diff options
| author | Rob Austein <sra@hactrn.net> | 2007-10-07 21:26:32 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2007-10-07 21:26:32 +0000 |
| commit | f97aa1fd7d83fa17ccdb894e100c0f45ed43239e (patch) | |
| tree | 79c032d12e6484a3c91f1cad91692b518e151128 /scripts/rpki/sql.py | |
| parent | 6ffef4831ed73701d57476d81d49c4beeb212e6a (diff) | |
Checkpoint
svn path=/scripts/rpki/sql.py; revision=1115
Diffstat (limited to 'scripts/rpki/sql.py')
| -rw-r--r-- | scripts/rpki/sql.py | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py index dcd1010a..3a490700 100644 --- a/scripts/rpki/sql.py +++ b/scripts/rpki/sql.py @@ -185,14 +185,19 @@ class ca_obj(sql_persistant): off to the affected ca_detail for processing. """ cert_map = dict((c.get_SKI(), c) for c in rc.certs) - for ca_detail in ca_detail_obj.sql_fetch_where(gctx, "ca_id = %s AND latest_ca_cert IS NOT NULL", ca.ca_id): + ca_details = ca_detail_obj.sql_fetch_where(gctx, "ca_id = %s AND latest_ca_cert IS NOT NULL", ca.ca_id) + as, v4, v6 = ca_detail_obj.sql_fetch_active(gctx, ca_id).latest_ca_cert.get_3779resources() + undersized = not rc.resource_set_as.issubset(as) or not rc.resource_set_ipv4.issubset(v4) or not rc.resource_set_ipv6.issubset(v6) + for ca_detail in ca_details: ski = ca_detail.latest_ca_cert.get_SKI() assert ski in cert_map, "Certificate in our database missing from list_response, SKI %s" % ca_detail.latest_ca_cert.hSKI() - if ca_detail.latest_ca_cert != cert_map[ski]: - ca_detail.update(gctx, parent, self, rc, cert_map[ski]) + assert ca_detail.state != "pending" or (as, v4, v6) == ca_detail.get_3779resources(), "Resource mismatch for pending cert" + if undersized or ca_detail.latest_ca_cert != cert_map[ski]: + ca_detail.update(gctx, parent, self, rc, cert_map[ski], undersized) del cert_map[ski] assert not cert_map, "Certificates in list_response missing from our database, SKIs %s" % ", ".join(c.hSKI() for c in cert_map.values()) + @classmethod def create(cls, gctx, parent, rc): """Parent has signaled existance of a new resource class, so we @@ -242,7 +247,7 @@ class ca_detail_obj(sql_persistant): else: return None - def update(self, gctx, parent, ca, rc, newcert): + def update(self, gctx, parent, ca, rc, newcert, undersized): """CA has received a cert for this ca_detail that doesn't match the current one, figure out what to do about it. Cases: |