From cbc7f0f9e151af13398e4b3234a826d03bfcb6a9 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Thu, 25 Feb 2016 16:48:21 +0000
Subject: Clean up allocation of CRL/manifest numbers.  We might want to put
 both this and certificate serial number allocation under a lock, but doing so
 would require converting a lot of plain methods into coroutines, so postpone
 that decision until we're done with revisions to the task scheduler.

svn path=/branches/tk705/; revision=6288
---
 rpki/rpkidb/models.py | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

(limited to 'rpki/rpkidb')

diff --git a/rpki/rpkidb/models.py b/rpki/rpkidb/models.py
index 79702add..6b26a27d 100644
--- a/rpki/rpkidb/models.py
+++ b/rpki/rpkidb/models.py
@@ -846,6 +846,17 @@ class CA(models.Model):
         return self.last_issued_sn
 
 
+    def next_crl_manifest_number(self):
+        """
+        Allocate a CRL/Manifest number.
+        """
+
+        trace_call_chain()
+        self.last_crl_manifest_number += 1
+        self.save()
+        return self.last_crl_manifest_number
+
+
     def create_detail(self):
         """
         Create a new CADetail object for this CA.
@@ -1243,6 +1254,8 @@ class CADetail(models.Model):
         crl_uri      = self.crl_uri
         manifest_uri = self.manifest_uri
 
+        crl_manifest_number = self.ca.next_crl_manifest_number()
+
         manifest_cert = self.issue_ee(
             ca          = self.ca,
             resources   = rpki.resource_set.resource_bag.from_inheritance(),
@@ -1250,9 +1263,6 @@ class CADetail(models.Model):
             sia         = (None, None, manifest_uri, self.ca.parent.repository.rrdp_notification_uri),
             notBefore   = now)
 
-        self.ca.last_crl_manifest_number += 1
-        self.ca.save()
-
         certlist = []
         for revoked_cert in self.revoked_certs.all():
             if now > revoked_cert.expires + crl_interval:
@@ -1264,7 +1274,7 @@ class CADetail(models.Model):
         self.latest_crl = rpki.x509.CRL.generate(
             keypair             = self.private_key_id,
             issuer              = self.latest_ca_cert,
-            serial              = self.ca.last_crl_manifest_number,
+            serial              = crl_manifest_number,
             thisUpdate          = now,
             nextUpdate          = nextUpdate,
             revokedCertificates = certlist)
@@ -1276,7 +1286,7 @@ class CADetail(models.Model):
         objs.extend((e.uri_tail, e.cert)        for e in self.ee_certificates.all())
 
         self.latest_manifest = rpki.x509.SignedManifest.build(
-            serial         = self.ca.last_crl_manifest_number,
+            serial         = crl_manifest_number,
             thisUpdate     = now,
             nextUpdate     = nextUpdate,
             names_and_objs = objs,
-- 
cgit v1.2.3