mirror of https://github.com/MISP/MISP
fix: [sign] Allow to sign event by key stored in gpg homedir
parent
cc3b7271d9
commit
f1dd24933c
|
@ -145,32 +145,33 @@ jobs:
|
|||
|
||||
- name: Configure MISP
|
||||
run: |
|
||||
sudo -E su $USER -c 'app/Console/cake userInit -q | sudo tee ./key.txt'
|
||||
sudo -u $USER app/Console/cake userInit -q | sudo tee ./key.txt
|
||||
echo "AUTH=`cat key.txt`" >> $GITHUB_ENV
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Session.autoRegenerate" 0'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Session.timeout" 600'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Session.cookieTimeout" 3600'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.host_org_id" 1'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.email" "info@admin.test"'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.disable_emailing" false'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting --force "debug" true'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.CustomAuth_disable_logout" false'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.redis_host" "127.0.0.1"'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.redis_port" 6379'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.redis_database" 13'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.redis_password" ""'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "GnuPG.email" "info@admin.test"'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "GnuPG.homedir" "`pwd`/.gnupg"'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "GnuPG.password" "travistest"'
|
||||
sudo -u $USER app/Console/cake Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo -u $USER app/Console/cake Admin setSetting "Session.timeout" 600
|
||||
sudo -u $USER app/Console/cake Admin setSetting "Session.cookieTimeout" 3600
|
||||
sudo -u $USER app/Console/cake Admin setSetting "MISP.host_org_id" 1
|
||||
sudo -u $USER app/Console/cake Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo -u $USER app/Console/cake Admin setSetting "MISP.disable_emailing" false
|
||||
sudo -u $USER app/Console/cake Admin setSetting --force "debug" true
|
||||
sudo -u $USER app/Console/cake Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
sudo -u $USER app/Console/cake Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo -u $USER app/Console/cake Admin setSetting "MISP.redis_port" 6379
|
||||
sudo -u $USER app/Console/cake Admin setSetting "MISP.redis_database" 13
|
||||
sudo -u $USER app/Console/cake Admin setSetting "MISP.redis_password" ""
|
||||
sudo -u $USER app/Console/cake Admin setSetting "GnuPG.email" "info@admin.test"
|
||||
sudo -u $USER app/Console/cake Admin setSetting "GnuPG.homedir" "`pwd`/.gnupg"
|
||||
sudo -u $USER app/Console/cake Admin setSetting "GnuPG.password" "travistest"
|
||||
sudo -u $USER app/Console/cake Admin setSetting "MISP.download_gpg_from_homedir" 1
|
||||
|
||||
- name: Configure ZMQ
|
||||
run: |
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_host" "127.0.0.1"'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_port" 6379'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_database" 1'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_password" ""'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.ZeroMQ_enable" 1'
|
||||
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" 1'
|
||||
sudo -u $USER app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_host" "127.0.0.1"
|
||||
sudo -u $USER app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo -u $USER app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo -u $USER app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_password" ""
|
||||
sudo -u $USER app/Console/cake Admin setSetting "Plugin.ZeroMQ_enable" 1
|
||||
sudo -u $USER app/Console/cake Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" 1
|
||||
|
||||
- name: Update Galaxies
|
||||
run: sudo -E su $USER -c 'app/Console/cake Admin updateGalaxies'
|
||||
|
|
|
@ -89,12 +89,26 @@ class CryptographicKey extends AppModel
|
|||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
* @return string Instance key fingerprint
|
||||
* @throws Crypt_GPG_BadPassphraseException
|
||||
* @throws Crypt_GPG_Exception
|
||||
*/
|
||||
public function ingestInstanceKey()
|
||||
{
|
||||
// If instance just key stored just in GPG homedir, use that key.
|
||||
if (Configure::read('MISP.download_gpg_from_homedir')) {
|
||||
if (!$this->gpg) {
|
||||
throw new Exception("Could not initiate GPG");
|
||||
}
|
||||
/** @var Crypt_GPG_Key[] $keys */
|
||||
$keys = $this->gpg->getKeys(Configure::read('GnuPG.email'));
|
||||
if (empty($keys)) {
|
||||
return false;
|
||||
}
|
||||
$this->gpg->addSignKey($keys[0], Configure::read('GnuPG.password'));
|
||||
return $keys[0]->getPrimaryKey()->getFingerprint();
|
||||
}
|
||||
|
||||
try {
|
||||
$redis = $this->setupRedisWithException();
|
||||
} catch (Exception $e) {
|
||||
|
|
|
@ -5666,6 +5666,15 @@ class Server extends AppModel
|
|||
'type' => 'boolean',
|
||||
'null' => true,
|
||||
],
|
||||
'download_gpg_from_homedir' => [
|
||||
'level' => self::SETTING_OPTIONAL,
|
||||
'description' => __('Fetch GPG instance key from GPG homedir.'),
|
||||
'value' => false,
|
||||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
'null' => true,
|
||||
'cli_only' => true,
|
||||
],
|
||||
),
|
||||
'GnuPG' => array(
|
||||
'branch' => 1,
|
||||
|
|
|
@ -733,7 +733,9 @@ class TestComprehensive(unittest.TestCase):
|
|||
check_response(response)
|
||||
|
||||
response = self.admin_misp_connector._prepare_request('GET', f'events/view/{event.id}')
|
||||
print(response.headers)
|
||||
self.assertIn('x-pgp-signature', response.headers)
|
||||
self.assertTrue(len(response.headers['x-pgp-signature']) > 0, response.headers['x-pgp-signature'])
|
||||
print(response.headers['x-pgp-signature'])
|
||||
|
||||
def _search(self, query: dict):
|
||||
response = self.admin_misp_connector._prepare_request('POST', 'events/restSearch', data=query)
|
||||
|
|
Loading…
Reference in New Issue