def _map_log_id_to_verifier(log_list):
"""Returns a map from log id to verifier object from the log_list."""
log_id_to_verifier = {}
for log_key in log_list.values():
key_info = verify.create_key_info_from_raw_key(log_key)
key_id = hashlib.sha256(log_key).digest()
log_id_to_verifier[key_id] = verify.LogVerifier(key_info)
return log_id_to_verifier
def verify_sct(chain, sct_tls, log_key_pem):
sct = client_pb2.SignedCertificateTimestamp()
tls_message.decode(sct_tls, sct)
log_key = pem.from_pem(log_key_pem, "PUBLIC KEY")[0]
key_info = verify.create_key_info_from_raw_key(log_key)
lv = verify.LogVerifier(key_info)
print lv.verify_sct(sct, chain)
def verify_sct(chain, sct_tls, log_key_pem):
sct = client_pb2.SignedCertificateTimestamp()
tls_message.decode(sct_tls, sct)
log_key = pem.from_pem(log_key_pem, 'PUBLIC KEY')[0]
key_info = verify.create_key_info_from_raw_key(log_key)
lv = verify.LogVerifier(key_info)
print lv.verify_sct(sct, chain)
'3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J\n'
'5APC2em4JlvR8EEEFMoA==\n'
'-----END PUBLIC KEY-----\n')
logurl = 'http://ct.googleapis.com/pilot';
logdns = 'pilot.ct.googleapis.com'
response = urllib2.urlopen('%s/ct/v1/get-entries?start=%s&end=%s'
% (logurl, index, index))
j = response.read()
j = json.loads(j)
leaf_input = j['entries'][0]['leaf_input']
logging.info('leaf = %s', leaf_input)
leaf = base64.b64decode(leaf_input)
leaf_hash = hashlib.sha256(chr(0) + leaf).digest()
keyinfo = verify.create_key_info_from_raw_key(pem.from_pem(keypem, 'PUBLIC KEY')[0])
log_verifier = verify.LogVerifier(keyinfo)
lookup = CTDNSLookup(logdns, log_verifier)
sth = lookup.GetSTH()
logging.info('sth = %s', sth)
logging.info('hash = %s', base64.b64encode(leaf_hash))
verifier = merkle.MerkleVerifier()
index = int(index)
audit_path = []
prev = None
apl = verifier.audit_path_length(index, sth.tree_size)
for level in range(0, apl):
h = lookup.GetEntry(level, index, sth.tree_size)
logging.info('hash = %s', base64.b64encode(h))
def test_create_key_info_with_ecdsa_key(self):
key_info = verify.create_key_info_from_raw_key(
base64.decodestring(SYMANTEC_B64_KEY))
self.assertEqual(key_info.type, client_pb2.KeyInfo.ECDSA)
self.assertTrue('PUBLIC KEY' in key_info.pem_key)
def test_create_key_info_with_rsa_key(self):
key_info = verify.create_key_info_from_raw_key(base64.decodestring(VENAFI_B64_KEY))
self.assertEqual(key_info.type, client_pb2.KeyInfo.RSA)
self.assertTrue("PUBLIC KEY" in key_info.pem_key)
'3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J\n'
'5APC2em4JlvR8EEEFMoA==\n'
'-----END PUBLIC KEY-----\n')
logurl = 'http://ct.googleapis.com/pilot'
logdns = 'pilot.ct.googleapis.com'
response = urllib2.urlopen('%s/ct/v1/get-entries?start=%s&end=%s' %
(logurl, index, index))
j = response.read()
j = json.loads(j)
leaf_input = j['entries'][0]['leaf_input']
logging.info('leaf = %s', leaf_input)
leaf = base64.b64decode(leaf_input)
leaf_hash = hashlib.sha256(chr(0) + leaf).digest()
keyinfo = verify.create_key_info_from_raw_key(
pem.from_pem(keypem, 'PUBLIC KEY')[0])
log_verifier = verify.LogVerifier(keyinfo)
lookup = CTDNSLookup(logdns, log_verifier)
sth = lookup.GetSTH()
logging.info('sth = %s', sth)
logging.info('hash = %s', base64.b64encode(leaf_hash))
verifier = merkle.MerkleVerifier()
index = int(index)
audit_path = []
prev = None
apl = verifier.audit_path_length(index, sth.tree_size)
for level in range(0, apl):
h = lookup.GetEntry(level, index, sth.tree_size)
logging.info('hash = %s', base64.b64encode(h))
