diff options
| author | Rob Austein <sra@hactrn.net> | 2014-04-02 21:15:30 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2014-04-02 21:15:30 +0000 |
| commit | 9ee77a750670e1ebaeca6747e8594e5d21433481 (patch) | |
| tree | 24394ceb289638738e23be9966d7dbacf22e6afd /rpkid/rpki/rpkid.py | |
| parent | fc80308a13eabbeae061cdd83d66347d7e7982a2 (diff) | |
Track changes in URI at which parent publishes our CA certificate, and
propegate those changes to certs we issue.
svn path=/branches/tk671/; revision=5739
Diffstat (limited to 'rpkid/rpki/rpkid.py')
| -rw-r--r-- | rpkid/rpki/rpkid.py | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/rpkid/rpki/rpkid.py b/rpkid/rpki/rpkid.py index c9e5bee2..d4f8aeef 100644 --- a/rpkid/rpki/rpkid.py +++ b/rpkid/rpki/rpkid.py @@ -540,6 +540,7 @@ class ca_obj(rpki.sql.sql_persistent): sia_uri = self.construct_sia_uri(parent, rc) sia_uri_changed = self.sia_uri != sia_uri if sia_uri_changed: + rpki.log.debug("SIA changed: was %s now %s" % (self.sia_uri, sia_uri)) self.sia_uri = sia_uri self.sql_mark_dirty() @@ -584,6 +585,11 @@ class ca_obj(rpki.sql.sql_persistent): callback = iterator, errback = eb) + if ca_detail.state == "active" and ca_detail.ca_cert_uri != rc.cert_url.rsync(): + rpki.log.debug("AIA changed: was %s now %s" % (ca_detail.ca_cert_uri, rc.cert_url.rsync())) + ca_detail.ca_cert_uri = rc.cert_url.rsync() + ca_detail.sql_mark_dirty() + iterator() def done(): @@ -1526,6 +1532,7 @@ class child_cert_obj(rpki.sql.sql_persistent): old_resources = self.cert.get_3779resources() old_sia = self.cert.get_SIA() + old_aia = self.cert.get_AIA() old_ca_detail = self.ca_detail needed = False @@ -1543,7 +1550,8 @@ class child_cert_obj(rpki.sql.sql_persistent): needed = True if resources.valid_until != old_resources.valid_until: - rpki.log.debug("Validity changed for %r: old %s new %s" % (self, old_resources.valid_until, resources.valid_until)) + rpki.log.debug("Validity changed for %r: old %s new %s" % ( + self, old_resources.valid_until, resources.valid_until)) needed = True if sia != old_sia: @@ -1554,6 +1562,10 @@ class child_cert_obj(rpki.sql.sql_persistent): rpki.log.debug("Issuer changed for %r %s: old %r new %r" % (self, self.uri, old_ca_detail, ca_detail)) needed = True + if ca_detail.ca_cert_uri != old_aia: + rpki.log.debug("AIA changed for %r %s: old %r new %r" % (self, self.uri, old_aia, ca_detail.ca_cert_uri)) + needed = True + must_revoke = old_resources.oversized(resources) or old_resources.valid_until > resources.valid_until if must_revoke: rpki.log.debug("Must revoke any existing cert(s) for %r" % self) |