def ProcessMessage(self, message): """Begins an enrollment flow for this client. Args: message: The Certificate sent by the client. Note that this message is not authenticated. """ cert = rdf_crypto.Certificate(message.payload) queue = self.well_known_session_id.Queue() client_id = message.source # It makes no sense to enrol the same client multiple times, so we # eliminate duplicates. Note, that we can still enroll clients multiple # times due to cache expiration. try: enrolment_cache.Get(client_id) return except KeyError: enrolment_cache.Put(client_id, 1) # Create a new client object for this client. client = aff4.FACTORY.Create( client_id, aff4_grr.VFSGRRClient, mode="rw", token=self.token) # Only enroll this client if it has no certificate yet. if not client.Get(client.Schema.CERT): # Start the enrollment flow for this client. flow.StartFlow( client_id=client_id, flow_name=CAEnroler.__name__, csr=cert, queue=queue, token=self.token)
def ProcessMessage(self, message): """Begins an enrollment flow for this client. Args: message: The Certificate sent by the client. Note that this message is not authenticated. """ cert = rdf_crypto.Certificate(message.payload) queue = self.well_known_session_id.Queue() client_id = message.source # It makes no sense to enrol the same client multiple times, so we # eliminate duplicates. Note, that we can still enroll clients multiple # times due to cache expiration. try: enrolment_cache.Get(client_id) return except KeyError: enrolment_cache.Put(client_id, 1) # Create a new client object for this client. if data_store.AFF4Enabled(): client = aff4.FACTORY.Create(client_id, aff4_grr.VFSGRRClient, mode="rw", token=self.token) client_cert = client.Get(client.Schema.CERT) if data_store.RelationalDBReadEnabled(): try: md = data_store.REL_DB.ReadClientMetadata(client_id.Basename()) client_cert = md.certificate except db.UnknownClientError: client_cert = None if data_store.RelationalDBWriteEnabled(): data_store.REL_DB.WriteClientMetadata(client_id.Basename(), fleetspeak_enabled=False) # Only enroll this client if it has no certificate yet. if not client_cert: # Start the enrollment flow for this client. # Note, that the actual CAEnroler class is autogenerated from the # CAEnrolerMixin by the DualDBFlow decorator confusing the linter - hence # the disable directive. flow.StartAFF4Flow( client_id=client_id, flow_name=CAEnroler.__name__, # pylint: disable=undefined-variable csr=cert, queue=queue, token=self.token)
def InitiateEnrolment(self): """Initiate the enrollment process. We do not sent more than one enrollment request every 10 minutes. Note that we still communicate to the server in fast poll mode, but these requests are not carrying any payload. """ logging.debug("sending enrollment request") now = time.time() if now > self.last_enrollment_time + 10 * 60: if not self.last_enrollment_time: # This is the first enrollment request - we should enter fastpoll mode. self.timer.FastPoll() self.last_enrollment_time = now # Send registration request: self.client_worker.SendReply( rdf_crypto.Certificate( type=rdf_crypto.Certificate.Type.CSR, pem=self.communicator.GetCSRAsPem()), session_id=rdfvalue.SessionID( queue=queues.ENROLLMENT, flow_name="Enrol"))