Regenerate CRL and manifest when revoking child certs.

svn path=/rpkid/rpki/left_right.py; revision=3258

2 files changed, 7 insertions, 2 deletions

diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py
index 99eda03b..23cf6f6b 100644
--- a/rpkid/rpki/left_right.py
+++ b/rpkid/rpki/left_right.py
@@ -871,7 +871,8 @@ class child_elt(data_elt):
     """
     publisher = rpki.rpki_engine.publication_queue()
     for child_cert in self.child_certs():
-      child_cert.revoke(publisher = publisher)
+      child_cert.revoke(publisher = publisher,
+                        generate_crl_and_manifest = True)
     publisher.call_pubd(cb, eb)
 
   def endElement(self, stack, name, text):
diff --git a/rpkid/rpki/rpki_engine.py b/rpkid/rpki/rpki_engine.py
index 7350b2d0..343d3a98 100644
--- a/rpkid/rpki/rpki_engine.py
+++ b/rpkid/rpki/rpki_engine.py
@@ -976,10 +976,11 @@ class child_cert_obj(rpki.sql.sql_persistent):
     """Return the publication URI for this child_cert."""
     return ca.sia_uri + self.uri_tail()
 
-  def revoke(self, publisher):
+  def revoke(self, publisher, generate_crl_and_manifest = False):
     """
     Revoke a child cert.
     """
+
     ca_detail = self.ca_detail()
     ca = ca_detail.ca()
     rpki.log.debug("Revoking %r %r" % (self, self.uri(ca)))
@@ -987,6 +988,9 @@ class child_cert_obj(rpki.sql.sql_persistent):
     publisher.withdraw(cls = rpki.publication.certificate_elt, uri = self.uri(ca), obj = self.cert, repository = ca.parent().repository())
     self.gctx.sql.sweep()
     self.sql_delete()
+    if generate_crl_and_manifest:
+      ca_detail.generate_crl(publisher = publisher)
+      ca_detail.generate_manifest(publisher = publisher)
 
   def reissue(self, ca_detail, publisher, resources = None, sia = None):
     """