''' SPDX-License-Identifier: BSD-2-Clause Copyright 2017 Massachusetts Institute of Technology. ''' import time from M2Crypto import X509, EVP, RSA, ASN1 from keylime import common from keylime import keylime_logging config = common.get_config() def mk_cert_valid(cert, days=365): """ Make a cert valid from now and til 'days' from now. Args: cert -- cert to make valid days -- number of days cert is valid for from now. """ t = int(time.time()) now = ASN1.ASN1_UTCTIME() now.set_time(t) expire = ASN1.ASN1_UTCTIME() expire.set_time(t + days * 24 * 60 * 60) cert.set_not_before(now) cert.set_not_after(expire) def mk_request(bits, cn):
def main(argv=sys.argv): """Main method of the Cloud Verifier Server. This method is encapsulated in a function for packaging to allow it to be called as a function by an external program.""" config = common.get_config() cloudverifier_port = config.get('cloud_verifier', 'cloudverifier_port') # allow tornado's max upload size to be configurable max_upload_size = None if config.has_option('cloud_verifier', 'max_upload_size'): max_upload_size = int(config.get('cloud_verifier', 'max_upload_size')) VerfierMain.metadata.create_all(engine, checkfirst=True) session = SessionManager().make_session(engine) try: query_all = session.query(VerfierMain).all() except SQLAlchemyError as e: logger.error(f'SQLAlchemy Error: {e}') for row in query_all: row.operational_state = cloud_verifier_common.CloudAgent_Operational_State.SAVED try: session.commit() except SQLAlchemyError as e: logger.error(f'SQLAlchemy Error: {e}') num = session.query(VerfierMain.agent_id).count() if num > 0: agent_ids = session.query(VerfierMain.agent_id).all() logger.info("agent ids in db loaded from file: %s" % agent_ids) logger.info('Starting Cloud Verifier (tornado) on port ' + cloudverifier_port + ', use <Ctrl-C> to stop') app = tornado.web.Application([ (r"/(?:v[0-9]/)?agents/.*", AgentsHandler), (r".*", MainHandler), ]) context = cloud_verifier_common.init_mtls() # after TLS is up, start revocation notifier if config.getboolean('cloud_verifier', 'revocation_notifier'): logger.info( "Starting service for revocation notifications on port %s" % config.getint('cloud_verifier', 'revocation_notifier_port')) revocation_notifier.start_broker() sockets = tornado.netutil.bind_sockets(int(cloudverifier_port), address='0.0.0.0') tornado.process.fork_processes( config.getint('cloud_verifier', 'multiprocessing_pool_num_workers')) asyncio.set_event_loop(asyncio.new_event_loop()) server = tornado.httpserver.HTTPServer(app, ssl_options=context, max_buffer_size=max_upload_size) server.add_sockets(sockets) try: tornado.ioloop.IOLoop.instance().start() except KeyboardInterrupt: tornado.ioloop.IOLoop.instance().stop() if config.getboolean('cloud_verifier', 'revocation_notifier'): revocation_notifier.stop_broker()