def _GetRemotePublicKey(self, common_name): remote_client_id = common_name.Basename() try: # See if we have this client already cached. remote_key = self.pub_key_cache.Get(remote_client_id) GRR_PUB_KEY_CACHE.Increment(fields=["hits"]) return remote_key except KeyError: GRR_PUB_KEY_CACHE.Increment(fields=["misses"]) try: md = data_store.REL_DB.ReadClientMetadata(remote_client_id) except db.UnknownClientError: GRR_UNIQUE_CLIENTS.Increment() raise communicator.UnknownClientCertError("Cert not found") cert = md.certificate if cert is None: raise communicator.UnknownClientCertError("Cert not found") if rdfvalue.RDFURN(cert.GetCN()) != rdfvalue.RDFURN(common_name): logging.error("Stored cert mismatch for %s", common_name) raise communicator.UnknownClientCertError("Stored cert mismatch") pub_key = cert.GetPublicKey() self.pub_key_cache.Put(common_name, pub_key) return pub_key
def _GetRemotePublicKey(self, common_name): try: # See if we have this client already cached. remote_key = self.pub_key_cache.Get(str(common_name)) stats_collector_instance.Get().IncrementCounter( "grr_pub_key_cache", fields=["hits"]) return remote_key except KeyError: stats_collector_instance.Get().IncrementCounter( "grr_pub_key_cache", fields=["misses"]) # Fetch the client's cert and extract the key. client = aff4.FACTORY.Create(common_name, aff4.AFF4Object.classes["VFSGRRClient"], mode="rw", token=self.token) cert = client.Get(client.Schema.CERT) if not cert: stats_collector_instance.Get().IncrementCounter( "grr_unique_clients") raise communicator.UnknownClientCertError("Cert not found") if rdfvalue.RDFURN(cert.GetCN()) != rdfvalue.RDFURN(common_name): logging.error("Stored cert mismatch for %s", common_name) raise communicator.UnknownClientCertError("Stored cert mismatch") self.client_cache.Put(common_name, client) stats_collector_instance.Get().SetGaugeValue( "grr_frontendserver_client_cache_size", len(self.client_cache)) pub_key = cert.GetPublicKey() self.pub_key_cache.Put(common_name, pub_key) return pub_key
def _GetRemotePublicKey(self, common_name): remote_client_id = common_name.Basename() try: # See if we have this client already cached. remote_key = self.pub_key_cache.Get(remote_client_id) stats_collector_instance.Get().IncrementCounter( "grr_pub_key_cache", fields=["hits"]) return remote_key except KeyError: stats_collector_instance.Get().IncrementCounter( "grr_pub_key_cache", fields=["misses"]) try: md = data_store.REL_DB.ReadClientMetadata(remote_client_id) except db.UnknownClientError: stats_collector_instance.Get().IncrementCounter("grr_unique_clients") raise communicator.UnknownClientCertError("Cert not found") cert = md.certificate if rdfvalue.RDFURN(cert.GetCN()) != rdfvalue.RDFURN(common_name): logging.error("Stored cert mismatch for %s", common_name) raise communicator.UnknownClientCertError("Stored cert mismatch") pub_key = cert.GetPublicKey() self.pub_key_cache.Put(common_name, pub_key) return pub_key
def _GetRemotePublicKey(self, common_name): if common_name == self.server_name: return self.server_public_key raise communicator.UnknownClientCertError( "Client wants to talk to %s, not %s" % (common_name, self.server_name))