diff options
Diffstat (limited to 'tools/josef_experimental.py')
| -rwxr-xr-x | tools/josef_experimental.py | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/tools/josef_experimental.py b/tools/josef_experimental.py new file mode 100755 index 0000000..dc1dc7e --- /dev/null +++ b/tools/josef_experimental.py @@ -0,0 +1,79 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +import time +import base64 +from certtools import get_sth, get_consistency_proof, check_sth_signature, get_public_key_from_file, verify_consistency_proof + + +base_urls = ["https://plausible.ct.nordu.net/", + "https://ct1.digicert-ct.com/log/", + "https://ct.izenpe.com/", + "https://log.certly.io/", + "https://ct.googleapis.com/aviator/", + "https://ct.googleapis.com/pilot/", + "https://ct.googleapis.com/rocketeer/", + ] + +logkeys = {} +logkeys["https://plausible.ct.nordu.net/"] = get_public_key_from_file("../../plausible-logkey.pem") +logkeys["https://ct.googleapis.com/rocketeer/"] = get_public_key_from_file("../../rocketeer-logkey.pem") +logkeys["https://ct.googleapis.com/aviator/"] = get_public_key_from_file("../../aviator-logkey.pem") +logkeys["https://ct.googleapis.com/pilot/"] = get_public_key_from_file("../../pilot-logkey.pem") +logkeys["https://log.certly.io/"] = get_public_key_from_file("../../certly-logkey.pem") +logkeys["https://ct.izenpe.com/"] = get_public_key_from_file("../../izenpe-logkey.pem") +logkeys["https://ct1.digicert-ct.com/log/"] = get_public_key_from_file("../../digicert-logkey.pem") +old_sth = {} + +# Get initial sth +print time.strftime("%H:%M:%S", time.gmtime()) +for base_url in base_urls: + + old_sth[base_url] = get_sth(base_url) + print "Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) + + try: + check_sth_signature(base_url, old_sth[base_url], logkeys[base_url]) + except: + print "Could not verify signature!!" + + +while True: + time.sleep(1*60-4) + print time.strftime("%H:%M:%S", time.gmtime()) + for base_url in base_urls: + new_sth = get_sth(base_url) + print "Received STH from " + base_url + ", timestamp: " + str(new_sth["timestamp"]) + ", size: " + str(new_sth["tree_size"]) + try: + check_sth_signature(base_url, new_sth, logkeys[base_url]) + except: + print "Could not verify signature!!" + + if old_sth[base_url]["tree_size"]!= new_sth["tree_size"]: + print "Wohoo, new STH! Checking..." + try: + # Hashes are base64 encoded from the server and needs to be decoded before checking proofs. + consistency_proof = get_consistency_proof(base_url, old_sth[base_url]["tree_size"], new_sth["tree_size"] ) + decoded_consistency_proof = [] + for item in consistency_proof: + decoded_consistency_proof.append(base64.b64decode(item)) + res = verify_consistency_proof(decoded_consistency_proof, old_sth[base_url]["tree_size"], new_sth["tree_size"], old_sth[base_url]["sha256_root_hash"]) + + if old_sth[base_url]["sha256_root_hash"] != str(base64.b64encode(res[0])): + print "Verification of old hash failed!!!" + print old_sth[base_url]["sha256_root_hash"], str(base64.b64encode(res[0])) + if new_sth["sha256_root_hash"] != str(base64.b64encode(res[1])): + print "Verification of new hash failed!!!" + print new_sth["sha256_root_hash"], str(base64.b64encode(res[1])) + + except Exception, err: + print Exception, err + finally: + old_sth[base_url] = new_sth + + + + + + + |