diff options
author | Magnus Ahltorp <map@kth.se> | 2015-03-03 15:33:39 +0100 |
---|---|---|
committer | Magnus Ahltorp <map@kth.se> | 2015-03-03 15:33:39 +0100 |
commit | ff18e0fdd57a6b485f427173fe7febee03345037 (patch) | |
tree | d3f223fcdeb889a09fd8bb4fd250bd00373daf69 /tools/certtools.py | |
parent | 4e1bcab3f91f975a19710a4350bbee0e9af5168e (diff) |
merge.py: use external signing
Diffstat (limited to 'tools/certtools.py')
-rw-r--r-- | tools/certtools.py | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/tools/certtools.py b/tools/certtools.py index ad90e5c..222497f 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -200,10 +200,18 @@ def http_request(url, data=None, key=None): result = urllib2.urlopen(req).read() return result -def create_signature(privatekey, data): - sk = ecdsa.SigningKey.from_der(privatekey) - unpacked_signature = sk.sign(data, hashfunc=hashlib.sha256, - sigencode=ecdsa.util.sigencode_der) +def get_signature(baseurl, data, key=None): + try: + params = json.dumps({"plop_version":1, "data": base64.b64encode(data)}) + result = http_request(baseurl + "ct/signing/sth", params, key=key) + parsed_result = json.loads(result) + return base64.b64decode(parsed_result.get(u"result")) + except urllib2.HTTPError, e: + print "ERROR: get_signature", e.read() + sys.exit(1) + +def create_signature(baseurl, data, key=None): + unpacked_signature = get_signature(baseurl, data, key) return encode_signature(4, 3, unpacked_signature) def check_sth_signature(baseurl, sth): @@ -218,14 +226,14 @@ def check_sth_signature(baseurl, sth): check_signature(baseurl, signature, tree_head) -def create_sth_signature(tree_size, timestamp, root_hash, privatekey): +def create_sth_signature(tree_size, timestamp, root_hash, baseurl, key=None): version = struct.pack(">b", 0) signature_type = struct.pack(">b", 1) timestamp_packed = struct.pack(">Q", timestamp) tree_size_packed = struct.pack(">Q", tree_size) tree_head = version + signature_type + timestamp_packed + tree_size_packed + root_hash - return create_signature(privatekey, tree_head) + return create_signature(baseurl, tree_head, key=key) def check_sct_signature(baseurl, leafcert, sct): publickey = base64.decodestring(publickeys[baseurl]) |