Checkpoint

svn path=/scripts/rpki/left_right.py; revision=1425

5 files changed, 34 insertions, 22 deletions

diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py
index 92aeffbc..263b47a0 100644
--- a/scripts/rpki/left_right.py
+++ b/scripts/rpki/left_right.py
@@ -366,12 +366,13 @@ class self_elt(data_elt):
           continue
         old_resources = child_cert.cert.get_3779resources()
         new_resources = irdb_resources.intersection(old_resources)
-        if old_resources != new_resources or old_resources.valid_until != new_resources.valid_until:
+        if old_resources != new_resources:
+          rpki.log.debug("Need to reissue %s" % repr(child_cert))
           child_cert.reissue(
             gctx      = gctx,
             ca_detail = ca_detail,
             resources = new_resources,
-            sia       = ca_detail.ca(gctx).sia_uri())
+            sia       = ca_detail.ca(gctx).sia_uri)
         elif old_resources.valid_until < now:
           parent = ca.parent(gctx)
           repository = parent.repository(gctx)
diff --git a/scripts/rpki/resource_set.py b/scripts/rpki/resource_set.py
index baf68d82..2ea15643 100644
--- a/scripts/rpki/resource_set.py
+++ b/scripts/rpki/resource_set.py
@@ -428,7 +428,10 @@ class resource_bag(object):
     return not self.as and not self.v4 and not self.v6
 
   def __eq__(self, other):
-    return self.as == other.as and self.v4 == other.v4 and self.v6 == other.v6
+    return self.as == other.as and \
+           self.v4 == other.v4 and \
+           self.v6 == other.v6 and \
+           self.valid_until == other.valid_until
 
   def __ne__(self, other):
     return not (self == other)
diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py
index 865ef5a2..ffeca909 100644
--- a/scripts/rpki/sql.py
+++ b/scripts/rpki/sql.py
@@ -1,6 +1,6 @@
 # $Id$
 
-import MySQLdb, time
+import MySQLdb, time, traceback
 import rpki.x509, rpki.resource_set, rpki.sundial
 
 def connect(cfg, section="sql"):
@@ -88,10 +88,9 @@ class sql_persistant(object):
     elif len(results) == 1:
       return results[0]
     else:
-      if args is not None:
-        where = where % args
       raise rpki.exceptions.DBConsistancyError, \
-            "Database contained multiple matches for %s where %s" % (cls.__name__, where)
+            "Database contained multiple matches for %s where %s" % \
+            (cls.__name__, where % tuple(repr(a) for a in args))
 
   @classmethod
   def sql_fetch_all(cls, gctx):
@@ -498,7 +497,8 @@ class ca_detail_obj(sql_persistant):
       serial      = ca.next_serial_number(),
       aia         = self.ca_cert_uri,
       crldp       = self.crl_uri(ca),
-      sia         = sia,
+      sia         = ((rpki.oids.name2oid["id-ad-caRepository"], ("uri", ca.sia_uri)),
+                     (rpki.oids.name2oid["id-ad-rpkiManifest"], ("uri", self.manifest_uri(ca)))),
       resources   = resources,
       notAfter    = resources.valid_until)
 
@@ -622,6 +622,9 @@ class child_cert_obj(sql_persistant):
 
     must_revoke = old_resources.oversized(resources) or old_resources.valid_until > resources.valid_until
 
+    if resources.valid_until != old_resources.valid_until:
+      rpki.log.debug("Validity changed: %s %s" % ( old_resources.valid_until, resources.valid_until))
+
     if must_revoke:
       child_cert = None
     else:
@@ -652,10 +655,10 @@ class child_cert_obj(sql_persistant):
     """
 
     args = []
+    where = "revoked IS"
     if revoked:
-      where = "revoked IS NOT NULL"
-    else:
-      where = "revoked IS NULL"
+      where += " NOT"
+    where += " NULL"
     if child:
       where += " AND child_id = %s"
       args.append(child.child_id)
diff --git a/scripts/testdb.py b/scripts/testdb.py
index 353acee0..aa217420 100644
--- a/scripts/testdb.py
+++ b/scripts/testdb.py
@@ -5,6 +5,8 @@ import rpki.resource_set, rpki.sundial, rpki.x509, rpki.https, rpki.log, rpki.le
 
 # Most of these globals probably belong in a config file.
 
+yaml_script    = "../testdb1.yaml"
+
 irbe_name      = "testdb"
 irbe_key       = None
 irbe_certs     = None
@@ -46,7 +48,7 @@ def main():
 
   subprocess.check_call(("rm", "-rf", "publication"))
 
-  y = [y for y in yaml.safe_load_all(open("../testdb2.yaml"))]
+  y = [y for y in yaml.safe_load_all(open(yaml_script))]
 
   db = allocation_db(y.pop(0))
 
@@ -132,15 +134,18 @@ def main():
       # and that everything that was supposed to be published has been
       # published.  [Not written yet]
 
-      pass
-
-      # Read and apply next deltas from master YAML
+      # If we've run out of deltas to apply, we're done
 
-      if y:
-        db.apply_delta(y.pop(0))
-      else:
+      if not y:
         break
 
+      # Apply next deltas and resync IRDBs
+
+      db.apply_delta(y.pop(0))
+
+      for a in db.engines:
+        a.sync_sql()
+
   # Clean up
 
   finally:
@@ -293,6 +298,7 @@ class allocation(object):
         cur.execute("INSERT net (start_ip, end_ip, version, registrant_id) VALUES (%s, %s, 4, %s)", (v4_range.min, v4_range.max, registrant_id))
       for v6_range in kid.resources.v6:
         cur.execute("INSERT net (start_ip, end_ip, version, registrant_id) VALUES (%s, %s, 6, %s)", (v6_range.min, v6_range.max, registrant_id))
+      cur.execute("UPDATE registrant SET valid_until = %s WHERE registrant_id = %s", (kid.resources.valid_until, registrant_id))
     db.close()
 
   def run_daemons(self):
diff --git a/scripts/testdb1.yaml b/scripts/testdb1.yaml
index aac5f77f..9b8929b7 100644
--- a/scripts/testdb1.yaml
+++ b/scripts/testdb1.yaml
@@ -12,9 +12,8 @@ kids:
 ---
 - name: Alice
   add_as: 33
+  valid_until: 2009-07-14T12:30:00Z
 ---
 - name: Alice
-  sub_as: 33
----
-- name: Alice
-  valid_until: 2009-07-14T12:30:00Z
+  add_as: 33
+  valid_until: 2008-07-14T12:30:00Z