summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2015-02-09 17:23:13 +0100
committerMagnus Ahltorp <map@kth.se>2015-02-09 17:23:13 +0100
commitf2222868f5fc4c3d962048ff3f4bc39fa2d9b64c (patch)
treeb6bd4ec0303f450fffcd908cc09754ada9d1c8a5
parent20a4a3357fcf14706e39b8c3f29af05618613f04 (diff)
submitcert.py: handle .zip files
-rw-r--r--tools/certtools.py10
-rwxr-xr-xtools/submitcert.py51
2 files changed, 48 insertions, 13 deletions
diff --git a/tools/certtools.py b/tools/certtools.py
index f6c1cd9..428d623 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -11,6 +11,7 @@ import sys
import hashlib
import ecdsa
import datetime
+import cStringIO
publickeys = {
"https://ct.googleapis.com/pilot/":
@@ -44,11 +45,14 @@ def get_cert_info(s):
def get_pemlike(filename, marker):
+ return get_pemlike_from_file(open(filename), marker)
+
+def get_pemlike_from_file(f, marker):
entries = []
entry = ""
inentry = False
- for line in open(filename):
+ for line in f:
line = line.strip()
if line == "-----BEGIN " + marker + "-----":
entry = ""
@@ -63,6 +67,10 @@ def get_pemlike(filename, marker):
def get_certs_from_file(certfile):
return get_pemlike(certfile, "CERTIFICATE")
+def get_certs_from_string(s):
+ f = cStringIO.StringIO(s)
+ return get_pemlike_from_file(f, "CERTIFICATE")
+
def get_eckey_from_file(keyfile):
keys = get_pemlike(keyfile, "EC PRIVATE KEY")
assert len(keys) == 1
diff --git a/tools/submitcert.py b/tools/submitcert.py
index 1b87b53..04b6ebe 100755
--- a/tools/submitcert.py
+++ b/tools/submitcert.py
@@ -15,6 +15,7 @@ from certtools import *
import os
import signal
import select
+import zipfile
from multiprocessing import Pool
@@ -29,13 +30,13 @@ if certfilepath[-1] == "/":
else:
certfiles = [certfilepath]
-def submitcert(certfile):
+def submitcert((certfile, cert)):
timing = timing_point()
- certs = get_certs_from_file(certfile)
+ certchain = get_certs_from_string(cert)
timing_point(timing, "readcerts")
try:
- result = add_chain(baseurl, {"chain":map(base64.b64encode, certs)})
+ result = add_chain(baseurl, {"chain":map(base64.b64encode, certchain)})
except SystemExit:
print "EXIT:", certfile
select.select([], [], [], 1.0)
@@ -49,7 +50,7 @@ def submitcert(certfile):
try:
if check_sig:
- check_sct_signature(baseurl, certs[0], result)
+ check_sct_signature(baseurl, certchain[0], result)
timing_point(timing, "checksig")
except AssertionError, e:
print "ERROR:", certfile, e
@@ -63,7 +64,7 @@ def submitcert(certfile):
if lookup_in_log:
- merkle_tree_leaf = pack_mtl(result["timestamp"], certs[0])
+ merkle_tree_leaf = pack_mtl(result["timestamp"], certchain[0])
leaf_hash = get_leaf_hash(merkle_tree_leaf)
@@ -84,14 +85,14 @@ def submitcert(certfile):
certchain = decode_certificate_chain(base64.decodestring(extra_data))
- submittedcertchain = certs[1:]
+ submittedcertchain = certchain[1:]
for (submittedcert, fetchedcert, i) in zip(submittedcertchain,
certchain, itertools.count(1)):
print "cert", i, "in chain is the same:", submittedcert == fetchedcert
if len(certchain) == len(submittedcertchain) + 1:
- last_issuer = get_cert_info(certs[-1])["issuer"]
+ last_issuer = get_cert_info(certchain[-1])["issuer"]
root_subject = get_cert_info(certchain[-1])["subject"]
print "issuer of last cert in submitted chain and " \
"subject of last cert in fetched chain is the same:", \
@@ -105,20 +106,46 @@ def submitcert(certfile):
timing_point(timing, "lookup")
return timing["deltatimes"]
+def get_ncerts(certfiles):
+ n = 0
+ for certfile in certfiles:
+ if certfile.endswith(".zip"):
+ zf = zipfile.ZipFile(certfile)
+ n += len(zf.namelist())
+ zf.close()
+ else:
+ n += 1
+ return n
+
+def get_all_certificates(certfiles):
+ for certfile in certfiles:
+ if certfile.endswith(".zip"):
+ zf = zipfile.ZipFile(certfile)
+ for name in zf.namelist():
+ yield (name, zf.read(name))
+ zf.close()
+ else:
+ yield (certfile, open(certfile).read())
+
p = Pool(16, lambda: signal.signal(signal.SIGINT, signal.SIG_IGN))
nsubmitted = 0
lastprinted = 0
-starttime = datetime.datetime.now()
-print len(certfiles), "certs"
+ncerts = get_ncerts(certfiles)
-submitcert(certfiles[0])
+print ncerts, "certs"
+
+certs = get_all_certificates(certfiles)
+
+submitcert(certs.next())
nsubmitted += 1
select.select([], [], [], 3.0)
+starttime = datetime.datetime.now()
+
try:
- for timing in p.imap_unordered(submitcert, certfiles[1:]):
+ for timing in p.imap_unordered(submitcert, certs):
if timing == None:
print "error"
print "submitted", nsubmitted
@@ -129,7 +156,7 @@ try:
deltatime = datetime.datetime.now() - starttime
deltatime_f = deltatime.seconds + deltatime.microseconds / 1000000.0
rate = nsubmitted / deltatime_f
- if nsubmitted > lastprinted + len(certfiles) / 10:
+ if nsubmitted > lastprinted + ncerts / 10:
print nsubmitted, "rate %.1f" % rate
lastprinted = nsubmitted
#print timing, "rate %.1f" % rate