diff options
author | Magnus Ahltorp <map@kth.se> | 2014-10-27 14:37:48 +0100 |
---|---|---|
committer | Magnus Ahltorp <map@kth.se> | 2014-10-27 14:37:48 +0100 |
commit | 44f48b0f96aba0009bd43036eea443f07cec71b9 (patch) | |
tree | d419a3ef2d4da2cb8ff025a4f204f84b81c5e3bb /tools | |
parent | 91e5b7f4b85cdbc399ccaa1bb1d813e0d829f3d5 (diff) |
Added fetchallcerts.py
Diffstat (limited to 'tools')
-rw-r--r-- | tools/certtools.py | 8 | ||||
-rw-r--r-- | tools/fetchallcerts.py | 53 |
2 files changed, 61 insertions, 0 deletions
diff --git a/tools/certtools.py b/tools/certtools.py index 7b901cf..16c2105 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -199,6 +199,14 @@ def pack_mtl(timestamp, leafcert): merkle_tree_leaf = version + leaf_type + timestamped_entry return merkle_tree_leaf +def unpack_mtl(merkle_tree_leaf): + version = merkle_tree_leaf[0:1] + leaf_type = merkle_tree_leaf[1:2] + timestamped_entry = merkle_tree_leaf[2:] + (timestamp, entry_type) = struct.unpack(">QH", timestamped_entry[0:10]) + (leafcert, rest_entry) = unpack_tls_array(timestamped_entry[10:], 3) + return (leafcert, timestamp) + def get_leaf_hash(merkle_tree_leaf): leaf_hash = hashlib.sha256() leaf_hash.update(struct.pack(">b", 0)) diff --git a/tools/fetchallcerts.py b/tools/fetchallcerts.py new file mode 100644 index 0000000..801e296 --- /dev/null +++ b/tools/fetchallcerts.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2014, NORDUnet A/S. +# See LICENSE for licensing information. + +import urllib2 +import urllib +import json +import base64 +import sys +import struct +import hashlib +import itertools +from certtools import * + +def extract_original_entry(entry): + leaf_input = base64.decodestring(entry["leaf_input"]) + (leaf_cert, timestamp) = unpack_mtl(leaf_input) + extra_data = base64.decodestring(entry["extra_data"]) + certchain = decode_certificate_chain(extra_data) + return [leaf_cert] + certchain + +def get_entries_wrapper(baseurl, start, end): + fetched_entries = [] + while len(fetched_entries) < (end - start + 1): + print "fetching from", start + len(fetched_entries) + entries = get_entries(baseurl, start + len(fetched_entries), end)["entries"] + if len(entries) == 0: + break + fetched_entries.extend(entries) + return fetched_entries + +baseurl = sys.argv[1] +destination_directory = sys.argv[2] + +sth = get_sth(baseurl) +tree_size = sth["tree_size"] + +print tree_size + +entries = get_entries_wrapper(baseurl, 0, tree_size) + +print len(entries) + +for entry, i in zip(entries, range(0, len(entries))): + chain = extract_original_entry(entry) + f = open(destination_directory + "/" + ("%06d" % i), "w") + for cert in chain: + print >> f, "-----BEGIN CERTIFICATE-----" + print >> f, base64.encodestring(cert).rstrip() + print >> f, "-----END CERTIFICATE-----" + print >> f, "" |