diff options
| -rw-r--r-- | scripts/rpki/sql.py | 4 | ||||
| -rw-r--r-- | scripts/rpki/up_down.py | 18 |
2 files changed, 11 insertions, 11 deletions
diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py index 59e3a063..b9eb2f7d 100644 --- a/scripts/rpki/sql.py +++ b/scripts/rpki/sql.py @@ -179,7 +179,7 @@ class ca_detail_obj(sql_persistant): """Internal CA detail object.""" sql_template = template("ca", "ca_detail_id", "private_key_id", "public_key", "latest_ca_cert", "manifest_private_key_id", - "manifest_public_key", "latest_manifest_cert", "latest_manifest", "latest_crl", "status", "ca_id") + "manifest_public_key", "latest_manifest_cert", "latest_manifest", "latest_crl", "state", "ca_cert_uri", "ca_id") def sql_decode(self, vals): sql_persistant.sql_decode(self, vals) @@ -206,7 +206,7 @@ class ca_detail_obj(sql_persistant): @classmethod def sql_fetch_active(cls, db, cur, ca_id): - hits = cls.sql_fetch_where(db, cur, "ca_id = %s AND status = 'active'" % ca_id) + hits = cls.sql_fetch_where(db, cur, "ca_id = %s AND state = 'active'" % ca_id) assert len(hits) < 2, "Found more than one 'active' ca_detail record, this should not happen!" if hits: return hits[0] diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py index 206c0c2e..ff1a67c8 100644 --- a/scripts/rpki/up_down.py +++ b/scripts/rpki/up_down.py @@ -165,11 +165,11 @@ class list_pdu(base_elt): continue rc = class_elt() rc.class_name = str(ca_id) - rc.cert_url = "rsync://niy.invalid" + rc.cert_url = multi_uri(ca_detail.ca_cert_uri) rc.resource_set_as, rc.resource_set_ipv4, rc.resource_set_ipv6 = rc_as, rc_v4, rc_v6 for child_cert in rpki.sql.child_cert_obj.sql_fetch_where(gctx.db, gctx.cur, "child_id = %s AND ca_detail_id = %s" % (child.child_id, ca_detail.ca_detail_id)): c = certificate_elt() - c.cert_url = "rsync://niy.invalid" + c.cert_url = multi_uri(ca.sia_uri + child_cert.cert.gSKI() + ".cer") c.cert = child_cert.cert rc.certs.append(c) rc.issuer = ca_detail.latest_ca_cert @@ -254,7 +254,6 @@ class issue_pdu(base_elt): # Step 3: If we didn't find a reusable cert, generate a new one. if child_cert is None: # Some of this code probably should become a method of rpki.sql.ca_obj - base_uri = ca.sia_uri + ca_detail.latest_ca_cert.gSKI() ca.last_issued_sn += 1 ca.sql_mark_dirty() child_cert = rpki.sql.child_cert_obj() @@ -263,28 +262,29 @@ class issue_pdu(base_elt): child_cert.cert = ca_detail.latest_ca_cert.issue(keypair = ca_detail.private_key_id, subject_key = pubkey, serial = ca.last_issued_sn, - aia = base_uri + ".cer", - crldp = base_uri + ".crl", + aia = ca_detail.ca_cert_uri, + crldp = ca.sia_uri + ca_detail.latest_ca_cert.gSKI() + ".crl", sia = req_sia, as = rc_as, v4 = rc_v4, v6 = rc_v6) child_cert.sql_mark_dirty() - # Generate new manifest - # Publish new cert and manifest + print "Should generate a new manifest now" + print "Should publish newly-created certificate now" raise NotImplementedError # Save anything we modified and generate response rpki.sql.sql_sweep(gctx.db, gctx.cur) assert child_cert and child_cert.sql_in_db c = certificate_elt() - c.cert_url = "rsync://niy.invalid" + c.cert_url = multi_uri(ca.sia_uri + child_cert.cert.gSKI() + ".cer") c.cert = child_cert.cert rc = class_elt() - rc.cert_url = "rsync://niy.invalid" + rc.cert_url = multi_uri(ca_detail.ca_cert_uri) rc.resource_set_as, rc.resource_set_ipv4, rc.resource_set_ipv6 = rc_as, rc_v4, rc_v6 rc.certs.append(c) + rc.issuer = ca_detail.latest_ca_cert r_msg.payload = issue_response_pdu() r_msg.payload.classes.append(rc) |