def _GetRemotePublicKey(self, common_name):
remote_client_id = common_name.Basename()
try:
# See if we have this client already cached.
remote_key = self.pub_key_cache.Get(remote_client_id)
GRR_PUB_KEY_CACHE.Increment(fields=["hits"])
return remote_key
except KeyError:
GRR_PUB_KEY_CACHE.Increment(fields=["misses"])
try:
md = data_store.REL_DB.ReadClientMetadata(remote_client_id)
except db.UnknownClientError:
GRR_UNIQUE_CLIENTS.Increment()
raise communicator.UnknownClientCertError("Cert not found")
cert = md.certificate
if cert is None:
raise communicator.UnknownClientCertError("Cert not found")
if rdfvalue.RDFURN(cert.GetCN()) != rdfvalue.RDFURN(common_name):
logging.error("Stored cert mismatch for %s", common_name)
raise communicator.UnknownClientCertError("Stored cert mismatch")
pub_key = cert.GetPublicKey()
self.pub_key_cache.Put(common_name, pub_key)
return pub_key
def _GetRemotePublicKey(self, common_name):
try:
# See if we have this client already cached.
remote_key = self.pub_key_cache.Get(str(common_name))
stats_collector_instance.Get().IncrementCounter(
"grr_pub_key_cache", fields=["hits"])
return remote_key
except KeyError:
stats_collector_instance.Get().IncrementCounter(
"grr_pub_key_cache", fields=["misses"])
# Fetch the client's cert and extract the key.
client = aff4.FACTORY.Create(common_name,
aff4.AFF4Object.classes["VFSGRRClient"],
mode="rw",
token=self.token)
cert = client.Get(client.Schema.CERT)
if not cert:
stats_collector_instance.Get().IncrementCounter(
"grr_unique_clients")
raise communicator.UnknownClientCertError("Cert not found")
if rdfvalue.RDFURN(cert.GetCN()) != rdfvalue.RDFURN(common_name):
logging.error("Stored cert mismatch for %s", common_name)
raise communicator.UnknownClientCertError("Stored cert mismatch")
self.client_cache.Put(common_name, client)
stats_collector_instance.Get().SetGaugeValue(
"grr_frontendserver_client_cache_size", len(self.client_cache))
pub_key = cert.GetPublicKey()
self.pub_key_cache.Put(common_name, pub_key)
return pub_key
def _GetRemotePublicKey(self, common_name):
remote_client_id = common_name.Basename()
try:
# See if we have this client already cached.
remote_key = self.pub_key_cache.Get(remote_client_id)
stats_collector_instance.Get().IncrementCounter(
"grr_pub_key_cache", fields=["hits"])
return remote_key
except KeyError:
stats_collector_instance.Get().IncrementCounter(
"grr_pub_key_cache", fields=["misses"])
try:
md = data_store.REL_DB.ReadClientMetadata(remote_client_id)
except db.UnknownClientError:
stats_collector_instance.Get().IncrementCounter("grr_unique_clients")
raise communicator.UnknownClientCertError("Cert not found")
cert = md.certificate
if rdfvalue.RDFURN(cert.GetCN()) != rdfvalue.RDFURN(common_name):
logging.error("Stored cert mismatch for %s", common_name)
raise communicator.UnknownClientCertError("Stored cert mismatch")
pub_key = cert.GetPublicKey()
self.pub_key_cache.Put(common_name, pub_key)
return pub_key
def _GetRemotePublicKey(self, common_name):
if common_name == self.server_name:
return self.server_public_key
raise communicator.UnknownClientCertError(
"Client wants to talk to %s, not %s" % (common_name, self.server_name))