def main(argv=sys.argv):
"""Main method of the Cloud Verifier Server. This method is encapsulated in a function for packaging to allow it to be
called as a function by an external program."""
config = configparser.ConfigParser()
config.read(common.CONFIG_FILE)
cloudverifier_port = config.get('cloud_verifier', 'cloudverifier_port')
VerfierMain.metadata.create_all(engine, checkfirst=True)
session = SessionManager().make_session(engine)
try:
query_all = session.query(VerfierMain).all()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
for row in query_all:
row.operational_state = cloud_verifier_common.CloudAgent_Operational_State.SAVED
try:
session.commit()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
num = session.query(VerfierMain.agent_id).count()
if num > 0:
agent_ids = session.query(VerfierMain.agent_id).all()
logger.info("agent ids in db loaded from file: %s" % agent_ids)
logger.info('Starting Cloud Verifier (tornado) on port ' +
cloudverifier_port + ', use <Ctrl-C> to stop')
app = tornado.web.Application([
(r"/(?:v[0-9]/)?agents/.*", AgentsHandler),
(r".*", MainHandler),
])
context = cloud_verifier_common.init_mtls()
# after TLS is up, start revocation notifier
if config.getboolean('cloud_verifier', 'revocation_notifier'):
logger.info(
"Starting service for revocation notifications on port %s" %
config.getint('cloud_verifier', 'revocation_notifier_port'))
revocation_notifier.start_broker()
sockets = tornado.netutil.bind_sockets(int(cloudverifier_port),
address='0.0.0.0')
tornado.process.fork_processes(
config.getint('cloud_verifier', 'multiprocessing_pool_num_workers'))
asyncio.set_event_loop(asyncio.new_event_loop())
server = tornado.httpserver.HTTPServer(app, ssl_options=context)
server.add_sockets(sockets)
try:
tornado.ioloop.IOLoop.instance().start()
except KeyboardInterrupt:
tornado.ioloop.IOLoop.instance().stop()
if config.getboolean('cloud_verifier', 'revocation_notifier'):
revocation_notifier.stop_broker()
def do_DELETE(self):
"""This method handles the DELETE requests to remove agents from the Registrar Server.
Currently, only agents resources are available for DELETEing, i.e. /agents. All other DELETE uri's will return errors.
agents requests require a single agent_id parameter which identifies the agent to be deleted.
"""
session = SessionManager().make_session(engine)
rest_params = common.get_restful_params(self.path)
if rest_params is None:
common.echo_json_response(
self, 405, "Not Implemented: Use /agents/ interface")
return
if "agents" not in rest_params:
common.echo_json_response(self, 400, "uri not supported")
logger.warning(
'DELETE agent returning 400 response. uri not supported: ' +
self.path)
return
agent_id = rest_params["agents"]
if agent_id is not None:
if session.query(RegistrarMain).filter_by(
agent_id=agent_id).delete():
# send response
try:
session.commit()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
common.echo_json_response(self, 200, "Success")
return
else:
# send response
common.echo_json_response(self, 404)
return
else:
common.echo_json_response(self, 404)
return
def setUp(self):
self.engine = create_engine('sqlite://')
RegistrarMain.metadata.create_all(self.engine, checkfirst=True)
self.session = SessionManager().make_session(self.engine)
self.populate_agent()
class TestRegistrarDB(unittest.TestCase):
def setUp(self):
self.engine = create_engine('sqlite://')
