diff options
| author | Rob Austein <sra@hactrn.net> | 2009-10-24 20:07:30 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2009-10-24 20:07:30 +0000 |
| commit | 92f8a558862abbcb9cd23aa008afcb100cb67d63 (patch) | |
| tree | b5b926ecf016df6412c625f5b9dc89ee17deda5e /rpkid/rpki/rpki_engine.py | |
| parent | ccaa279a30fc99d90657ce64351efe533ba40adb (diff) | |
Handle case where something breaks between when parent issues a new
certificate to us and we store it in SQL. This shouldn't happen, but
since it has already come up once in testing we have to cope with it.
svn path=/rpkid/rpki/left_right.py; revision=2834
Diffstat (limited to 'rpkid/rpki/rpki_engine.py')
| -rw-r--r-- | rpkid/rpki/rpki_engine.py | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/rpkid/rpki/rpki_engine.py b/rpkid/rpki/rpki_engine.py index 619cbbcc..a1c28f16 100644 --- a/rpkid/rpki/rpki_engine.py +++ b/rpkid/rpki/rpki_engine.py @@ -338,9 +338,13 @@ class ca_obj(rpki.sql.sql_persistent): """Fetch revoked ca_details for this CA, if any.""" return ca_detail_obj.sql_fetch_where(self.gctx, "ca_id = %s AND state = 'revoked'", (self.ca_id,)) - def fetch_nonnull_nonrevoked(self): - """Fetch ca_details which have a CA cert and which are not revoked.""" - return ca_detail_obj.sql_fetch_where(self.gctx, "ca_id = %s AND latest_ca_cert IS NOT NULL AND state != 'revoked'", (self.ca_id,)) + def fetch_issue_response_candidates(self): + """ + Fetch ca_details which are candidates for consideration when + processing an up-down issue_response PDU. + """ + #return ca_detail_obj.sql_fetch_where(self.gctx, "ca_id = %s AND latest_ca_cert IS NOT NULL AND state != 'revoked'", (self.ca_id,)) + return ca_detail_obj.sql_fetch_where(self.gctx, "ca_id = %s AND state != 'revoked'", (self.ca_id,)) def construct_sia_uri(self, parent, rc): """ @@ -374,11 +378,11 @@ class ca_obj(rpki.sql.sql_persistent): def loop(iterator, ca_detail): - ski = ca_detail.latest_ca_cert.get_SKI() + ski = ca_detail.public_key.get_SKI() if ski not in cert_map: rpki.log.warn("Certificate in database missing from list_response, class %r, SKI %s, maybe parent certificate went away?" - % (rc.class_name, ca_detail.latest_ca_cert.gSKI())) + % (rc.class_name, ca_detail.public_key.gSKI())) ca_detail.delete(self, parent.repository(), iterator, eb, allow_failure = True) return @@ -387,8 +391,12 @@ class ca_obj(rpki.sql.sql_persistent): iterator() if ca_detail.state in ("pending", "active"): - current_resources = ca_detail.latest_ca_cert.get_3779resources() - if (sia_uri_changed or + if ca_detail.state == "pending": + current_resources = rpki.resource_set.resource_bag() + else: + current_resources = ca_detail.latest_ca_cert.get_3779resources() + if (ca_detail.state == "pending" or + sia_uri_changed or ca_detail.latest_ca_cert != cert_map[ski].cert or current_resources.undersized(rc_resources) or current_resources.oversized(rc_resources)): @@ -410,7 +418,7 @@ class ca_obj(rpki.sql.sql_persistent): % (rc.class_name, ", ".join(c.cert.gSKI() for c in cert_map.values()))) cb() - ca_details = self.fetch_nonnull_nonrevoked() + ca_details = self.fetch_issue_response_candidates() if True: for x in cert_map.itervalues(): |