Still more method cleanup, including access control the absence of

which had been lost in the SQL noise.

svn path=/scripts/README; revision=1324

6 files changed, 33 insertions, 23 deletions

diff --git a/scripts/README b/scripts/README
index 5ecb35bd..afe637dd 100644
--- a/scripts/README
+++ b/scripts/README
@@ -68,7 +68,12 @@ Current TO DO list:
 
   - Batch regeneration of CRLs and manifests for all CAs.
 
-- Implement remaining left-right control booleans.
+  - Protection against up-down operations specifying a class_name that
+    belongs to some other self context.
+
+- Implement remaining left-right control booleans -- among other
+  reasons, these are the IRBE triggers for things like key rollover,
+  which we need to test some of the stuff that's already done.
 
 - Child side of revocation...Common Management Tasks page in the APNIC
   Wiki shows some states where revocation is triggered by the child
@@ -83,7 +88,7 @@ Current TO DO list:
   At the moment we think that the state progression is linear, ie,
   there's no need for a next_state field.
 
-    state     := pending | active | deprecated | revoked
+    state     := pending | active | deprecated
     timestamp := NULL | <time of next transition>
 
   We can check for things with expired timers directly by doing
@@ -92,13 +97,12 @@ Current TO DO list:
     SELECT blah FROM ca_detail
     WHERE timestamp IS NOT NULL and timestamp < UTC_TIMESTAMP()
 
-  At this point I doubt we really need the revoked state.  If we do
-  need the revoked state, the timer becomes the delay until we can get
-  rid of the ca_detail object entirely, or something like that.
+  Well, maybe.  I don't really understand MySQL well enough to be sure
+  that it'll do the right thing comparing TIMESTAMP to DATETIME.
 
-  How do we, as child, even find out that a cert has been revoked?  In
-  the up-down protocol we just see a new cert, there's no indication
-  what happened to the old one.  Either:
+  How do we, as child, find out that a cert has been revoked?  In the
+  up-down protocol we just see a new cert, there's no indication what
+  happened to the old one.  Either:
 
   a) We asked to have it revoked, duh.
 
@@ -112,9 +116,8 @@ Current TO DO list:
   Since we don't find out about that directly, we're done with it when
   the parent issues a new cert.
 
-  This suggest that we don't need the client "revoked" state, and the
-  client "deprecated" state only occurs when there's also a timer set
-  to make it go away.
+  This suggest that the client "deprecated" state only occurs when
+  there's also a timer set to make it go away.
 
   Common Management Tasks has a delay between receipt of a new cert by
   the child and that cert going active.  Neither Randy nor I sees a
diff --git a/scripts/biz-certs/Bob-CA.srl b/scripts/biz-certs/Bob-CA.srl
index 1935b4d0..39bf5678 100644
--- a/scripts/biz-certs/Bob-CA.srl
+++ b/scripts/biz-certs/Bob-CA.srl
@@ -1 +1 @@
-90801F1ED19454DA
+90801F1ED19454DB
diff --git a/scripts/rpki/exceptions.py b/scripts/rpki/exceptions.py
index b5f0010f..43b7ab4d 100644
--- a/scripts/rpki/exceptions.py
+++ b/scripts/rpki/exceptions.py
@@ -55,3 +55,6 @@ class BSCNotFound(Exception):
 
 class BadSender(Exception):
   """Unexpected XML sender value."""
+
+class ClassNameMismatch(Exception):
+  """class_name does not match child context."""
diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py
index c817f08e..ac77342f 100644
--- a/scripts/rpki/left_right.py
+++ b/scripts/rpki/left_right.py
@@ -562,6 +562,16 @@ class child_elt(data_elt):
     """Fetch all parent objects that link to self object to which this child object links."""
     return parent_elt.sql_fetch_where(gctx, "self_id = %s" % self.self_id)
 