RegistrarMain.metadata.create_all(self.engine, checkfirst=True)
self.session = SessionManager().make_session(self.engine)
self.populate_agent()
def populate_agent(self):
self.session.add(RegistrarMain(**test_data))
self.session.commit()
def test_add_agent(self):
agent = self.session.query(RegistrarMain).filter_by(
agent_id=agent_id).first()
self.assertEqual(
agent.ek, """-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dLxdAABVJO6qxamjCMh
yhWZgiFHZHnPEe0tMFyK3fNVr/w8lX9r+QOLxLmkT0IdgsEYtGZGefbD+qQl4O1s
k25823Xzu5tEF8966rTdkfsv8CRrNaBLwWlnt/n+qjIoU3xZJMmR+mFfqTc3a6zV
mPOYJstFtM8r4b9HPCUq6Mte/J3Wx4FxI9R4UrCUyiAeH++0QapIxuEGsVIYs92n
GyvFQYBZFRU6cIt33iaqTrRCICJp+YblMnw54YJGAH2vTVQf6/fLAnQt5L1UfmTy
R/ZA6advx8soekSBOIAW7XmV8Xp9mSquIHZdSXMJlcn/B35PU3BdkUtIYm5JuGGt
PQIDAQAB
-----END PUBLIC KEY-----""")
self.assertEqual(
agent.aik, """-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dLxdAABVJO6qxamjCMh
yhWZgiFHZHnPEe0tMFyK3fNVr/w8lX9r+QOLxLmkT0IdgsEYtGZGefbD+qQl4O1s
k25823Xzu5tEF8966rTdkfsv8CRrNaBLwWlnt/n+qjIoU3xZJMmR+mFfqTc3a6zV
mPOYJstFtM8r4b9HPCUq6Mte/J3Wx4FxI9R4UrCUyiAeH++0QapIxuEGsVIYs92n
GyvFQYBZFRU6cIt33iaqTrRCICJp+YblMnw54YJGAH2vTVQf6/fLAnQt5L1UfmTy
R/ZA6advx8soekSBOIAW7XmV8Xp9mSquIHZdSXMJlcn/B35PU3BdkUtIYm5JuGGt
PQIDAQAB
-----END PUBLIC KEY-----""")
self.assertEqual(
agent.ekcert, """-----BEGIN CERTIFICATE-----
MIIEnzCCA4egAwIBAgIEMV64bDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
QTAeFw0wNTEwMjAxMzQ3NDNaFw0yNTEwMjAxMzQ3NDNaMHcxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
aWF0ZSBDQSAwMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALftPhYN
t4rE+JnU/XOPICbOBLvfo6iA7nuq7zf4DzsAWBdsZEdFJQfaK331ihG3IpQnlQ2i
YtDim289265f0J4OkPFpKeFU27CsfozVaNUm6UR/uzwA8ncxFc3iZLRMRNLru/Al
VG053ULVDQMVx2iwwbBSAYO9pGiGbk1iMmuZaSErMdb9v0KRUyZM7yABiyDlM3cz
UQX5vLWV0uWqxdGoHwNva5u3ynP9UxPTZWHZOHE6+14rMzpobs6Ww2RR8BgF96rh
4rRAZEl8BXhwiQq4STvUXkfvdpWH4lzsGcDDtrB6Nt3KvVNvsKz+b07Dk+Xzt+EH
NTf3Byk2HlvX+scCAwEAAaOCATswggE3MB0GA1UdDgQWBBQ4k8292HPEIzMV4bE7
qWoNI8wQxzAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV
HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93
d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP
MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO
BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB
RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw
DQYJKoZIhvcNAQEFBQADggEBABJ1+Ap3rNlxZ0FW0aIgdzktbNHlvXWNxFdYIBbM
OKjmbOos0Y4O60eKPu259XmMItCUmtbzF3oKYXq6ybARUT2Lm+JsseMF5VgikSlU
BJALqpKVjwAds81OtmnIQe2LSu4xcTSavpsL4f52cUAu/maMhtSgN9mq5roYptq9
DnSSDZrX4uYiMPl//rBaNDBflhJ727j8xo9CCohF3yQUoQm7coUgbRMzyO64yMIO
3fhb+Vuc7sNwrMOz3VJN14C3JMoGgXy0c57IP/kD5zGRvljKEvrRC2I147+fPeLS
DueRMS6lblvRKiZgmGAg7YaKOkOaEmVDMQ+fTo2Po7hI5wc=
-----END CERTIFICATE-----""")
self.assertEqual(
agent.virtual, 0)
self.assertEqual(
agent.active, int(False))
self.assertEqual(
agent.key, 'R0xKMU5maWVEaHVxQ0poZUZhWm9yRVkyRHZZUkVIMFA=')
self.assertEqual(
agent.provider_keys, {})
self.assertEqual(
agent.regcount, 1)
def test_delete_agent(self):
agent = self.session.query(RegistrarMain).filter_by(
agent_id=agent_id).first()
self.session.query(RegistrarMain).filter_by(
agent_id=agent_id).delete()
self.session.commit()
agent = self.session.query(RegistrarMain).filter_by(
agent_id=agent_id).first()
self.assertIsNone(agent)
def tearDown(self):
self.session.close()
def do_GET(self):
"""This method handles the GET requests to retrieve status on agents from the Registrar Server.
