Consider updating ROAs and Ghostbusters when CA certificate changes.

svn path=/trunk/; revision=5305

4 files changed, 46 insertions, 18 deletions

diff --git a/rpkid/rpki/log.py b/rpkid/rpki/log.py
index adc85585..558d3c68 100644
--- a/rpkid/rpki/log.py
+++ b/rpkid/rpki/log.py
@@ -184,20 +184,25 @@ def log_repr(obj, *tokens):
   """
 
   # pylint: disable=W0702
+
   words = ["%s.%s" % (obj.__class__.__module__, obj.__class__.__name__)]
   try:
     words.append("{%s}" % obj.self.self_handle)
   except:
     pass
+
   for token in tokens:
-    if token is not None and token != "":
+    if token is not None:
       try:
-        assert token is not None
-        words.append(str(token))
+        s = str(token)
       except:
+        s = "???"
         debug("Failed to generate repr() string for object of type %r" % type(token))
         traceback()
-        words.append("???")
+      if s:
+        words.append(s)
+
   if show_python_ids:
     words.append(" at %#x" % id(obj))
+
   return "<" + " ".join(words) + ">"
diff --git a/rpkid/rpki/rpkid.py b/rpkid/rpki/rpkid.py
index 33a0d942..02283545 100644
--- a/rpkid/rpki/rpkid.py
+++ b/rpkid/rpki/rpkid.py
@@ -1047,6 +1047,8 @@ class ca_detail_obj(rpki.sql.sql_persistent):
           callback = callback,
           errback  = errback)
 
+      validity_changed = self.latest_ca_cert is None or self.latest_ca_cert.getNotAfter() != c.cert.getNotAfter()
+
       publisher = publication_queue()
 
       if self.latest_ca_cert != c.cert:
@@ -1067,11 +1069,13 @@ class ca_detail_obj(rpki.sql.sql_persistent):
               resources = child_resources & new_resources,
               publisher = publisher)
 
-      # And why, exactly, are we not whacking other things issued by
-      # this ca_detail?  Oversight?  Fiendish cleverness I should have
-      # documented?  Faith that normal cron cycle will regenerate
-      # anything that needs it quickly enough?  Faith that nothing
-      # else needs regeneration at this point?
+      if sia_uri_changed or validity_changed or old_resources.oversized(new_resources):
+        for roa in self.roas:
+          roa.update(publisher = publisher, fast = True)
+
+      if sia_uri_changed or validity_changed:
+        for ghostbuster in self.ghostbusters:
+          ghostbuster.update(publisher = publisher, fast = True)
 
       publisher.call_pubd(callback, errback)
 
@@ -1708,9 +1712,12 @@ class roa_obj(rpki.sql.sql_persistent):
     self.gctx.sql.execute("DELETE FROM roa_prefix WHERE roa_id = %s", (self.roa_id,))
 
   def __repr__(self):
-    v4 = "" if self.ipv4 is None else self.ipv4
-    v6 = "" if self.ipv6 is None else self.ipv6
-    return rpki.log.log_repr(self, self.asn, ("%s,%s" % (v4, v6)).strip(","))
+    args = [self, self.asn, self.ipv4, self.ipv6]
+    try:
+      args.append(self.uri)
+    except:
+      pass
+    return rpki.log.log_repr(*args)
 
   def __init__(self, gctx = None, self_id = None, asn = None, ipv4 = None, ipv6 = None):
     rpki.sql.sql_persistent.__init__(self)
@@ -1948,7 +1955,16 @@ class ghostbuster_obj(rpki.sql.sql_persistent):
   vcard = None
 
   def __repr__(self):
-    return rpki.log.log_repr(self, self.uri)
+    args = [self]
+    try:
+      args.extend(self.vcard.splitlines()[2:-1])
+    except:
+      pass
+    try:
+      args.append(self.uri)
+    except:
+      pass
+    return rpki.log.log_repr(*args)
 
   @property
   @rpki.sql.cache_reference
diff --git a/rpkid/rpki/rpkid_tasks.py b/rpkid/rpki/rpkid_tasks.py
index abfbdcb3..fdd9d286 100644
--- a/rpkid/rpki/rpkid_tasks.py
+++ b/rpkid/rpki/rpkid_tasks.py
@@ -365,7 +365,7 @@ class UpdateROAsTask(AbstractTask):
         roa = roas.pop(k, None)
         if roa is None:
           roa = rpki.rpkid.roa_obj(self.gctx, self.self_id, roa_request.asn, roa_request.ipv4, roa_request.ipv6)
-          rpki.log.debug("Couldn't find existing ROA, created %r" % roa)
+          rpki.log.debug("Created new %r" % roa)
         else:
           rpki.log.debug("Found existing %r" % roa)
         self.updates.append(roa)
@@ -497,9 +497,9 @@ class UpdateGhostbustersTask(AbstractTask):
             ghostbuster = ghostbusters.pop((ca_detail.ca_detail_id, ghostbuster_request.vcard), None)
             if ghostbuster is None:
               ghostbuster = rpki.rpkid.ghostbuster_obj(self.gctx, self.self_id, ca_detail.ca_detail_id, ghostbuster_request.vcard)
-              rpki.log.debug("Created new Ghostbuster request for %r" % ghostbuster_request.parent_handle)
+              rpki.log.debug("Created new %r for %r" % (ghostbuster, ghostbuster_request.parent_handle))
             else:
-              rpki.log.debug("Found existing Ghostbuster request for %r" % ghostbuster_request.parent_handle)
+              rpki.log.debug("Found existing %r for %s" % (ghostbuster, ghostbuster_request.parent_handle))
             ghostbuster.update(publisher = publisher, fast = True)
             ca_details.add(ca_detail)
 
diff --git a/rpkid/tests/smoketest.6.yaml b/rpkid/tests/smoketest.6.yaml
index 07b12d58..e8d65433 100644
--- a/rpkid/tests/smoketest.6.yaml
+++ b/rpkid/tests/smoketest.6.yaml
@@ -15,11 +15,18 @@
 # PERFORMANCE OF THIS SOFTWARE.
 
 name:           RIR
-valid_for:      2d
+valid_for:      4w
 kids:
   - name: Alice
     hosted_by: RIR
-    #valid_for:  5m
+    #
+    # To test immediate expiration
+    #valid_for: 5m
+    #
+    # To test what happens when we reach rgen_margin
+    #valid_for: 2w2h5m
+    #valid_for: 2w5m
+    #
     kids:
       - name: Betty
         hosted_by: RIR