Verify config file signature

Read log key from config file in more places. Check STH signature in storagegc.py
author: Magnus Ahltorp <map@kth.se> 2017-01-27 16:11:11 +0100
committer: Linus Nordberg <linus@nordu.net> 2017-02-01 10:46:27 +0100
commit: c0d8aceccb0961a25ee58a163441bbcbe6d6ea3d (patch)
tree: 90c98ad5f286a2475c1dd04ca7ddd70df6669aea /tools/storagegc.py
parent: 50667bc5c4896557415ab28269d2aea3ac534bf4 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/tools/storagegc.py b/tools/storagegc.py
index 38b5379..6360495 100755
--- a/tools/storagegc.py
+++ b/tools/storagegc.py
@@ -9,7 +9,7 @@ import urllib
 import json
 import base64
 import sys
-import yaml
+import readconfig
 from certtools import *
 
 parser = argparse.ArgumentParser(description='')
@@ -17,8 +17,8 @@ parser.add_argument('--config', help="System configuration", required=True)
 parser.add_argument('--localconfig', help="Local configuration", required=True)
 args = parser.parse_args()
 
-config = yaml.load(open(args.config))
-localconfig = yaml.load(open(args.localconfig))
+localconfig = readconfig.read_config(args.localconfig)
+config = readconfig.verify_and_read_config(args.config, localconfig["logadminkey"])
 
 paths = localconfig["paths"]
 db_path = paths["db"]
@@ -27,6 +27,7 @@ create_ssl_context(cafile=paths.get("public_cacertfile", None))
 baseurl = config["baseurl"]
 
 sth = get_sth(baseurl)
+check_sth_signature(baseurl, sth, base64.decodestring(config["logpublickey"]))
 
 def verifyleafhash(leaf_hash):
     try:
author	Magnus Ahltorp <map@kth.se>	2017-01-27 16:11:11 +0100
committer	Linus Nordberg <linus@nordu.net>	2017-02-01 10:46:27 +0100
commit	c0d8aceccb0961a25ee58a163441bbcbe6d6ea3d (patch)
tree	90c98ad5f286a2475c1dd04ca7ddd70df6669aea /tools/storagegc.py
parent	50667bc5c4896557415ab28269d2aea3ac534bf4 (diff)