aboutsummaryrefslogtreecommitdiff
path: root/rpki/rpkidb/models.py
diff options
context:
space:
mode:
Diffstat (limited to 'rpki/rpkidb/models.py')
-rw-r--r--rpki/rpkidb/models.py147
1 files changed, 147 insertions, 0 deletions
diff --git a/rpki/rpkidb/models.py b/rpki/rpkidb/models.py
new file mode 100644
index 00000000..a289b7ee
--- /dev/null
+++ b/rpki/rpkidb/models.py
@@ -0,0 +1,147 @@
+"""
+Django ORM models for rpkid.
+"""
+
+from __future__ import unicode_literals
+from django.db import models
+
+from rpki.fields import (EnumField, SundialField, BlobField,
+ CertificateField, KeyField, CRLField, PKCS10Field,
+ ManifestField, ROAField, GhostbusterField)
+
+
+# The objects available via the left-right protocol allow NULL values
+# in places we wouldn't otherwise (eg, bpki_cert fields), to support
+# existing protocol which allows back-end to build up objects
+# gradually. We may want to rethink this eventually, but that yak can
+# wait for its shave, particularly since disallowing null should be a
+# very simple change given migrations.
+
+
+# "self" was a really bad name for this, but we weren't using Python
+# when we named it. Perhaps "Tenant" would be a better name? Even
+# means sort of the right thing, well, in French anyway.
+# Eventually rename in left-right too, I guess.
+
+class Self(models.Model):
+ self_handle = models.SlugField(max_length = 255)
+ use_hsm = models.BooleanField(default = False)
+ crl_interval = models.BigIntegerField(null = True)
+ regen_margin = models.BigIntegerField(null = True)
+ bpki_cert = CertificateField(null = True)
+ bpki_glue = CertificateField(null = True)
+
+class BSC(models.Model):
+ bsc_handle = models.SlugField(max_length = 255)
+ private_key_id = KeyField()
+ pkcs10_request = PKCS10Field()
+ hash_alg = EnumField(choices = ("sha256",))
+ signing_cert = CertificateField(null = True)
+ signing_cert_crl = CRLField(null = True)
+ self = models.ForeignKey(Self)
+ class Meta:
+ unique_together = ("self", "bsc_handle")
+
+class Repository(models.Model):
+ repository_handle = models.SlugField(max_length = 255)
+ peer_contact_uri = models.TextField(null = True)
+ bpki_cert = CertificateField(null = True)
+ bpki_glue = CertificateField(null = True)
+ last_cms_timestamp = SundialField(null = True)
+ bsc = models.ForeignKey(BSC)
+ self = models.ForeignKey(Self)
+ class Meta:
+ unique_together = ("self", "repository_handle")
+
+class Parent(models.Model):
+ parent_handle = models.SlugField(max_length = 255)
+ bpki_cms_cert = CertificateField(null = True)
+ bpki_cms_glue = CertificateField(null = True)
+ peer_contact_uri = models.TextField(null = True)
+ sia_base = models.TextField(null = True)
+ sender_name = models.TextField(null = True)
+ recipient_name = models.TextField(null = True)
+ last_cms_timestamp = SundialField(null = True)
+ self = models.ForeignKey(Self)
+ bsc = models.ForeignKey(BSC)
+ repository = models.ForeignKey(Repository)
+ class Meta:
+ unique_together = ("self", "parent_handle")
+
+class CA(models.Model):
+ last_crl_sn = models.BigIntegerField()
+ last_manifest_sn = models.BigIntegerField()
+ next_manifest_update = SundialField(null = True)
+ next_crl_update = SundialField(null = True)
+ last_issued_sn = models.BigIntegerField()
+ sia_uri = models.TextField(null = True)
+ parent_resource_class = models.TextField(null = True)
+ parent = models.ForeignKey(Parent)
+
+class CADetail(models.Model):
+ public_key = KeyField(null = True)
+ private_key_id = KeyField(null = True)
+ latest_crl = CRLField(null = True)
+ crl_published = SundialField(null = True)
+ latest_ca_cert = CertificateField(null = True)
+ manifest_private_key_id = KeyField(null = True)
+ manifest_public_key = KeyField(null = True)
+ latest_manifest_cert = CertificateField(null = True)
+ latest_manifest = ManifestField(null = True)
+ manifest_published = SundialField(null = True)
+ state = EnumField(choices = ("pending", "active", "deprecated", "revoked"))
+ ca_cert_uri = models.TextField(null = True)
+ ca = models.ForeignKey(CA)
+
+class Child(models.Model):
+ child_handle = models.SlugField(max_length = 255)
+ bpki_cert = CertificateField(null = True)
+ bpki_glue = CertificateField(null = True)
+ last_cms_timestamp = SundialField(null = True)
+ self = models.ForeignKey(Self)
+ bsc = models.ForeignKey(BSC)
+ class Meta:
+ unique_together = ("self", "child_handle")
+
+class ChildCert(models.Model):
+ cert = CertificateField()
+ published = SundialField(null = True)
+ ski = BlobField()
+ child = models.ForeignKey(Child)
+ ca_detail = models.ForeignKey(CADetail)
+
+class EECert(models.Model):
+ ski = BlobField()
+ cert = CertificateField()
+ published = SundialField(null = True)
+ self = models.ForeignKey(Self)
+ ca_detail = models.ForeignKey(CADetail)
+
+class Ghostbuster(models.Model):
+ vcard = models.TextField()
+ cert = CertificateField()
+ ghostbuster = GhostbusterField()
+ published = SundialField(null = True)
+ self = models.ForeignKey(Self)
+ ca_detail = models.ForeignKey(CADetail)
+
+class RevokedCert(models.Model):
+ serial = models.BigIntegerField()
+ revoked = SundialField()
+ expires = SundialField()
+ ca_detail = models.ForeignKey(CADetail)
+
+class ROA(models.Model):
+ asn = models.BigIntegerField()
+ cert = CertificateField()
+ roa = ROAField()
+ published = SundialField(null = True)
+ self = models.ForeignKey(Self)
+ ca_detail = models.ForeignKey(CADetail)
+
+class ROAPrefix(models.Model):
+ prefix = models.CharField(max_length = 40)
+ prefixlen = models.SmallIntegerField()
+ max_prefixlen = models.SmallIntegerField()
+ version = models.SmallIntegerField()
+ roa = models.ForeignKey(ROA)
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 12:05:19 +0000