Inherits rpki::sql::sql_persistent.
Public Member Functions | |
def | __init__ |
def | ca_detail |
def | generate |
def | published_callback |
def | regenerate |
def | revoke |
def | self |
def | sql_delete_hook |
def | sql_fetch_hook |
def | sql_insert_hook |
def | update |
def | uri |
def | uri_tail |
Public Attributes | |
asn | |
gctx | |
ipv4 | |
ipv6 | |
self_id | |
Static Public Attributes | |
ca_detail_id = None | |
cert = None | |
published = None | |
roa = None | |
tuple | sql_template |
Route Origin Authorization.
Definition at line 1108 of file rpki_engine.py.
def rpki.rpki_engine.roa_obj.__init__ | ( | self, | ||
gctx = None , |
||||
self_id = None , |
||||
asn = None , |
||||
ipv4 = None , |
||||
ipv6 = None | ||||
) |
Definition at line 1174 of file rpki_engine.py.
def rpki.rpki_engine.roa_obj.ca_detail | ( | self | ) |
Fetch ca_detail object to which this roa_obj links.
Definition at line 1134 of file rpki_engine.py.
def rpki.rpki_engine.roa_obj.generate | ( | self, | ||
publisher, | ||||
fast = False | ||||
) |
Generate a ROA. At present this does not support ROAs with multiple signatures (neither does the current CMS code). At present we have no way of performing a direct lookup from a desired set of resources to a covering certificate, so we have to search. This could be quite slow if we have a lot of active ca_detail objects. Punt on the issue for now, revisit if profiling shows this as a hotspot. Once we have the right covering certificate, we generate the ROA payload, generate a new EE certificate, use the EE certificate to sign the ROA payload, publish the result, then throw away the private key for the EE cert, all per the ROA specification. This implies that generating a lot of ROAs will tend to thrash /dev/random, but there is not much we can do about that. If fast is set, we leave generating the new manifest for our caller to handle, presumably at the end of a bulk operation.
Definition at line 1228 of file rpki_engine.py.
def rpki.rpki_engine.roa_obj.published_callback | ( | self, | ||
pdu | ||||
) |
Check publication result.
Definition at line 1298 of file rpki_engine.py.
def rpki.rpki_engine.roa_obj.regenerate | ( | self, | ||
publisher, | ||||
fast = False | ||||
) |
Reissue ROA associated with this roa_obj.
Definition at line 1343 of file rpki_engine.py.
def rpki.rpki_engine.roa_obj.revoke | ( | self, | ||
publisher, | ||||
regenerate = False , |
||||
allow_failure = False , |
||||
fast = False | ||||
) |
Withdraw ROA associated with this roa_obj. In order to preserve make-before-break properties without duplicating code, this method also handles generating a replacement ROA when requested. If allow_failure is set, failing to withdraw the ROA will not be considered an error. If fast is set, SQL actions will be deferred, on the assumption that our caller will handle regenerating CRL and manifest and flushing the SQL cache.
Definition at line 1306 of file rpki_engine.py.
def rpki.rpki_engine.roa_obj.self | ( | self | ) |
Fetch self object to which this roa_obj links.
Definition at line 1128 of file rpki_engine.py.
def rpki.rpki_engine.roa_obj.sql_delete_hook | ( | self | ) |
Extra SQL delete actions for roa_obj -- handle prefix lists.
Reimplemented from rpki.sql.sql_persistent.
Definition at line 1168 of file rpki_engine.py.
def rpki.rpki_engine.roa_obj.sql_fetch_hook | ( | self | ) |
Extra SQL fetch actions for roa_obj -- handle prefix lists.
Reimplemented from rpki.sql.sql_persistent.
Definition at line 1140 of file rpki_engine.py.
def rpki.rpki_engine.roa_obj.sql_insert_hook | ( | self | ) |
Extra SQL insert actions for roa_obj -- handle prefix lists.
Reimplemented from rpki.sql.sql_persistent.
Definition at line 1154 of file rpki_engine.py.
def rpki.rpki_engine.roa_obj.update | ( | self, | ||
publisher, | ||||
fast = False | ||||
) |
Bring this roa_obj's ROA up to date if necesssary.
Definition at line 1187 of file rpki_engine.py.
def rpki.rpki_engine.roa_obj.uri | ( | self, | ||
key = None | ||||
) |
Return the publication URI for this roa_obj's ROA.
Definition at line 1352 of file rpki_engine.py.
def rpki.rpki_engine.roa_obj.uri_tail | ( | self, | ||
key = None | ||||
) |
Return the tail (filename portion) of the publication URI for this roa_obj's ROA.
Definition at line 1358 of file rpki_engine.py.
Definition at line 1178 of file rpki_engine.py.
rpki.rpki_engine.roa_obj.ca_detail_id = None [static] |
Definition at line 1123 of file rpki_engine.py.
rpki.rpki_engine.roa_obj.cert = None [static] |
Definition at line 1124 of file rpki_engine.py.
Reimplemented from rpki.sql.sql_persistent.
Definition at line 1176 of file rpki_engine.py.
Definition at line 1179 of file rpki_engine.py.
Definition at line 1180 of file rpki_engine.py.
rpki.rpki_engine.roa_obj.published = None [static] |
Definition at line 1126 of file rpki_engine.py.
rpki.rpki_engine.roa_obj.roa = None [static] |
Definition at line 1125 of file rpki_engine.py.
Definition at line 1177 of file rpki_engine.py.
tuple rpki.rpki_engine.roa_obj.sql_template [static] |
rpki.sql.template( "roa", "roa_id", "ca_detail_id", "self_id", "asn", ("roa", rpki.x509.ROA), ("cert", rpki.x509.X509), ("published", rpki.sundial.datetime))
Definition at line 1113 of file rpki_engine.py.