
    leaf_hash.update(struct.pack(">b", 0))
    leaf_hash.update(merkle_tree_leaf)

    print base64.b64encode(leaf_hash.digest())

    sth = get_sth(baseurl)
    print sth

    proof = get_proof_by_hash(baseurl, leaf_hash.digest(), sth["tree_size"])

    print proof

    leaf_index = proof["leaf_index"]

    entries = get_entries(baseurl, leaf_index, leaf_index)

    fetched_entry = entries["entries"][0]

    print fetched_entry

    print "does the leaf_input of the fetched entry match what we calculated:", \
      base64.decodestring(fetched_entry["leaf_input"]) == merkle_tree_leaf

    extra_data = fetched_entry["extra_data"]

    certchain = decode_certificate_chain(base64.decodestring(extra_data))

    print [base64.b64encode(cert) for cert in certchain]
generated by cgit v1.1 at 2024-10-06 06:23:49 +0000