diff options
| author | Rob Austein <sra@hactrn.net> | 2009-05-26 20:15:06 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2009-05-26 20:15:06 +0000 |
| commit | ae8a9874b1796f183ebe578a8252de126fba9c04 (patch) | |
| tree | 0b12f43cd09abc7933ce8d441759850c61ce4ca5 /rpkid/rpki/rpki_engine.py | |
| parent | 14ec294b70f07b9f8ad7a6b76f413d1e3aaf8868 (diff) | |
Suppress withdrawal of revoked child_cert objects that have already
been overwritten by their replacements.
svn path=/rpkid/rpki/rpki_engine.py; revision=2451
Diffstat (limited to 'rpkid/rpki/rpki_engine.py')
| -rw-r--r-- | rpkid/rpki/rpki_engine.py | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/rpkid/rpki/rpki_engine.py b/rpkid/rpki/rpki_engine.py index 675660e2..e8640286 100644 --- a/rpkid/rpki/rpki_engine.py +++ b/rpkid/rpki/rpki_engine.py @@ -836,7 +836,7 @@ class child_cert_obj(rpki.sql.sql_persistent): """Return the publication URI for this child_cert.""" return ca.sia_uri + self.uri_tail() - def revoke(self, callback, errback): + def revoke(self, callback, errback, withdraw = True): """ Revoke a child cert. """ @@ -845,14 +845,17 @@ class child_cert_obj(rpki.sql.sql_persistent): ca_detail = self.ca_detail() ca = ca_detail.ca() revoked_cert_obj.revoke(cert = self.cert, ca_detail = ca_detail) - repository = ca.parent().repository() def done(): self.gctx.sql.sweep() self.sql_delete() callback() - repository.withdraw(self.cert, self.uri(ca), done, errback) + if withdraw: + ca.parent().repository().withdraw(self.cert, self.uri(ca), done, errback) + else: + rpki.log.info("Suppressing withdrawal of %r" % self.cert) + done() def reissue(self, ca_detail, callback = None, errback = None, resources = None, sia = None): """ @@ -894,20 +897,27 @@ class child_cert_obj(rpki.sql.sql_persistent): if resources.valid_until != old_resources.valid_until: rpki.log.debug("Validity changed: %s %s" % ( old_resources.valid_until, resources.valid_until)) - if must_revoke or new_issuer: - child_cert = None - else: - child_cert = self - def revoke(child_cert): + uri = child_cert.uri(ca) + rpki.log.debug("New child_cert %r uri %s" % (child_cert, uri)) + def loop(iterator, x): - x.revoke(iterator, errback) + rpki.log.debug("Revoking child_cert %r" % x) + x.revoke(iterator, errback, withdraw = x.uri(ca) != uri) + + def manifest(): + ca_detail.generate_manifest(done, errback) def done(): callback(child_cert) - rpki.async.iterator([x for x in child.child_certs(ca_detail = ca_detail, ski = self.ski) if x is not child_cert], loop, done) + certs_to_revoke = [x for x in child.child_certs(ca_detail = ca_detail, ski = self.ski) if x is not child_cert] + + if certs_to_revoke: + rpki.async.iterator(certs_to_revoke, loop, manifest) + else: + done() ca_detail.issue( ca = ca, @@ -915,7 +925,7 @@ class child_cert_obj(rpki.sql.sql_persistent): subject_key = self.cert.getPublicKey(), sia = sia, resources = resources, - child_cert = child_cert, + child_cert = None if must_revoke or new_issuer else self, callback = revoke if must_revoke else callback, errback = errback) |