diff options
| author | Rob Austein <sra@hactrn.net> | 2007-09-25 19:48:42 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2007-09-25 19:48:42 +0000 |
| commit | 2ce89c1051fec4b39a8e49b53e4b862f8f7d4fcb (patch) | |
| tree | 29a124206b003d1b514310da6b29a88533722ae4 /scripts | |
| parent | bca32923364c4e28c54622c78eb072a4a2e0d0d4 (diff) | |
Implement child_cert
svn path=/scripts/rpki/left_right.py; revision=1029
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/rpki/left_right.py | 15 | ||||
| -rw-r--r-- | scripts/rpki/sql.py | 20 | ||||
| -rw-r--r-- | scripts/rpki/up_down.py | 26 |
3 files changed, 30 insertions, 31 deletions
diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py index f3353026..5068f4b0 100644 --- a/scripts/rpki/left_right.py +++ b/scripts/rpki/left_right.py @@ -347,21 +347,6 @@ class child_elt(data_elt): peer_ta = None - def __init__(self): - self.certs = {} - - def sql_fetch_hook(self, db, cur): - cur.execute("SELECT ca_detail_id, cert FROM child_cert WHERE child_id = %s", self.child_id) - self.certs = dict((ca_detail_id, rpki.x509.X509(DER=cert)) for (ca_detail_id, cert) in cur.fetchall()) - - def sql_insert_hook(self, db, cur): - if self.certs: - cur.executemany("INSERT child_cert (child_id, ca_detail_id, cert) VALUES (%s, %s, %s)", - ((self.child_id, ca_detail_id, cert.get_DER()) for (ca_detail_id, cert) in self.certs.items())) - - def sql_delete_hook(self, db, cur): - cur.execute("DELETE FROM child_cert where child_id = %s", self.child_id) - def serve_post_save_hook(self, q_pdu, r_pdu): if self.reissue: raise NotImplementedError diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py index d74be7fb..ea9299cd 100644 --- a/scripts/rpki/sql.py +++ b/scripts/rpki/sql.py @@ -158,6 +158,11 @@ class sql_persistant(object): # Some persistant objects are defined in rpki.left_right, since # they're also left-right PDUs. The rest are defined below, for now. +class ca_obj(sql_persistant): + """Internal CA object.""" + + sql_template = template("ca", "ca_id", "last_crl_sn", "next_crl_update", "last_issued_sn", "last_manifest_sn", "next_manifest_update", "sia_uri", "parent_id") + class ca_detail_obj(sql_persistant): """Internal CA detail object.""" @@ -192,7 +197,16 @@ class ca_detail_obj(sql_persistant): d["manifest_ee_cert"] = self.manifest_ee_cert.get_DER() return d -class ca_obj(sql_persistant): - """Internal CA object.""" +class child_cert_obj(sql_persistant): + """Certificate that has been issued to a child.""" - sql_template = template("ca", "ca_id", "last_crl_sn", "next_crl_update", "last_issued_sn", "last_manifest_sn", "next_manifest_update", "sia_uri", "parent_id") + sql_template = template("child_cert", "child_cert_id", "cert", "child_id", "ca_detail_id") + + def sql_decode(self, vals): + sql_persistant.sql_decode(self, vals) + self.cert = rpki.x509.X509(DER = self.cert) + + def sql_encode(self): + d = sql_persistant.sql_encode(self) + d["cert"] = self.cert.get_DER() + return d diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py index ec4ac62d..520e3486 100644 --- a/scripts/rpki/up_down.py +++ b/scripts/rpki/up_down.py @@ -134,17 +134,17 @@ class class_elt(base_elt): self.make_b64elt(elt, "issuer", self.issuer.get_DER()) return elt -def cons_resource_class(now, child, ca_id, irdb_as, irdb_v4, irdb_v6): - latest_ca_detail = None - for ca_detail in rpki.sql.ca_detail_elt.sql_fetch_where(gctx.db, gctx.cur, "ca_id = %s" % ca_id): - if ca_detail.latest_ca_cert_over_public_key is not None and \ - ca_detail.latest_ca_cert_over_public_key.getNotBefore() <= now and \ - ca_detail.latest_ca_cert_over_public_key.getNotAfter() >= now and \ - (latest_ca_detail is None or ca_detail.latest_ca_cert_over_public_key.getNotBefore() > latest_ca_detail.latest_ca_cert_over_public_key.getNotBefore()): - latest_ca_detail = ca_detail - if not latest_ca_detail: +def cons_resource_class(gctx, now, child, ca_id, irdb_as, irdb_v4, irdb_v6): + ca_detail = None + for c in rpki.sql.ca_detail_elt.sql_fetch_where(gctx.db, gctx.cur, "ca_id = %s" % ca_id): + if c.latest_ca_cert_over_public_key is not None and \ + c.latest_ca_cert_over_public_key.getNotBefore() <= now and \ + c.latest_ca_cert_over_public_key.getNotAfter() >= now and \ + (ca_detail is None or c.latest_ca_cert_over_public_key.getNotBefore() > ca_detail.latest_ca_cert_over_public_key.getNotBefore()): + ca_detail = c + if not ca_detail: return None - rc_as, rc_v4, rc_v6 = latest_ca_detail.latest_ca_cert_over_public_key.get_3779resources() + rc_as, rc_v4, rc_v6 = ca_detail.latest_ca_cert_over_public_key.get_3779resources() rc_as.intersection(irdb_as) rc_v4.intersection(irdb_v4) rc_v6.intersection(irdb_v6) @@ -156,10 +156,10 @@ def cons_resource_class(now, child, ca_id, irdb_as, irdb_v4, irdb_v6): rc.resource_set_as = rc_as rc.resource_set_ipv4 = rc_v4 rc.resource_set_ipv6 = rc_v6 - if child.certs[latest_ca_detail.ca_detail_id]: + for child_cert in rpki.sql.child_cert_obj.sql_fetch_where(gctx.db, gctx.cur, "child_id = %s AND ca_detail_id = %s" % (child.child_id, ca_detail.ca_detail_id)): c = certificate_elt() c.cert_url = "rsync://niy.invalid" - c.cert = child.certs[latest_ca_detail.ca_detail_id] + c.cert = child_cert.cert rc.certs.append(c) return rc @@ -175,7 +175,7 @@ class list_pdu(base_elt): irdb_as, irdb_v4, irdb_v6 = rpki.left_right.irdb_query(gctx, child.self_id, child.child_id) now = int(time.time()) for ca_id in rpki.sql.fetch_column(gctx.cur, "SELECT ca_id FROM ca WHERE ca.parent_id = parent.parent_id AND parent.self_id = %s" % child.self_id): - rc = cons_resource_class(now = now, child = child, ca_id = ca_id, irdb_as = irdb_as, irdb_v4 = irdb_v4, irdb_v6 = irdb_v6) + rc = cons_resource_class(gctx = gctx, now = now, child = child, ca_id = ca_id, irdb_as = irdb_as, irdb_v4 = irdb_v4, irdb_v6 = irdb_v6) if rc is not None: r_msg.payload.classes.append(rc) |