Clean up ee_cert_obj class.

svn path=/branches/tk671/; revision=5676
author: Rob Austein <sra@hactrn.net> 2014-02-20 18:18:26 +0000
committer: Rob Austein <sra@hactrn.net> 2014-02-20 18:18:26 +0000
commit: 2ea20a4f856f0df6764d1287da6e6d0da6260688 (patch)
tree: 28bba97765f453f860491a0d99b405dda61457e1 /rpkid/rpki/rpkid.py
parent: ac0c358f4358b8a421db09f815ee75d1c0d3e4bd (diff)
1 files changed, 50 insertions, 39 deletions
diff --git a/rpkid/rpki/rpkid.py b/rpkid/rpki/rpkid.py
index 965eb9d4..81ec1668 100644
--- a/rpkid/rpki/rpkid.py
+++ b/rpkid/rpki/rpkid.py
@@ -2236,6 +2236,45 @@ class ee_cert_obj(rpki.sql.sql_persistent):
     """
     return self.cert.gSKI() + ".cer"
 
+  @classmethod
+  def create(cls, ca_detail, subject_name, subject_key, resources, publisher):
+    """
+    Generate a new certificate and stuff it in a new ee_cert_obj.
+    """
+
+    cn, sn = subject_name.extract_cn_and_sn()
+    ca = ca_detail.ca
+
+    cert = ca_detail.issue_ee(
+      ca          = ca,
+      subject_key = subject_key,
+      sia         = None,
+      resources   = resources,
+      notAfter    = resources.valid_until,
+      cn          = cn,
+      sn          = sn)
+
+    self = cls(
+      gctx         = ca_detail.gctx,
+      self_id      = ca.parent.self.self_id,
+      ca_detail_id = ca_detail.ca_detail_id,
+      cert         = cert)
+
+    publisher.publish(
+      cls        = rpki.publication.certificate_elt,
+      uri        = self.uri,
+      obj        = self.cert,
+      repository = ca.parent.repository,
+      handler    = self.published_callback)
+
+    self.sql_store()
+
+    ca_detail.generate_manifest(publisher = publisher)
+
+    rpki.log.debug("New ee_cert %r" % self)
+
+    return self
+
   def revoke(self, publisher, generate_crl_and_manifest = True):
     """
     Revoke and withdraw an EE certificate.
@@ -2259,10 +2298,9 @@ class ee_cert_obj(rpki.sql.sql_persistent):
     """
     Reissue an existing EE cert, reusing the public key.  If the EE
     cert we would generate is identical to the one we already have, we
-    just return the one we already have.  If we have to revoke the old
-    EE cert when generating the new one, we have to generate a new
-    ee_cert_obj, so calling code that needs the updated ee_cert_obj
-    must use the return value from this method.
+    just return; if we need to reissue, we reuse this ee_cert_obj and
+    just update its contents, as the publication URI will not have
+    changed.
     """
 
     ca_detail = self.ca_detail
@@ -2283,7 +2321,7 @@ class ee_cert_obj(rpki.sql.sql_persistent):
         self, old_resources.valid_until, resources.valid_until))
       needed = True
 
-    if resources  != old_resources:
+    if resources.asn != old_resources.asn or resources.v4 != old_resources.v4 or resources.v6 != old_resources.v6:
       rpki.log.debug("Resources changed for %r: old %s new %s" % (
         self, old_resources, resources))
       needed = True
@@ -2291,7 +2329,7 @@ class ee_cert_obj(rpki.sql.sql_persistent):
     must_revoke = (old_resources.oversized(resources) or
                    old_resources.valid_until > resources.valid_until)
     if must_revoke:
-      rpki.log.debug("Must revoke any existing cert(s) for %r" % self)
+      rpki.log.debug("Must revoke existing cert(s) for %r" % self)
       needed = True
 
     if not needed and force:
@@ -2300,47 +2338,23 @@ class ee_cert_obj(rpki.sql.sql_persistent):
 
     if not needed:
       rpki.log.debug("No change to %r" % self)
-      return self
+      return
 
     if must_revoke:
-      for x in self.sql_fetch_where(self.gctx, "self_id = %s AND ca_detail_id = %s AND ski = %s",
-                                    (self.self_id, self.ca_detail_id, self.ski)):
-        rpki.log.debug("Revoking ee_cert %r" % x)
-        x.revoke(publisher = publisher)
+      revoked_cert_obj.revoke(cert = self.cert, ca_detail = ca_detail)
       ca_detail.generate_crl(publisher = publisher)
-      ca_detail.generate_manifest(publisher = publisher)
-
-    return self.create(
-      ca_detail    = ca_detail,
-      subject_name = self.cert.getSubject(),
-      subject_key  = self.cert.getPublicKey(),
-      resources    = resources,
-      publisher    = publisher)
-
-  @classmethod
-  def create(cls, ca_detail, subject_name, subject_key, resources, publisher):
-    """
-    Generate a new certificate and stuff it in a new ee_cert_obj.
-    """
 
-    cn, sn = subject_name.extract_cn_and_sn()
-    ca = ca_detail.ca
+    cn, sn = self.cert.getSubject().extract_cn_and_sn()
 
-    cert = ca_detail.issue_ee(
+    self.cert = ca_detail.issue_ee(
       ca          = ca,
-      subject_key = subject_key,
+      subject_key = self.cert.getPublicKey(),
       sia         = None,
       resources   = resources,
       notAfter    = resources.valid_until,
       cn          = cn,
       sn          = sn)
 
-    self = cls(
-      gctx         = ca_detail.gctx,
-      self_id      = ca.parent.self.self_id,
-      ca_detail_id = ca_detail.ca_detail_id,
-      cert         = cert)
-
     publisher.publish(
       cls        = rpki.publication.certificate_elt,
       uri        = self.uri,
@@ -2348,12 +2362,9 @@ class ee_cert_obj(rpki.sql.sql_persistent):
       repository = ca.parent.repository,
       handler    = self.published_callback)
 
+    self.sql_store()
     ca_detail.generate_manifest(publisher = publisher)
 
-    rpki.log.debug("New ee_cert %r" % self)
-
-    return self
-
   def published_callback(self, pdu):
     """
     Publication callback: check result and mark published.
author	Rob Austein <sra@hactrn.net>	2014-02-20 18:18:26 +0000
committer	Rob Austein <sra@hactrn.net>	2014-02-20 18:18:26 +0000
commit	2ea20a4f856f0df6764d1287da6e6d0da6260688 (patch)
tree	28bba97765f453f860491a0d99b405dda61457e1 /rpkid/rpki/rpkid.py
parent	ac0c358f4358b8a421db09f815ee75d1c0d3e4bd (diff)