Currently, only agents resources are available for GETing, i.e. /agents. All other GET uri's
will return errors. agents requests require a single agent_id parameter which identifies the
agent to be returned. If the agent_id is not found, a 404 response is returned.
"""
session = SessionManager().make_session(engine)
rest_params = common.get_restful_params(self.path)
if rest_params is None:
common.echo_json_response(
self, 405, "Not Implemented: Use /agents/ interface")
return
if "agents" not in rest_params:
common.echo_json_response(self, 400, "uri not supported")
logger.warning('GET returning 400 response. uri not supported: ' +
self.path)
return
agent_id = rest_params["agents"]
if agent_id is not None:
try:
agent = session.query(RegistrarMain).filter_by(
agent_id=agent_id).first()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
if agent is None:
common.echo_json_response(self, 404, "agent_id not found")
logger.warning('GET returning 404 response. agent_id ' +
agent_id + ' not found.')
return
if not agent.active:
common.echo_json_response(self, 404, "agent_id not yet active")
logger.warning('GET returning 404 response. agent_id ' +
agent_id + ' not yet active.')
return
response = {
'aik': agent.aik,
'ek': agent.ek,
'ekcert': agent.ekcert,
'regcount': agent.regcount,
}
if agent.virtual:
response['provider_keys'] = agent.provider_keys
common.echo_json_response(self, 200, "Success", response)
logger.info('GET returning 200 response for agent_id:' + agent_id)
else:
# return the available registered uuids from the DB
json_response = session.query(RegistrarMain.agent_id).all()
return_response = [item[0] for item in json_response]
common.echo_json_response(self, 200, "Success",
{'uuids': return_response})
logger.info('GET returning 200 response for agent_id list')
return
def start(tlsport, port):
"""Main method of the Registrar Server. This method is encapsulated in a function for packaging to allow it to be
called as a function by an external program."""
threads = []
servers = []
serveraddr = ('', tlsport)
config = configparser.ConfigParser()
config.read(common.CONFIG_FILE)
os.umask(0o077)
kl_dir = os.path.dirname(os.path.abspath(database))
if not os.path.exists(kl_dir):
os.makedirs(kl_dir, 0o700)
RegistrarMain.metadata.create_all(engine, checkfirst=True)
session = SessionManager().make_session(engine)
try:
count = session.query(RegistrarMain.agent_id).count()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
if count > 0:
logger.info("Loaded %d public keys from database" % count)
server = ProtectedRegistrarServer(serveraddr, ProtectedHandler)
context = cloud_verifier_common.init_mtls(section='registrar',
generatedir='reg_ca')
if context is not None:
server.socket = context.wrap_socket(server.socket, server_side=True)
thread = threading.Thread(target=server.serve_forever)
threads.append(thread)
# start up the unprotected registrar server
serveraddr2 = ('', port)
server2 = UnprotectedRegistrarServer(serveraddr2, UnprotectedHandler)
thread2 = threading.Thread(target=server2.serve_forever)
threads.append(thread2)
servers.append(server)
servers.append(server2)
logger.info(
'Starting Cloud Registrar Server on ports %s and %s (TLS) use <Ctrl-C> to stop'
% (port, tlsport))
for thread in threads:
thread.start()
def signal_handler(signal, frame):
do_shutdown(servers)
sys.exit(0)
# Catch these signals. Note that a SIGKILL cannot be caught, so
# killing this process with "kill -9" may result in improper shutdown
signal.signal(signal.SIGTERM, signal_handler)
signal.signal(signal.SIGQUIT, signal_handler)
signal.signal(signal.SIGINT, signal_handler)
# keep the main thread active, so it can process the signals and gracefully shutdown
while True:
if not any([thread.isAlive() for thread in threads]):
# All threads have stopped
break
else:
# Some threads are still going
time.sleep(1)
for thread in threads:
thread.join()
def do_PUT(self):
"""This method handles the PUT requests to add agents to the Registrar Server.
