diff options
| author | Rob Austein <sra@hactrn.net> | 2012-07-04 16:42:45 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2012-07-04 16:42:45 +0000 |
| commit | 4287abf5e0daef7f5f95d358fc8376a507504357 (patch) | |
| tree | eb295788a95745c7840aaba068784141f58fe6ce /rpkid | |
| parent | ef7dbddced6f61179f2c61011c0b78fdc6b4d8fb (diff) | |
Oops, forgot to include revoke_forgotten command when copying other
control operations over from irbe_cli to rpkic.
svn path=/trunk/; revision=4572
Diffstat (limited to 'rpkid')
| -rw-r--r-- | rpkid/rpki/irdb/zookeeper.py | 9 | ||||
| -rw-r--r-- | rpkid/rpki/rpkic.py | 21 |
2 files changed, 29 insertions, 1 deletions
diff --git a/rpkid/rpki/irdb/zookeeper.py b/rpkid/rpki/irdb/zookeeper.py index 7dedeb7e..844b50de 100644 --- a/rpkid/rpki/irdb/zookeeper.py +++ b/rpkid/rpki/irdb/zookeeper.py @@ -983,6 +983,15 @@ class Zookeeper(object): action = "set", self_handle = self.handle, revoke = "yes")) + def revoke_forgotten(self): + """ + Poke rpkid to revoke old forgotten RPKI keys for the current handle. + """ + + self.call_rpkid(rpki.left_right.self_elt.make_pdu( + action = "set", self_handle = self.handle, revoke_forgotten = "yes")) + + def call_pubd(self, *pdus): """ Issue a call to pubd, return result. diff --git a/rpkid/rpki/rpkic.py b/rpkid/rpki/rpkic.py index 4959d8c8..6b860200 100644 --- a/rpkid/rpki/rpkic.py +++ b/rpkid/rpki/rpkic.py @@ -576,7 +576,7 @@ class main(rpki.cli.Cmd): def do_up_down_revoke(self, arg): """ Initiate a "revoke" operation: tell rpkid to clean up old keys - formerly used by certificiates issued to it via the up-down + formerly used by certificates issued to it via the up-down protocol. This is the cleanup stage of a key rollover operation. @@ -586,3 +586,22 @@ class main(rpki.cli.Cmd): raise BadCommandSyntax("Unexpected argument(s): %r" % arg) self.zoo.revoke() + + + def do_revoke_forgotten(self, arg): + """ + Initiate a "revoke_forgotten" operation: tell rpkid to ask its + parent to revoke certificates for which rpkid does not know the + private keys. This should never happen during ordinary operation, + but can happen if rpkid is misconfigured or its database has been + damaged, so we need a way to resynchronize rpkid with its parent + in such cases. We could do this automatically, but as we don't + know the precise cause of the failure we don't know if it's + recoverable locally (eg, from an SQL backup), so we require a + manual trigger before discarding possibly-useful certificates. + """ + + if arg: + raise BadCommandSyntax("Unexpected argument(s): %r" % arg) + + self.zoo.revoke_forgotten() |