bellingcat/auto-archiver
1
0
Fork 0
mirror of https://github.com/bellingcat/auto-archiver.git synced 2026-06-13 05:38:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge main into timestamping_enricher

Browse Source
This commit is contained in:
Patrick Robertson
2025-03-24 15:09:29 +04:00
parent 89ee6f19b6 7b454baa02
commit dfde6f1995
219 changed files with 11049 additions and 2933 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/auto_archiver/modules/timestamping_enricher/__manifest__.py
View File

@@ -3,14 +3,7 @@
"type": ["enricher"],
"requires_setup": True,
"dependencies": {
"python": [
"loguru",
"slugify",
"tsp_client",
"asn1crypto",
"certvalidator",
"certifi"
],
"python": ["loguru", "slugify", "tsp_client", "asn1crypto", "certvalidator", "certifi"],
},
"configs": {
"tsa_urls": {
@@ -56,5 +49,5 @@ but they are not trusted authorities",
### Notes
- Should be run after the `hash_enricher` to ensure file hashes are available.
- Requires internet access to interact with the configured TSAs.
"""
""",
}

9
src/auto_archiver/modules/timestamping_enricher/timestamping_enricher.py
View File

@@ -57,16 +57,19 @@ class TimestampingEnricher(Enricher):
logger.debug(f"RFC3161 timestamping existing files for {url=}")
# create a new text file with the existing media hashes
hashes = [m.get("hash").replace("SHA-256:", "").replace("SHA3-512:", "") for m in to_enrich.media if m.get("hash")]
hashes = [
m.get("hash").replace("SHA-256:", "").replace("SHA3-512:", "") for m in to_enrich.media if m.get("hash")
]
if not len(hashes):
logger.warning(f"No hashes found in {url=}")
return
hashes_fn = os.path.join(self.tmp_dir, "hashes.txt")
data_to_sign = "\n".join(hashes)
with open(hashes_fn, "w") as f:
with open(hashes_fn, "w") as f:
f.write(data_to_sign)
hashes_media = Media(filename=hashes_fn)
@@ -115,6 +118,8 @@ class TimestampingEnricher(Enricher):
f.write(timestamp_token)
return tst_path
trust_roots = []
with open(certifi.where(), "rb") as f:
def verify_signed(self, timestamp_response: TimeStampResponse, message: bytes) -> x509.Certificate:
"""
Verify a Signed Timestamp Response is trusted by a known Certificate Authority.