diff options
author | Magnus Ahltorp <map@kth.se> | 2015-03-18 14:27:18 +0100 |
---|---|---|
committer | Magnus Ahltorp <map@kth.se> | 2015-03-18 14:27:18 +0100 |
commit | e7c8c50684344ebef54d92efbf4be08b35a06f05 (patch) | |
tree | 5589a74e75a98191f242e06031b5396ab7b539c6 /tools/verifysct.py | |
parent | d68d59cfabddaa31ec0b92a8afe451d088cdcbd0 (diff) |
Added precert handling for SCT calculation
Diffstat (limited to 'tools/verifysct.py')
-rwxr-xr-x | tools/verifysct.py | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/tools/verifysct.py b/tools/verifysct.py index 699a0ad..27ab4c9 100755 --- a/tools/verifysct.py +++ b/tools/verifysct.py @@ -34,8 +34,16 @@ def verifysct(sctentry): timing = timing_point() leafcert = base64.b64decode(sctentry["leafcert"]) + if "issuer_key_hash" in sctentry: + issuer_key_hash = base64.b64decode(sctentry["issuer_key_hash"]) + else: + issuer_key_hash = None try: - check_sct_signature(baseurl, leafcert, sctentry["sct"]) + if issuer_key_hash: + signed_entry = pack_precert(leafcert, issuer_key_hash) + else: + signed_entry = pack_cert(leafcert) + check_sct_signature(baseurl, signed_entry, sctentry["sct"], precert=issuer_key_hash) timing_point(timing, "checksig") except AssertionError, e: print "ERROR:", e @@ -47,7 +55,10 @@ def verifysct(sctentry): print "ERROR: bad signature" return (None, None) - merkle_tree_leaf = pack_mtl(sctentry["sct"]["timestamp"], leafcert) + if issuer_key_hash: + merkle_tree_leaf = pack_mtl_precert(sctentry["sct"]["timestamp"], leafcert, issuer_key_hash) + else: + merkle_tree_leaf = pack_mtl(sctentry["sct"]["timestamp"], leafcert) leaf_hash = get_leaf_hash(merkle_tree_leaf) @@ -76,7 +87,7 @@ def verifysct(sctentry): p = Pool(args.parallel, lambda: signal.signal(signal.SIGINT, signal.SIG_IGN)) sctfile = open(args.sct_file) -scts = [json.loads(row) for row in sctfile] +scts = (json.loads(row) for row in sctfile) nverified = 0 lastprinted = 0 |