75f5c2db254c0167a0e396254460de09b775d203trawick# Licensed to the Apache Software Foundation (ASF) under one or more
75f5c2db254c0167a0e396254460de09b775d203trawick# contributor license agreements. See the NOTICE file distributed with
75f5c2db254c0167a0e396254460de09b775d203trawick# this work for additional information regarding copyright ownership.
75f5c2db254c0167a0e396254460de09b775d203trawick# The ASF licenses this file to You under the Apache License, Version 2.0
75f5c2db254c0167a0e396254460de09b775d203trawick# (the "License"); you may not use this file except in compliance with
75f5c2db254c0167a0e396254460de09b775d203trawick# the License. You may obtain a copy of the License at
75f5c2db254c0167a0e396254460de09b775d203trawick# Unless required by applicable law or agreed to in writing, software
75f5c2db254c0167a0e396254460de09b775d203trawick# distributed under the License is distributed on an "AS IS" BASIS,
75f5c2db254c0167a0e396254460de09b775d203trawick# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
75f5c2db254c0167a0e396254460de09b775d203trawick# See the License for the specific language governing permissions and
75f5c2db254c0167a0e396254460de09b775d203trawick# limitations under the License.
75f5c2db254c0167a0e396254460de09b775d203trawick print >> sys.stderr, ('Usage: %s /path/to/audit/files ' +
75f5c2db254c0167a0e396254460de09b775d203trawick # First, parse the audit file into a series of related
75f5c2db254c0167a0e396254460de09b775d203trawick # 1. PEM file with certificate chain
75f5c2db254c0167a0e396254460de09b775d203trawick # 2. Individual SCT files
75f5c2db254c0167a0e396254460de09b775d203trawick # Next, for each SCT, invoke verify_single_proof to verify.
75f5c2db254c0167a0e396254460de09b775d203trawick print 'Got package from server...'
75f5c2db254c0167a0e396254460de09b775d203trawick assert struct.unpack_from('>H', log_bytes, offset)[0] == KEY_START
75f5c2db254c0167a0e396254460de09b775d203trawick key_size = struct.unpack_from('>H', log_bytes, offset)[0]
75f5c2db254c0167a0e396254460de09b775d203trawick # at least one certificate
75f5c2db254c0167a0e396254460de09b775d203trawick assert struct.unpack_from('>H', log_bytes, offset)[0] == CERT_START
75f5c2db254c0167a0e396254460de09b775d203trawick # for each certificate:
75f5c2db254c0167a0e396254460de09b775d203trawick while struct.unpack_from('>H', log_bytes, offset)[0] == CERT_START:
75f5c2db254c0167a0e396254460de09b775d203trawick der_size = (val[0] << 16) | (val[1] << 8) | (val[2] << 0)
75f5c2db254c0167a0e396254460de09b775d203trawick pem = ssl.DER_cert_to_PEM_cert(log_bytes[leaf[0]:leaf[0] + leaf[1]])
75f5c2db254c0167a0e396254460de09b775d203trawick # at least one SCT
75f5c2db254c0167a0e396254460de09b775d203trawick assert struct.unpack_from('>H', log_bytes, offset)[0] == SCT_START
75f5c2db254c0167a0e396254460de09b775d203trawick # for each SCT:
75f5c2db254c0167a0e396254460de09b775d203trawick struct.unpack_from('>H', log_bytes, offset)[0] == SCT_START:
75f5c2db254c0167a0e396254460de09b775d203trawick sct_size = struct.unpack_from('>H', log_bytes, len_offset)[0]
75f5c2db254c0167a0e396254460de09b775d203trawick timestamp_ms = struct.unpack_from('>Q', log_bytes, offset + 33)[0]
75f5c2db254c0167a0e396254460de09b775d203trawick # If we ever need the full SCT: sct = (offset, sct_size)
75f5c2db254c0167a0e396254460de09b775d203trawick print ' (SCTs already checked)'
75f5c2db254c0167a0e396254460de09b775d203trawick # verify_single_proof doesn't accept <scheme>://
75f5c2db254c0167a0e396254460de09b775d203trawick cmd = 'verify_single_proof.py --cert %s --timestamp %s %s' % \
75f5c2db254c0167a0e396254460de09b775d203trawick # could serialize this between runs to further limit duplicate checking