def __init__(self, server_address, RequestHandlerClass, agent_uuid):
"""Constructor overridden to provide ability to pass configuration arguments to the server"""
secdir = secure_mount.mount()
keyname = "%s/%s"%(secdir,config.get('cloud_agent','rsa_keyname'))
# read or generate the key depending on configuration
if os.path.isfile(keyname):
# read in private key
logger.debug( "Using existing key in %s"%keyname)
f = open(keyname,"r")
rsa_key = crypto.rsa_import_privkey(f.read())
else:
logger.debug("key not found, generating a new one")
rsa_key = crypto.rsa_generate(2048)
with open(keyname,"w") as f:
f.write(crypto.rsa_export_privkey(rsa_key))
self.rsaprivatekey = rsa_key
self.rsapublickey_exportable = crypto.rsa_export_pubkey(self.rsaprivatekey)
#attempt to get a U value from the TPM NVRAM
nvram_u = tpm.read_key_nvram()
if nvram_u is not None:
logger.info("Existing U loaded from TPM NVRAM")
self.add_U(nvram_u)
BaseHTTPServer.HTTPServer.__init__(self, server_address, RequestHandlerClass)
self.enc_keyname = config.get('cloud_agent','enc_keyname')
self.agent_uuid = agent_uuid
def notifyError(agent,msgtype='revocation'):
if not config.getboolean('cloud_verifier', 'revocation_notifier'):
return
# prepare the revocation message:
revocation = {
'type':msgtype,
'ip':agent['ip'],
'port':agent['port'],
'tpm_policy':agent['tpm_policy'],
'vtpm_policy':agent['vtpm_policy'],
'metadata':agent['metadata'],
}
revocation['event_time'] = time.asctime()
tosend={'msg': json.dumps(revocation)}
#also need to load up private key for signing revocations
if agent['revocation_key']!="":
global signing_key
signing_key = crypto.rsa_import_privkey(agent['revocation_key'])
tosend['signature']=crypto.rsa_sign(signing_key,tosend['msg'])
#print "verified? %s"%crypto.rsa_verify(signing_key, tosend['signature'], tosend['revocation'])
else:
tosend['siganture']="none"
revocation_notifier.notify(tosend)