diff options
Diffstat (limited to 'tools/josef_experimental_auditor.py')
| -rwxr-xr-x | tools/josef_experimental_auditor.py | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/tools/josef_experimental_auditor.py b/tools/josef_experimental_auditor.py new file mode 100755 index 0000000..da3f31e --- /dev/null +++ b/tools/josef_experimental_auditor.py @@ -0,0 +1,68 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +import time +from certtools import get_sth, get_consistency_proof, check_sth_signature, get_public_key_from_file, verify_consistency_proof + + +base_urls = ["https://plausible.ct.nordu.net/", + "https://ct1.digicert-ct.com/log/", + "https://ct.izenpe.com/", + "https://log.certly.io/", + "https://ct.googleapis.com/aviator/", + "https://ct.googleapis.com/pilot/", + "https://ct.googleapis.com/rocketeer/", + ] + +logkeys = {} +logkeys["https://plausible.ct.nordu.net/"] = get_public_key_from_file("../../plausible-logkey.pem") +logkeys["https://ct.googleapis.com/rocketeer/"] = get_public_key_from_file("../../rocketeer-logkey.pem") +logkeys["https://ct.googleapis.com/aviator/"] = get_public_key_from_file("../../aviator-logkey.pem") +logkeys["https://ct.googleapis.com/pilot/"] = get_public_key_from_file("../../pilot-logkey.pem") +logkeys["https://log.certly.io/"] = get_public_key_from_file("../../certly-logkey.pem") +logkeys["https://ct.izenpe.com/"] = get_public_key_from_file("../../izenpe-logkey.pem") +logkeys["https://ct1.digicert-ct.com/log/"] = get_public_key_from_file("../../digicert-logkey.pem") +count = 0 +old_sth = {} + +# Get initial sth +for base_url in base_urls: + + old_sth[base_url] = get_sth(base_url) + # print old_sth[base_url]["sha256_root_hash"] + print str(count) + ": Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) + + try: + check_sth_signature(base_url, old_sth[base_url], logkeys[base_url]) + except: + print "Could not verify signature!!" + + +while True: + time.sleep(60) + count += 1 + for base_url in base_urls: + new_sth = get_sth(base_url) + print str(count) + ": Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) + try: + check_sth_signature(base_url, new_sth, logkeys[base_url]) + except: + print "Could not verify signature!!" + + if old_sth[base_url]["tree_size"] != new_sth["tree_size"]: + print "Wohoo, new STH! Checking..." + try: + consistency_proof = get_consistency_proof(base_url, old_sth[base_url]["tree_size"], new_sth["tree_size"] ) + # print consistency_proof + print verify_consistency_proof(consistency_proof, old_sth[base_url]["tree_size"], new_sth["tree_size"], old_sth[base_url]["sha256_root_hash"]) + except: + print consistency_proof + finally: + old_sth[base_url] = new_sth + + + + + + + |