diff options
author | Linus Nordberg <linus@nordberg.se> | 2015-03-25 09:55:03 +0100 |
---|---|---|
committer | Linus Nordberg <linus@nordberg.se> | 2015-03-25 09:55:03 +0100 |
commit | 94282d502072f894f3168ef8c2c7527fe4a69e52 (patch) | |
tree | 0ae1b630221867acf3f56f08a042cbf94df3943a /tools | |
parent | 575d810afbcfcca99f701f3ea42de79bf6e283d1 (diff) |
Add tools/fetchacert.py, fetching exactly one chain from a log.
Also move a piece of common code from fetchallcerts.py to certtools.py.
Diffstat (limited to 'tools')
-rw-r--r-- | tools/certtools.py | 10 | ||||
-rwxr-xr-x | tools/fetchacert.py | 22 | ||||
-rwxr-xr-x | tools/fetchallcerts.py | 10 |
3 files changed, 32 insertions, 10 deletions
diff --git a/tools/certtools.py b/tools/certtools.py index 0e639f2..ffd631c 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -588,3 +588,13 @@ def verify_inclusion_proof(inclusion_proof, index, treesize, leafhash): chain = zip([(index, 0)] + nodes_for_index(index, treesize), [leafhash] + inclusion_proof) (_, hash) = reduce(lambda e1, e2: combine_two_hashes(e1, e2, treesize), chain) return hash + +def extract_original_entry(entry): + leaf_input = base64.decodestring(entry["leaf_input"]) + (leaf_cert, timestamp, issuer_key_hash) = unpack_mtl(leaf_input) + extra_data = base64.decodestring(entry["extra_data"]) + if issuer_key_hash != None: + (precert, extra_data) = extract_precertificate(extra_data) + leaf_cert = precert + certchain = decode_certificate_chain(extra_data) + return ([leaf_cert] + certchain, timestamp, issuer_key_hash) diff --git a/tools/fetchacert.py b/tools/fetchacert.py new file mode 100755 index 0000000..82ea7c1 --- /dev/null +++ b/tools/fetchacert.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import argparse +import base64 +from certtools import * + +parser = argparse.ArgumentParser(description='') +parser.add_argument('baseurl', help="Base URL for CT server") +parser.add_argument('index', type=int, help="Index for entry to fetch") +args = parser.parse_args() + +rawentries = get_entries(args.baseurl, args.index, args.index)["entries"] +entry = extract_original_entry(rawentries[0]) +(chain, _timestamp, _issuer_key_hash) = entry +s = "" +for cert in chain: + s += "-----BEGIN CERTIFICATE-----\n" + s += base64.encodestring(cert).rstrip() + "\n" + s += "-----END CERTIFICATE-----\n" + s += "\n" +print s diff --git a/tools/fetchallcerts.py b/tools/fetchallcerts.py index 398c563..e0ea92f 100755 --- a/tools/fetchallcerts.py +++ b/tools/fetchallcerts.py @@ -24,16 +24,6 @@ parser.add_argument('--store', default=None, metavar="dir", help='Store certific parser.add_argument('--write-sth', action='store_true', help='Write STH') args = parser.parse_args() -def extract_original_entry(entry): - leaf_input = base64.decodestring(entry["leaf_input"]) - (leaf_cert, timestamp, issuer_key_hash) = unpack_mtl(leaf_input) - extra_data = base64.decodestring(entry["extra_data"]) - if issuer_key_hash != None: - (precert, extra_data) = extract_precertificate(extra_data) - leaf_cert = precert - certchain = decode_certificate_chain(extra_data) - return ([leaf_cert] + certchain, timestamp, issuer_key_hash) - def get_entries_wrapper(baseurl, start, end): fetched_entries = 0 while start + fetched_entries < (end + 1): |