def notify_error(agent, msgtype='revocation'):
if not config.getboolean('cloud_verifier', 'revocation_notifier'):
return
# prepare the revocation message:
revocation = {
'type': msgtype,
'ip': agent['ip'],
'agent_id': agent['agent_id'],
'port': agent['port'],
'tpm_policy': agent['tpm_policy'],
'vtpm_policy': agent['vtpm_policy'],
'meta_data': agent['meta_data'],
'event_time': time.asctime()
}
tosend = {'msg': json.dumps(revocation).encode('utf-8')}
# also need to load up private key for signing revocations
if agent['revocation_key'] != "":
signing_key = crypto.rsa_import_privkey(agent['revocation_key'])
tosend['signature'] = crypto.rsa_sign(signing_key, tosend['msg'])
else:
tosend['signature'] = "none"
revocation_notifier.notify(tosend)
def prepare_error(agent, msgtype="revocation", event=None):
# prepare the revocation message:
revocation = {
"type": msgtype,
"ip": agent["ip"],
"agent_id": agent["agent_id"],
"port": agent["port"],
"tpm_policy": agent["tpm_policy"],
"meta_data": agent["meta_data"],
"event_time": time.asctime(),
}
if event:
revocation["event_id"] = event.event_id
revocation["severity_label"] = event.severity_label.name
revocation["context"] = event.context
tosend = {"msg": json.dumps(revocation).encode("utf-8")}
# also need to load up private key for signing revocations
if agent["revocation_key"] != "":
signing_key = crypto.rsa_import_privkey(agent["revocation_key"])
tosend["signature"] = crypto.rsa_sign(signing_key, tosend["msg"])
else:
tosend["signature"] = "none"
return tosend
def test_rsa_sign(self):
message = b"a secret message!"
private = rsa_generate(2048)
public_key = get_public_key(private)
signature = rsa_sign(private, message)
self.assertTrue(rsa_verify(public_key, message, signature))
message = b"another message!"
self.assertFalse(rsa_verify(public_key, message, signature))
def notify_error(agent, msgtype='revocation', event=None):
send_mq = config.getboolean('cloud_verifier', 'revocation_notifier')
send_webhook = config.getboolean('cloud_verifier',
'revocation_notifier_webhook',
fallback=False)
if not (send_mq or send_webhook):
return
# prepare the revocation message:
revocation = {
'type': msgtype,
'ip': agent['ip'],
'agent_id': agent['agent_id'],
'port': agent['port'],
'tpm_policy': agent['tpm_policy'],
'vtpm_policy': agent['vtpm_policy'],
'meta_data': agent['meta_data'],
'event_time': time.asctime()
}
if event:
revocation['event_id'] = event.event_id
revocation['severity_label'] = event.severity_label.name
revocation['context'] = event.context
tosend = {'msg': json.dumps(revocation).encode('utf-8')}
# also need to load up private key for signing revocations
if agent['revocation_key'] != "":
signing_key = crypto.rsa_import_privkey(agent['revocation_key'])
tosend['signature'] = crypto.rsa_sign(signing_key, tosend['msg'])
else:
tosend['signature'] = "none"
if send_mq:
revocation_notifier.notify(tosend)
if send_webhook:
revocation_notifier.notify_webhook(tosend)
def notify_error(agent, msgtype="revocation", event=None):
send_mq = config.getboolean("cloud_verifier", "revocation_notifier")
send_webhook = config.getboolean("cloud_verifier",
"revocation_notifier_webhook",
fallback=False)
if not (send_mq or send_webhook):
return
# prepare the revocation message:
revocation = {
"type": msgtype,
"ip": agent["ip"],
"agent_id": agent["agent_id"],
"port": agent["port"],
"tpm_policy": agent["tpm_policy"],
"meta_data": agent["meta_data"],
"event_time": time.asctime(),
}
if event:
revocation["event_id"] = event.event_id
revocation["severity_label"] = event.severity_label.name
revocation["context"] = event.context
tosend = {"msg": json.dumps(revocation).encode("utf-8")}
# also need to load up private key for signing revocations
if agent["revocation_key"] != "":
signing_key = crypto.rsa_import_privkey(agent["revocation_key"])
tosend["signature"] = crypto.rsa_sign(signing_key, tosend["msg"])
else:
tosend["signature"] = "none"
if send_mq:
revocation_notifier.notify(tosend)
if send_webhook:
revocation_notifier.notify_webhook(tosend)
