1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
#!/usr/bin/env python
"""Extracts all Precertificates from the log."""
import os
import sys
import gflags
from ct.client import scanner
from ct.proto import client_pb2
FLAGS = gflags.FLAGS
gflags.DEFINE_integer("multi", 2, "Number of cert fetching and parsing "
"processes to use, in addition to the main process.")
gflags.DEFINE_string("output_directory", None,
"Output directory for individual Precertificates.")
gflags.DEFINE_integer("start_entry", 0, "Log entry to start from.")
def _precert_matches(certificate, entry_type, extra_data, certificate_index):
"""Matcher function for the scanner. Returns a filename and certificate in
PEM format if it's a precertificate, None otherwise."""
if entry_type == client_pb2.PRECERT_ENTRY:
return ("precert_%d.pem" % certificate_index, certificate.to_pem())
return None
def write_matched_certificate(matcher_output):
output_file, der_data = matcher_output
with open(os.path.join(FLAGS.output_directory, output_file), "wb") as f:
f.write(der_data)
def run():
if not FLAGS.output_directory:
raise Exception("Certificates output directory must be specified.")
res = scanner.scan_log(
_precert_matches, "https://ct.googleapis.com/pilot", FLAGS.multi,
write_matched_certificate,
start_entry=FLAGS.start_entry)
print "Scanned %d, %d matched and %d failed strict or partial parsing" % (
res.total, res.matches, res.errors)
if __name__ == "__main__":
sys.argv = FLAGS(sys.argv)
run()
|
