diff options
| author | Rob Austein <sra@hactrn.net> | 2007-12-13 04:38:25 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2007-12-13 04:38:25 +0000 |
| commit | 4bd92fbff3a3f0ae2293d2099254f4b0cd196613 (patch) | |
| tree | 74cb4dbd9d23e8b2d4753ba1f1c7419c517b2146 /scripts/rpki/sql.py | |
| parent | 860f22425ed8e45de79309cf8839f25de6d0a1f2 (diff) | |
Basic client revocation, not yet tested
svn path=/scripts/Makefile; revision=1378
Diffstat (limited to 'scripts/rpki/sql.py')
| -rw-r--r-- | scripts/rpki/sql.py | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py index 81d93970..305fb07f 100644 --- a/scripts/rpki/sql.py +++ b/scripts/rpki/sql.py @@ -313,13 +313,7 @@ class ca_obj(sql_persistant): repository = parent.repository(gctx) for ca_detail in self.ca_details(gctx): - for child_cert in ca_detail.child_certs(gctx): - repository.withdraw(gctx, (child_cert.cert, child_cert.uri(self))) - child_cert.sql_delete(gctx) - for child_cert in ca_detail.child_certs(gctx, revoked = True): - child_cert.sql_delete(gctx) - repository.withdraw(gctx, (ca_detail.latest_crl, ca_detail.crl_uri()), (ca_detail.latest_manifest, ca_detail.manifest_uri(self))) - ca_detail.sql_delete(gctx) + ca_detail.delete(gctx, ca, repository) self.sql_delete(gctx) def next_serial_number(self): @@ -406,6 +400,29 @@ class ca_detail_obj(sql_persistant): predecessor.state = "deprecated" predecessor.sql_mark_dirty() + def delete(self, gctx, ca, repository): + """Delete this ca_detail and all of its associated child_cert objects.""" + + for child_cert in self.child_certs(gctx): + repository.withdraw(gctx, (child_cert.cert, child_cert.uri(ca))) + child_cert.sql_delete(gctx) + for child_cert in self.child_certs(gctx, revoked = True): + child_cert.sql_delete(gctx) + repository.withdraw(gctx, (self.latest_crl, self.crl_uri()), (self.latest_manifest, self.manifest_uri(ca))) + self.sql_delete(gctx) + + def revoke(self, gctx): + """Request revocation of all certificates whose SKI matches the key for this ca_detail.""" + + # This will need a callback when we go event-driven + r_msg = rpki.up_down.revoke_pdu.query(gctx, self) + + if r_msg.payload.ski != self.latest_ca_cert.gSKI(): + raise rpki.exceptions.SKIMismatch + + ca = self.ca(gctx) + self.delete(gctx, ca, ca.parent(gctx).repository(gctx)) + def update(self, gctx, parent, ca, rc, sia_uri_changed, old_resources): """Need to get a new certificate for this ca_detail and perhaps frob children of this ca_detail. |