Example #1
0
 def __init__(self, server_address, RequestHandlerClass, agent_uuid):
     """Constructor overridden to provide ability to pass configuration arguments to the server"""
     secdir = secure_mount.mount()
     keyname = "%s/%s"%(secdir,config.get('cloud_agent','rsa_keyname'))
     
     # read or generate the key depending on configuration
     if os.path.isfile(keyname):
         # read in private key
         logger.debug( "Using existing key in %s"%keyname)
         f = open(keyname,"r")
         rsa_key = crypto.rsa_import_privkey(f.read())
     else:
         logger.debug("key not found, generating a new one")
         rsa_key = crypto.rsa_generate(2048)
         with open(keyname,"w") as f:
             f.write(crypto.rsa_export_privkey(rsa_key))
     
     self.rsaprivatekey = rsa_key
     self.rsapublickey_exportable = crypto.rsa_export_pubkey(self.rsaprivatekey)
     
     #attempt to get a U value from the TPM NVRAM
     nvram_u = tpm.read_key_nvram()
     if nvram_u is not None:
         logger.info("Existing U loaded from TPM NVRAM")
         self.add_U(nvram_u)
     BaseHTTPServer.HTTPServer.__init__(self, server_address, RequestHandlerClass)
     self.enc_keyname = config.get('cloud_agent','enc_keyname')
     self.agent_uuid = agent_uuid
Example #2
0
def notifyError(agent,msgtype='revocation'):
    if not config.getboolean('cloud_verifier', 'revocation_notifier'):
        return

    # prepare the revocation message:
    revocation = {
                'type':msgtype,
                'ip':agent['ip'],
                'port':agent['port'],
                'tpm_policy':agent['tpm_policy'],
                'vtpm_policy':agent['vtpm_policy'],
                'metadata':agent['metadata'],
                } 
    
    revocation['event_time'] = time.asctime()
    tosend={'msg': json.dumps(revocation)}
            
    #also need to load up private key for signing revocations
    if agent['revocation_key']!="":
        global signing_key
        signing_key = crypto.rsa_import_privkey(agent['revocation_key'])
        tosend['signature']=crypto.rsa_sign(signing_key,tosend['msg'])
        
        #print "verified? %s"%crypto.rsa_verify(signing_key, tosend['signature'], tosend['revocation'])
    else:
        tosend['siganture']="none"
            
    revocation_notifier.notify(tosend)