Agent Event Push Mode

When the push callback URL is an HTTPS URL, certificate authentication is used by default. You need to upload the third-party certificate for event push.

If eventpush.ssl.trustAll is set to true, skip the following steps. If this parameter is set to true, all certificates are trusted, which may bring security risks. Exercise caution when using this value. The default value false is recommended.

AES-128-CBC/AES-256-CBC Algorithm (Reversible Encryption)

Obtain the generated encryption.zip package from the /home/onekeyInstall/CertTool/encryption directory on the host where containerized applications are installed in one-click mode.

Alternatively, obtain the encryption tool package encryption.zip from the AICC_XX.XXX.X_ConfigPkg.zip\Tools\encrypt-tool directory.
Upload the encryption tool package encryption.zip to the server where the encryption command is executed and decompress the package.
Change the encryption factor. The encryption factor of the encryption tool must be the same as that of the server for which you need to configure a password. Otherwise, the encrypted password cannot be used.

Obtain the encryption.key.factor file from the $HOME/OpenAS_Tomcat/conf/kf.properties directory on the server for which you need to configure or change a password. (The directory varies according to the NE. For the CC-Gateway and CC-HTV, obtain the file from the $HOME/tomcat/conf directory. For the ODFS, obtain the file from the $HOME/OpenAS_Tomcat/conf directory.) Replace the file with the same name in the encryption.zip/conf/kf.properties directory on the OpenAS encryption tool.

For example, if you need to change the password of the OpenProxy on the CC-Gateway server, obtain the encryption.key.factor file from the /home/elpis/tomcat/conf/kf.properties directory on the CC-Gateway server.

Execute the encryption script to generate the encrypted password and key.

```bash
SZX1000523647:/home/tools/encryption # ./openas_encrypt_interactive.sh
openas_encrypt_interactive.sh: Missing file: /lib/tools.jar
openas_encrypt_interactive.sh: Unexpected results may occur.  Make sure JAVA_HOME points to a JDK and not a JRE.
This tool has two usages
Usage 1:go to the command line input echo -e " <type> <mode> [user] <password>" |./openas_encrypt_interactive.sh
0 <mode> [user] <password>
2 <mode> [user] <password>
3 <algorithm> <iterations> <saltLength> <keyLenth> <password>
...
Usage 2:  press Enter to enter interactive form
...

Please input parameters: [Press Enter to enter the interactive mode.]
Please select type of service:
1) 1 Encrypt password
2) 2 RE-encrypt Work key with new root key
3) 3 Update encrypted work key with new work key
4) 4 Update encrypted password with new encrypted work key
#? 1
Please select type of reverse:
1) 1 Reversible_AES128
2) 2 Reversible_AES256
3) 3 Irreversible_PBKDF2
#? 1
please input the mode of algorithm: ECB or CBC or GCM
1)ECB AES/ECB/PKCS5Padding
2)CBC AES/CBC/PKCS5Padding
3)GCM AES/GCM/NoPadding
CBC

Please select userName encrypt mode: 1 Not Need/2 Need
1) 1 Not Need
2) 2 Need
#? 1

Please input password to encrypt:
************

Please reenter password to encrypt:
************
encryptedKey: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
encryptedPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
================================================================
```

In the preceding information:

encryptedKey indicates the 16 random characters that are automatically generated and encrypted by the encryption package. The value of encryptedKey in the command output is the encrypted key.
encryptedPassword indicates the encrypted password.

The AES/ECB/PKCS5Padding encryption algorithm is insecure. You are advised to use the secure AES/CBC/PKCS5Padding encryption algorithm.

Parent topic: Agent Event: agentevent

Previous topic: Obtaining Events of One Agent in Polling Mode

Next topic: Calling Back Pushed Events