summaryrefslogtreecommitdiff
path: root/tools/verifysct.py
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2015-03-18 14:27:18 +0100
committerMagnus Ahltorp <map@kth.se>2015-03-18 14:27:18 +0100
commite7c8c50684344ebef54d92efbf4be08b35a06f05 (patch)
tree5589a74e75a98191f242e06031b5396ab7b539c6 /tools/verifysct.py
parentd68d59cfabddaa31ec0b92a8afe451d088cdcbd0 (diff)
Added precert handling for SCT calculation
Diffstat (limited to 'tools/verifysct.py')
-rwxr-xr-xtools/verifysct.py17
1 files changed, 14 insertions, 3 deletions
diff --git a/tools/verifysct.py b/tools/verifysct.py
index 699a0ad..27ab4c9 100755
--- a/tools/verifysct.py
+++ b/tools/verifysct.py
@@ -34,8 +34,16 @@ def verifysct(sctentry):
timing = timing_point()
leafcert = base64.b64decode(sctentry["leafcert"])
+ if "issuer_key_hash" in sctentry:
+ issuer_key_hash = base64.b64decode(sctentry["issuer_key_hash"])
+ else:
+ issuer_key_hash = None
try:
- check_sct_signature(baseurl, leafcert, sctentry["sct"])
+ if issuer_key_hash:
+ signed_entry = pack_precert(leafcert, issuer_key_hash)
+ else:
+ signed_entry = pack_cert(leafcert)
+ check_sct_signature(baseurl, signed_entry, sctentry["sct"], precert=issuer_key_hash)
timing_point(timing, "checksig")
except AssertionError, e:
print "ERROR:", e
@@ -47,7 +55,10 @@ def verifysct(sctentry):
print "ERROR: bad signature"
return (None, None)
- merkle_tree_leaf = pack_mtl(sctentry["sct"]["timestamp"], leafcert)
+ if issuer_key_hash:
+ merkle_tree_leaf = pack_mtl_precert(sctentry["sct"]["timestamp"], leafcert, issuer_key_hash)
+ else:
+ merkle_tree_leaf = pack_mtl(sctentry["sct"]["timestamp"], leafcert)
leaf_hash = get_leaf_hash(merkle_tree_leaf)
@@ -76,7 +87,7 @@ def verifysct(sctentry):
p = Pool(args.parallel, lambda: signal.signal(signal.SIGINT, signal.SIG_IGN))
sctfile = open(args.sct_file)
-scts = [json.loads(row) for row in sctfile]
+scts = (json.loads(row) for row in sctfile)
nverified = 0
lastprinted = 0