diff options
| author | Rob Austein <sra@hactrn.net> | 2007-11-14 17:22:06 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2007-11-14 17:22:06 +0000 |
| commit | 8d48fee8d4f99bcd07c8def5fdc4a5cbb302ae35 (patch) | |
| tree | 50c6596a54b0cba28bdccf5d3ff6f5b0343653a2 /scripts/rpki/up_down.py | |
| parent | d8cc553708a7cc662d3f33d5efa270ecb2bfa513 (diff) | |
Rewrite child_cert.reissue() to support the full range of actions it
might need to take, from returning the existing cert unchanged to
generating a new cert while revoking the old one.
svn path=/scripts/biz-certs/Bob-CA.srl; revision=1294
Diffstat (limited to 'scripts/rpki/up_down.py')
| -rw-r--r-- | scripts/rpki/up_down.py | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py index 7f127971..82852bac 100644 --- a/scripts/rpki/up_down.py +++ b/scripts/rpki/up_down.py @@ -259,7 +259,7 @@ class issue_pdu(base_elt): # Check current cert, if any irdb_resources = rpki.left_right.irdb_query(gctx, child.self_id, child.child_id) - resources = ca_detail.latest_ca_cert.get_3779resources().intersection(irdb_resources) + resources = irdb_resources.intersection(ca_detail.latest_ca_cert.get_3779resources()) req_key = self.pkcs10.getPublicKey() req_sia = self.pkcs10.get_SIA() child_cert = rpki.sql.child_cert_obj.sql_fetch_where1(gctx, """ @@ -269,19 +269,17 @@ class issue_pdu(base_elt): # Generate new cert or regenerate old one if necessary if child_cert is None: - child_cert = ca_detail.issue(gctx = gctx, - ca = ca, - child = child, + child_cert = ca_detail.issue(gctx = gctx, + ca = ca, + child = child, subject_key = req_key, - sia = req_sia, - resources = resources, - valid_until = irdb_resources.valid_until) - elif resources != child_cert.cert.get_3779resources() or child_cert.cert.get_SIA() != req_sia: - child_cert = child_cert.reissue(gctx = gctx, + sia = req_sia, + resources = resources) + else: + child_cert = child_cert.reissue(gctx = gctx, ca_detail = ca_detail, - sia = req_sia, - resources = resources, - valid_until = irdb_resources.valid_until) + sia = req_sia, + resources = resources) # Save anything we modified and generate response rpki.sql.sql_sweep(gctx) |