From c0d8aceccb0961a25ee58a163441bbcbe6d6ea3d Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Fri, 27 Jan 2017 16:11:11 +0100
Subject: Verify config file signature

Read log key from config file in more places.
Check STH signature in storagegc.py
---
 tools/storagegc.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'tools/storagegc.py')

diff --git a/tools/storagegc.py b/tools/storagegc.py
index 38b5379..6360495 100755
--- a/tools/storagegc.py
+++ b/tools/storagegc.py
@@ -9,7 +9,7 @@ import urllib
 import json
 import base64
 import sys
-import yaml
+import readconfig
 from certtools import *
 
 parser = argparse.ArgumentParser(description='')
@@ -17,8 +17,8 @@ parser.add_argument('--config', help="System configuration", required=True)
 parser.add_argument('--localconfig', help="Local configuration", required=True)
 args = parser.parse_args()
 
-config = yaml.load(open(args.config))
-localconfig = yaml.load(open(args.localconfig))
+localconfig = readconfig.read_config(args.localconfig)
+config = readconfig.verify_and_read_config(args.config, localconfig["logadminkey"])
 
 paths = localconfig["paths"]
 db_path = paths["db"]
@@ -27,6 +27,7 @@ create_ssl_context(cafile=paths.get("public_cacertfile", None))
 baseurl = config["baseurl"]
 
 sth = get_sth(baseurl)
+check_sth_signature(baseurl, sth, base64.decodestring(config["logpublickey"]))
 
 def verifyleafhash(leaf_hash):
     try:
-- 
cgit v1.1