def ProcessMessage(self, message):
"""Begins an enrollment flow for this client.
Args:
message: The Certificate sent by the client. Note that this
message is not authenticated.
"""
cert = rdf_crypto.Certificate(message.payload)
queue = self.well_known_session_id.Queue()
client_id = message.source
# It makes no sense to enrol the same client multiple times, so we
# eliminate duplicates. Note, that we can still enroll clients multiple
# times due to cache expiration.
try:
enrolment_cache.Get(client_id)
return
except KeyError:
enrolment_cache.Put(client_id, 1)
# Create a new client object for this client.
client = aff4.FACTORY.Create(
client_id, aff4_grr.VFSGRRClient, mode="rw", token=self.token)
# Only enroll this client if it has no certificate yet.
if not client.Get(client.Schema.CERT):
# Start the enrollment flow for this client.
flow.GRRFlow.StartFlow(
client_id=client_id,
flow_name=CAEnroler.__name__,
csr=cert,
queue=queue,
token=self.token)
def InitiateEnrolment(self, status):
"""Initiate the enrollment process.
We do not sent more than one request every 10 minutes.
Args:
status: The http status object, used to set fastpoll mode if this is the
first enrollment request sent since restart.
"""
now = time.time()
if now > self.last_enrollment_time + 10 * 60:
if not self.last_enrollment_time:
# This is the first enrolment request - we should enter fastpoll mode.
status.require_fastpoll = True
self.last_enrollment_time = now
# Send registration request:
self.client_worker.SendReply(
rdf_crypto.Certificate(type=rdf_crypto.Certificate.Type.CSR,
pem=self.communicator.GetCSR()),
session_id=rdfvalue.SessionID(queue=queues.ENROLLMENT,
flow_name="Enrol"))