aboutsummaryrefslogtreecommitdiff
path: root/scripts/rpki/sql.py
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/rpki/sql.py')
-rw-r--r--scripts/rpki/sql.py66
1 files changed, 47 insertions, 19 deletions
diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py
index 0e148988..efafb889 100644
--- a/scripts/rpki/sql.py
+++ b/scripts/rpki/sql.py
@@ -211,12 +211,24 @@ class ca_obj(sql_persistant):
last_issued_sn = 0
last_manifest_sn = 0
+ def parent(self, gctx):
+ """Fetch parent object to which this CA object links."""
+ return rpki.left_right.parent_elt.sql_fetch(gctx, self.parent_id)
+
+ def ca_details(self, gctx):
+ """Fetch all ca_detail objects that link to this CA object."""
+ return ca_detail_obj.sql_fetch_where(gctx, "ca_id = %s" % self.ca_id)
+
+ def fetch_active(self, gctx):
+ """Return the active ca_detail for this CA, if any."""
+ return ca_detail_obj.sql_fetch_where1(gctx, "ca_id = %s AND state = 'active'" % self.ca_id)
+
def construct_sia_uri(self, gctx, parent, rc):
"""Construct the sia_uri value for this CA given configured
information and the parent's up-down protocol list_response PDU.
"""
- repository = rpki.left_right.repository_elt.sql_fetch(gctx, parent.repository_id)
+ repository = parent.repository(gctx)
sia_uri = rc.suggested_sia_head and rc.suggested_sia_head.rsync()
if not sia_uri or not sia_uri.startswith(parent.sia_base):
sia_uri = parent.sia_base
@@ -291,9 +303,9 @@ class ca_obj(sql_persistant):
CA, then finally delete this CA itself.
"""
- repository = rpki.left_right.repository_elt.sql_fetch(gctx, parent.repository_id)
- for ca_detail in ca_detail_obj.sql_fetch_where(gctx, "ca_id = %s" % self.ca_id):
- for child_cert in child_cert_obj.sql_fetch_where(gctx, "ca_detail_id = %s" % ca_detail.ca_detail_id):
+ repository = parent.repository(gctx)
+ for ca_detail in self.ca_details(gctx):
+ for child_cert in ca_detail.child_certs(gctx):
repository.withdraw(gctx, (child_cert.cert, child_cert.uri(self)))
child_cert.sql_delete(gctx)
repository.withdraw(gctx, (ca_detail.latest_crl, ca_detail.crl_uri()), (ca_detail.latest_manifest, ca_detail.manifest_uri(self)))
@@ -318,10 +330,6 @@ class ca_obj(sql_persistant):
self.sql_mark_dirty()
return self.last_crl_sn
- def fetch_active(self, gctx):
- """Fetch the current active ca_detail for this ca."""
- return ca_detail_obj.sql_fetch_where1(gctx, "ca_id = %s AND state = 'active'" % self.ca_id)
-
class ca_detail_obj(sql_persistant):
"""Internal CA detail object."""
@@ -349,6 +357,18 @@ class ca_detail_obj(sql_persistant):
assert (self.manifest_public_key is None and self.manifest_private_key_id is None) or \
self.manifest_public_key.get_DER() == self.manifest_private_key_id.get_public_DER()
+ def ca(self, gctx):
+ """Fetch CA object to which this ca_detail links."""
+ return ca_obj.sql_fetch(gctx, self.ca_id)
+
+ def child_certs(self, gctx):
+ """Fetch all child_cert objects that link to this ca_detail."""
+ return child_cert_obj.sql_fetch_where(gctx, "ca_detail_id = %s" % self.ca_detail_id)
+
+ def route_origins(self, gctx):
+ """Fetch all route_origin objects that link to this ca_detail."""
+ return rpki.left_right.route_origin_elt.sql_fetch_where(gctx, "ca_detail_id = %s" % self.ca_detail_id)
+
def crl_uri(self, ca):
"""Return publication URI for this ca_detail's CRL."""
return ca.sia_uri + self.public_key.gSKI() + ".crl"
@@ -384,7 +404,7 @@ class ca_detail_obj(sql_persistant):
new_resources = self.latest_ca_cert.get_3779resources()
if sia_uri_changed or old_resources.oversized(new_resources):
- for child_cert in child_cert_obj.sql_fetch_where(gctx, "ca_detail_id = %s" % self.ca_detail_id):
+ for child_cert in self.child_certs(gctx):
child_resources = child_cert.cert.get_3779resources()
if sia_uri_changed or child_resources.oversized(new_resources):
child_cert.reissue(
@@ -463,8 +483,8 @@ class ca_detail_obj(sql_persistant):
self.generate_manifest(gctx)
- parent = rpki.left_right.parent_elt.sql_fetch(gctx, ca.parent_id)
- repository = rpki.left_right.repository_elt.sql_fetch(gctx, parent.repository_id)
+ parent = ca.parent(gctx)
+ repository = parent.repository(gctx)
repository.publish(gctx, (child_cert.cert, child_cert.uri(ca)), (self.latest_manifest, self.manifest_uri(ca)))
@@ -476,9 +496,9 @@ class ca_detail_obj(sql_persistant):
new CRL is needed.
"""
- ca = ca_obj.sql_fetch(gctx, self.ca_id)
- parent = rpki.left_right.parent_elt.sql_fetch(gctx, ca.parent_id)
- self_obj = rpki.left_right.self_elt.sql_fetch(gctx, parent.self_id)
+ ca = self.ca(gctx)
+ parent = ca.parent(gctx)
+ self_obj = parent.self(gctx)
crl_interval = rpki.sundial.timedelta(seconds = self_obj.crl_interval)
now = rpki.sundial.datetime.utcnow()
@@ -501,9 +521,9 @@ class ca_detail_obj(sql_persistant):
def generate_manifest(self, gctx):
"""Generate a new manifest for this ca_detail."""
- ca = ca_obj.sql_fetch(gctx, self.ca_id)
- parent = rpki.left_right.parent_elt.sql_fetch(gctx, ca.parent_id)
- self_obj = rpki.left_right.self_elt.sql_fetch(gctx, parent.self_id)
+ ca = self.ca(gctx)
+ parent = ca.parent(gctx)
+ self_obj = parent.self(gctx)
certs = child_cert_obj.sql_fetch_where(gctx, "child_cert.ca_detail_id = %s AND child_cert.revoked IS NULL" % self.ca_detail_id)
m = rpki.x509.SignedManifest()
@@ -529,6 +549,14 @@ class child_cert_obj(sql_persistant):
if child_id or ca_detail_id or cert:
self.sql_mark_dirty()
+ def child(self, gctx):
+ """Fetch child object to which this child_cert object links."""
+ return rpki.left_right.child_elt.sql_fetch(gctx, self.child_id)
+
+ def ca_detail(self, gctx):
+ """Fetch ca_detail object to which this child_cert object links."""
+ return ca_detail_obj.sql_fetch(gctx, self.ca_detail_id)
+
def uri_tail(self):
"""Return the tail (filename) portion of the URI for this child_cert."""
return self.cert.gSKI() + ".cer"
@@ -552,8 +580,8 @@ class child_cert_obj(sql_persistant):
child_cert_obj must use the return value from this method.
"""
- ca = ca_obj.sql_fetch(gctx, ca_detail.ca_id)
- child = rpki.left_right.child_elt.sql_fetch(gctx, self.child_id)
+ ca = ca_detail.ca(gctx)
+ child = self.child(gctx)
old_resources = self.cert.get_3779resources()
old_sia = self.cert.get_SIA()