summaryrefslogtreecommitdiff
path: root/tools/submitcert.py
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2014-09-26 14:50:10 +0200
committerLinus Nordberg <linus@nordberg.se>2014-10-08 15:02:49 +0200
commite54e051600fc7f46fb7eafce74d311a61d5bd823 (patch)
tree4a922ed507f1dad4ecd2704020ff539e3c5c0d26 /tools/submitcert.py
parent294ac576ab050b6c46c011825d89337794404f66 (diff)
Simplify submitcert
Diffstat (limited to 'tools/submitcert.py')
-rwxr-xr-xtools/submitcert.py80
1 files changed, 31 insertions, 49 deletions
diff --git a/tools/submitcert.py b/tools/submitcert.py
index 702ffb3..e8d8901 100755
--- a/tools/submitcert.py
+++ b/tools/submitcert.py
@@ -6,6 +6,7 @@ import base64
import sys
import struct
import hashlib
+import itertools
from certtools import *
baseurl = sys.argv[1]
@@ -13,62 +14,29 @@ certfile = sys.argv[2]
lookup_in_log = True
-publickeys = {
- "https://ct.googleapis.com/pilot/":
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTD"
- "M0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==",
-
- "https://127.0.0.1:8080/":
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4qWq6afhBUi0OdcWUYhyJLNXTkGqQ9"
- "PMS5lqoCgkV2h1ZvpNjBH2u8UbgcOQwqDo66z6BWQJGolozZYmNHE2kQ==",
-
- "https://flimsy.ct.nordu.net/":
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4qWq6afhBUi0OdcWUYhyJLNXTkGqQ9"
- "PMS5lqoCgkV2h1ZvpNjBH2u8UbgcOQwqDo66z6BWQJGolozZYmNHE2kQ==",
-}
-
-
certs = get_certs_from_file(certfile)
-result = add_chain(baseurl, {"chain":certs})
-
-print result
-
-publickey = base64.decodestring(publickeys[baseurl])
-
-check_signature(publickey, base64.decodestring(certs[0]), result)
+result = add_chain(baseurl, {"chain":map(base64.b64encode, certs)})
-for cert in certs:
- print get_cert_info(base64.decodestring(cert))
+try:
+ check_signature(baseurl, certs[0], result)
+except AssertionError, e:
+ print "ERROR:", e
+ sys.exit(1)
+except ecdsa.keys.BadSignatureError, e:
+ print "ERROR: bad signature"
+ sys.exit(1)
+print "signature check succeeded"
if lookup_in_log:
- last_issuer = get_cert_info(base64.decodestring(certs[-1]))["issuer"]
- last_subject = get_cert_info(base64.decodestring(certs[-1]))["subject"]
- entry_type = struct.pack(">H", 0)
+ merkle_tree_leaf = pack_mtl(result["timestamp"], certs[0])
- extensions = ""
-
- timestamped_entry = struct.pack(">Q", result["timestamp"]) + entry_type + \
- tls_array(base64.decodestring(certs[0]), 3) + tls_array(extensions, 2)
- version = struct.pack(">b", 0)
- leaf_type = struct.pack(">b", 0)
- merkle_tree_leaf = version + leaf_type + timestamped_entry
-
- print "merkle_tree_leaf:", base64.b64encode(merkle_tree_leaf)
-
- leaf_hash = hashlib.sha256()
- leaf_hash.update(struct.pack(">b", 0))
- leaf_hash.update(merkle_tree_leaf)
-
- print base64.b64encode(leaf_hash.digest())
+ leaf_hash = get_leaf_hash(merkle_tree_leaf)
sth = get_sth(baseurl)
- print sth
-
- proof = get_proof_by_hash(baseurl, leaf_hash.digest(), sth["tree_size"])
- print proof
+ proof = get_proof_by_hash(baseurl, leaf_hash, sth["tree_size"])
leaf_index = proof["leaf_index"]
@@ -76,8 +44,6 @@ if lookup_in_log:
fetched_entry = entries["entries"][0]
- print fetched_entry
-
print "does the leaf_input of the fetched entry match what we calculated:", \
base64.decodestring(fetched_entry["leaf_input"]) == merkle_tree_leaf
@@ -85,4 +51,20 @@ if lookup_in_log:
certchain = decode_certificate_chain(base64.decodestring(extra_data))
- print [base64.b64encode(cert) for cert in certchain]
+ submittedcertchain = certs[1:]
+
+ for (submittedcert, fetchedcert, i) in zip(submittedcertchain,
+ certchain, itertools.count(1)):
+ print "cert", i, "in chain is the same:", submittedcert == fetchedcert
+
+ if len(certchain) == len(submittedcertchain) + 1:
+ last_issuer = get_cert_info(certs[-1])["issuer"]
+ root_subject = get_cert_info(certchain[-1])["subject"]
+ print "issuer of last cert in submitted chain and " \
+ "subject of last cert in fetched chain is the same:", \
+ last_issuer == root_subject
+ elif len(certchain) == len(submittedcertchain):
+ print "cert chains are the same length"
+ else:
+ print "ERROR: fetched cert chain has length", len(certchain),
+ print "and submitted chain has length", len(submittedcertchain)