2 files changed, 60 insertions, 3 deletions

diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py
index 72412cbe..7d056b7b 100644
--- a/rpkid/rpki/left_right.py
+++ b/rpkid/rpki/left_right.py
@@ -190,6 +190,7 @@ class self_elt(data_elt):
     """
     return rpki.rpkid.ghostbuster_obj.sql_fetch_where(self.gctx, "self_id = %s", (self.self_id,))
 
+
   def serve_post_save_hook(self, q_pdu, r_pdu, cb, eb):
     """
     Extra server actions for self_elt.
@@ -248,6 +249,25 @@ class self_elt(data_elt):
       parent.serve_revoke_forgotten(iterator, eb)
     rpki.async.iterator(self.parents, loop, cb)
 
+  def serve_destroy_hook(self, cb, eb):
+    """
+    Extra cleanup actions when destroying a self_elt.
+    """
+
+    def loop(iterator, parent):
+
+      def revoked_forgotten():
+        parent.delete(iterator)
+
+      def revoke_forgotten_failed(e):
+        rpki.log.warn("Couldn't revoke forgotten certificates, blundering onwards: %s" % e)
+        revoked_forgotten()
+
+      parent.serve_revoke_forgotten(revoked_forgotten, revoke_forgotten_failed)
+
+    rpki.async.iterator(self.parents, loop, cb)
+
+
   def serve_publish_world_now(self, cb, eb):
     """
     Handle a left-right publish_world_now action for this self.
@@ -704,6 +724,7 @@ class self_elt(data_elt):
     self.gctx.sql.sweep()
     self.gctx.irdb_query_roa_requests(self.self_handle, got_roa_requests, roa_requests_failed)
 
+
 class bsc_elt(data_elt):
   """
   <bsc/> (Business Signing Context) element.
@@ -971,6 +992,39 @@ class parent_elt(data_elt):
     rpki.up_down.list_pdu.query(self, got_list, eb)
 
 
+  def delete(self, cb, delete_parent = True):
+    """
+    Delete all the CA stuff under this parent, and perhaps the parent
+    itself.
+    """
+
+    def loop(iterator, ca):
+
+      def revoked():
+        ca.delete(self, iterator)
+
+      def revoke_failed(e):
+        rpki.log.warn("Couldn't revoke CA certificate, blundering onwards: %s" %  e)
+        revoked()
+
+      ca.revoke(revoked, revoke_failed, revoke_all = True)
+
+    def done():
+      if delete_parent:
+        self.sql_delete()
+      cb()
+
+    rpki.async.iterator(self.cas, loop, done)
+
+
+  def serve_destroy_hook(self, cb, eb):
+    """
+    Extra server actions when destroying a parent_elt.
+    """
+
+    self.delete(cb, delete_parent = False)
+
+
   def query_up_down(self, q_pdu, cb, eb):
     """
     Client code for sending one up-down query PDU to this parent.
diff --git a/rpkid/rpki/rpkid.py b/rpkid/rpki/rpkid.py
index 30a6da33..e2530813 100644
--- a/rpkid/rpki/rpkid.py
+++ b/rpkid/rpki/rpkid.py
@@ -625,9 +625,10 @@ class ca_obj(rpki.sql.sql_persistent):
 
     rpki.up_down.issue_pdu.query(parent, self, new_detail, done, eb)
 
-  def revoke(self, cb, eb):
+  def revoke(self, cb, eb, revoke_all = False):
     """
-    Revoke deprecated ca_detail objects associated with this ca.
+    Revoke deprecated ca_detail objects associated with this CA, or
+    all ca_details associated with this CA if revoke_all is set.
     """
 
     rpki.log.trace()
@@ -635,7 +636,9 @@ class ca_obj(rpki.sql.sql_persistent):
     def loop(iterator, ca_detail):
       ca_detail.revoke(cb = iterator, eb = eb)
 
-    rpki.async.iterator(self.deprecated_ca_details, loop, cb)
+    ca_details = self.ca_details if revoke_all else self.deprecated_ca_details
+
+    rpki.async.iterator(ca_details, loop, cb)
 
   def reissue(self, cb, eb):
     """