def ProcessMessage(self, message): """Begins an enrollment flow for this client. Args: message: The Certificate sent by the client. Note that this message is not authenticated. """ cert = rdf_crypto.Certificate(message.payload) queue = self.well_known_session_id.Queue() client_id = message.source # It makes no sense to enrol the same client multiple times, so we # eliminate duplicates. Note, that we can still enroll clients multiple # times due to cache expiration. try: enrolment_cache.Get(client_id) return except KeyError: enrolment_cache.Put(client_id, 1) # Create a new client object for this client. client = aff4.FACTORY.Create( client_id, aff4_grr.VFSGRRClient, mode="rw", token=self.token) # Only enroll this client if it has no certificate yet. if not client.Get(client.Schema.CERT): # Start the enrollment flow for this client. flow.GRRFlow.StartFlow( client_id=client_id, flow_name=CAEnroler.__name__, csr=cert, queue=queue, token=self.token)
def InitiateEnrolment(self, status): """Initiate the enrollment process. We do not sent more than one request every 10 minutes. Args: status: The http status object, used to set fastpoll mode if this is the first enrollment request sent since restart. """ now = time.time() if now > self.last_enrollment_time + 10 * 60: if not self.last_enrollment_time: # This is the first enrolment request - we should enter fastpoll mode. status.require_fastpoll = True self.last_enrollment_time = now # Send registration request: self.client_worker.SendReply( rdf_crypto.Certificate(type=rdf_crypto.Certificate.Type.CSR, pem=self.communicator.GetCSR()), session_id=rdfvalue.SessionID(queue=queues.ENROLLMENT, flow_name="Enrol"))