diff options
| author | Magnus Ahltorp <map@kth.se> | 2015-03-31 19:18:30 +0200 |
|---|---|---|
| committer | Magnus Ahltorp <map@kth.se> | 2015-03-31 19:18:30 +0200 |
| commit | ab924f51f254d1bdd6f752f8c19c4cbcc55cf0e4 (patch) | |
| tree | 91261dcf3047c735207d706862bd9136f003230a /tools/verifysct.py | |
| parent | a706e79fa722f681320fe1b05824352b6b9a63fc (diff) | |
| parent | 13c3789add4f1630c4bc8dfccb229ebc7d4bfa38 (diff) | |
Merge branch 'genauthkeys'
Diffstat (limited to 'tools/verifysct.py')
| -rwxr-xr-x | tools/verifysct.py | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/tools/verifysct.py b/tools/verifysct.py index 699a0ad..4b8e38a 100755 --- a/tools/verifysct.py +++ b/tools/verifysct.py @@ -22,20 +22,31 @@ parser = argparse.ArgumentParser(description='') parser.add_argument('baseurl', help="Base URL for CT server") parser.add_argument('--sct-file', default=None, metavar="dir", help='SCT:s to verify') parser.add_argument('--parallel', type=int, default=16, metavar="n", help="Number of parallel verifications") +parser.add_argument('--publickey', default=None, metavar="file", help='Public key for the CT log') args = parser.parse_args() from multiprocessing import Pool baseurl = args.baseurl +logpublickey = get_public_key_from_file(args.publickey) if args.publickey else None + sth = get_sth(baseurl) def verifysct(sctentry): timing = timing_point() leafcert = base64.b64decode(sctentry["leafcert"]) + if "issuer_key_hash" in sctentry: + issuer_key_hash = base64.b64decode(sctentry["issuer_key_hash"]) + else: + issuer_key_hash = None try: - check_sct_signature(baseurl, leafcert, sctentry["sct"]) + if issuer_key_hash: + signed_entry = pack_precert(leafcert, issuer_key_hash) + else: + signed_entry = pack_cert(leafcert) + check_sct_signature(baseurl, signed_entry, sctentry["sct"], precert=issuer_key_hash, publickey=logpublickey) timing_point(timing, "checksig") except AssertionError, e: print "ERROR:", e @@ -47,7 +58,10 @@ def verifysct(sctentry): print "ERROR: bad signature" return (None, None) - merkle_tree_leaf = pack_mtl(sctentry["sct"]["timestamp"], leafcert) + if issuer_key_hash: + merkle_tree_leaf = pack_mtl_precert(sctentry["sct"]["timestamp"], leafcert, issuer_key_hash) + else: + merkle_tree_leaf = pack_mtl(sctentry["sct"]["timestamp"], leafcert) leaf_hash = get_leaf_hash(merkle_tree_leaf) @@ -76,7 +90,7 @@ def verifysct(sctentry): p = Pool(args.parallel, lambda: signal.signal(signal.SIGINT, signal.SIG_IGN)) sctfile = open(args.sct_file) -scts = [json.loads(row) for row in sctfile] +scts = (json.loads(row) for row in sctfile) nverified = 0 lastprinted = 0 |