#!/usr/bin/env python # -*- coding: utf-8 -*- # # Copyright (c) 2017, NORDUnet A/S. # See LICENSE for licensing information. # # Initialise a new CT log. # import sys import os import argparse import yaml import errno from time import time from base64 import b64encode from certtools import build_merkle_tree, write_file, generate_tree_head_signature from mergetools import get_sth, perm, get_logorder, hexencode def parse_args(): parser = argparse.ArgumentParser(description="") parser.add_argument('--promote-secondary', action='store_true') parser.add_argument('--config', help="System configuration", required=True) parser.add_argument('--localconfig', help="Local configuration", required=True) args = parser.parse_args() config = yaml.load(open(args.config)) localconfig = yaml.load(open(args.localconfig)) return (args, config, localconfig) # TODO: Add a `--init-secondary' option too? def main(): """ Initialise a log, either from scratch or by promoting a secondary merge node (--promote-secondary). Refuse to do anything if there's an sth file present. When initialising from scratch, do - touch logorder - write -1 to fetched - write 0 to minsize - create perm database if it doesn't exist When promoting a secondary (--promote-secondary), do - read logorder, let n = length of logorder - write n-1 to fetched - write n to minsize - create perm database if it doesn't exist """ args, config, localconfig = parse_args() paths = localconfig["paths"] own_key = (localconfig["nodename"], "%s/%s-private.pem" % (paths["privatekeys"], localconfig["nodename"])) mergedb = paths["db"] sthfile = mergedb + "/sth" logorderfile = mergedb + "/logorder" currentsizefile = mergedb + "/fetched" minsizefile = mergedb + "/minsize" # Make sure that we can find our keyfile. if not file_exists(own_key[1]): print >>sys.stderr, "Unable to open keyfile: %s" % own_key[1] return 1 # Don't do anything if there's already an sth file. if file_exists(sthfile): print >>sys.stderr, "This log already has an STH file: %s" % sthfile print >>sys.stderr, "I refuse to destroy this log." return 2 # Read or touch logorder. if args.promote_secondary: logorder = get_logorder(logorderfile) size = len(logorder) last_hash = logorder[size-1] else: if file_exists(logorderfile): print >>sys.stderr, "This log already has logorder file: %s" % logorderfile print >>sys.stderr, "I refuse to destroy this log." return 3 open(logorderfile, "a").close() size = 0 last_hash = '' # Write fetched. currentsize = {"index": size - 1, "hash": hexencode(last_hash)} write_file(currentsizefile, currentsize) # Write minsize. minsize = {"size": size} write_file(minsizefile, minsize) # Create a chains database. perm(localconfig.get("dbbackend", "filedb"), mergedb + "/chains") return 0 def file_exists(path): try: os.stat(path) except OSError, e: if e.errno == errno.ENOENT: return False raise return True if __name__ == '__main__': sys.exit(main())