From 44f48b0f96aba0009bd43036eea443f07cec71b9 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Mon, 27 Oct 2014 14:37:48 +0100 Subject: Added fetchallcerts.py --- tools/fetchallcerts.py | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 tools/fetchallcerts.py (limited to 'tools/fetchallcerts.py') diff --git a/tools/fetchallcerts.py b/tools/fetchallcerts.py new file mode 100644 index 0000000..801e296 --- /dev/null +++ b/tools/fetchallcerts.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2014, NORDUnet A/S. +# See LICENSE for licensing information. + +import urllib2 +import urllib +import json +import base64 +import sys +import struct +import hashlib +import itertools +from certtools import * + +def extract_original_entry(entry): + leaf_input = base64.decodestring(entry["leaf_input"]) + (leaf_cert, timestamp) = unpack_mtl(leaf_input) + extra_data = base64.decodestring(entry["extra_data"]) + certchain = decode_certificate_chain(extra_data) + return [leaf_cert] + certchain + +def get_entries_wrapper(baseurl, start, end): + fetched_entries = [] + while len(fetched_entries) < (end - start + 1): + print "fetching from", start + len(fetched_entries) + entries = get_entries(baseurl, start + len(fetched_entries), end)["entries"] + if len(entries) == 0: + break + fetched_entries.extend(entries) + return fetched_entries + +baseurl = sys.argv[1] +destination_directory = sys.argv[2] + +sth = get_sth(baseurl) +tree_size = sth["tree_size"] + +print tree_size + +entries = get_entries_wrapper(baseurl, 0, tree_size) + +print len(entries) + +for entry, i in zip(entries, range(0, len(entries))): + chain = extract_original_entry(entry) + f = open(destination_directory + "/" + ("%06d" % i), "w") + for cert in chain: + print >> f, "-----BEGIN CERTIFICATE-----" + print >> f, base64.encodestring(cert).rstrip() + print >> f, "-----END CERTIFICATE-----" + print >> f, "" -- cgit v1.1 From b9c709204da83be2f315664f9f263c6890b1bc8d Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Mon, 27 Oct 2014 16:13:41 +0100 Subject: fetchallcerts.py: calculate root hash --- tools/fetchallcerts.py | 52 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 37 insertions(+), 15 deletions(-) (limited to 'tools/fetchallcerts.py') diff --git a/tools/fetchallcerts.py b/tools/fetchallcerts.py index 801e296..dad5241 100644 --- a/tools/fetchallcerts.py +++ b/tools/fetchallcerts.py @@ -4,6 +4,7 @@ # Copyright (c) 2014, NORDUnet A/S. # See LICENSE for licensing information. +import argparse import urllib2 import urllib import json @@ -14,6 +15,11 @@ import hashlib import itertools from certtools import * +parser = argparse.ArgumentParser(description='') +parser.add_argument('baseurl', help="Base URL for CT server") +parser.add_argument('--store', default=None, metavar="dir", help='Store certificates in directory dir') +args = parser.parse_args() + def extract_original_entry(entry): leaf_input = base64.decodestring(entry["leaf_input"]) (leaf_cert, timestamp) = unpack_mtl(leaf_input) @@ -23,7 +29,7 @@ def extract_original_entry(entry): def get_entries_wrapper(baseurl, start, end): fetched_entries = [] - while len(fetched_entries) < (end - start + 1): + while start + len(fetched_entries) < (end + 1): print "fetching from", start + len(fetched_entries) entries = get_entries(baseurl, start + len(fetched_entries), end)["entries"] if len(entries) == 0: @@ -31,23 +37,39 @@ def get_entries_wrapper(baseurl, start, end): fetched_entries.extend(entries) return fetched_entries -baseurl = sys.argv[1] -destination_directory = sys.argv[2] +def print_layer(layer): + for entry in layer: + print base64.b16encode(entry) -sth = get_sth(baseurl) +sth = get_sth(args.baseurl) tree_size = sth["tree_size"] +root_hash = base64.decodestring(sth["sha256_root_hash"]) + +print "tree size", tree_size +print "root hash", base64.b16encode(root_hash) + +entries = get_entries_wrapper(args.baseurl, 0, tree_size - 1) + +print "fetched", len(entries), "entries" + +layer0 = [get_leaf_hash(base64.decodestring(entry["leaf_input"])) for entry in entries] + +tree = build_merkle_tree(layer0) -print tree_size +calculated_root_hash = tree[-1][0] -entries = get_entries_wrapper(baseurl, 0, tree_size) +print "calculated root hash", base64.b16encode(calculated_root_hash) -print len(entries) +if calculated_root_hash != root_hash: + print "fetched root hash and calculated root hash different, aborting" + sys.exit(1) -for entry, i in zip(entries, range(0, len(entries))): - chain = extract_original_entry(entry) - f = open(destination_directory + "/" + ("%06d" % i), "w") - for cert in chain: - print >> f, "-----BEGIN CERTIFICATE-----" - print >> f, base64.encodestring(cert).rstrip() - print >> f, "-----END CERTIFICATE-----" - print >> f, "" +if args.store: + for entry, i in zip(entries, range(0, len(entries))): + chain = extract_original_entry(entry) + f = open(args.store + "/" + ("%06d" % i), "w") + for cert in chain: + print >> f, "-----BEGIN CERTIFICATE-----" + print >> f, base64.encodestring(cert).rstrip() + print >> f, "-----END CERTIFICATE-----" + print >> f, "" -- cgit v1.1