def _map_log_id_to_verifier(log_list): """Returns a map from log id to verifier object from the log_list.""" log_id_to_verifier = {} for log_key in log_list.values(): key_info = verify.create_key_info_from_raw_key(log_key) key_id = hashlib.sha256(log_key).digest() log_id_to_verifier[key_id] = verify.LogVerifier(key_info) return log_id_to_verifier
def verify_sct(chain, sct_tls, log_key_pem): sct = client_pb2.SignedCertificateTimestamp() tls_message.decode(sct_tls, sct) log_key = pem.from_pem(log_key_pem, "PUBLIC KEY")[0] key_info = verify.create_key_info_from_raw_key(log_key) lv = verify.LogVerifier(key_info) print lv.verify_sct(sct, chain)
def verify_sct(chain, sct_tls, log_key_pem): sct = client_pb2.SignedCertificateTimestamp() tls_message.decode(sct_tls, sct) log_key = pem.from_pem(log_key_pem, 'PUBLIC KEY')[0] key_info = verify.create_key_info_from_raw_key(log_key) lv = verify.LogVerifier(key_info) print lv.verify_sct(sct, chain)
'3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J\n' '5APC2em4JlvR8EEEFMoA==\n' '-----END PUBLIC KEY-----\n') logurl = 'http://ct.googleapis.com/pilot'; logdns = 'pilot.ct.googleapis.com' response = urllib2.urlopen('%s/ct/v1/get-entries?start=%s&end=%s' % (logurl, index, index)) j = response.read() j = json.loads(j) leaf_input = j['entries'][0]['leaf_input'] logging.info('leaf = %s', leaf_input) leaf = base64.b64decode(leaf_input) leaf_hash = hashlib.sha256(chr(0) + leaf).digest() keyinfo = verify.create_key_info_from_raw_key(pem.from_pem(keypem, 'PUBLIC KEY')[0]) log_verifier = verify.LogVerifier(keyinfo) lookup = CTDNSLookup(logdns, log_verifier) sth = lookup.GetSTH() logging.info('sth = %s', sth) logging.info('hash = %s', base64.b64encode(leaf_hash)) verifier = merkle.MerkleVerifier() index = int(index) audit_path = [] prev = None apl = verifier.audit_path_length(index, sth.tree_size) for level in range(0, apl): h = lookup.GetEntry(level, index, sth.tree_size) logging.info('hash = %s', base64.b64encode(h))
def test_create_key_info_with_ecdsa_key(self): key_info = verify.create_key_info_from_raw_key( base64.decodestring(SYMANTEC_B64_KEY)) self.assertEqual(key_info.type, client_pb2.KeyInfo.ECDSA) self.assertTrue('PUBLIC KEY' in key_info.pem_key)
def test_create_key_info_with_rsa_key(self): key_info = verify.create_key_info_from_raw_key(base64.decodestring(VENAFI_B64_KEY)) self.assertEqual(key_info.type, client_pb2.KeyInfo.RSA) self.assertTrue("PUBLIC KEY" in key_info.pem_key)
'3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J\n' '5APC2em4JlvR8EEEFMoA==\n' '-----END PUBLIC KEY-----\n') logurl = 'http://ct.googleapis.com/pilot' logdns = 'pilot.ct.googleapis.com' response = urllib2.urlopen('%s/ct/v1/get-entries?start=%s&end=%s' % (logurl, index, index)) j = response.read() j = json.loads(j) leaf_input = j['entries'][0]['leaf_input'] logging.info('leaf = %s', leaf_input) leaf = base64.b64decode(leaf_input) leaf_hash = hashlib.sha256(chr(0) + leaf).digest() keyinfo = verify.create_key_info_from_raw_key( pem.from_pem(keypem, 'PUBLIC KEY')[0]) log_verifier = verify.LogVerifier(keyinfo) lookup = CTDNSLookup(logdns, log_verifier) sth = lookup.GetSTH() logging.info('sth = %s', sth) logging.info('hash = %s', base64.b64encode(leaf_hash)) verifier = merkle.MerkleVerifier() index = int(index) audit_path = [] prev = None apl = verifier.audit_path_length(index, sth.tree_size) for level in range(0, apl): h = lookup.GetEntry(level, index, sth.tree_size) logging.info('hash = %s', base64.b64encode(h))