summaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2014-09-23 02:48:07 +0200
committerMagnus Ahltorp <map@kth.se>2014-09-23 02:48:07 +0200
commit560bcebb4cf64aea915331a55013b21696bfce5d (patch)
tree6f33b897fa1d95361fe7795cfc9e0c17d82a7e53 /tools
parentb9918d56ad4ae409e2bbf7cf71cb94b42b3ccee9 (diff)
Added submitcert.pytesttools
Diffstat (limited to 'tools')
-rw-r--r--tools/certtools.py74
-rwxr-xr-xtools/submitcert.py50
2 files changed, 124 insertions, 0 deletions
diff --git a/tools/certtools.py b/tools/certtools.py
new file mode 100644
index 0000000..9d24c36
--- /dev/null
+++ b/tools/certtools.py
@@ -0,0 +1,74 @@
+import subprocess
+import json
+import base64
+import urllib
+import urllib2
+import struct
+
+def get_cert_info(s):
+ p = subprocess.Popen(["openssl", "x509", "-noout", "-subject", "-issuer", "-inform", "der"],
+ stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ parsed = p.communicate(s)
+ if parsed[1]:
+ print "error:", parsed[1]
+ result = {}
+ for line in parsed[0].split("\n"):
+ (key, sep, value) = line.partition("=")
+ if sep == "=":
+ result[key] = value
+ return result
+
+def get_certs_from_file(certfile):
+ certs = []
+ cert = ""
+ incert = False
+
+ for line in open(certfile):
+ line = line.strip()
+ if line == "-----BEGIN CERTIFICATE-----":
+ cert = ""
+ incert = True
+ elif line == "-----END CERTIFICATE-----":
+ certs.append(cert)
+ incert = False
+ elif incert:
+ cert += line
+ return certs
+
+def get_root_cert(issuer):
+ accepted_certs = json.loads(open("googlelog-accepted-certs.txt").read())["certificates"]
+
+ root_cert = None
+
+ for accepted_cert in accepted_certs:
+ subject = get_cert_info(base64.decodestring(accepted_cert))["subject"]
+ if subject == issuer:
+ print "found root cert"
+ root_cert = base64.decodestring(accepted_cert)
+
+ return root_cert
+
+def get_sth(baseurl):
+ result = urllib2.urlopen(baseurl + "ct/v1/get-sth").read()
+ return json.loads(result)
+
+def get_proof_by_hash(baseurl, hash, tree_size):
+ try:
+ params = urllib.urlencode({"hash":base64.b64encode(hash), "tree_size":tree_size})
+ print params
+ result = urllib2.urlopen(baseurl + "ct/v1/get-proof-by-hash?" + params).read()
+ return result
+ except urllib2.HTTPError, e:
+ print e.read()
+ sys.exit(1)
+
+def tls_array(data, length_len):
+ length_bytes = struct.pack(">Q", len(data))[-length_len:]
+ return length_bytes + data
+
+def add_chain(baseurl, submission):
+ try:
+ return json.loads(urllib2.urlopen(baseurl + "ct/v1/add-chain", json.dumps(submission)).read())
+ except urllib2.HTTPError, e:
+ print e.read()
+ sys.exit(1)
diff --git a/tools/submitcert.py b/tools/submitcert.py
new file mode 100755
index 0000000..a4dd9a2
--- /dev/null
+++ b/tools/submitcert.py
@@ -0,0 +1,50 @@
+#!/usr/bin/python
+
+import urllib2
+import urllib
+import json
+import base64
+import sys
+import struct
+import hashlib
+from certtools import *
+
+baseurl = sys.argv[1]
+certfile = sys.argv[2]
+
+lookup_in_log = True
+
+certs = get_certs_from_file(certfile)
+
+result = add_chain(baseurl, {"chain":certs})
+
+print result
+
+for cert in certs:
+ print get_cert_info(base64.decodestring(cert))
+
+if lookup_in_log:
+ last_issuer = get_cert_info(base64.decodestring(certs[-1]))["issuer"]
+ last_subject = get_cert_info(base64.decodestring(certs[-1]))["subject"]
+
+ entry_type = struct.pack(">H", 0)
+
+ extensions = ""
+
+ timestamped_entry = struct.pack(">Q", result["timestamp"]) + entry_type + tls_array(base64.decodestring(certs[0]), 3) + tls_array(extensions, 2)
+ version = struct.pack(">b", 0)
+ leaf_type = struct.pack(">b", 0)
+ merkle_tree_leaf = version + leaf_type + timestamped_entry
+
+ leaf_hash = hashlib.sha256()
+ leaf_hash.update(struct.pack(">b", 0))
+ leaf_hash.update(merkle_tree_leaf)
+
+ print base64.b64encode(leaf_hash.digest())
+
+ sth = get_sth(baseurl)
+ print sth
+
+ proof = get_proof_by_hash(baseurl, leaf_hash.digest(), sth["tree_size"])
+
+ print proof