Currently, only agents resources are available for PUTing, i.e. /agents. All other PUT uri's
will return errors.
"""
session = SessionManager().make_session(engine)
rest_params = common.get_restful_params(self.path)
if rest_params is None:
common.echo_json_response(
self, 405, "Not Implemented: Use /agents/ interface")
return
if "agents" not in rest_params:
common.echo_json_response(self, 400, "uri not supported")
logger.warning(
'PUT agent returning 400 response. uri not supported: ' +
self.path)
return
agent_id = rest_params["agents"]
if agent_id is None:
common.echo_json_response(self, 400, "agent id not found in uri")
logger.warning(
'PUT agent returning 400 response. agent id not found in uri '
+ self.path)
return
try:
content_length = int(self.headers.get('Content-Length', 0))
if content_length == 0:
common.echo_json_response(self, 400,
"Expected non zero content length")
logger.warning(
'PUT for ' + agent_id +
' returning 400 response. Expected non zero content length.'
)
return
post_body = self.rfile.read(content_length)
json_body = json.loads(post_body)
if "activate" in rest_params:
auth_tag = json_body['auth_tag']
try:
agent = session.query(RegistrarMain).filter_by(
agent_id=agent_id).first()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
if agent is None:
raise Exception(
"attempting to activate agent before requesting registrar for %s"
% agent_id)
if agent.virtual:
raise Exception(
"attempting to activate virtual AIK using physical interface for %s"
% agent_id)
if common.STUB_TPM:
try:
session.query(RegistrarMain).filter(
agent_id == agent_id).update({'active': True})
session.commit()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
else:
ex_mac = crypto.do_hmac(agent.key, agent_id)
if ex_mac == auth_tag:
try:
session.query(RegistrarMain).filter(
agent_id == agent_id).update({'active': True})
session.commit()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
else:
raise Exception(
"Auth tag %s does not match expected value %s" %
(auth_tag, ex_mac))
common.echo_json_response(self, 200, "Success")
logger.info('PUT activated: ' + agent_id)
elif "vactivate" in rest_params:
deepquote = json_body.get('deepquote', None)
try:
agent = session.query(RegistrarMain).filter_by(
agent_id=agent_id).first()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
if agent is None:
raise Exception(
"attempting to activate agent before requesting registrar for %s"
% agent_id)
if not agent['virtual']:
raise Exception(
"attempting to activate physical AIK using virtual interface for %s"
% agent_id)
# get an physical AIK for this host
registrar_client.init_client_tls(config, 'registrar')
provider_keys = registrar_client.getKeys(
config.get('registrar', 'provider_registrar_ip'),
config.get('registrar', 'provider_registrar_tls_port'),
agent_id)
# we already have the vaik
tpm = tpm_obj.getTPM(need_hw_tpm=False,
tpm_version=agent['tpm_version'])
if not tpm.check_deep_quote(
agent_id,
hashlib.sha1(agent['key']).hexdigest(),
agent_id + agent['aik'] + agent['ek'], deepquote,
agent['aik'], provider_keys['aik']):
raise Exception("Deep quote invalid")
try:
session.query(RegistrarMain).filter(
agent_id == agent_id).update({'active': True})
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
try:
session.query(RegistrarMain).filter(
agent_id == agent_id).update(
{'provider_keys': provider_keys})
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
common.echo_json_response(self, 200, "Success")
logger.info('PUT activated: ' + agent_id)
else:
pass
except Exception as e:
common.echo_json_response(self, 400, "Error: %s" % e)
logger.warning("PUT for " + agent_id +
" returning 400 response. Error: %s" % e)
logger.exception(e)
return
def do_POST(self):
"""This method handles the POST requests to add agents to the Registrar Server.
Currently, only agents resources are available for POSTing, i.e. /agents. All other POST uri's
will return errors. POST requests require an an agent_id identifying the agent to add, and json
block sent in the body with 2 entries: ek and aik.
