Add control interface to clear CMS-timestamp-based replay protection,

so we can recover from misconfigured clocks.  Closes #265.

Add child_handle attribute to <list_published_objects/> response.
Closes #266.

svn path=/trunk/; revision=4588

1 files changed, 18 insertions, 0 deletions

diff --git a/rpkid/rpki/irdb/zookeeper.py b/rpkid/rpki/irdb/zookeeper.py
index 844b50de..19bd55f7 100644
--- a/rpkid/rpki/irdb/zookeeper.py
+++ b/rpkid/rpki/irdb/zookeeper.py
@@ -992,6 +992,24 @@ class Zookeeper(object):
       action = "set", self_handle = self.handle, revoke_forgotten = "yes"))
 
 
+  def clear_all_sql_cms_replay_protection(self):
+    """
+    Tell rpkid and pubd to clear replay protection for all SQL-based
+    entities.  This is a fairly blunt instrument, but as we don't
+    expect this to be necessary except in the case of gross
+    misconfiguration, it should suffice
+    """
+
+    self.call_rpkid(*[rpki.left_right.self_elt.make_pdu(action = "set", self_handle = ca.handle,
+                                                        clear_replay_protection = "yes")
+                      for ca in rpki.irdb.ResourceHolderCA.objects.all()])
+    if self.run_pubd:
+      self.call_pubd(*[rpki.publication.client_elt.make_pdu(action = "set",
+                                                            client_handle = client.handle,
+                                                            clear_replay_protection = "yes")
+                       for client in self.server_ca.clients.all()])
+
+
   def call_pubd(self, *pdus):
     """
     Issue a call to pubd, return result.