summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2015-03-16 10:06:42 +0100
committerMagnus Ahltorp <map@kth.se>2015-03-23 16:14:47 +0100
commit1075b68f287e957cd73c8cdb9517293b4c920eec (patch)
treea0c61414da5341522d98200eb7012120af748835
parent0fd4141586310d7735a376bdbf4541b0d8e88169 (diff)
Add submission of precerts
-rw-r--r--tools/certtools.py23
-rwxr-xr-xtools/submitcert.py8
2 files changed, 30 insertions, 1 deletions
diff --git a/tools/certtools.py b/tools/certtools.py
index 0e639f2..b0a1c97 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -61,6 +61,10 @@ def get_certs_from_string(s):
f = cStringIO.StringIO(s)
return get_pemlike_from_file(f, "CERTIFICATE")
+def get_precerts_from_string(s):
+ f = cStringIO.StringIO(s)
+ return get_pemlike_from_file(f, "PRECERTIFICATE")
+
def get_eckey_from_file(keyfile):
keys = get_pemlike(keyfile, "EC PRIVATE KEY")
assert len(keys) == 1
@@ -137,6 +141,24 @@ def add_chain(baseurl, submission):
print "========================"
raise e
+def add_prechain(baseurl, submission):
+ try:
+ result = urllib2.urlopen(baseurl + "ct/v1/add-pre-chain",
+ json.dumps(submission)).read()
+ return json.loads(result)
+ except urllib2.HTTPError, e:
+ print "ERROR", e.code,":", e.read()
+ if e.code == 400:
+ return None
+ sys.exit(1)
+ except ValueError, e:
+ print "==== FAILED REQUEST ===="
+ print submission
+ print "======= RESPONSE ======="
+ print result
+ print "========================"
+ raise e
+
def get_entries(baseurl, start, end):
try:
params = urllib.urlencode({"start":start, "end":end})
@@ -586,5 +608,6 @@ def verify_consistency_proof(consistency_proof, first, second, oldhash_input):
def verify_inclusion_proof(inclusion_proof, index, treesize, leafhash):
chain = zip([(index, 0)] + nodes_for_index(index, treesize), [leafhash] + inclusion_proof)
+ assert len(nodes_for_index(index, treesize)) == len(inclusion_proof)
(_, hash) = reduce(lambda e1, e2: combine_two_hashes(e1, e2, treesize), chain)
return hash
diff --git a/tools/submitcert.py b/tools/submitcert.py
index 9f0be67..1c79544 100755
--- a/tools/submitcert.py
+++ b/tools/submitcert.py
@@ -44,10 +44,16 @@ sth = get_sth(baseurl)
def submitcert((certfile, cert)):
timing = timing_point()
certchain = get_certs_from_string(cert)
+ precerts = get_precerts_from_string(cert)
+ assert len(precerts) == 0 or len(precerts) == 1
+ precert = precerts[0] if precerts else None
timing_point(timing, "readcerts")
try:
- result = add_chain(baseurl, {"chain":map(base64.b64encode, certchain)})
+ if precert:
+ result = add_prechain(baseurl, {"chain":map(base64.b64encode, [precert] + certchain)})
+ else:
+ result = add_chain(baseurl, {"chain":map(base64.b64encode, certchain)})
except SystemExit:
print "EXIT:", certfile
select.select([], [], [], 1.0)