def CreateTimelineFixture(self):
"""Creates a new timeline fixture we can play with."""
# Create a client for testing
client_id = rdfvalue.ClientURN("C.0000000000000001")
token = access_control.ACLToken(username="******", reason="fixture")
fd = aff4.FACTORY.Create(client_id, "VFSGRRClient", token=token)
cert = self.ClientCertFromPrivateKey(
config_lib.CONFIG["Client.private_key"])
client_cert = rdfvalue.RDFX509Cert(cert.as_pem())
fd.Set(fd.Schema.CERT(client_cert))
fd.Close()
# Install the mock
vfs.VFS_HANDLERS[
rdfvalue.PathSpec.PathType.OS] = test_lib.ClientVFSHandlerFixture
client_mock = test_lib.ActionMock("ListDirectory")
output_path = "analysis/Timeline/MAC"
for _ in test_lib.TestFlowHelper(
"RecursiveListDirectory", client_mock, client_id=client_id,
pathspec=rdfvalue.PathSpec(
path="/", pathtype=rdfvalue.PathSpec.PathType.OS),
token=token):
pass
# Now make a timeline
for _ in test_lib.TestFlowHelper(
"MACTimes", client_mock, client_id=client_id, token=token,
path="/", output=output_path):
pass
def MakeClientAFF4Record(self):
"""Make a client in the data store."""
cert = self.ClientCertFromPrivateKey(self.client_private_key)
client_cert = rdfvalue.RDFX509Cert(cert.as_pem())
new_client = aff4.FACTORY.Create(client_cert.common_name,
"VFSGRRClient",
token=self.token)
new_client.Set(new_client.Schema.CERT, client_cert)
new_client.Close()
def Start(self):
"""Sign the CSR from the client."""
client = aff4.FACTORY.Create(self.client_id,
"VFSGRRClient",
mode="rw",
token=self.token)
if self.args.csr.type != rdfvalue.Certificate.Type.CSR:
raise IOError("Must be called with CSR")
req = X509.load_request_string(self.args.csr.pem)
# Verify the CSR. This is not strictly necessary but doesn't harm either.
if req.verify(req.get_pubkey()) != 1:
raise flow.FlowError("CSR for client %s did not verify: %s" %
(self.client_id, req.as_pem()))
# Verify that the CN is of the correct form. The common name should refer
# to a client URN.
public_key = req.get_pubkey().get_rsa().pub()[1]
self.cn = rdfvalue.ClientURN.FromPublicKey(public_key)
if self.cn != rdfvalue.ClientURN(req.get_subject().CN):
raise IOError("CSR CN %s does not match public key %s." %
(rdfvalue.ClientURN(req.get_subject().CN), self.cn))
logging.info("Will sign CSR for: %s", self.cn)
cert = self.MakeCert(self.cn, req)
# This check is important to ensure that the client id reported in the
# source of the enrollment request is the same as the one in the
# certificate. We use the ClientURN to ensure this is also of the correct
# form for a client name.
if self.cn != self.client_id:
raise flow.FlowError("Certificate name %s mismatch for client %s",
self.cn, self.client_id)
# Set and write the certificate to the client record.
certificate_attribute = rdfvalue.RDFX509Cert(cert.as_pem())
client.Set(client.Schema.CERT, certificate_attribute)
client.Set(client.Schema.FIRST_SEEN, rdfvalue.RDFDatetime().Now())
index = aff4.FACTORY.Create(client_index.MAIN_INDEX,
aff4_type="ClientIndex",
mode="rw",
token=self.token)
index.AddClient(client)
client.Close(sync=True)
# Publish the client enrollment message.
self.Publish("ClientEnrollment", certificate_attribute.common_name)
self.Log("Enrolled %s successfully", self.client_id)
def Start(self):
"""Sign the CSR from the client."""
client = aff4.FACTORY.Create(self.client_id,
"VFSGRRClient",
token=self.token)
if self.args.csr.type != rdfvalue.Certificate.Type.CSR:
raise IOError("Must be called with CSR")
req = X509.load_request_string(self.args.csr.pem)
# Verify that the CN is of the correct form. The common name should refer to
# a client URN.
public_key = req.get_pubkey().get_rsa().pub()[1]
self.cn = rdfvalue.ClientURN.FromPublicKey(public_key)
if self.cn != rdfvalue.ClientURN(req.get_subject().CN):
raise IOError("CSR CN does not match public key.")
logging.info("Will sign CSR for: %s", self.cn)
cert = self.MakeCert(self.cn, req)
# This check is important to ensure that the client id reported in the
# source of the enrollment request is the same as the one in the
# certificate. We use the ClientURN to ensure this is also of the correct
# form for a client name.
if self.cn != self.client_id:
raise flow.FlowError("Certificate name %s mismatch for client %s",
self.cn, self.client_id)
# Set and write the certificate to the client record.
certificate_attribute = rdfvalue.RDFX509Cert(cert.as_pem())
client.Set(client.Schema.CERT, certificate_attribute)
client.Set(client.Schema.FIRST_SEEN, rdfvalue.RDFDatetime().Now())
client.Close(sync=True)
# Publish the client enrollment message.
self.Publish("ClientEnrollment", certificate_attribute.common_name)
self.Log("Enrolled %s successfully", self.client_id)
# This is needed for backwards compatibility.
# TODO(user): Remove this once all clients are > 2200.
self.CallClient("SaveCert",
pem=cert.as_pem(),
type=rdfvalue.Certificate.Type.CRT,
next_state="End")
def setUp(self):
"""Set up communicator tests."""
super(HTTPClientTests, self).setUp()
self.certificate = self.ClientCertFromPrivateKey(
config_lib.CONFIG["Client.private_key"]).as_pem()
self.server_serial_number = 0
self.server_private_key = config_lib.CONFIG["PrivateKeys.server_key"]
self.server_certificate = config_lib.CONFIG["Frontend.certificate"]
self.client_cn = rdfvalue.RDFX509Cert(self.certificate).common_name
# Make a new client
self.CreateNewClientObject()
# The housekeeper threads of the time based caches also call time.time and
# interfere with some tests so we disable them here.
utils.InterruptableThread.exit = True
# The same also applies to the StatsCollector thread.
stats.StatsCollector.exit = True
# Make a client mock
self.client = aff4.FACTORY.Create(self.client_cn,
"VFSGRRClient",
mode="rw",
token=self.token)
self.client.Set(self.client.Schema.CERT(self.certificate))
self.client.Flush()
# Stop the client from actually processing anything
config_lib.CONFIG.Set("Client.max_out_queue", 0)
# And cache it in the server
self.CreateNewServerCommunicator()
self.urlopen = urllib2.urlopen
urllib2.urlopen = self.UrlMock
self.messages = []
ca_enroller.enrolment_cache.Flush()
# Response to send back to clients.
self.server_response = dict(session_id="aff4:/W:session",
name="Echo",
response_id=2)