def testServerKeyRotation(self): self._MakeClientRecord() # Now the server should know about the client. decoded_messages = self.ClientServerCommunicate() for i in range(len(decoded_messages)): self.assertEqual(decoded_messages[i].auth_state, rdf_flows.GrrMessage.AuthorizationState.AUTHENTICATED) # Suppress the output. with utils.Stubber(maintenance_utils, "EPrint", lambda msg: None): maintenance_utils.RotateServerKey() server_certificate = config.CONFIG["Frontend.certificate"] server_private_key = config.CONFIG["PrivateKeys.server_key"] self.assertNotEqual(server_certificate, self.server_certificate) self.assertNotEqual(server_private_key, self.server_private_key) self.server_communicator = frontend_lib.ServerCommunicator( certificate=server_certificate, private_key=server_private_key) # Clients can't connect at this point since they use the outdated # session key. with self.assertRaises(communicator.DecryptionError): self.ClientServerCommunicate() # After the client reloads the server cert, this should start # working again. self.client_communicator.LoadServerCertificate( server_certificate=server_certificate, ca_certificate=config.CONFIG["CA.certificate"]) self.assertLen(list(self.ClientServerCommunicate()), 10)
def CreateNewServerCommunicator(self): self._MakeClient() self.server_communicator = frontend_lib.ServerCommunicator( certificate=self.server_certificate, private_key=self.server_private_key)
def _SetupCommunicator(self): self.server_communicator = frontend_lib.ServerCommunicator( certificate=self.server_certificate, private_key=self.server_private_key)