"""
session = SessionManager().make_session(engine)
rest_params = common.get_restful_params(self.path)
if rest_params is None:
common.echo_json_response(
self, 405, "Not Implemented: Use /agents/ interface")
return
if "agents" not in rest_params:
common.echo_json_response(self, 400, "uri not supported")
logger.warning(
'POST agent returning 400 response. uri not supported: ' +
self.path)
return
agent_id = rest_params["agents"]
if agent_id is None:
common.echo_json_response(self, 400, "agent id not found in uri")
logger.warning(
'POST agent returning 400 response. agent id not found in uri '
+ self.path)
return
try:
content_length = int(self.headers.get('Content-Length', 0))
if content_length == 0:
common.echo_json_response(self, 400,
"Expected non zero content length")
logger.warning(
'POST for ' + agent_id +
' returning 400 response. Expected non zero content length.'
)
return
post_body = self.rfile.read(content_length)
json_body = json.loads(post_body)
ek = json_body['ek']
ek_tpm = json_body['ek_tpm']
ekcert = json_body['ekcert']
aik = json_body['aik']
aik_name = json_body['aik_name']
tpm_version = int(json_body['tpm_version'])
# try to encrypt the AIK
tpm = tpm_obj.getTPM(need_hw_tpm=False, tpm_version=tpm_version)
(blob, key) = tpm.encryptAIK(agent_id, aik, ek, ek_tpm, aik_name)
# special behavior if we've registered this uuid before
regcount = 1
try:
agent = session.query(RegistrarMain).filter_by(
agent_id=agent_id).first()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
if agent is not None:
# keep track of how many ek-ekcerts have registered on this uuid
regcount = agent.regcount
if agent.ek != ek or agent.ekcert != ekcert:
logger.warning(
'WARNING: Overwriting previous registration for this UUID with new ek-ekcert pair!'
)
regcount += 1
# force overwrite
logger.info('Overwriting previous registration for this UUID.')
try:
session.query(RegistrarMain).filter_by(
agent_id=agent_id).delete()
session.commit()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
# Add values to database
d = {}
d['agent_id'] = agent_id
d['ek'] = ek
d['aik'] = aik
d['ekcert'] = ekcert
d['virtual'] = int(ekcert == 'virtual')
d['active'] = int(False)
d['key'] = key
d['provider_keys'] = {}
d['regcount'] = regcount
try:
session.add(RegistrarMain(**d))
session.commit()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
response = {
'blob': blob,
}
common.echo_json_response(self, 200, "Success", response)
logger.info('POST returning key blob for agent_id: ' + agent_id)
return
except Exception as e:
common.echo_json_response(self, 400, "Error: %s" % e)
logger.warning("POST for " + agent_id +
" returning 400 response. Error: %s" % e)
logger.exception(e)
return
class TestVerfierDB(unittest.TestCase):
def setUp(self):
self.engine = create_engine('sqlite://')
VerfierMain.metadata.create_all(self.engine, checkfirst=True)
self.session = SessionManager().make_session(self.engine)
self.populate_agent()
def populate_agent(self):
self.session.add(VerfierMain(**test_data))
self.session.commit()
def test_add_agent(self):
agent = self.session.query(VerfierMain).filter_by(
