2 files changed, 49 insertions, 21 deletions

diff --git a/rpkid/rpki/gui/cacheview/util.py b/rpkid/rpki/gui/cacheview/util.py
index 2f5cfd90..dffa591f 100644
--- a/rpkid/rpki/gui/cacheview/util.py
+++ b/rpkid/rpki/gui/cacheview/util.py
@@ -52,26 +52,40 @@ def rcynic_cert(cert, obj):
     obj.asns.clear()
     obj.addresses.clear()
 
-    for asr in cert.resources.asn:
-        logger.debug('processing %s' % asr)
-
-        attrs = {'min': asr.min, 'max': asr.max}
-        q = models.ASRange.objects.filter(**attrs)
-        if not q:
-            obj.asns.create(**attrs)
-        else:
-            obj.asns.add(q[0])
-
-    for cls, addr_obj, addrset in (models.AddressRange, obj.addresses, cert.resources.v4), (models.AddressRangeV6, obj.addresses_v6, cert.resources.v6):
-        for rng in addrset:
-            logger.debug('processing %s' % rng)
-
-            attrs = {'prefix_min': rng.min, 'prefix_max': rng.max}
-            q = cls.objects.filter(**attrs)
+    if cert.resources.asn.inherit:
+        # FIXME: what happens when the parent's resources change and the child
+        # cert is not reissued?
+        obj.asns.add(*obj.issuer.asns.all())
+    else:
+        for asr in cert.resources.asn:
+            logger.debug('processing %s' % asr)
+
+            attrs = {'min': asr.min, 'max': asr.max}
+            q = models.ASRange.objects.filter(**attrs)
             if not q:
-                addr_obj.create(**attrs)
+                obj.asns.create(**attrs)
             else:
-                addr_obj.add(q[0])
+                obj.asns.add(q[0])
+
+    for cls, addr_obj, addrset, parentset in (
+        models.AddressRange, obj.addresses, cert.resources.v4,
+        obj.issuer.addresses
+    ), (
+        models.AddressRangeV6, obj.addresses_v6, cert.resources.v6,
+        obj.issuer.addresses_v6
+    ):
+        if addrset.inherit:
+            addr_obj.add(*parentset.all())
+        else:
+            for rng in addrset:
+                logger.debug('processing %s' % rng)
+
+                attrs = {'prefix_min': rng.min, 'prefix_max': rng.max}
+                q = cls.objects.filter(**attrs)
+                if not q:
+                    addr_obj.create(**attrs)
+                else:
+                    addr_obj.add(q[0])
 
 
 def rcynic_roa(roa, obj):
diff --git a/rpkid/rpki/resource_set.py b/rpkid/rpki/resource_set.py
index 39514ccb..0147ee42 100644
--- a/rpkid/rpki/resource_set.py
+++ b/rpkid/rpki/resource_set.py
@@ -329,7 +329,7 @@ class resource_set(list):
     """
     Whack this resource_set into canonical form.
     """
-    assert not self.inherit or not self
+    assert not self.inherit or len(self) == 0
     if not self.canonical:
       self.sort()
       i = 0
@@ -512,9 +512,23 @@ class resource_set(list):
   def __gt__(self, other):
     return not self.issubset(other)
 
-  __eq__ = list.__eq__
+  def __ne__(self, other):
+    """
+    A set with the inherit bit set is always unequal to any other set, because
+    we can't know the answer here.  This is also consistent with __nonzero__
+    which returns True for inherit sets, and False for empty sets.
+    """
+    return self.inherit or other.inherit or list.__ne__(self, other)
 
-  __ne__ = list.__ne__
+  def __eq__(self, other):
+    return not self.__ne__(other)
+
+  def __nonzero__(self):
+    """
+    Tests whether or not this set is empty.  Note that sets with the inherit
+    bit set are considered non-empty, despite having zero length.
+    """
+    return self.inherit or len(self)
 
   @classmethod
   def from_sql(cls, sql, query, args = None):