summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2014-09-24 01:14:19 +0200
committerMagnus Ahltorp <map@kth.se>2014-09-24 01:14:19 +0200
commitd8ae32fbd31b1f2239cc22b6a0cd0098329a0fa7 (patch)
treea5da67a39fc5c890e8a2687a0b3dc7de64f13ef8
parent8904fb9e379aacfff6adcd3001aad3427b9a5fe7 (diff)
submitcert.py: Get submitted entry from log and compare
-rw-r--r--tools/certtools.py34
-rwxr-xr-xtools/submitcert.py18
2 files changed, 49 insertions, 3 deletions
diff --git a/tools/certtools.py b/tools/certtools.py
index fa7f6ac..0a482e3 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -25,7 +25,7 @@ def get_certs_from_file(certfile):
certs = []
cert = ""
incert = False
-
+
for line in open(certfile):
line = line.strip()
if line == "-----BEGIN CERTIFICATE-----":
@@ -41,7 +41,7 @@ def get_certs_from_file(certfile):
def get_root_cert(issuer):
accepted_certs = \
json.loads(open("googlelog-accepted-certs.txt").read())["certificates"]
-
+
root_cert = None
for accepted_cert in accepted_certs:
@@ -63,7 +63,7 @@ def get_proof_by_hash(baseurl, hash, tree_size):
print params
result = \
urllib2.urlopen(baseurl + "ct/v1/get-proof-by-hash?" + params).read()
- return result
+ return json.loads(result)
except urllib2.HTTPError, e:
print e.read()
sys.exit(1)
@@ -72,6 +72,15 @@ def tls_array(data, length_len):
length_bytes = struct.pack(">Q", len(data))[-length_len:]
return length_bytes + data
+def unpack_tls_array(packed_data, length_len):
+ padded_length = ["\x00"] * 8
+ padded_length[-length_len:] = packed_data[:length_len]
+ (length,) = struct.unpack(">Q", "".join(padded_length))
+ unpacked_data = packed_data[length_len:length_len+length]
+ assert len(unpacked_data) == length
+ rest_data = packed_data[length_len+length:]
+ return (unpacked_data, rest_data)
+
def add_chain(baseurl, submission):
try:
return json.loads(urllib2.urlopen(baseurl + "ct/v1/add-chain",
@@ -79,3 +88,22 @@ def add_chain(baseurl, submission):
except urllib2.HTTPError, e:
print e.read()
sys.exit(1)
+
+def get_entries(baseurl, start, end):
+ try:
+ params = urllib.urlencode({"start":start, "end":end})
+ result = urllib2.urlopen(baseurl + "ct/v1/get-entries?" + params).read()
+ return json.loads(result)
+ except urllib2.HTTPError, e:
+ print e.read()
+ sys.exit(1)
+
+def decode_certificate_chain(packed_certchain):
+ (unpacked_certchain, rest) = unpack_tls_array(packed_certchain, 3)
+ assert len(rest) == 0
+ certs = []
+ while len(unpacked_certchain):
+ (cert, rest) = unpack_tls_array(unpacked_certchain, 3)
+ certs.append(cert)
+ unpacked_certchain = rest
+ return certs
diff --git a/tools/submitcert.py b/tools/submitcert.py
index 229d36c..7471272 100755
--- a/tools/submitcert.py
+++ b/tools/submitcert.py
@@ -36,6 +36,8 @@ if lookup_in_log:
leaf_type = struct.pack(">b", 0)
merkle_tree_leaf = version + leaf_type + timestamped_entry
+ print "merkle_tree_leaf:", base64.b64encode(merkle_tree_leaf)
+
leaf_hash = hashlib.sha256()
leaf_hash.update(struct.pack(">b", 0))
leaf_hash.update(merkle_tree_leaf)
@@ -48,3 +50,19 @@ if lookup_in_log:
proof = get_proof_by_hash(baseurl, leaf_hash.digest(), sth["tree_size"])
print proof
+
+ leaf_index = proof["leaf_index"]
+
+ entries = get_entries(baseurl, leaf_index, leaf_index)
+
+ fetched_entry = entries["entries"][0]
+
+ print fetched_entry
+
+ print "does the leaf_input of the fetched entry match what we calculated:", base64.decodestring(fetched_entry["leaf_input"]) == merkle_tree_leaf
+
+ extra_data = fetched_entry["extra_data"]
+
+ certchain = decode_certificate_chain(base64.decodestring(extra_data))
+
+ print [base64.b64encode(cert) for cert in certchain]