diff options
author | Magnus Ahltorp <map@kth.se> | 2014-09-24 01:14:19 +0200 |
---|---|---|
committer | Magnus Ahltorp <map@kth.se> | 2014-09-24 01:14:19 +0200 |
commit | d8ae32fbd31b1f2239cc22b6a0cd0098329a0fa7 (patch) | |
tree | a5da67a39fc5c890e8a2687a0b3dc7de64f13ef8 /tools | |
parent | 8904fb9e379aacfff6adcd3001aad3427b9a5fe7 (diff) |
submitcert.py: Get submitted entry from log and compare
Diffstat (limited to 'tools')
-rw-r--r-- | tools/certtools.py | 34 | ||||
-rwxr-xr-x | tools/submitcert.py | 18 |
2 files changed, 49 insertions, 3 deletions
diff --git a/tools/certtools.py b/tools/certtools.py index fa7f6ac..0a482e3 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -25,7 +25,7 @@ def get_certs_from_file(certfile): certs = [] cert = "" incert = False - + for line in open(certfile): line = line.strip() if line == "-----BEGIN CERTIFICATE-----": @@ -41,7 +41,7 @@ def get_certs_from_file(certfile): def get_root_cert(issuer): accepted_certs = \ json.loads(open("googlelog-accepted-certs.txt").read())["certificates"] - + root_cert = None for accepted_cert in accepted_certs: @@ -63,7 +63,7 @@ def get_proof_by_hash(baseurl, hash, tree_size): print params result = \ urllib2.urlopen(baseurl + "ct/v1/get-proof-by-hash?" + params).read() - return result + return json.loads(result) except urllib2.HTTPError, e: print e.read() sys.exit(1) @@ -72,6 +72,15 @@ def tls_array(data, length_len): length_bytes = struct.pack(">Q", len(data))[-length_len:] return length_bytes + data +def unpack_tls_array(packed_data, length_len): + padded_length = ["\x00"] * 8 + padded_length[-length_len:] = packed_data[:length_len] + (length,) = struct.unpack(">Q", "".join(padded_length)) + unpacked_data = packed_data[length_len:length_len+length] + assert len(unpacked_data) == length + rest_data = packed_data[length_len+length:] + return (unpacked_data, rest_data) + def add_chain(baseurl, submission): try: return json.loads(urllib2.urlopen(baseurl + "ct/v1/add-chain", @@ -79,3 +88,22 @@ def add_chain(baseurl, submission): except urllib2.HTTPError, e: print e.read() sys.exit(1) + +def get_entries(baseurl, start, end): + try: + params = urllib.urlencode({"start":start, "end":end}) + result = urllib2.urlopen(baseurl + "ct/v1/get-entries?" + params).read() + return json.loads(result) + except urllib2.HTTPError, e: + print e.read() + sys.exit(1) + +def decode_certificate_chain(packed_certchain): + (unpacked_certchain, rest) = unpack_tls_array(packed_certchain, 3) + assert len(rest) == 0 + certs = [] + while len(unpacked_certchain): + (cert, rest) = unpack_tls_array(unpacked_certchain, 3) + certs.append(cert) + unpacked_certchain = rest + return certs diff --git a/tools/submitcert.py b/tools/submitcert.py index 229d36c..7471272 100755 --- a/tools/submitcert.py +++ b/tools/submitcert.py @@ -36,6 +36,8 @@ if lookup_in_log: leaf_type = struct.pack(">b", 0) merkle_tree_leaf = version + leaf_type + timestamped_entry + print "merkle_tree_leaf:", base64.b64encode(merkle_tree_leaf) + leaf_hash = hashlib.sha256() leaf_hash.update(struct.pack(">b", 0)) leaf_hash.update(merkle_tree_leaf) @@ -48,3 +50,19 @@ if lookup_in_log: proof = get_proof_by_hash(baseurl, leaf_hash.digest(), sth["tree_size"]) print proof + + leaf_index = proof["leaf_index"] + + entries = get_entries(baseurl, leaf_index, leaf_index) + + fetched_entry = entries["entries"][0] + + print fetched_entry + + print "does the leaf_input of the fetched entry match what we calculated:", base64.decodestring(fetched_entry["leaf_input"]) == merkle_tree_leaf + + extra_data = fetched_entry["extra_data"] + + certchain = decode_certificate_chain(base64.decodestring(extra_data)) + + print [base64.b64encode(cert) for cert in certchain] |