merge.py: use external signing

1 files changed, 14 insertions, 6 deletions

diff --git a/tools/certtools.py b/tools/certtools.py
index ad90e5c..222497f 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -200,10 +200,18 @@ def http_request(url, data=None, key=None):
     result = urllib2.urlopen(req).read()
     return result
 
-def create_signature(privatekey, data):
-    sk = ecdsa.SigningKey.from_der(privatekey)
-    unpacked_signature = sk.sign(data, hashfunc=hashlib.sha256,
-                                 sigencode=ecdsa.util.sigencode_der)
+def get_signature(baseurl, data, key=None):
+    try:
+        params = json.dumps({"plop_version":1, "data": base64.b64encode(data)})
+        result = http_request(baseurl + "ct/signing/sth", params, key=key)
+        parsed_result = json.loads(result)
+        return base64.b64decode(parsed_result.get(u"result"))
+    except urllib2.HTTPError, e:
+        print "ERROR: get_signature", e.read()
+        sys.exit(1)
+
+def create_signature(baseurl, data, key=None):
+    unpacked_signature = get_signature(baseurl, data, key)
     return encode_signature(4, 3, unpacked_signature)
 
 def check_sth_signature(baseurl, sth):
@@ -218,14 +226,14 @@ def check_sth_signature(baseurl, sth):
 
     check_signature(baseurl, signature, tree_head)
 
-def create_sth_signature(tree_size, timestamp, root_hash, privatekey):
+def create_sth_signature(tree_size, timestamp, root_hash, baseurl, key=None):
     version = struct.pack(">b", 0)
     signature_type = struct.pack(">b", 1)
     timestamp_packed = struct.pack(">Q", timestamp)
     tree_size_packed = struct.pack(">Q", tree_size)
     tree_head = version + signature_type + timestamp_packed + tree_size_packed + root_hash
 
-    return create_signature(privatekey, tree_head)
+    return create_signature(baseurl, tree_head, key=key)
 
 def check_sct_signature(baseurl, leafcert, sct):
     publickey = base64.decodestring(publickeys[baseurl])