diff options
Diffstat (limited to 'scripts/rpki')
| -rw-r--r-- | scripts/rpki/left_right.py | 12 | ||||
| -rw-r--r-- | scripts/rpki/sql.py | 28 |
2 files changed, 26 insertions, 14 deletions
diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py index 1328dd1d..fca95389 100644 --- a/scripts/rpki/left_right.py +++ b/scripts/rpki/left_right.py @@ -391,8 +391,8 @@ class self_elt(data_elt): repository = parent.repository(gctx) child_cert.sql_delete(gctx) ca_detail.generate_manifest(gctx) - repository.publish(gctx, (ca_detail.latest_manifest, ca_detail.manifest_uri(ca))) - repository.withdraw(gctx, (child_cert.cert, child_cert.uri(ca))) + repository.withdraw(gctx, + (child_cert.cert, child_cert.uri(ca))) def regenerate_crls_and_manifests(self, gctx): """Generate new CRLs and manifests as necessary for all of this @@ -408,15 +408,9 @@ class self_elt(data_elt): repository = parent.repository(gctx) for ca in parent.cas(gctx): ca_detail = ca.fetch_active(gctx) - # - # Temporary kludge until I sort out initial publication. - # - if True or now > ca_detail.latest_crl.getNextUpdate(): + if now > ca_detail.latest_crl.getNextUpdate(): ca_detail.generate_crl(gctx) ca_detail.generate_manifest(gctx) - repository.publish(gctx, - (ca_detail.latest_crl, ca_detail.crl_uri(ca)), - (ca_detail.latest_manifest, ca_detail.manifest_uri(ca))) class bsc_elt(data_elt): """<bsc/> (Business Signing Context) element.""" diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py index 6aef177a..215d3c68 100644 --- a/scripts/rpki/sql.py +++ b/scripts/rpki/sql.py @@ -416,11 +416,14 @@ class ca_detail_obj(sql_persistant): """Delete this ca_detail and all of its associated child_cert objects.""" for child_cert in self.child_certs(gctx): - repository.withdraw(gctx, (child_cert.cert, child_cert.uri(ca))) + repository.withdraw(gctx, + (child_cert.cert, child_cert.uri(ca))) child_cert.sql_delete(gctx) for child_cert in self.child_certs(gctx, revoked = True): child_cert.sql_delete(gctx) - repository.withdraw(gctx, (self.latest_crl, self.crl_uri()), (self.latest_manifest, self.manifest_uri(ca))) + repository.withdraw(gctx, + (self.latest_crl, self.crl_uri()), + (self.latest_manifest, self.manifest_uri(ca))) self.sql_delete(gctx) def revoke(self, gctx): @@ -530,7 +533,9 @@ class ca_detail_obj(sql_persistant): parent = ca.parent(gctx) repository = parent.repository(gctx) - repository.publish(gctx, (child_cert.cert, child_cert.uri(ca)), (self.latest_manifest, self.manifest_uri(ca))) + repository.publish(gctx, + (child_cert.cert, child_cert.uri(ca)), + (self.latest_manifest, self.manifest_uri(ca))) return child_cert @@ -541,7 +546,9 @@ class ca_detail_obj(sql_persistant): """ ca = self.ca(gctx) - crl_interval = rpki.sundial.timedelta(seconds = ca.parent(gctx).self(gctx).crl_interval) + parent = ca.parent(gctx) + repository = parent.repository(gctx) + crl_interval = rpki.sundial.timedelta(seconds = parent.self(gctx).crl_interval) now = rpki.sundial.datetime.utcnow() certlist = [] @@ -560,21 +567,32 @@ class ca_detail_obj(sql_persistant): nextUpdate = now + crl_interval, revokedCertificates = certlist) + repository.publish(gctx, + (self.latest_crl, self.crl_uri(ca))) + def generate_manifest(self, gctx): """Generate a new manifest for this ca_detail.""" ca = self.ca(gctx) + parent = ca.parent(gctx) + repository = parent.repository(gctx) + crl_interval = rpki.sundial.timedelta(seconds = parent.self(gctx).crl_interval) + now = rpki.sundial.datetime.utcnow() + certs = self.child_certs(gctx) m = rpki.x509.SignedManifest() m.build( serial = ca.next_manifest_number(), - nextUpdate = rpki.sundial.datetime.utcnow() + rpki.sundial.timedelta(seconds = ca.parent(gctx).self(gctx).crl_interval), + nextUpdate = now + crl_interval, names_and_objs = [(c.uri_tail(), c.cert) for c in certs], keypair = self.manifest_private_key_id, certs = rpki.x509.X509_chain(self.latest_manifest_cert)) self.latest_manifest = m + repository.publish(gctx, + (self.latest_manifest, self.manifest_uri(ca))) + class child_cert_obj(sql_persistant): """Certificate that has been issued to a child.""" |