diff options
Diffstat (limited to 'tools/josef_experimental_auditor.py')
| -rwxr-xr-x | tools/josef_experimental_auditor.py | 39 |
1 files changed, 23 insertions, 16 deletions
diff --git a/tools/josef_experimental_auditor.py b/tools/josef_experimental_auditor.py index 78a3fe2..7efd2dc 100755 --- a/tools/josef_experimental_auditor.py +++ b/tools/josef_experimental_auditor.py @@ -14,16 +14,17 @@ NAGIOS_CRIT = 2 NAGIOS_UNKNOWN = 3 DEFAULT_CUR_FILE = 'all-sth.json' +DEFAULT_CERT_FILE = "cert_data.json" base_urls = [ # "https://plausible.ct.nordu.net/", # "https://ct1.digicert-ct.com/log/", - # "https://ct.izenpe.com/", + "https://ct.izenpe.com/", # "https://log.certly.io/", # "https://ct.googleapis.com/aviator/", # "https://ct.googleapis.com/pilot/", # "https://ct.googleapis.com/rocketeer/", - # "https://ctlog.api.venafi.com/", + "https://ctlog.api.venafi.com/", "https://ct.ws.symantec.com/", ] @@ -55,14 +56,6 @@ monitored_domains = [ # ".se", ] -# cert_data = [] - -# class cert(subject, issuer, log): -# def __init__(self): -# self.subject = subject -# self.issuer = issuer - # self.logs = [log] - class UTC(datetime.tzinfo): def utcoffset(self, dt): return datetime.timedelta(hours=0) @@ -215,9 +208,12 @@ def check_domain(raw_entry, log=None): def fetch_and_increment_subtree(old_sth, new_sth_in, subtree, base_url): try: + print "Initial hash:", hash(str(subtree)) sth = old_sth[base_url] new_sth = new_sth_in[base_url] idx = sth["tree_size"] + tmp_tree = list(subtree) + print "tmp hash:", hash(str(tmp_tree)) while idx < new_sth["tree_size"]: pre_size = idx @@ -227,16 +223,22 @@ def fetch_and_increment_subtree(old_sth, new_sth_in, subtree, base_url): for item in entries: tmp_cert_data.append(check_domain(item, base_url)) new_leafs.append(get_leaf_hash(base64.b64decode(item["leaf_input"]))) - append_file("cert_data.json", tmp_cert_data) + append_file(DEFAULT_CERT_FILE, tmp_cert_data) idx += len(new_leafs) print time.strftime('%H:%M:%S') + " Got entries " + str(pre_size) + " to " \ + str(idx -1) + " (" + str(len(new_leafs)) +" entries) from " + base_url - subtree = reduce_tree(new_leafs, subtree) + + print "Before reduction:", hash(str(tmp_tree)) + res_tree = reduce_tree(new_leafs, tmp_tree) + print "After reduction:", hash(str(res_tree)) except: print "Failed to build subtree :(" - return subtree + if subtree == res_tree: + print "Final subtree hash", hash(str(subtree)) + print "Final restree hash", hash(str(res_tree)) + return res_tree def fetch_and_build_subtree(old_sth, base_url): try: @@ -253,8 +255,8 @@ def fetch_and_build_subtree(old_sth, base_url): tmp_cert_data.append(check_domain(item, base_url)) new_leafs.append(get_leaf_hash(base64.b64decode(item["leaf_input"]))) idx += len(new_leafs) - append_file("cert_data.json", tmp_cert_data) - print time.strftime('%H:%M:%S') + " Got entries " + str(pre_size) + " to " + str(idx) + " from " + base_url + append_file(DEFAULT_CERT_FILE, tmp_cert_data) + print time.strftime('%H:%M:%S') + " Got entries " + str(pre_size) + " to " + str(idx -1) + " from " + base_url subtree = reduce_tree(new_leafs, subtree) except: @@ -376,7 +378,7 @@ def append_file(fn, content): with open(fn, 'a') as f: for item in content: try: - f.write(json.dumps(item)) + f.write(json.dumps(item) + "\n") except: # print "failed to write " + str(item) pass @@ -454,8 +456,13 @@ def main(args): new_sth = fetch_all_sth() for url in base_urls: if url in sth and url in new_sth and sth[url]["tree_size"] != new_sth[url]["tree_size"]: + # print "Len before:", len(all_subtrees[url]) all_subtrees[url] = fetch_and_increment_subtree(sth, new_sth, all_subtrees[url], url) + # print "Len between:", len(all_subtrees[url]) verify_subtree(new_sth, all_subtrees[url], url) + # print "Len after:", len(all_subtrees[url]) + print "Old sth:", sth[url]["sha256_root_hash"] + print "New sth:", new_sth[url]["sha256_root_hash"] sth = new_sth |