def verify_decode(self, test_vector, test_message):
serialized = "".join(test_vector).decode("hex")
message = test_message_pb2.TestMessage()
tls_message.decode(serialized, message)
self.assertEqual(test_message, message,
msg = "%s vs %s" % (test_message, message))
def verify_decode(self, test_vector, test_message):
serialized = "".join(test_vector).decode("hex")
message = test_message_pb2.TestMessage()
tls_message.decode(serialized, message)
self.assertEqual(test_message, message,
msg = "%s vs %s" % (test_message, message))
def run():
"""Fetch the proof for the supplied certificate."""
#TODO(eranm): Attempt fetching the SCT for this chain if none was given.
if FLAGS.sct:
cert_sct = client_pb2.SignedCertificateTimestamp()
sct_data = open(FLAGS.sct, 'rb').read()
if FLAGS.binary_sct:
tls_message.decode(sct_data, cert_sct)
else:
cert_sct.ParseFromString(sct_data)
sct_timestamp = cert_sct.timestamp
print 'SCT for cert:', cert_sct
else:
sct_timestamp = FLAGS.timestamp
constructed_leaf = construct_leaf_from_file(FLAGS.cert, sct_timestamp)
leaf_hash = merkle.TreeHasher().hash_leaf(constructed_leaf)
if FLAGS.verbose:
print "Leaf hash: %s" % (leaf_hash.encode("hex"))
(sth, proof) = fetch_single_proof(leaf_hash, FLAGS.log_url);
if FLAGS.verbose:
print "Leaf index in tree is %d, proof has %d hashes" % (
proof.leaf_index, len(proof.audit_path))
print "Audit path: %s" % ([t.encode('hex') for t in proof.audit_path])
verifier = merkle.MerkleVerifier()
if verifier.verify_leaf_inclusion(constructed_leaf, proof.leaf_index,
proof.audit_path, sth):
print 'Proof verifies OK.'
def run():
"""Fetch the proof for the supplied certificate."""
#TODO(eranm): Attempt fetching the SCT for this chain if none was given.
if FLAGS.sct:
cert_sct = client_pb2.SignedCertificateTimestamp()
sct_data = open(FLAGS.sct, 'rb').read()
if FLAGS.binary_sct:
tls_message.decode(sct_data, cert_sct)
else:
cert_sct.ParseFromString(sct_data)
sct_timestamp = cert_sct.timestamp
print 'SCT for cert:', cert_sct
else:
sct_timestamp = FLAGS.timestamp
constructed_leaf = construct_leaf_from_file(FLAGS.cert, sct_timestamp)
leaf_hash = merkle.TreeHasher().hash_leaf(constructed_leaf)
if FLAGS.verbose:
print "Leaf hash: %s" % (leaf_hash.encode("hex"))
(sth, proof) = fetch_single_proof(leaf_hash, FLAGS.log_url)
if FLAGS.verbose:
print "Leaf index in tree is %d, proof has %d hashes" % (
proof.leaf_index, len(proof.audit_path))
print "Audit path: %s" % ([t.encode('hex') for t in proof.audit_path])
verifier = merkle.MerkleVerifier()
if verifier.verify_leaf_inclusion(constructed_leaf, proof.leaf_index,
proof.audit_path, sth):
print 'Proof verifies OK.'
def decode_entry(entry):
parsed_entry = client_pb2.ParsedEntry()
tls_message.decode(entry.leaf_input, parsed_entry.merkle_leaf)
parsed_entry.extra_data.entry_type = (parsed_entry.merkle_leaf.
timestamped_entry.entry_type)
tls_message.decode(entry.extra_data, parsed_entry.extra_data)
return parsed_entry
def _decode_entry(serialized_entry):
entry = client_pb2.EntryResponse()
entry.ParseFromString(serialized_entry)
parsed_entry = client_pb2.ParsedEntry()
tls_message.decode(entry.leaf_input, parsed_entry.merkle_leaf)
parsed_entry.extra_data.entry_type = (
parsed_entry.merkle_leaf.timestamped_entry.entry_type)
tls_message.decode(entry.extra_data, parsed_entry.extra_data)
return parsed_entry
def decode_entry(serialized_entry):
entry = client_pb2.EntryResponse()
entry.ParseFromString(serialized_entry)
parsed_entry = client_pb2.ParsedEntry()
tls_message.decode(entry.leaf_input, parsed_entry.merkle_leaf)
parsed_entry.extra_data.entry_type = (parsed_entry.merkle_leaf.
timestamped_entry.entry_type)
tls_message.decode(entry.extra_data, parsed_entry.extra_data)
return parsed_entry
