def testEnrollmentHandler(self):
self._ClearClient()
# First 406 queues an EnrolmentRequest.
status = self.client_communicator.RunOnce()
self.assertEqual(status.code, 406)
# Send it to the server.
status = self.client_communicator.RunOnce()
self.assertEqual(status.code, 406)
self.assertLen(self.messages, 1)
self.assertEqual(self.messages[0].session_id.Basename(),
"E:%s" % ca_enroller.EnrolmentHandler.handler_name)
request = rdf_objects.MessageHandlerRequest(
client_id=self.messages[0].source.Basename(),
handler_name="Enrol",
request_id=12345,
request=self.messages[0].payload)
handler = ca_enroller.EnrolmentHandler(token=self.token)
handler.ProcessMessages([request])
# The next client communication should give a 200.
status = self.client_communicator.RunOnce()
self.assertEqual(status.code, 200)
def testEnrollment(self):
"""Test the http response to unknown clients."""
self._ClearClient()
# Now communicate with the server.
self.SendToServer()
status = self.client_communicator.RunOnce()
# We expect to receive a 406 and all client messages will be tagged as
# UNAUTHENTICATED.
self.assertEqual(status.code, 406)
self.assertLen(self.messages, 10)
self.assertEqual(
self.messages[0].auth_state,
rdf_flows.GrrMessage.AuthorizationState.UNAUTHENTICATED)
# The next request should be an enrolling request.
self.client_communicator.RunOnce()
self.assertLen(self.messages, 11)
enrolment_messages = []
expected_id = "E:%s" % ca_enroller.EnrolmentHandler.handler_name
for m in self.messages:
if m.session_id.Basename() == expected_id:
enrolment_messages.append(m)
self.assertLen(enrolment_messages, 1)
# Now we manually run the enroll well known flow with the enrollment
# request. This will start a new flow for enrolling the client, sign the
# cert and add it to the data store.
handler = ca_enroller.EnrolmentHandler()
req = rdf_objects.MessageHandlerRequest(
client_id=self.client_id, request=enrolment_messages[0].payload)
handler.ProcessMessages([req])
# The next client communication should be enrolled now.
status = self.client_communicator.RunOnce()
self.assertEqual(status.code, 200)
# There should be a cert for the client right now.
md = data_store.REL_DB.ReadClientMetadata(self.client_id)
self.assertTrue(md.certificate)
# Now communicate with the server once again.
self.SendToServer()
status = self.client_communicator.RunOnce()
self.assertEqual(status.code, 200)
def testEnrollment(self):
"""Test the http response to unknown clients."""
self._ClearClient()
# Now communicate with the server.
self.SendToServer()
status = self.client_communicator.RunOnce()
# We expect to receive a 406 and all client messages will be tagged as
# UNAUTHENTICATED.
self.assertEqual(status.code, 406)
self.assertLen(self.messages, 10)
self.assertEqual(
self.messages[0].auth_state,
rdf_flows.GrrMessage.AuthorizationState.UNAUTHENTICATED)
# The next request should be an enrolling request.
status = self.client_communicator.RunOnce()
self.assertLen(self.messages, 11)
enrolment_messages = []
for m in self.messages:
if m.session_id == ca_enroller.Enroler.well_known_session_id:
enrolment_messages.append(m)
self.assertLen(enrolment_messages, 1)
# Now we manually run the enroll well known flow with the enrollment
# request. This will start a new flow for enrolling the client, sign the
# cert and add it to the data store.
if data_store.AFF4Enabled():
flow_obj = ca_enroller.Enroler(
ca_enroller.Enroler.well_known_session_id,
mode="rw",
token=self.token)
flow_obj.ProcessMessage(enrolment_messages[0])
else:
handler = ca_enroller.EnrolmentHandler()
req = rdf_objects.MessageHandlerRequest(
client_id=self.client_id,
request=enrolment_messages[0].payload)
handler.ProcessMessages([req])
# The next client communication should be enrolled now.
status = self.client_communicator.RunOnce()
self.assertEqual(status.code, 200)
# There should be a cert for the client right now.
if data_store.AFF4Enabled():
client = aff4.FACTORY.Create(self.client_cn,
aff4_grr.VFSGRRClient,
mode="rw",
token=self.token)
self.assertTrue(client.Get(client.Schema.CERT))
else:
md = data_store.REL_DB.ReadClientMetadata(self.client_id)
self.assertTrue(md.certificate)
# Now communicate with the server once again.
self.SendToServer()
status = self.client_communicator.RunOnce()
self.assertEqual(status.code, 200)
