diff options
| author | Rob Austein <sra@hactrn.net> | 2008-02-22 22:08:05 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-02-22 22:08:05 +0000 |
| commit | a03b39146de1a6d9134f873647a0e6be746fcb08 (patch) | |
| tree | 0785a9955c4ac4d56bcbe0818cd8d1fde0ca458b /scripts/rpki | |
| parent | 7a6f6a218d7a6669a34d91d4a3fd9a656fe9ba11 (diff) | |
Withdraw certs as part of revocation
svn path=/scripts/rpki/left_right.py; revision=1519
Diffstat (limited to 'scripts/rpki')
| -rw-r--r-- | scripts/rpki/left_right.py | 4 | ||||
| -rw-r--r-- | scripts/rpki/sql.py | 9 | ||||
| -rw-r--r-- | scripts/rpki/up_down.py | 2 |
3 files changed, 9 insertions, 6 deletions
diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py index b512d94e..e38bea22 100644 --- a/scripts/rpki/left_right.py +++ b/scripts/rpki/left_right.py @@ -799,13 +799,13 @@ class repository_elt(data_elt): def publish(self, gctx, obj, uri): """Placeholder for publication operation. [TEMPORARY]""" rpki.log.trace() - rpki.log.info("Pretending to publish %s to repository %s at %s" % (repr(obj), repr(self), repr(uri))) + rpki.log.info("Publishing %s to repository %s at %s" % (repr(obj), repr(self), repr(uri))) self.object_write(gctx.publication_kludge_base, uri, obj) def withdraw(self, gctx, obj, uri): """Placeholder for publication withdrawal operation. [TEMPORARY]""" rpki.log.trace() - rpki.log.info("Pretending to withdraw %s from repository %s at %s" % (repr(obj), repr(self), repr(uri))) + rpki.log.info("Withdrawing %s from repository %s at %s" % (repr(obj), repr(self), repr(uri))) self.object_delete(gctx.publication_kludge_base, uri) class route_origin_elt(data_elt): diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py index 92b4c48b..022e4dd5 100644 --- a/scripts/rpki/sql.py +++ b/scripts/rpki/sql.py @@ -509,7 +509,7 @@ class ca_detail_obj(sql_persistant): for child_cert in self.child_certs(gctx): nextUpdate = nextUpdate.later(child_cert.cert.getNotAfter()) - child_cert.revoke() + child_cert.revoke(gctx) nextUpdate += crl_interval @@ -709,11 +709,14 @@ class child_cert_obj(sql_persistant): """Return the publication URI for this child_cert.""" return ca.sia_uri + self.uri_tail() - def revoke(self): + def revoke(self, gctx): """Mark a child cert as revoked.""" if self.revoked is None: rpki.log.debug("Revoking %s" % repr(self)) self.revoked = rpki.sundial.datetime.utcnow() + ca = self.ca_detail(gctx).ca(gctx) + repository = ca.parent(gctx).repository(gctx) + repository.withdraw(gctx, self.cert, self.uri(ca)) self.sql_mark_dirty() def reissue(self, gctx, ca_detail, resources = None, sia = None): @@ -766,7 +769,7 @@ class child_cert_obj(sql_persistant): if must_revoke: for cert in child.child_certs(gctx = gctx, ca_detail = ca_detail, ski = self.ski): if cert is not child_cert: - cert.revoke() + cert.revoke(gctx) return child_cert diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py index 93b5fbf2..c42bdac2 100644 --- a/scripts/rpki/up_down.py +++ b/scripts/rpki/up_down.py @@ -353,7 +353,7 @@ class revoke_pdu(revoke_syntax): """Serve one revoke request PDU.""" for ca_detail in child.ca_from_class_name(gctx, self.class_name).ca_details(gctx): for child_cert in child.child_certs(gctx, ca_detail = ca_detail, ski = self.get_SKI()): - child_cert.revoke() + child_cert.revoke(gctx) rpki.sql.sql_sweep(gctx) r_msg.payload = revoke_response_pdu() r_msg.payload.class_name = self.class_name |