summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--tools/certtools.py14
-rwxr-xr-xtools/submitcert.py104
2 files changed, 78 insertions, 40 deletions
diff --git a/tools/certtools.py b/tools/certtools.py
index 8d64ee4..7b901cf 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -10,6 +10,7 @@ import struct
import sys
import hashlib
import ecdsa
+import datetime
publickeys = {
"https://ct.googleapis.com/pilot/":
@@ -204,3 +205,16 @@ def get_leaf_hash(merkle_tree_leaf):
leaf_hash.update(merkle_tree_leaf)
return leaf_hash.digest()
+
+def timing_point(timer_dict=None, name=None):
+ t = datetime.datetime.now()
+ if timer_dict:
+ starttime = timer_dict["lasttime"]
+ stoptime = t
+ deltatime = stoptime - starttime
+ timer_dict["deltatimes"].append((name, deltatime.seconds * 1000000 + deltatime.microseconds))
+ timer_dict["lasttime"] = t
+ return None
+ else:
+ timer_dict = {"deltatimes":[], "lasttime":t}
+ return timer_dict
diff --git a/tools/submitcert.py b/tools/submitcert.py
index 4f1609c..80a3e37 100755
--- a/tools/submitcert.py
+++ b/tools/submitcert.py
@@ -12,63 +12,87 @@ import struct
import hashlib
import itertools
from certtools import *
+import os
+
+from multiprocessing import Pool
baseurl = sys.argv[1]
-certfile = sys.argv[2]
+certfilepath = sys.argv[2]
+
+lookup_in_log = False
+check_sig = False
+
+if certfilepath[-1] == "/":
+ certfiles = [certfilepath + filename for filename in sorted(os.listdir(certfilepath))]
+else:
+ certfiles = [certfilepath]
+
+def submitcert(certfile):
+ timing = timing_point()
+ certs = get_certs_from_file(certfile)
+ timing_point(timing, "readcerts")
+
+ result = add_chain(baseurl, {"chain":map(base64.b64encode, certs)})
+
+ timing_point(timing, "addchain")
+
+ try:
+ if check_sig:
+ check_sct_signature(baseurl, certs[0], result)
+ timing_point(timing, "checksig")
+ except AssertionError, e:
+ print "ERROR:", e
+ sys.exit(1)
+ except ecdsa.keys.BadSignatureError, e:
+ print "ERROR: bad signature"
+ sys.exit(1)
-lookup_in_log = True
+ if lookup_in_log:
-certs = get_certs_from_file(certfile)
+ merkle_tree_leaf = pack_mtl(result["timestamp"], certs[0])
-result = add_chain(baseurl, {"chain":map(base64.b64encode, certs)})
+ leaf_hash = get_leaf_hash(merkle_tree_leaf)
-try:
- check_sct_signature(baseurl, certs[0], result)
-except AssertionError, e:
- print "ERROR:", e
- sys.exit(1)
-except ecdsa.keys.BadSignatureError, e:
- print "ERROR: bad signature"
- sys.exit(1)
-print "signature check succeeded"
+ sth = get_sth(baseurl)
-if lookup_in_log:
+ proof = get_proof_by_hash(baseurl, leaf_hash, sth["tree_size"])
- merkle_tree_leaf = pack_mtl(result["timestamp"], certs[0])
+ leaf_index = proof["leaf_index"]
- leaf_hash = get_leaf_hash(merkle_tree_leaf)
+ entries = get_entries(baseurl, leaf_index, leaf_index)
- sth = get_sth(baseurl)
+ fetched_entry = entries["entries"][0]
- proof = get_proof_by_hash(baseurl, leaf_hash, sth["tree_size"])
+ print "does the leaf_input of the fetched entry match what we calculated:", \
+ base64.decodestring(fetched_entry["leaf_input"]) == merkle_tree_leaf
- leaf_index = proof["leaf_index"]
+ extra_data = fetched_entry["extra_data"]
- entries = get_entries(baseurl, leaf_index, leaf_index)
+ certchain = decode_certificate_chain(base64.decodestring(extra_data))
- fetched_entry = entries["entries"][0]
+ submittedcertchain = certs[1:]
- print "does the leaf_input of the fetched entry match what we calculated:", \
- base64.decodestring(fetched_entry["leaf_input"]) == merkle_tree_leaf
+ for (submittedcert, fetchedcert, i) in zip(submittedcertchain,
+ certchain, itertools.count(1)):
+ print "cert", i, "in chain is the same:", submittedcert == fetchedcert
- extra_data = fetched_entry["extra_data"]
+ if len(certchain) == len(submittedcertchain) + 1:
+ last_issuer = get_cert_info(certs[-1])["issuer"]
+ root_subject = get_cert_info(certchain[-1])["subject"]
+ print "issuer of last cert in submitted chain and " \
+ "subject of last cert in fetched chain is the same:", \
+ last_issuer == root_subject
+ elif len(certchain) == len(submittedcertchain):
+ print "cert chains are the same length"
+ else:
+ print "ERROR: fetched cert chain has length", len(certchain),
+ print "and submitted chain has length", len(submittedcertchain)
- certchain = decode_certificate_chain(base64.decodestring(extra_data))
+ timing_point(timing, "lookup")
+ return timing["deltatimes"]
- submittedcertchain = certs[1:]
+p = Pool(1)
- for (submittedcert, fetchedcert, i) in zip(submittedcertchain,
- certchain, itertools.count(1)):
- print "cert", i, "in chain is the same:", submittedcert == fetchedcert
+for timing in p.imap_unordered(submitcert, certfiles):
+ print timing
- if len(certchain) == len(submittedcertchain) + 1:
- last_issuer = get_cert_info(certs[-1])["issuer"]
- root_subject = get_cert_info(certchain[-1])["subject"]
- print "issuer of last cert in submitted chain and " \
- "subject of last cert in fetched chain is the same:", \
- last_issuer == root_subject
- elif len(certchain) == len(submittedcertchain):
- print "cert chains are the same length"
- else:
- print "ERROR: fetched cert chain has length", len(certchain),
- print "and submitted chain has length", len(submittedcertchain)