diff options
author | josef <josef@guest31.se-tug.nordu.net> | 2015-08-25 16:19:10 +0200 |
---|---|---|
committer | josef <josef@guest31.se-tug.nordu.net> | 2015-08-25 16:19:10 +0200 |
commit | fe36969835c2f3be14e90a1ac7632fd4c638afaa (patch) | |
tree | b961415dae7266e26a756fa50b914b8701b2cfc3 /tools | |
parent | 74dd0360bda561bdd88ec85d9bb07398bf404261 (diff) |
experimental python auditor added
Diffstat (limited to 'tools')
-rwxr-xr-x | tools/josef_experimental.py | 68 | ||||
-rwxr-xr-x | tools/josef_experimental_auditor.py | 68 |
2 files changed, 136 insertions, 0 deletions
diff --git a/tools/josef_experimental.py b/tools/josef_experimental.py new file mode 100755 index 0000000..da3f31e --- /dev/null +++ b/tools/josef_experimental.py @@ -0,0 +1,68 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +import time +from certtools import get_sth, get_consistency_proof, check_sth_signature, get_public_key_from_file, verify_consistency_proof + + +base_urls = ["https://plausible.ct.nordu.net/", + "https://ct1.digicert-ct.com/log/", + "https://ct.izenpe.com/", + "https://log.certly.io/", + "https://ct.googleapis.com/aviator/", + "https://ct.googleapis.com/pilot/", + "https://ct.googleapis.com/rocketeer/", + ] + +logkeys = {} +logkeys["https://plausible.ct.nordu.net/"] = get_public_key_from_file("../../plausible-logkey.pem") +logkeys["https://ct.googleapis.com/rocketeer/"] = get_public_key_from_file("../../rocketeer-logkey.pem") +logkeys["https://ct.googleapis.com/aviator/"] = get_public_key_from_file("../../aviator-logkey.pem") +logkeys["https://ct.googleapis.com/pilot/"] = get_public_key_from_file("../../pilot-logkey.pem") +logkeys["https://log.certly.io/"] = get_public_key_from_file("../../certly-logkey.pem") +logkeys["https://ct.izenpe.com/"] = get_public_key_from_file("../../izenpe-logkey.pem") +logkeys["https://ct1.digicert-ct.com/log/"] = get_public_key_from_file("../../digicert-logkey.pem") +count = 0 +old_sth = {} + +# Get initial sth +for base_url in base_urls: + + old_sth[base_url] = get_sth(base_url) + # print old_sth[base_url]["sha256_root_hash"] + print str(count) + ": Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) + + try: + check_sth_signature(base_url, old_sth[base_url], logkeys[base_url]) + except: + print "Could not verify signature!!" + + +while True: + time.sleep(60) + count += 1 + for base_url in base_urls: + new_sth = get_sth(base_url) + print str(count) + ": Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) + try: + check_sth_signature(base_url, new_sth, logkeys[base_url]) + except: + print "Could not verify signature!!" + + if old_sth[base_url]["tree_size"] != new_sth["tree_size"]: + print "Wohoo, new STH! Checking..." + try: + consistency_proof = get_consistency_proof(base_url, old_sth[base_url]["tree_size"], new_sth["tree_size"] ) + # print consistency_proof + print verify_consistency_proof(consistency_proof, old_sth[base_url]["tree_size"], new_sth["tree_size"], old_sth[base_url]["sha256_root_hash"]) + except: + print consistency_proof + finally: + old_sth[base_url] = new_sth + + + + + + + diff --git a/tools/josef_experimental_auditor.py b/tools/josef_experimental_auditor.py new file mode 100755 index 0000000..da3f31e --- /dev/null +++ b/tools/josef_experimental_auditor.py @@ -0,0 +1,68 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +import time +from certtools import get_sth, get_consistency_proof, check_sth_signature, get_public_key_from_file, verify_consistency_proof + + +base_urls = ["https://plausible.ct.nordu.net/", + "https://ct1.digicert-ct.com/log/", + "https://ct.izenpe.com/", + "https://log.certly.io/", + "https://ct.googleapis.com/aviator/", + "https://ct.googleapis.com/pilot/", + "https://ct.googleapis.com/rocketeer/", + ] + +logkeys = {} +logkeys["https://plausible.ct.nordu.net/"] = get_public_key_from_file("../../plausible-logkey.pem") +logkeys["https://ct.googleapis.com/rocketeer/"] = get_public_key_from_file("../../rocketeer-logkey.pem") +logkeys["https://ct.googleapis.com/aviator/"] = get_public_key_from_file("../../aviator-logkey.pem") +logkeys["https://ct.googleapis.com/pilot/"] = get_public_key_from_file("../../pilot-logkey.pem") +logkeys["https://log.certly.io/"] = get_public_key_from_file("../../certly-logkey.pem") +logkeys["https://ct.izenpe.com/"] = get_public_key_from_file("../../izenpe-logkey.pem") +logkeys["https://ct1.digicert-ct.com/log/"] = get_public_key_from_file("../../digicert-logkey.pem") +count = 0 +old_sth = {} + +# Get initial sth +for base_url in base_urls: + + old_sth[base_url] = get_sth(base_url) + # print old_sth[base_url]["sha256_root_hash"] + print str(count) + ": Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) + + try: + check_sth_signature(base_url, old_sth[base_url], logkeys[base_url]) + except: + print "Could not verify signature!!" + + +while True: + time.sleep(60) + count += 1 + for base_url in base_urls: + new_sth = get_sth(base_url) + print str(count) + ": Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) + try: + check_sth_signature(base_url, new_sth, logkeys[base_url]) + except: + print "Could not verify signature!!" + + if old_sth[base_url]["tree_size"] != new_sth["tree_size"]: + print "Wohoo, new STH! Checking..." + try: + consistency_proof = get_consistency_proof(base_url, old_sth[base_url]["tree_size"], new_sth["tree_size"] ) + # print consistency_proof + print verify_consistency_proof(consistency_proof, old_sth[base_url]["tree_size"], new_sth["tree_size"], old_sth[base_url]["sha256_root_hash"]) + except: + print consistency_proof + finally: + old_sth[base_url] = new_sth + + + + + + + |