def ProcessMessage(self, message):
"""Begins an enrollment flow for this client.
Args:
message: The Certificate sent by the client. Note that this
message is not authenticated.
"""
cert = rdfvalue.Certificate(message.args)
queue = self.well_known_session_id.Queue()
client_id = message.source
# It makes no sense to enrol the same client multiple times, so we
# eliminate duplicates. Note, that we can still enroll clients multiple
# times due to cache expiration.
try:
enrolment_cache.Get(client_id)
return
except KeyError:
enrolment_cache.Put(client_id, 1)
# Create a new client object for this client.
client = aff4.FACTORY.Create(client_id, "VFSGRRClient", mode="rw",
token=self.token)
# Only enroll this client if it has no certificate yet.
if not client.Get(client.Schema.CERT):
# Start the enrollment flow for this client.
flow.GRRFlow.StartFlow(client_id=client_id, flow_name="CAEnroler",
csr=cert, queue=queue, token=self.token)
def InitiateEnrolment(self, status):
"""Initiate the enrollment process.
We do not sent more than one request every 10 minutes.
Args:
status: The http status object, used to set fastpoll mode if this is the
first enrollment request sent since restart.
"""
now = time.time()
if now > self.last_enrollment_time + 10 * 60:
if not self.last_enrollment_time:
# This is the first enrolment request - we should enter fastpoll mode.
status.require_fastpoll = True
self.last_enrollment_time = now
# Send registration request:
self.client_worker.SendReply(
rdfvalue.Certificate(type=rdfvalue.Certificate.Type.CSR,
pem=self.communicator.GetCSR()),
session_id=rdfvalue.SessionID("aff4:/flows/CA:Enrol"))