summaryrefslogtreecommitdiff
path: root/tools/submitcert.py
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2014-10-27 14:37:01 +0100
committerMagnus Ahltorp <map@kth.se>2014-10-27 14:37:01 +0100
commit91e5b7f4b85cdbc399ccaa1bb1d813e0d829f3d5 (patch)
tree74a965889bd723b849c87e6c974c85368e2238d7 /tools/submitcert.py
parent7fd299ab23beee422789f679a35c9526c54fb1fb (diff)
submitcert.py: submit multiple cert chains
Diffstat (limited to 'tools/submitcert.py')
-rwxr-xr-xtools/submitcert.py104
1 files changed, 64 insertions, 40 deletions
diff --git a/tools/submitcert.py b/tools/submitcert.py
index 4f1609c..80a3e37 100755
--- a/tools/submitcert.py
+++ b/tools/submitcert.py
@@ -12,63 +12,87 @@ import struct
import hashlib
import itertools
from certtools import *
+import os
+
+from multiprocessing import Pool
baseurl = sys.argv[1]
-certfile = sys.argv[2]
+certfilepath = sys.argv[2]
+
+lookup_in_log = False
+check_sig = False
+
+if certfilepath[-1] == "/":
+ certfiles = [certfilepath + filename for filename in sorted(os.listdir(certfilepath))]
+else:
+ certfiles = [certfilepath]
+
+def submitcert(certfile):
+ timing = timing_point()
+ certs = get_certs_from_file(certfile)
+ timing_point(timing, "readcerts")
+
+ result = add_chain(baseurl, {"chain":map(base64.b64encode, certs)})
+
+ timing_point(timing, "addchain")
+
+ try:
+ if check_sig:
+ check_sct_signature(baseurl, certs[0], result)
+ timing_point(timing, "checksig")
+ except AssertionError, e:
+ print "ERROR:", e
+ sys.exit(1)
+ except ecdsa.keys.BadSignatureError, e:
+ print "ERROR: bad signature"
+ sys.exit(1)
-lookup_in_log = True
+ if lookup_in_log:
-certs = get_certs_from_file(certfile)
+ merkle_tree_leaf = pack_mtl(result["timestamp"], certs[0])
-result = add_chain(baseurl, {"chain":map(base64.b64encode, certs)})
+ leaf_hash = get_leaf_hash(merkle_tree_leaf)
-try:
- check_sct_signature(baseurl, certs[0], result)
-except AssertionError, e:
- print "ERROR:", e
- sys.exit(1)
-except ecdsa.keys.BadSignatureError, e:
- print "ERROR: bad signature"
- sys.exit(1)
-print "signature check succeeded"
+ sth = get_sth(baseurl)
-if lookup_in_log:
+ proof = get_proof_by_hash(baseurl, leaf_hash, sth["tree_size"])
- merkle_tree_leaf = pack_mtl(result["timestamp"], certs[0])
+ leaf_index = proof["leaf_index"]
- leaf_hash = get_leaf_hash(merkle_tree_leaf)
+ entries = get_entries(baseurl, leaf_index, leaf_index)
- sth = get_sth(baseurl)
+ fetched_entry = entries["entries"][0]
- proof = get_proof_by_hash(baseurl, leaf_hash, sth["tree_size"])
+ print "does the leaf_input of the fetched entry match what we calculated:", \
+ base64.decodestring(fetched_entry["leaf_input"]) == merkle_tree_leaf
- leaf_index = proof["leaf_index"]
+ extra_data = fetched_entry["extra_data"]
- entries = get_entries(baseurl, leaf_index, leaf_index)
+ certchain = decode_certificate_chain(base64.decodestring(extra_data))
- fetched_entry = entries["entries"][0]
+ submittedcertchain = certs[1:]
- print "does the leaf_input of the fetched entry match what we calculated:", \
- base64.decodestring(fetched_entry["leaf_input"]) == merkle_tree_leaf
+ for (submittedcert, fetchedcert, i) in zip(submittedcertchain,
+ certchain, itertools.count(1)):
+ print "cert", i, "in chain is the same:", submittedcert == fetchedcert
- extra_data = fetched_entry["extra_data"]
+ if len(certchain) == len(submittedcertchain) + 1:
+ last_issuer = get_cert_info(certs[-1])["issuer"]
+ root_subject = get_cert_info(certchain[-1])["subject"]
+ print "issuer of last cert in submitted chain and " \
+ "subject of last cert in fetched chain is the same:", \
+ last_issuer == root_subject
+ elif len(certchain) == len(submittedcertchain):
+ print "cert chains are the same length"
+ else:
+ print "ERROR: fetched cert chain has length", len(certchain),
+ print "and submitted chain has length", len(submittedcertchain)
- certchain = decode_certificate_chain(base64.decodestring(extra_data))
+ timing_point(timing, "lookup")
+ return timing["deltatimes"]
- submittedcertchain = certs[1:]
+p = Pool(1)
- for (submittedcert, fetchedcert, i) in zip(submittedcertchain,
- certchain, itertools.count(1)):
- print "cert", i, "in chain is the same:", submittedcert == fetchedcert
+for timing in p.imap_unordered(submitcert, certfiles):
+ print timing
- if len(certchain) == len(submittedcertchain) + 1:
- last_issuer = get_cert_info(certs[-1])["issuer"]
- root_subject = get_cert_info(certchain[-1])["subject"]
- print "issuer of last cert in submitted chain and " \
- "subject of last cert in fetched chain is the same:", \
- last_issuer == root_subject
- elif len(certchain) == len(submittedcertchain):
- print "cert chains are the same length"
- else:
- print "ERROR: fetched cert chain has length", len(certchain),
- print "and submitted chain has length", len(submittedcertchain)