Checkpoint

svn path=/scripts/rpki/left_right.py; revision=1425

3 files changed, 18 insertions, 11 deletions

diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py
index 92aeffbc..263b47a0 100644
--- a/scripts/rpki/left_right.py
+++ b/scripts/rpki/left_right.py
@@ -366,12 +366,13 @@ class self_elt(data_elt):
           continue
         old_resources = child_cert.cert.get_3779resources()
         new_resources = irdb_resources.intersection(old_resources)
-        if old_resources != new_resources or old_resources.valid_until != new_resources.valid_until:
+        if old_resources != new_resources:
+          rpki.log.debug("Need to reissue %s" % repr(child_cert))
           child_cert.reissue(
             gctx      = gctx,
             ca_detail = ca_detail,
             resources = new_resources,
-            sia       = ca_detail.ca(gctx).sia_uri())
+            sia       = ca_detail.ca(gctx).sia_uri)
         elif old_resources.valid_until < now:
           parent = ca.parent(gctx)
           repository = parent.repository(gctx)
diff --git a/scripts/rpki/resource_set.py b/scripts/rpki/resource_set.py
index baf68d82..2ea15643 100644
--- a/scripts/rpki/resource_set.py
+++ b/scripts/rpki/resource_set.py
@@ -428,7 +428,10 @@ class resource_bag(object):
     return not self.as and not self.v4 and not self.v6
 
   def __eq__(self, other):
-    return self.as == other.as and self.v4 == other.v4 and self.v6 == other.v6
+    return self.as == other.as and \
+           self.v4 == other.v4 and \
+           self.v6 == other.v6 and \
+           self.valid_until == other.valid_until
 
   def __ne__(self, other):
     return not (self == other)
diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py
index 865ef5a2..ffeca909 100644
--- a/scripts/rpki/sql.py
+++ b/scripts/rpki/sql.py
@@ -1,6 +1,6 @@
 # $Id$
 
-import MySQLdb, time
+import MySQLdb, time, traceback
 import rpki.x509, rpki.resource_set, rpki.sundial
 
 def connect(cfg, section="sql"):
@@ -88,10 +88,9 @@ class sql_persistant(object):
     elif len(results) == 1:
       return results[0]
     else:
-      if args is not None:
-        where = where % args
       raise rpki.exceptions.DBConsistancyError, \
-            "Database contained multiple matches for %s where %s" % (cls.__name__, where)
+            "Database contained multiple matches for %s where %s" % \
+            (cls.__name__, where % tuple(repr(a) for a in args))
 
   @classmethod
   def sql_fetch_all(cls, gctx):
@@ -498,7 +497,8 @@ class ca_detail_obj(sql_persistant):
       serial      = ca.next_serial_number(),
       aia         = self.ca_cert_uri,
       crldp       = self.crl_uri(ca),
-      sia         = sia,
+      sia         = ((rpki.oids.name2oid["id-ad-caRepository"], ("uri", ca.sia_uri)),
+                     (rpki.oids.name2oid["id-ad-rpkiManifest"], ("uri", self.manifest_uri(ca)))),
       resources   = resources,
       notAfter    = resources.valid_until)
 
@@ -622,6 +622,9 @@ class child_cert_obj(sql_persistant):
 
     must_revoke = old_resources.oversized(resources) or old_resources.valid_until > resources.valid_until
 
+    if resources.valid_until != old_resources.valid_until:
+      rpki.log.debug("Validity changed: %s %s" % ( old_resources.valid_until, resources.valid_until))
+
     if must_revoke:
       child_cert = None
     else:
@@ -652,10 +655,10 @@ class child_cert_obj(sql_persistant):
     """
 
     args = []
+    where = "revoked IS"
     if revoked:
-      where = "revoked IS NOT NULL"
-    else:
-      where = "revoked IS NULL"
+      where += " NOT"
+    where += " NULL"
     if child:
       where += " AND child_id = %s"
       args.append(child.child_id)