diff options
-rw-r--r-- | tools/certtools.py | 18 | ||||
-rwxr-xr-x | tools/merge.py | 35 |
2 files changed, 28 insertions, 25 deletions
diff --git a/tools/certtools.py b/tools/certtools.py index 2fb1492..ad90e5c 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -6,6 +6,7 @@ import json import base64 import urllib import urllib2 +import urlparse import struct import sys import hashlib @@ -182,6 +183,23 @@ def check_signature(baseurl, signature, data): vk.verify(unpacked_signature, data, hashfunc=hashlib.sha256, sigdecode=ecdsa.util.sigdecode_der) +def http_request(url, data=None, key=None): + req = urllib2.Request(url, data) + (keyname, keyfile) = key + privatekey = get_eckey_from_file(keyfile) + sk = ecdsa.SigningKey.from_der(privatekey) + parsed_url = urlparse.urlparse(url) + if data == None: + data = parsed_url.query + method = "GET" + else: + method = "POST" + signature = sk.sign("%s\0%s\0%s" % (method, parsed_url.path, data), hashfunc=hashlib.sha256, + sigencode=ecdsa.util.sigencode_der) + req.add_header('X-Catlfish-Auth', base64.b64encode(signature) + ";key=" + keyname) + result = urllib2.urlopen(req).read() + return result + def create_signature(privatekey, data): sk = ecdsa.SigningKey.from_der(privatekey) unpacked_signature = sk.sign(data, hashfunc=hashlib.sha256, diff --git a/tools/merge.py b/tools/merge.py index 6becf7e..c9f99af 100755 --- a/tools/merge.py +++ b/tools/merge.py @@ -14,7 +14,7 @@ import time import ecdsa import hashlib import urlparse -from certtools import build_merkle_tree, create_sth_signature, check_sth_signature, get_eckey_from_file, timing_point +from certtools import build_merkle_tree, create_sth_signature, check_sth_signature, get_eckey_from_file, timing_point, http_request parser = argparse.ArgumentParser(description="") parser.add_argument("--baseurl", metavar="url", help="Base URL for CT server", required=True) @@ -34,6 +34,8 @@ storagenodes = args.storage chainsdir = args.mergedb + "/chains" logorderfile = args.mergedb + "/logorder" +own_key = (args.own_keyname, args.own_keyfile) + def parselogrow(row): return base64.b16decode(row) @@ -57,26 +59,9 @@ def add_to_logorder(key): f.write(base64.b16encode(key) + "\n") f.close() -def http_request(url, data=None): - req = urllib2.Request(url, data) - keyname = args.own_keyname - privatekey = get_eckey_from_file(args.own_keyfile) - sk = ecdsa.SigningKey.from_der(privatekey) - parsed_url = urlparse.urlparse(url) - if data == None: - data = parsed_url.query - method = "GET" - else: - method = "POST" - signature = sk.sign("%s\0%s\0%s" % (method, parsed_url.path, data), hashfunc=hashlib.sha256, - sigencode=ecdsa.util.sigencode_der) - req.add_header('X-Catlfish-Auth', base64.b64encode(signature) + ";key=" + keyname) - result = urllib2.urlopen(req).read() - return result - def get_new_entries(baseurl): try: - result = http_request(baseurl + "ct/storage/fetchnewentries") + result = http_request(baseurl + "ct/storage/fetchnewentries", key=own_key) parsed_result = json.loads(result) if parsed_result.get(u"result") == u"ok": return [base64.b64decode(entry) for entry in parsed_result[u"entries"]] @@ -89,7 +74,7 @@ def get_new_entries(baseurl): def get_entries(baseurl, hashes): try: params = urllib.urlencode({"hash":[base64.b64encode(hash) for hash in hashes]}, doseq=True) - result = http_request(baseurl + "ct/storage/getentry?" + params) + result = http_request(baseurl + "ct/storage/getentry?" + params, key=own_key) parsed_result = json.loads(result) if parsed_result.get(u"result") == u"ok": entries = dict([(base64.b64decode(entry["hash"]), base64.b64decode(entry["entry"])) for entry in parsed_result[u"entries"]]) @@ -104,7 +89,7 @@ def get_entries(baseurl, hashes): def get_curpos(baseurl): try: - result = http_request(baseurl + "ct/frontend/currentposition") + result = http_request(baseurl + "ct/frontend/currentposition", key=own_key) parsed_result = json.loads(result) if parsed_result.get(u"result") == u"ok": return parsed_result[u"position"] @@ -117,7 +102,7 @@ def get_curpos(baseurl): def sendlog(baseurl, submission): try: result = http_request(baseurl + "ct/frontend/sendlog", - json.dumps(submission)) + json.dumps(submission), key=own_key) return json.loads(result) except urllib2.HTTPError, e: print "ERROR: sendlog", e.read() @@ -133,7 +118,7 @@ def sendlog(baseurl, submission): def sendentry(baseurl, entry, hash): try: result = http_request(baseurl + "ct/frontend/sendentry", - json.dumps({"entry":base64.b64encode(entry), "treeleafhash":base64.b64encode(hash)})) + json.dumps({"entry":base64.b64encode(entry), "treeleafhash":base64.b64encode(hash)}), key=own_key) return json.loads(result) except urllib2.HTTPError, e: print "ERROR: sendentry", e.read() @@ -149,7 +134,7 @@ def sendentry(baseurl, entry, hash): def sendsth(baseurl, submission): try: result = http_request(baseurl + "ct/frontend/sendsth", - json.dumps(submission)) + json.dumps(submission), key=own_key) return json.loads(result) except urllib2.HTTPError, e: print "ERROR: sendsth", e.read() @@ -164,7 +149,7 @@ def sendsth(baseurl, submission): def get_missingentries(baseurl): try: - result = http_request(baseurl + "ct/frontend/missingentries") + result = http_request(baseurl + "ct/frontend/missingentries", key=own_key) parsed_result = json.loads(result) if parsed_result.get(u"result") == u"ok": return parsed_result[u"entries"] |