aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--scripts/Makefile8
-rw-r--r--scripts/biz-certs/Bob-CA.srl2
-rw-r--r--scripts/rpki/exceptions.py3
-rw-r--r--scripts/rpki/left_right.py6
-rw-r--r--scripts/rpki/log.py2
-rw-r--r--scripts/rpki/sql.py31
6 files changed, 36 insertions, 16 deletions
diff --git a/scripts/Makefile b/scripts/Makefile
index 9be3323d..8133d691 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -16,10 +16,6 @@ all:: up-down-schema.rng
up-down-schema.rng: up-down-schema.rnc
trang up-down-schema.rnc up-down-schema.rng
-test:: relaxng
-
-#test:: all ; python xml-parse-test.py
-
dont-run-trang:
touch *.rng
@@ -29,6 +25,10 @@ relaxng: left-right-protocol-samples/.stamp left-right-schema.rng up-down-schema
# all:: resource-cert-samples-regen
+# test:: relaxng
+
+# test:: all ; python xml-parse-test.py
+
resource-cert-samples-regen: resource-cert-samples/.stamp
cd resource-cert-samples && make
diff --git a/scripts/biz-certs/Bob-CA.srl b/scripts/biz-certs/Bob-CA.srl
index 7ef55b1e..a7b6a1e3 100644
--- a/scripts/biz-certs/Bob-CA.srl
+++ b/scripts/biz-certs/Bob-CA.srl
@@ -1 +1 @@
-90801F1ED1945526
+90801F1ED1945528
diff --git a/scripts/rpki/exceptions.py b/scripts/rpki/exceptions.py
index 43b7ab4d..ba375ed4 100644
--- a/scripts/rpki/exceptions.py
+++ b/scripts/rpki/exceptions.py
@@ -58,3 +58,6 @@ class BadSender(Exception):
class ClassNameMismatch(Exception):
"""class_name does not match child context."""
+
+class SKIMismatch(Exception):
+ """SKI value in response does not match request."""
diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py
index 89e5fcf3..10beb452 100644
--- a/scripts/rpki/left_right.py
+++ b/scripts/rpki/left_right.py
@@ -320,10 +320,10 @@ class self_elt(data_elt):
for parent in self.parents(gctx):
# This will need a callback when we go event-driven
- r_pdu = rpki.up_down.list_pdu.query(gctx, parent)
+ r_msg = rpki.up_down.list_pdu.query(gctx, parent)
ca_map = dict((ca.parent_resource_class, ca) for ca in parent.cas(gctx))
- for rc in r_pdu.payload.classes:
+ for rc in r_msg.payload.classes:
if rc.class_name in ca_map:
ca = ca_map[rc.class_name]
del ca_map[rc.class_name]
@@ -531,7 +531,7 @@ class parent_elt(data_elt):
"""Handle a left-right revoke action for this parent."""
for ca in self.cas(gctx):
for ca_detail in ca.ca_details(gctx):
- raise rpki.exceptions.NotImplementedYet
+ ca_detail.revoke(gctx)
def serve_reissue(self, gctx):
"""Handle a left-right reissue action for this parent."""
diff --git a/scripts/rpki/log.py b/scripts/rpki/log.py
index f8a0844b..e7b95a63 100644
--- a/scripts/rpki/log.py
+++ b/scripts/rpki/log.py
@@ -27,7 +27,7 @@ notice = logger(syslog.LOG_NOTICE)
info = logger(syslog.LOG_INFO)
debug = logger(syslog.LOG_DEBUG)
-enable_trace = True
+enable_trace = False
def trace():
"""Execution trace -- where are we now, and whence came we here?"""
diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py
index 81d93970..305fb07f 100644
--- a/scripts/rpki/sql.py
+++ b/scripts/rpki/sql.py
@@ -313,13 +313,7 @@ class ca_obj(sql_persistant):
repository = parent.repository(gctx)
for ca_detail in self.ca_details(gctx):
- for child_cert in ca_detail.child_certs(gctx):
- repository.withdraw(gctx, (child_cert.cert, child_cert.uri(self)))
- child_cert.sql_delete(gctx)
- for child_cert in ca_detail.child_certs(gctx, revoked = True):
- child_cert.sql_delete(gctx)
- repository.withdraw(gctx, (ca_detail.latest_crl, ca_detail.crl_uri()), (ca_detail.latest_manifest, ca_detail.manifest_uri(self)))
- ca_detail.sql_delete(gctx)
+ ca_detail.delete(gctx, ca, repository)
self.sql_delete(gctx)
def next_serial_number(self):
@@ -406,6 +400,29 @@ class ca_detail_obj(sql_persistant):
predecessor.state = "deprecated"
predecessor.sql_mark_dirty()
+ def delete(self, gctx, ca, repository):
+ """Delete this ca_detail and all of its associated child_cert objects."""
+
+ for child_cert in self.child_certs(gctx):
+ repository.withdraw(gctx, (child_cert.cert, child_cert.uri(ca)))
+ child_cert.sql_delete(gctx)
+ for child_cert in self.child_certs(gctx, revoked = True):
+ child_cert.sql_delete(gctx)
+ repository.withdraw(gctx, (self.latest_crl, self.crl_uri()), (self.latest_manifest, self.manifest_uri(ca)))
+ self.sql_delete(gctx)
+
+ def revoke(self, gctx):
+ """Request revocation of all certificates whose SKI matches the key for this ca_detail."""
+
+ # This will need a callback when we go event-driven
+ r_msg = rpki.up_down.revoke_pdu.query(gctx, self)
+
+ if r_msg.payload.ski != self.latest_ca_cert.gSKI():
+ raise rpki.exceptions.SKIMismatch
+
+ ca = self.ca(gctx)
+ self.delete(gctx, ca, ca.parent(gctx).repository(gctx))
+
def update(self, gctx, parent, ca, rc, sia_uri_changed, old_resources):
"""Need to get a new certificate for this ca_detail and perhaps
frob children of this ca_detail.
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-13 01:36:13 +0000