Rework ROA reissue and withdrawal code, not well-tested yet but at

least in theory it may be right this time. svn path=/rpkid/rpki/left_right.py; revision=1661
author: Rob Austein <sra@hactrn.net> 2008-04-14 19:08:36 +0000
committer: Rob Austein <sra@hactrn.net> 2008-04-14 19:08:36 +0000
commit: a153ea89cda1a458fff9d69dcd0ba74e967f6585 (patch)
tree: 7cbfab0df39429936f7630944649b1797fb6a7e9
parent: a3ed48964537a25d6b199ef4ec252fb1aba093bb (diff)
2 files changed, 25 insertions, 11 deletions
diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py
index 1e8ac1e0..f210add8 100644
--- a/rpkid/rpki/left_right.py
+++ b/rpkid/rpki/left_right.py
@@ -951,24 +951,37 @@ class route_origin_elt(data_elt):
     repository.publish(self.cert, self.ee_uri(ca))
     ca_detail.generate_manifest()
 
-  def withdraw_roa(self):
-    """Withdraw ROA associated with this route_origin."""
+  def withdraw_roa(self, reissue = False):
+    """Withdraw ROA associated with this route_origin.
+
+    In order to preserve make-before-break properties without
+    duplicating code, this method also handles issuing a new ROA.
+    """
 
     ca_detail = self.ca_detail()
     ca = ca_detail.ca()
     repository = ca.parent().repository()
-    repository.publish(self.roa, self.roa_uri(ca))
-    repository.publish(self.cert, self.ee_uri(ca))
+    cert = self.cert
+    roa = self.roa
+    roa_uri = self.roa_uri(ca)
+    ee_uri = self.ee_uri(ca)
+
+    if ca_detail.state != 'active':
+      self.ca_detail_id = None
+    if reissue:
+      self.generate_roa()
+
+    rpki.log.debug("Withdrawing ROA and revoking its EE cert")
+    rpki.sql.revoked_cert_obj.revoke(cert = cert, ca_detail = ca_detail)
+    repository.withdraw(roa, roa_uri)
+    repository.withdraw(cert, ee_uri)
+    self.gctx.sql_sweep()
+    ca_detail.generate_crl()
     ca_detail.generate_manifest()
 
   def reissue_roa(self):
     """Reissue ROA associated with this route_origin."""
-    rpki.log.debug("route_origin.ca_detail %s" % repr(self.ca_detail()))
-    self.withdraw_roa()
-    rpki.log.debug("route_origin.ca_detail %s" % repr(self.ca_detail()))
-    if self.ca_detail().state != 'active':
-       self.ca_detail_id = None
-    self.generate_roa()
+    self.withdraw_roa(reissue = True)
 
   def roa_uri(self, ca, key = None):
     """Return the publication URI for this route_origin's ROA."""
diff --git a/rpkid/testbed.py b/rpkid/testbed.py
index eebafe87..59523cb8 100644
--- a/rpkid/testbed.py
+++ b/rpkid/testbed.py
@@ -949,7 +949,8 @@ jitter                  = 0
 use-links               = yes
 use-syslog              = yes
 use-stderr              = yes
-log-level               = log_telemetry
+#log-level               = log_telemetry
+log-level               = log_debug
 trust-anchor            = %(rootd_name)s.cer
 '''
author	Rob Austein <sra@hactrn.net>	2008-04-14 19:08:36 +0000
committer	Rob Austein <sra@hactrn.net>	2008-04-14 19:08:36 +0000
commit	a153ea89cda1a458fff9d69dcd0ba74e967f6585 (patch)
tree	7cbfab0df39429936f7630944649b1797fb6a7e9
parent	a3ed48964537a25d6b199ef4ec252fb1aba093bb (diff)