MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [sign] Allow to sign event by key stored in gpg homedir

pull/8229/head
Jakub Onderka 2022-03-26 11:20:55 +01:00
parent cc3b7271d9
commit f1dd24933c
4 changed files with 50 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
.github/workflows/main.yml vendored
View File

@ -145,32 +145,33 @@ jobs:
- name: Configure MISP
run: |
sudo -E su $USER -c 'app/Console/cake userInit -q | sudo tee ./key.txt'
sudo -u $USER app/Console/cake userInit -q | sudo tee ./key.txt
echo "AUTH=`cat key.txt`" >> $GITHUB_ENV
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Session.autoRegenerate" 0'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Session.timeout" 600'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Session.cookieTimeout" 3600'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.host_org_id" 1'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.email" "info@admin.test"'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.disable_emailing" false'
sudo -E su $USER -c 'app/Console/cake Admin setSetting --force "debug" true'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.CustomAuth_disable_logout" false'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.redis_host" "127.0.0.1"'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.redis_port" 6379'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.redis_database" 13'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "MISP.redis_password" ""'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "GnuPG.email" "info@admin.test"'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "GnuPG.homedir" "`pwd`/.gnupg"'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "GnuPG.password" "travistest"'
sudo -u $USER app/Console/cake Admin setSetting "Session.autoRegenerate" 0
sudo -u $USER app/Console/cake Admin setSetting "Session.timeout" 600
sudo -u $USER app/Console/cake Admin setSetting "Session.cookieTimeout" 3600
sudo -u $USER app/Console/cake Admin setSetting "MISP.host_org_id" 1
sudo -u $USER app/Console/cake Admin setSetting "MISP.email" "info@admin.test"
sudo -u $USER app/Console/cake Admin setSetting "MISP.disable_emailing" false
sudo -u $USER app/Console/cake Admin setSetting --force "debug" true
sudo -u $USER app/Console/cake Admin setSetting "Plugin.CustomAuth_disable_logout" false
sudo -u $USER app/Console/cake Admin setSetting "MISP.redis_host" "127.0.0.1"
sudo -u $USER app/Console/cake Admin setSetting "MISP.redis_port" 6379
sudo -u $USER app/Console/cake Admin setSetting "MISP.redis_database" 13
sudo -u $USER app/Console/cake Admin setSetting "MISP.redis_password" ""
sudo -u $USER app/Console/cake Admin setSetting "GnuPG.email" "info@admin.test"
sudo -u $USER app/Console/cake Admin setSetting "GnuPG.homedir" "`pwd`/.gnupg"
sudo -u $USER app/Console/cake Admin setSetting "GnuPG.password" "travistest"
sudo -u $USER app/Console/cake Admin setSetting "MISP.download_gpg_from_homedir" 1
- name: Configure ZMQ
run: |
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_host" "127.0.0.1"'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_port" 6379'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_database" 1'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_password" ""'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.ZeroMQ_enable" 1'
sudo -E su $USER -c 'app/Console/cake Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" 1'
sudo -u $USER app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_host" "127.0.0.1"
sudo -u $USER app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
sudo -u $USER app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_database" 1
sudo -u $USER app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_password" ""
sudo -u $USER app/Console/cake Admin setSetting "Plugin.ZeroMQ_enable" 1
sudo -u $USER app/Console/cake Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" 1
- name: Update Galaxies
run: sudo -E su $USER -c 'app/Console/cake Admin updateGalaxies'

16
app/Model/CryptographicKey.php
View File

@ -89,12 +89,26 @@ class CryptographicKey extends AppModel
}
/**
* @return string
* @return string Instance key fingerprint
* @throws Crypt_GPG_BadPassphraseException
* @throws Crypt_GPG_Exception
*/
public function ingestInstanceKey()
{
// If instance just key stored just in GPG homedir, use that key.
if (Configure::read('MISP.download_gpg_from_homedir')) {
if (!$this->gpg) {
throw new Exception("Could not initiate GPG");
}
/** @var Crypt_GPG_Key[] $keys */
$keys = $this->gpg->getKeys(Configure::read('GnuPG.email'));
if (empty($keys)) {
return false;
}
$this->gpg->addSignKey($keys[0], Configure::read('GnuPG.password'));
return $keys[0]->getPrimaryKey()->getFingerprint();
}
try {
$redis = $this->setupRedisWithException();
} catch (Exception $e) {

9
app/Model/Server.php
View File

@ -5666,6 +5666,15 @@ class Server extends AppModel
'type' => 'boolean',
'null' => true,
],
'download_gpg_from_homedir' => [
'level' => self::SETTING_OPTIONAL,
'description' => __('Fetch GPG instance key from GPG homedir.'),
'value' => false,
'test' => 'testBool',
'type' => 'boolean',
'null' => true,
'cli_only' => true,
],
),
'GnuPG' => array(
'branch' => 1,

4
tests/testlive_comprehensive_local.py
View File

@ -733,7 +733,9 @@ class TestComprehensive(unittest.TestCase):
check_response(response)
response = self.admin_misp_connector._prepare_request('GET', f'events/view/{event.id}')
print(response.headers)
self.assertIn('x-pgp-signature', response.headers)
self.assertTrue(len(response.headers['x-pgp-signature']) > 0, response.headers['x-pgp-signature'])
print(response.headers['x-pgp-signature'])
def _search(self, query: dict):
response = self.admin_misp_connector._prepare_request('POST', 'events/restSearch', data=query)