1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
#!/usr/bin/env python
import urllib2
import urllib
import json
import base64
import sys
import struct
import hashlib
from certtools import *
baseurl = sys.argv[1]
certfile = sys.argv[2]
lookup_in_log = True
certs = get_certs_from_file(certfile)
result = add_chain(baseurl, {"chain":certs})
print result
for cert in certs:
print get_cert_info(base64.decodestring(cert))
if lookup_in_log:
last_issuer = get_cert_info(base64.decodestring(certs[-1]))["issuer"]
last_subject = get_cert_info(base64.decodestring(certs[-1]))["subject"]
entry_type = struct.pack(">H", 0)
extensions = ""
timestamped_entry = struct.pack(">Q", result["timestamp"]) + entry_type + \
tls_array(base64.decodestring(certs[0]), 3) + tls_array(extensions, 2)
version = struct.pack(">b", 0)
leaf_type = struct.pack(">b", 0)
merkle_tree_leaf = version + leaf_type + timestamped_entry
print "merkle_tree_leaf:", base64.b64encode(merkle_tree_leaf)
leaf_hash = hashlib.sha256()
leaf_hash.update(struct.pack(">b", 0))
leaf_hash.update(merkle_tree_leaf)
print base64.b64encode(leaf_hash.digest())
sth = get_sth(baseurl)
print sth
proof = get_proof_by_hash(baseurl, leaf_hash.digest(), sth["tree_size"])
print proof
leaf_index = proof["leaf_index"]
entries = get_entries(baseurl, leaf_index, leaf_index)
fetched_entry = entries["entries"][0]
print fetched_entry
print "does the leaf_input of the fetched entry match what we calculated:", \
base64.decodestring(fetched_entry["leaf_input"]) == merkle_tree_leaf
extra_data = fetched_entry["extra_data"]
certchain = decode_certificate_chain(base64.decodestring(extra_data))
print [base64.b64encode(cert) for cert in certchain]
|
