From 560bcebb4cf64aea915331a55013b21696bfce5d Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Tue, 23 Sep 2014 02:48:07 +0200
Subject: Added submitcert.py

---
 tools/certtools.py  | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 tools/submitcert.py | 50 ++++++++++++++++++++++++++++++++++++
 2 files changed, 124 insertions(+)
 create mode 100644 tools/certtools.py
 create mode 100755 tools/submitcert.py

diff --git a/tools/certtools.py b/tools/certtools.py
new file mode 100644
index 0000000..9d24c36
--- /dev/null
+++ b/tools/certtools.py
@@ -0,0 +1,74 @@
+import subprocess
+import json
+import base64
+import urllib
+import urllib2
+import struct
+
+def get_cert_info(s):
+    p = subprocess.Popen(["openssl", "x509", "-noout", "-subject", "-issuer", "-inform", "der"],
+                         stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    parsed = p.communicate(s)
+    if parsed[1]:
+        print "error:", parsed[1]
+    result = {}
+    for line in parsed[0].split("\n"):
+        (key, sep, value) = line.partition("=")
+        if sep == "=":
+            result[key] = value
+    return result
+
+def get_certs_from_file(certfile):
+    certs = []
+    cert = ""
+    incert = False
+    
+    for line in open(certfile):
+        line = line.strip()
+        if line == "-----BEGIN CERTIFICATE-----":
+            cert = ""
+            incert = True
+        elif line == "-----END CERTIFICATE-----":
+            certs.append(cert)
+            incert = False
+        elif incert:
+            cert += line
+    return certs
+
+def get_root_cert(issuer):
+    accepted_certs = json.loads(open("googlelog-accepted-certs.txt").read())["certificates"]
+    
+    root_cert = None
+
+    for accepted_cert in accepted_certs:
+        subject = get_cert_info(base64.decodestring(accepted_cert))["subject"]
+        if subject == issuer:
+            print "found root cert"
+            root_cert = base64.decodestring(accepted_cert)
+
+    return root_cert
+
+def get_sth(baseurl):
+    result = urllib2.urlopen(baseurl + "ct/v1/get-sth").read()
+    return json.loads(result)
+
+def get_proof_by_hash(baseurl, hash, tree_size):
+    try:
+        params = urllib.urlencode({"hash":base64.b64encode(hash), "tree_size":tree_size})
+        print params
+        result = urllib2.urlopen(baseurl + "ct/v1/get-proof-by-hash?" + params).read()
+        return result
+    except urllib2.HTTPError, e:
+        print e.read()
+        sys.exit(1)
+
+def tls_array(data, length_len):
+    length_bytes = struct.pack(">Q", len(data))[-length_len:]
+    return length_bytes + data
+
+def add_chain(baseurl, submission):
+    try:
+        return json.loads(urllib2.urlopen(baseurl + "ct/v1/add-chain", json.dumps(submission)).read())
+    except urllib2.HTTPError, e:
+        print e.read()
+        sys.exit(1)
diff --git a/tools/submitcert.py b/tools/submitcert.py
new file mode 100755
index 0000000..a4dd9a2
--- /dev/null
+++ b/tools/submitcert.py
@@ -0,0 +1,50 @@
+#!/usr/bin/python                                                               
+
+import urllib2
+import urllib
+import json
+import base64
+import sys
+import struct
+import hashlib
+from certtools import *
+
+baseurl = sys.argv[1]
+certfile = sys.argv[2]
+
+lookup_in_log = True
+
+certs = get_certs_from_file(certfile)
+
+result = add_chain(baseurl, {"chain":certs})
+
+print result
+
+for cert in certs:
+    print get_cert_info(base64.decodestring(cert))
+
+if lookup_in_log:
+    last_issuer = get_cert_info(base64.decodestring(certs[-1]))["issuer"]
+    last_subject = get_cert_info(base64.decodestring(certs[-1]))["subject"]
+
+    entry_type = struct.pack(">H", 0)
+
+    extensions = ""
+
+    timestamped_entry = struct.pack(">Q", result["timestamp"]) + entry_type + tls_array(base64.decodestring(certs[0]), 3) + tls_array(extensions, 2)
+    version = struct.pack(">b", 0)
+    leaf_type = struct.pack(">b", 0)
+    merkle_tree_leaf = version + leaf_type + timestamped_entry
+
+    leaf_hash = hashlib.sha256()
+    leaf_hash.update(struct.pack(">b", 0))
+    leaf_hash.update(merkle_tree_leaf)
+
+    print base64.b64encode(leaf_hash.digest())
+
+    sth = get_sth(baseurl)
+    print sth
+
+    proof = get_proof_by_hash(baseurl, leaf_hash.digest(), sth["tree_size"])
+
+    print proof
-- 
cgit v1.1