'''
SPDX-License-Identifier: BSD-2-Clause
Copyright 2017 Massachusetts Institute of Technology.
'''
import time
from M2Crypto import X509, EVP, RSA, ASN1
from keylime import common
from keylime import keylime_logging
config = common.get_config()
def mk_cert_valid(cert, days=365):
"""
Make a cert valid from now and til 'days' from now.
Args:
cert -- cert to make valid
days -- number of days cert is valid for from now.
"""
t = int(time.time())
now = ASN1.ASN1_UTCTIME()
now.set_time(t)
expire = ASN1.ASN1_UTCTIME()
expire.set_time(t + days * 24 * 60 * 60)
cert.set_not_before(now)
cert.set_not_after(expire)
def mk_request(bits, cn):
def main(argv=sys.argv):
"""Main method of the Cloud Verifier Server. This method is encapsulated in a function for packaging to allow it to be
called as a function by an external program."""
config = common.get_config()
cloudverifier_port = config.get('cloud_verifier', 'cloudverifier_port')
# allow tornado's max upload size to be configurable
max_upload_size = None
if config.has_option('cloud_verifier', 'max_upload_size'):
max_upload_size = int(config.get('cloud_verifier', 'max_upload_size'))
VerfierMain.metadata.create_all(engine, checkfirst=True)
session = SessionManager().make_session(engine)
try:
query_all = session.query(VerfierMain).all()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
for row in query_all:
row.operational_state = cloud_verifier_common.CloudAgent_Operational_State.SAVED
try:
session.commit()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
num = session.query(VerfierMain.agent_id).count()
if num > 0:
agent_ids = session.query(VerfierMain.agent_id).all()
logger.info("agent ids in db loaded from file: %s" % agent_ids)
logger.info('Starting Cloud Verifier (tornado) on port ' +
cloudverifier_port + ', use <Ctrl-C> to stop')
app = tornado.web.Application([
(r"/(?:v[0-9]/)?agents/.*", AgentsHandler),
(r".*", MainHandler),
])
context = cloud_verifier_common.init_mtls()
# after TLS is up, start revocation notifier
if config.getboolean('cloud_verifier', 'revocation_notifier'):
logger.info(
"Starting service for revocation notifications on port %s" %
config.getint('cloud_verifier', 'revocation_notifier_port'))
revocation_notifier.start_broker()
sockets = tornado.netutil.bind_sockets(int(cloudverifier_port),
address='0.0.0.0')
tornado.process.fork_processes(
config.getint('cloud_verifier', 'multiprocessing_pool_num_workers'))
asyncio.set_event_loop(asyncio.new_event_loop())
server = tornado.httpserver.HTTPServer(app,
ssl_options=context,
max_buffer_size=max_upload_size)
server.add_sockets(sockets)
try:
tornado.ioloop.IOLoop.instance().start()
except KeyboardInterrupt:
tornado.ioloop.IOLoop.instance().stop()
if config.getboolean('cloud_verifier', 'revocation_notifier'):
revocation_notifier.stop_broker()
