File: verify_util.py

package info (click to toggle)
golang-github-google-certificate-transparency 0.0~git20160709.0.0f6e3d1~ds1-3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, buster
  • size: 5,676 kB
  • sloc: cpp: 35,278; python: 11,838; java: 1,911; sh: 1,885; makefile: 950; xml: 520; ansic: 225
file content (80 lines) | stat: -rw-r--r-- 2,097 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
#!/usr/bin/env python
"""verify_util.py: CT signature verification utility.

Usage:

  verify_util.py <command> [flags] [cert_file]

Known commands:

  verify_sct: Verify Signed Certificate Timestamp over X.509 certificate.

  The cert_file must contain one or more PEM-encoded certificates.

  For example:

  verify_util.py verify_sct --sct=cert_sct.tls --log_key=log_key.pem cert.pem
"""

import sys
from ct.crypto import cert
from ct.crypto import pem
from ct.crypto import verify
from ct.proto import client_pb2
from ct.serialization import tls_message
import gflags

FLAGS = gflags.FLAGS
gflags.DEFINE_string("sct", None, "TLS-encoded SCT file")
gflags.DEFINE_string("log_key", None, "PEM-encoded CT log key")

def exit_with_message(error_message):
    print error_message
    print "Use --helpshort or --help to get help."
    sys.exit(1)


def verify_sct(chain, sct_tls, log_key_pem):
    sct = client_pb2.SignedCertificateTimestamp()
    tls_message.decode(sct_tls, sct)

    log_key = pem.from_pem(log_key_pem, 'PUBLIC KEY')[0]
    key_info = verify.create_key_info_from_raw_key(log_key)

    lv = verify.LogVerifier(key_info)
    print lv.verify_sct(sct, chain)


def main(argv):
    if len(argv) <= 1 or argv[1][0] == "-":
        # No command. Parse flags anyway to trigger help flags.
        try:
            argv = FLAGS(argv)
            exit_with_message("No command")
        except gflags.FlagsError as e:
            exit_with_message("Error parsing flags: %s" % e)

    argv = argv[1:]

    try:
        argv = FLAGS(argv)
    except gflags.FlagsError as e:
        exit_with_message("Error parsing flags: %s" % e)

    command, cert_file = argv[0:2]

    if command != "verify_sct":
        exit_with_message("Unknown command %s" % command)

    if not cert_file:
        exit_with_message("No certificate file given")

    chain = list(cert.certs_from_pem_file(cert_file, strict_der = False))

    verify_sct(chain,
               open(FLAGS.sct, 'rb').read(),
               open(FLAGS.log_key, 'rb').read())
    sys.exit(0)

if __name__ == "__main__":
    main(sys.argv)