Clean up allocation of CRL/manifest numbers. We might want to put

both this and certificate serial number allocation under a lock, but doing so would require converting a lot of plain methods into coroutines, so postpone that decision until we're done with revisions to the task scheduler. svn path=/branches/tk705/; revision=6288
author: Rob Austein <sra@hactrn.net> 2016-02-25 16:48:21 +0000
committer: Rob Austein <sra@hactrn.net> 2016-02-25 16:48:21 +0000
commit: cbc7f0f9e151af13398e4b3234a826d03bfcb6a9 (patch)
tree: 1eb9dfc4eabcad730dbf0e33953fb9cb771c24ba /rpki/rpkidb/models.py
parent: 25408fe262e823c52d8a7cd4c18b85b0f4b31251 (diff)
1 files changed, 15 insertions, 5 deletions
diff --git a/rpki/rpkidb/models.py b/rpki/rpkidb/models.py
index 79702add..6b26a27d 100644
--- a/rpki/rpkidb/models.py
+++ b/rpki/rpkidb/models.py
@@ -846,6 +846,17 @@ class CA(models.Model):
         return self.last_issued_sn
 
 
+    def next_crl_manifest_number(self):
+        """
+        Allocate a CRL/Manifest number.
+        """
+
+        trace_call_chain()
+        self.last_crl_manifest_number += 1
+        self.save()
+        return self.last_crl_manifest_number
+
+
     def create_detail(self):
         """
         Create a new CADetail object for this CA.
@@ -1243,6 +1254,8 @@ class CADetail(models.Model):
         crl_uri      = self.crl_uri
         manifest_uri = self.manifest_uri
 
+        crl_manifest_number = self.ca.next_crl_manifest_number()
+
         manifest_cert = self.issue_ee(
             ca          = self.ca,
             resources   = rpki.resource_set.resource_bag.from_inheritance(),
@@ -1250,9 +1263,6 @@ class CADetail(models.Model):
             sia         = (None, None, manifest_uri, self.ca.parent.repository.rrdp_notification_uri),
             notBefore   = now)
 
-        self.ca.last_crl_manifest_number += 1
-        self.ca.save()
-
         certlist = []
         for revoked_cert in self.revoked_certs.all():
             if now > revoked_cert.expires + crl_interval:
@@ -1264,7 +1274,7 @@ class CADetail(models.Model):
         self.latest_crl = rpki.x509.CRL.generate(
             keypair             = self.private_key_id,
             issuer              = self.latest_ca_cert,
-            serial              = self.ca.last_crl_manifest_number,
+            serial              = crl_manifest_number,
             thisUpdate          = now,
             nextUpdate          = nextUpdate,
             revokedCertificates = certlist)
@@ -1276,7 +1286,7 @@ class CADetail(models.Model):
         objs.extend((e.uri_tail, e.cert)        for e in self.ee_certificates.all())
 
         self.latest_manifest = rpki.x509.SignedManifest.build(
-            serial         = self.ca.last_crl_manifest_number,
+            serial         = crl_manifest_number,
             thisUpdate     = now,
             nextUpdate     = nextUpdate,
             names_and_objs = objs,
author	Rob Austein <sra@hactrn.net>	2016-02-25 16:48:21 +0000
committer	Rob Austein <sra@hactrn.net>	2016-02-25 16:48:21 +0000
commit	cbc7f0f9e151af13398e4b3234a826d03bfcb6a9 (patch)
tree	1eb9dfc4eabcad730dbf0e33953fb9cb771c24ba /rpki/rpkidb/models.py
parent	25408fe262e823c52d8a7cd4c18b85b0f4b31251 (diff)