diff options
| author | Rob Austein <sra@hactrn.net> | 2010-07-15 03:23:55 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2010-07-15 03:23:55 +0000 |
| commit | 17ee8bb201571c7e7b9b1f01f90b25dfd6819cc8 (patch) | |
| tree | 7249ac567e00b5ac1ffce7a660b91d02f8f982bb | |
| parent | dfab81477afece7265f46c5a2ed1162af59f3fe4 (diff) | |
Log reason for deciding to generate a ROA.
svn path=/rpkid/rpki/rpki_engine.py; revision=3401
| -rw-r--r-- | rpkid/rpki/rpki_engine.py | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/rpkid/rpki/rpki_engine.py b/rpkid/rpki/rpki_engine.py index 343d3a98..9c281d71 100644 --- a/rpkid/rpki/rpki_engine.py +++ b/rpkid/rpki/rpki_engine.py @@ -1214,29 +1214,40 @@ class roa_obj(rpki.sql.sql_persistent): Bring this roa_obj's ROA up to date if necesssary. """ + v4 = self.ipv4.to_resource_set() if self.ipv4 is not None else rpki.resource_set.resource_set_ipv4() + v6 = self.ipv6.to_resource_set() if self.ipv6 is not None else rpki.resource_set.resource_set_ipv6() + + me = "<%s %s>" % (self.asn, ("%s,%s" % (v4, v6)).strip(",")) + if self.roa is None: + rpki.log.debug("ROA doesn't exist, generating %s" % me) return self.generate(publisher = publisher) ca_detail = self.ca_detail() - if ca_detail is None or ca_detail.state != "active": + if ca_detail is None: + rpki.log.debug("ROA has no associated ca_detail, generating %s" % me) + return self.generate(publisher = publisher) + + if ca_detail.state != "active": + rpki.log.debug("ROA's associated ca_detail not active (state %r), regenerating %s" % (ca_detail.state, me)) return self.regenerate(publisher = publisher) - regen_margin = rpki.sundial.timedelta(seconds = self.self().regen_margin) + regen_time = self.cert.getNotAfter() - rpki.sundial.timedelta(seconds = self.self().regen_margin) - if rpki.sundial.now() + regen_margin > self.cert.getNotAfter(): + if rpki.sundial.now() > regen_time: + rpki.log.debug("ROA past threshold %s, regenerating %s" % (regen_time, me)) return self.regenerate(publisher = publisher) ca_resources = ca_detail.latest_ca_cert.get_3779resources() ee_resources = self.cert.get_3779resources() if ee_resources.oversized(ca_resources): + rpki.log.debug("ROA oversized with respect to CA, regenerating %s" % me) return self.regenerate(publisher = publisher) - v4 = self.ipv4.to_resource_set() if self.ipv4 is not None else rpki.resource_set.resource_set_ipv4() - v6 = self.ipv6.to_resource_set() if self.ipv6 is not None else rpki.resource_set.resource_set_ipv6() - if ee_resources.v4 != v4 or ee_resources.v6 != v6: + rpki.log.debug("ROA resources do not match EE, regenerating %s" % me) return self.regenerate(publisher = publisher) def generate(self, publisher): |