adding script for inclusion checking by submitting to all logs and checking timestamp age

author: josef <josef.gson@gmail.com> 2015-10-19 12:08:03 +0200
committer: josef <josef.gson@gmail.com> 2015-10-19 12:08:03 +0200
commit: cc06b25e43deeee70418a1ee9f6271ed9fed0c83 (patch)
tree: c60aa3cf27c70a2fd5f9ff1301ff35b210e769ab /monitor/josef_lib.py
parent: db5fd75ac73f81721904b94408b7984482791179 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/monitor/josef_lib.py b/monitor/josef_lib.py
index 0f64ef6..db9dad3 100644
--- a/monitor/josef_lib.py
+++ b/monitor/josef_lib.py
@@ -48,6 +48,26 @@ def get_all_roots(base_url):
             root_cert = base64.decodestring(accepted_cert)
     return certs
 
+def verify_inclusion_by_hash(base_url, leaf_hash):
+    try: 
+        tmp_sth = get_sth(base_url)
+        proof = get_proof_by_hash(base_url, leaf_hash, tmp_sth["tree_size"])
+
+        decoded_inclusion_proof = []
+        for item in proof["audit_path"]:
+            decoded_inclusion_proof.append(base64.b64decode(item))
+        
+        root = base64.b64encode(verify_inclusion_proof(decoded_inclusion_proof, proof["leaf_index"], tmp_sth["tree_size"], leaf_hash))
+
+        if tmp_sth["sha256_root_hash"] == root:
+            return True
+        else:
+            # print time.strftime('%H:%M:%S') + " ERROR: Could not prove inclusion for entry " + str(proof["leaf_index"]) + " in " + base_url
+            return False
+    except:
+        # print time.strftime('%H:%M:%S') + " ERROR: Could not prove inclusion for hashed entry in " + base_url
+        return False
+
 def check_domain(raw_entry, log=None):
     orig_entry = extract_original_entry(raw_entry)
     try:
author	josef <josef.gson@gmail.com>	2015-10-19 12:08:03 +0200
committer	josef <josef.gson@gmail.com>	2015-10-19 12:08:03 +0200
commit	cc06b25e43deeee70418a1ee9f6271ed9fed0c83 (patch)
tree	c60aa3cf27c70a2fd5f9ff1301ff35b210e769ab /monitor/josef_lib.py
parent	db5fd75ac73f81721904b94408b7984482791179 (diff)