diff options
| author | Rob Austein <sra@hactrn.net> | 2008-02-27 16:10:33 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-02-27 16:10:33 +0000 |
| commit | a9ecdddda7c364cd62dbd1c16fc0f19615fe288e (patch) | |
| tree | e09b128737dc834a92fdc3a74843f320dc552da7 /scripts/rpki/left_right.py | |
| parent | 62e55cba4e0567b6808bc527420560e7f3f9d551 (diff) | |
Left-right protocol option cleanup
svn path=/scripts/README; revision=1530
Diffstat (limited to 'scripts/rpki/left_right.py')
| -rw-r--r-- | scripts/rpki/left_right.py | 33 |
1 files changed, 8 insertions, 25 deletions
diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py index e38bea22..8a5e3433 100644 --- a/scripts/rpki/left_right.py +++ b/scripts/rpki/left_right.py @@ -275,11 +275,9 @@ class self_elt(data_elt): rpki.log.trace() if q_pdu.rekey: self.serve_rekey(gctx) - if q_pdu.reissue: - self.serve_reissue(gctx) if q_pdu.revoke: self.serve_revoke(gctx) - self.unimplemented_control("run_now", "publish_world_now") + self.unimplemented_control("reissue", "run_now", "publish_world_now") def serve_rekey(self, gctx): """Handle a left-right rekey action for this self.""" @@ -293,12 +291,6 @@ class self_elt(data_elt): for parent in self.parents(gctx): parent.serve_revoke(gctx) - def serve_reissue(self, gctx): - """Handle a left-right reissue action for this self.""" - rpki.log.trace() - for parent in self.parents(gctx): - parent.serve_reissue(gctx) - def serve_fetch_one(self, gctx): """Find the self object on which a get, set, or destroy method should operate. @@ -478,9 +470,13 @@ class bsc_elt(data_elt): self.signing_cert.extend(q_pdu.signing_cert) if q_pdu.generate_keypair: # - # Hard wire 2048-bit RSA with SHA-256 in schema for now. - # Assume no HSM for now. + # For the moment we only support 2048-bit RSA with SHA-256, no + # HSM. Assertion just checks that the schema hasn't changed out + # from under this code. # + assert (q_pdu.key_type is None or q_pdu.key_type == "rsa") and \ + (q_pdu.hash_alg is None or q_pdu.hash_alg == "sha256") and \ + (q_pdu.key_length is None or q_pdu.key_length == 2048) keypair = rpki.x509.RSA() keypair.generate() self.private_key_id = keypair @@ -544,10 +540,9 @@ class parent_elt(data_elt): """Extra server actions for parent_elt.""" if q_pdu.rekey: self.serve_rekey(gctx) - if q_pdu.reissue: - self.serve_reissue(gctx) if q_pdu.revoke: self.serve_revoke(gctx) + self.unimplemented_control("reissue") def serve_rekey(self, gctx): """Handle a left-right rekey action for this parent.""" @@ -559,18 +554,6 @@ class parent_elt(data_elt): for ca in self.cas(gctx): ca.revoke(gctx) - def serve_reissue(self, gctx): - """Handle a left-right reissue action for this parent.""" - for ca in self.cas(gctx): - for ca_detail in ca.ca_details(gctx): - for child_certs in ca_detail.child_certs(gctx): - # - # I guess this reuses existing SIA and resources. Should - # child_cert.reissue() allow defaults for those? At present - # that would be a no-op, so what was the point? - # - raise rpki.exceptions.NotImplementedYet - def startElement(self, stack, name, attrs): """Handle <parent/> element.""" if name not in ("cms_ta", "https_ta"): |