#!/usr/bin/env python import urllib2 import urllib import json import base64 import sys import struct import hashlib from certtools import * baseurl = sys.argv[1] certfile = sys.argv[2] lookup_in_log = True certs = get_certs_from_file(certfile) result = add_chain(baseurl, {"chain":certs}) print result for cert in certs: print get_cert_info(base64.decodestring(cert)) if lookup_in_log: last_issuer = get_cert_info(base64.decodestring(certs[-1]))["issuer"] last_subject = get_cert_info(base64.decodestring(certs[-1]))["subject"] entry_type = struct.pack(">H", 0) extensions = "" timestamped_entry = struct.pack(">Q", result["timestamp"]) + entry_type + \ tls_array(base64.decodestring(certs[0]), 3) + tls_array(extensions, 2) version = struct.pack(">b", 0) leaf_type = struct.pack(">b", 0) merkle_tree_leaf = version + leaf_type + timestamped_entry print "merkle_tree_leaf:", base64.b64encode(merkle_tree_leaf) leaf_hash = hashlib.sha256() leaf_hash.update(struct.pack(">b", 0)) leaf_hash.update(merkle_tree_leaf) print base64.b64encode(leaf_hash.digest()) sth = get_sth(baseurl) print sth proof = get_proof_by_hash(baseurl, leaf_hash.digest(), sth["tree_size"]) print proof leaf_index = proof["leaf_index"] entries = get_entries(baseurl, leaf_index, leaf_index) fetched_entry = entries["entries"][0] print fetched_entry print "does the leaf_input of the fetched entry match what we calculated:", base64.decodestring(fetched_entry["leaf_input"]) == merkle_tree_leaf extra_data = fetched_entry["extra_data"] certchain = decode_certificate_chain(base64.decodestring(extra_data)) print [base64.b64encode(cert) for cert in certchain]