1 files changed, 18 insertions, 14 deletions

diff --git a/tools/josef_nagios_auditor.py b/tools/josef_nagios_auditor.py
index 41fefd0..db68bbe 100755
--- a/tools/josef_nagios_auditor.py
+++ b/tools/josef_nagios_auditor.py
@@ -16,15 +16,16 @@ NAGIOS_UNKNOWN = 3
 parser = argparse.ArgumentParser(description="")
 parser.add_argument('--audit', action='store_true', help="run lightweight auditor verifying consistency in STH")
 parser.add_argument('--build-sth', action='store_true', help="get all entries and construct STH")
+parser.add_argument('--no-inclusion', action='store_true', help="don't check inclusion proofs for new entries")
 parser.add_argument('--baseurl', required=True, help="Base URL for CT log")
 parser.add_argument('--sthfile',
                     required=True,
                     metavar='file',
                     help="File containing current STH")
-parser.add_argument('--keyfile',
-                    metavar='file',
-                    required=True,
-                    help="File containing current STH")
+# parser.add_argument('--keyfile',
+#                     metavar='file',
+#                     required=True,
+#                     help="File containing current STH")
 
 class UTC(datetime.tzinfo):
     def utcoffset(self, dt):
@@ -67,7 +68,7 @@ def reduce_subtree_to_root(layers):
         return next_merkle_layer(layers[0])
     return layers[0]
 
-def get_and_verify_sth(url, key):
+def get_and_verify_sth(url):
     try:
         sth =  get_sth(url)
     except:
@@ -76,7 +77,8 @@ def get_and_verify_sth(url, key):
 
     # Check signature on the STH
     try:
-        check_sth_signature(url, sth, key)
+        check_sth_signature(url, sth, None)
+        # check_sth_signature(url, sth, key)
         # write_file("plausible-sth.json", tmp_sth)
     except:
         error_str = time.strftime('%H:%M:%S') + " ERROR: Could not verify signature from " + url
@@ -99,7 +101,8 @@ def fetch_all_sth():
 
         # Check signature on the STH
         try:
-            check_sth_signature(base_url, sths[base_url], logkeys[base_url])
+            # check_sth_signature(base_url, sths[base_url], logkeys[base_url])
+            check_sth_signature(base_url, sths[base_url], None)
         except:
             error_str = time.strftime('%H:%M:%S') + " ERROR: Could not verify signature from " + base_url
             print error_str
@@ -299,21 +302,22 @@ def write_file(fn, sth):
 
 
 def main(args):
-    try:
-        log_key = get_public_key_from_file(args.keyfile)
-    except:
-        print time.strftime('%H:%M:%S') + " ERROR: Failed to load keyfile " + args.keyfile
-        sys.exit(NAGIOS_WARN)
+    # try:
+    #     log_key = get_public_key_from_file(args.keyfile)
+    # except:
+    #     print time.strftime('%H:%M:%S') + " ERROR: Failed to load keyfile " + args.keyfile
+    #     sys.exit(NAGIOS_WARN)
 
     old_sth = read_sth(args.sthfile)
-    new_sth =  get_and_verify_sth(args.baseurl, log_key)
+    new_sth =  get_and_verify_sth(args.baseurl)
     write_file(args.sthfile, new_sth)
 
     verify_progress(args.baseurl, old_sth, new_sth)
 
     verify_consistency(args.baseurl, old_sth, new_sth)
 
-    verify_inclusion_all(args.baseurl, old_sth, new_sth)
+    if not args.no_inclusion:
+        verify_inclusion_all(args.baseurl, old_sth, new_sth)
 
     print "Everything OK from " + args.baseurl 
     sys.exit(NAGIOS_OK)