agent_id=agent_id).first()
self.assertEqual(agent.v,
'cf0B779EA1dkHVWfTxQuSLHNFeutYeSmVWe7JOFWzXg=')
self.assertEqual(agent.port, 9002)
self.assertEqual(
agent.tpm_policy,
'{"22": ["0000000000000000000000000000000000000001", "0000000000000000000000000000000000000000000000000000000000000001", "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", "ffffffffffffffffffffffffffffffffffffffff", "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"], "15": ["0000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], "mask": "0x408400"}'
)
self.assertEqual(
agent.revocation_key,
'-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDs1onKjLZHDnqu\nnrsCb5aZohK2FU+jjU4NT23x1UzYzpFU9wBZ0avj+HeFYbQiAKanSbS7PvhjJMdE\naWMgRMgigr2K1xx+ZhBu4zTPFMy11msxMIL/HPROSYx/9wUZrhf4z/rBsuppFVs3\nKfKmQHuptjZX+D+m+nANO8WOILyW2+5YO5FNw1XJ3gVO6elJJ/CzQcYWIioONuTM\nQ+g8OQc+yTZruwedcSpOX56GpBImWUKXzTz3zoX7AlYxjEBjT86rxoBVXo3ZIwYx\n+mJk7NADN2qvLSXxTnLBxISHdsUDBP5DfurFQPhZC5oARN6/Y4zPESnhm8iwlG5o\n2ZjxVzphAgMBAAECggEBAKVKudImUJTY8yBp4aS6koXYymxQBUvlM8MwW1A7iK2L\nxXxiAtms7uVlJK1vWhOdFrKMS1mfgiVXpscFMkx0FKWZT4XVyaohu3hYlCOupYyH\nADrNW6+G2q7EwA0TLnkUuuBI7v4+y0DZydZ/LT2ApY31gIn21R3JjWh+/crK6DP0\nJO51hLO+z4GAMbWimRzA3lnYltUSJEvam3EHnj/pW+hlczjdI6AfJTWRWx6+gqP3\nRBvLcjBA9ZIx4JzYab5tnvwnd8ZzVItYBQJ8UhxzNsrSzEGguUEO4G/jYQTtYi6T\nufksmewcIClp48AfDThKSCMQXgFwpVI4EPxwmfd6Mt0CgYEA+i+2jjeFREMNam4p\nEBf5tmY2xvg3HXGgCjBfllepZQZHQatfv/kEqhFW497W+okyjTXflMR1TkjMKAqO\nahA+D1lItycPxsvTTiZ85KgrybbQT7Y+s2ET2f68wZh2XyiJIYE/MNi3ZclIBFaY\npyXicj0RIB6IY9PIHNgdEHI4casCgYEA8ldrcbWof8YpwJ6KFVuMvkYKniVF0aXH\nsQUWL/dyjBYIq/jg3Z4J+b0360DhZVpp1SaO4jFISxVMRzkDf3/gbKxH9F4a9Id8\nDmGH15v1ooKBYfkk7GwEB3AOY4gN3RMnWb1hxxhjsM9pmeTffqgqYzHYzv1ArjHe\ntYkjWOqPECMCgYBT//kXPuTrymeSuHHpCWO6Lg9uNqCqrh/BzAQMAlrJpJYAIn3/\ngqhiQXgfAg7EB5SFfPUYie2o3yBMwV6XleSAWsXjWKYfZQgJUTrVuvEYxNykJthe\nedWkd7cAeSQlRwLj0PVafSj2b+JSMpEGbd3d5Ur+scGxYsXpiVYY04DICQKBgBPZ\nhTtzHbIZkSHt2nGVZhnPst7xPp7FbW3adM7I/eDrjRpI8GI2p6qFDSd/0PZ0SWbk\nGZ/9WWaNAAp1aQvwdXlxQxOJAbw1vLuQ0Yefhqcg+WgE+DlFP688RnFwm3IYN4jq\nMjAUl1XMJ2IrlQLS02X8lz2dEMcz3oIQEY0e6UjxAoGAFeiOjFF2i4wRRUKx8kpb\nnBKRmFaMXdkeMV2IQALJ4skNNflf0YdDFVniFUyq9vfbq2drJSnMiy8Dvju0j5PC\n+MALz22fsNoIV2h6gz0i1lXiyVgpoAhYCbbPv0wO6iHKPBzH3Onv6BKrVMy1pnzh\n6QsfbhjzBfFg1Zxp/h1tBqA=\n-----END PRIVATE KEY-----\n'
)
self.assertEqual(agent.accept_tpm_hash_algs,
['sha512', 'sha384', 'sha256', 'sha1'])
def test_count_agents(self):
agent = self.session.query(VerfierMain.agent_id).count()
self.assertEqual(agent, 1)
def test_set_operation_state(self):
self.session.query(VerfierMain).filter(agent_id == agent_id).update(
{'operational_state': TENANT_FAILED})
self.session.commit()
agent = self.session.query(VerfierMain).filter_by(
agent_id=agent_id).first()
self.assertEqual(agent.operational_state, 10)
def test_delete_agent(self):
agent = self.session.query(VerfierMain).filter_by(
agent_id=agent_id).first()
self.session.query(VerfierMain).filter_by(agent_id=agent_id).delete()
self.session.commit()
agent = self.session.query(VerfierMain).filter_by(
agent_id=agent_id).first()
self.assertIsNone(agent)
def tearDown(self):
self.session.close()