def _GetRemotePublicKey(self, common_name):
try:
# See if we have this client already cached.
return self.pub_key_cache.Get(str(common_name))
except KeyError:
pass
# Fetch the client's cert and extract the key.
client = aff4.FACTORY.Create(
common_name,
aff4.AFF4Object.classes["VFSGRRClient"],
mode="rw",
token=self.token,
ignore_cache=True)
cert = client.Get(client.Schema.CERT)
if not cert:
stats.STATS.IncrementCounter("grr_unique_clients")
raise communicator.UnknownClientCert("Cert not found")
if rdfvalue.RDFURN(cert.GetCN()) != rdfvalue.RDFURN(common_name):
logging.error("Stored cert mismatch for %s", common_name)
raise communicator.UnknownClientCert("Stored cert mismatch")
self.client_cache.Put(common_name, client)
stats.STATS.SetGaugeValue("grr_frontendserver_client_cache_size",
len(self.client_cache))
pub_key = cert.GetPublicKey()
self.pub_key_cache.Put(common_name, pub_key)
return pub_key
def _GetRemotePublicKey(self, common_name):
remote_client_id = common_name.Basename()
try:
# See if we have this client already cached.
remote_key = self.pub_key_cache.Get(remote_client_id)
stats.STATS.IncrementCounter("grr_pub_key_cache", fields=["hits"])
return remote_key
except KeyError:
stats.STATS.IncrementCounter("grr_pub_key_cache", fields=["misses"])
md = data_store.REL_DB.ReadClientMetadata(remote_client_id)
if not md:
stats.STATS.IncrementCounter("grr_unique_clients")
raise communicator.UnknownClientCert("Cert not found")
cert = md.certificate
if rdfvalue.RDFURN(cert.GetCN()) != rdfvalue.RDFURN(common_name):
logging.error("Stored cert mismatch for %s", common_name)
raise communicator.UnknownClientCert("Stored cert mismatch")
pub_key = cert.GetPublicKey()
self.pub_key_cache.Put(common_name, pub_key)
return pub_key
def EncodeMessages(self, *unused_args, **unused_kw): """Raise because the server has no certificates for this client.""" raise communicator.UnknownClientCert()