def testServerKeyRotation(self):
self._MakeClientRecord()
# Now the server should know about the client.
decoded_messages = self.ClientServerCommunicate()
for i in range(len(decoded_messages)):
self.assertEqual(decoded_messages[i].auth_state,
rdf_flows.GrrMessage.AuthorizationState.AUTHENTICATED)
# Suppress the output.
with utils.Stubber(maintenance_utils, "EPrint", lambda msg: None):
maintenance_utils.RotateServerKey()
server_certificate = config.CONFIG["Frontend.certificate"]
server_private_key = config.CONFIG["PrivateKeys.server_key"]
self.assertNotEqual(server_certificate, self.server_certificate)
self.assertNotEqual(server_private_key, self.server_private_key)
self.server_communicator = frontend_lib.ServerCommunicator(
certificate=server_certificate, private_key=server_private_key)
# Clients can't connect at this point since they use the outdated
# session key.
with self.assertRaises(communicator.DecryptionError):
self.ClientServerCommunicate()
# After the client reloads the server cert, this should start
# working again.
self.client_communicator.LoadServerCertificate(
server_certificate=server_certificate,
ca_certificate=config.CONFIG["CA.certificate"])
self.assertLen(list(self.ClientServerCommunicate()), 10)
def CreateNewServerCommunicator(self):
self._MakeClient()
self.server_communicator = frontend_lib.ServerCommunicator(
certificate=self.server_certificate,
private_key=self.server_private_key)
def _SetupCommunicator(self):
self.server_communicator = frontend_lib.ServerCommunicator(
certificate=self.server_certificate,
private_key=self.server_private_key)
