From 560bcebb4cf64aea915331a55013b21696bfce5d Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Tue, 23 Sep 2014 02:48:07 +0200 Subject: Added submitcert.py --- tools/certtools.py | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++ tools/submitcert.py | 50 ++++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 tools/certtools.py create mode 100755 tools/submitcert.py (limited to 'tools') diff --git a/tools/certtools.py b/tools/certtools.py new file mode 100644 index 0000000..9d24c36 --- /dev/null +++ b/tools/certtools.py @@ -0,0 +1,74 @@ +import subprocess +import json +import base64 +import urllib +import urllib2 +import struct + +def get_cert_info(s): + p = subprocess.Popen(["openssl", "x509", "-noout", "-subject", "-issuer", "-inform", "der"], + stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + parsed = p.communicate(s) + if parsed[1]: + print "error:", parsed[1] + result = {} + for line in parsed[0].split("\n"): + (key, sep, value) = line.partition("=") + if sep == "=": + result[key] = value + return result + +def get_certs_from_file(certfile): + certs = [] + cert = "" + incert = False + + for line in open(certfile): + line = line.strip() + if line == "-----BEGIN CERTIFICATE-----": + cert = "" + incert = True + elif line == "-----END CERTIFICATE-----": + certs.append(cert) + incert = False + elif incert: + cert += line + return certs + +def get_root_cert(issuer): + accepted_certs = json.loads(open("googlelog-accepted-certs.txt").read())["certificates"] + + root_cert = None + + for accepted_cert in accepted_certs: + subject = get_cert_info(base64.decodestring(accepted_cert))["subject"] + if subject == issuer: + print "found root cert" + root_cert = base64.decodestring(accepted_cert) + + return root_cert + +def get_sth(baseurl): + result = urllib2.urlopen(baseurl + "ct/v1/get-sth").read() + return json.loads(result) + +def get_proof_by_hash(baseurl, hash, tree_size): + try: + params = urllib.urlencode({"hash":base64.b64encode(hash), "tree_size":tree_size}) + print params + result = urllib2.urlopen(baseurl + "ct/v1/get-proof-by-hash?" + params).read() + return result + except urllib2.HTTPError, e: + print e.read() + sys.exit(1) + +def tls_array(data, length_len): + length_bytes = struct.pack(">Q", len(data))[-length_len:] + return length_bytes + data + +def add_chain(baseurl, submission): + try: + return json.loads(urllib2.urlopen(baseurl + "ct/v1/add-chain", json.dumps(submission)).read()) + except urllib2.HTTPError, e: + print e.read() + sys.exit(1) diff --git a/tools/submitcert.py b/tools/submitcert.py new file mode 100755 index 0000000..a4dd9a2 --- /dev/null +++ b/tools/submitcert.py @@ -0,0 +1,50 @@ +#!/usr/bin/python + +import urllib2 +import urllib +import json +import base64 +import sys +import struct +import hashlib +from certtools import * + +baseurl = sys.argv[1] +certfile = sys.argv[2] + +lookup_in_log = True + +certs = get_certs_from_file(certfile) + +result = add_chain(baseurl, {"chain":certs}) + +print result + +for cert in certs: + print get_cert_info(base64.decodestring(cert)) + +if lookup_in_log: + last_issuer = get_cert_info(base64.decodestring(certs[-1]))["issuer"] + last_subject = get_cert_info(base64.decodestring(certs[-1]))["subject"] + + entry_type = struct.pack(">H", 0) + + extensions = "" + + timestamped_entry = struct.pack(">Q", result["timestamp"]) + entry_type + tls_array(base64.decodestring(certs[0]), 3) + tls_array(extensions, 2) + version = struct.pack(">b", 0) + leaf_type = struct.pack(">b", 0) + merkle_tree_leaf = version + leaf_type + timestamped_entry + + leaf_hash = hashlib.sha256() + leaf_hash.update(struct.pack(">b", 0)) + leaf_hash.update(merkle_tree_leaf) + + print base64.b64encode(leaf_hash.digest()) + + sth = get_sth(baseurl) + print sth + + proof = get_proof_by_hash(baseurl, leaf_hash.digest(), sth["tree_size"]) + + print proof -- cgit v1.1