def testEnrollmentHandler(self): self._ClearClient() # First 406 queues an EnrolmentRequest. status = self.client_communicator.RunOnce() self.assertEqual(status.code, 406) # Send it to the server. status = self.client_communicator.RunOnce() self.assertEqual(status.code, 406) self.assertLen(self.messages, 1) self.assertEqual(self.messages[0].session_id.Basename(), "E:%s" % ca_enroller.EnrolmentHandler.handler_name) request = rdf_objects.MessageHandlerRequest( client_id=self.messages[0].source.Basename(), handler_name="Enrol", request_id=12345, request=self.messages[0].payload) handler = ca_enroller.EnrolmentHandler(token=self.token) handler.ProcessMessages([request]) # The next client communication should give a 200. status = self.client_communicator.RunOnce() self.assertEqual(status.code, 200)
def testEnrollment(self): """Test the http response to unknown clients.""" self._ClearClient() # Now communicate with the server. self.SendToServer() status = self.client_communicator.RunOnce() # We expect to receive a 406 and all client messages will be tagged as # UNAUTHENTICATED. self.assertEqual(status.code, 406) self.assertLen(self.messages, 10) self.assertEqual( self.messages[0].auth_state, rdf_flows.GrrMessage.AuthorizationState.UNAUTHENTICATED) # The next request should be an enrolling request. self.client_communicator.RunOnce() self.assertLen(self.messages, 11) enrolment_messages = [] expected_id = "E:%s" % ca_enroller.EnrolmentHandler.handler_name for m in self.messages: if m.session_id.Basename() == expected_id: enrolment_messages.append(m) self.assertLen(enrolment_messages, 1) # Now we manually run the enroll well known flow with the enrollment # request. This will start a new flow for enrolling the client, sign the # cert and add it to the data store. handler = ca_enroller.EnrolmentHandler() req = rdf_objects.MessageHandlerRequest( client_id=self.client_id, request=enrolment_messages[0].payload) handler.ProcessMessages([req]) # The next client communication should be enrolled now. status = self.client_communicator.RunOnce() self.assertEqual(status.code, 200) # There should be a cert for the client right now. md = data_store.REL_DB.ReadClientMetadata(self.client_id) self.assertTrue(md.certificate) # Now communicate with the server once again. self.SendToServer() status = self.client_communicator.RunOnce() self.assertEqual(status.code, 200)
def testEnrollment(self): """Test the http response to unknown clients.""" self._ClearClient() # Now communicate with the server. self.SendToServer() status = self.client_communicator.RunOnce() # We expect to receive a 406 and all client messages will be tagged as # UNAUTHENTICATED. self.assertEqual(status.code, 406) self.assertLen(self.messages, 10) self.assertEqual( self.messages[0].auth_state, rdf_flows.GrrMessage.AuthorizationState.UNAUTHENTICATED) # The next request should be an enrolling request. status = self.client_communicator.RunOnce() self.assertLen(self.messages, 11) enrolment_messages = [] for m in self.messages: if m.session_id == ca_enroller.Enroler.well_known_session_id: enrolment_messages.append(m) self.assertLen(enrolment_messages, 1) # Now we manually run the enroll well known flow with the enrollment # request. This will start a new flow for enrolling the client, sign the # cert and add it to the data store. if data_store.AFF4Enabled(): flow_obj = ca_enroller.Enroler( ca_enroller.Enroler.well_known_session_id, mode="rw", token=self.token) flow_obj.ProcessMessage(enrolment_messages[0]) else: handler = ca_enroller.EnrolmentHandler() req = rdf_objects.MessageHandlerRequest( client_id=self.client_id, request=enrolment_messages[0].payload) handler.ProcessMessages([req]) # The next client communication should be enrolled now. status = self.client_communicator.RunOnce() self.assertEqual(status.code, 200) # There should be a cert for the client right now. if data_store.AFF4Enabled(): client = aff4.FACTORY.Create(self.client_cn, aff4_grr.VFSGRRClient, mode="rw", token=self.token) self.assertTrue(client.Get(client.Schema.CERT)) else: md = data_store.REL_DB.ReadClientMetadata(self.client_id) self.assertTrue(md.certificate) # Now communicate with the server once again. self.SendToServer() status = self.client_communicator.RunOnce() self.assertEqual(status.code, 200)