+  def ca_from_class_name(self, gctx, class_name):
+    """Fetch the CA corresponding to an up-down class_name."""
+    if not class_name.isdigit():
+      raise rpki.exceptions.BadClassNameSyntax, "Bad class name %s" % class_name
+    ca = rpki.sql.ca_obj.sql_fetch(gctx, long(class_name))
+    parent = ca.parent(gctx)
+    if self.self_id != parent.self_id:
+      raise rpki.exceptions.ClassNameMismatch, "child.self_id = %d, parent.self_id = %d" % (self.self_id, parent.self_id)
+    return ca
+
   def serve_post_save_hook(self, q_pdu, r_pdu):
     """Extra server actions for child_elt."""
     if self.reissue:
diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py
index e34673e8..055e4476 100644
--- a/scripts/rpki/sql.py
+++ b/scripts/rpki/sql.py
@@ -220,7 +220,7 @@ class ca_obj(sql_persistant):
     return ca_detail_obj.sql_fetch_where(gctx, "ca_id = %s" % self.ca_id)
 
   def fetch_active(self, gctx):
-    """Return the active ca_detail for this CA, if any."""
+    """Fetch the active ca_detail for this CA, if any."""
     return ca_detail_obj.sql_fetch_where1(gctx, "ca_id = %s AND state = 'active'" % self.ca_id)
 
   def construct_sia_uri(self, gctx, parent, rc):
@@ -252,7 +252,7 @@ class ca_obj(sql_persistant):
     rc_resources = rc.to_resource_bag()
     cert_map = dict((c.cert.get_SKI(), c) for c in rc.certs)
 
-    for ca_detail in ca_detail_obj.sql_fetch_where(gctx, "ca_id = %s AND latest_ca_cert IS NOT NULL AND state != 'revoked'" % self.ca_id):
+    for ca_detail in ca_detail_obj.sql_fetch_where(gctx, "ca_id = %s AND latest_ca_cert IS NOT NULL" % self.ca_id):
       ski = ca_detail.latest_ca_cert.get_SKI()
       if ca_detail.state != "deprecated":
         current_resources = ca_detail.latest_ca_cert.get_3779resources()
diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py
index 3b196d9d..e4285257 100644
--- a/scripts/rpki/up_down.py
+++ b/scripts/rpki/up_down.py
@@ -249,12 +249,8 @@ class issue_pdu(base_elt):
     """Serve one issue request PDU."""
 
     # Check the request
-    if not self.class_name.isdigit():
-      raise rpki.exceptions.BadClassNameSyntax, "Bad class name %s" % self.class_name
-    ca = rpki.sql.ca_obj.sql_fetch(gctx, long(self.class_name))
+    ca = child.ca_from_class_name(gctx, self.class_name)
     ca_detail = ca.fetch_active(gctx)
-    if ca is None or ca_detail is None:
-      raise rpki.exceptions.NotInDatabase
     self.pkcs10.check_valid_rpki()
 
     # Check current cert, if any
@@ -302,7 +298,7 @@ class issue_pdu(base_elt):
   @classmethod
   def query(cls, gctx, parent, ca, ca_detail):
     """Send an "issue" request to parent associated with ca."""
-    assert ca_detail is not None and ca_detail.state not in ("deprecated", "revoked")
+    assert ca_detail is not None and ca_detail.state != "deprecated"
     sia = ((rpki.oids.name2oid["id-ad-caRepository"], ("uri", ca.sia_uri)),
            (rpki.oids.name2oid["id-ad-rpkiManifest"], ("uri", ca_detail.manifest_uri(ca))))
     self = cls()
@@ -341,9 +337,7 @@ class revoke_pdu(revoke_syntax):
 
   def serve_pdu(self, gctx, q_msg, r_msg, child):
     """Serve one revoke request PDU."""
-    if not self.class_name.isdigit():
-      raise rpki.exceptions.BadClassNameSyntax, "Bad class name %s" % self.class_name
-    for ca_detail in rpki.sql.ca_detail_obj.sql_fetch_where(gctx, "ca_id = %s AND state != 'revoked'" % long(self.class_name)):
+    for ca_detail in child.ca_from_class_name(gctx, self.class_name).ca_details(gctx):
       for child_cert in child.child_certs(gctx, ca_detail = ca_detail, ski = self.get_SKI()):
         child_cert.revoke()
     rpki.sql.sql_sweep(gctx)