RPKI Engine  1.0
Public Member Functions | Public Attributes | Static Public Attributes
rpki::rpkid::ca_detail_obj Class Reference
Inheritance diagram for rpki::rpkid::ca_detail_obj:
Inheritance graph
Collaboration diagram for rpki::rpkid::ca_detail_obj:
Collaboration graph

List of all members.

Public Member Functions

def activate
def ca
def child_certs
def create
def crl_published_callback
def crl_uri
def crl_uri_tail
def delete
def fetch_child_certs
def generate_crl
def generate_manifest
def generate_manifest_cert
def ghostbusters
def has_expired
def issue
def issue_ee
def manifest_published_callback
def manifest_uri
def reissue
def revoke
def revoked_certs
def roas
def sql_decode
def update

Public Attributes

 ca_cert_uri
 ca_id
 gctx
 latest_crl
 latest_manifest
 latest_manifest_cert
 manifest_private_key_id
 manifest_public_key
 private_key_id
 public_key
 state

Static Public Attributes

 crl_published = None
 latest_ca_cert = None
 manifest_published = None
tuple sql_template

Detailed Description

Internal CA detail object.

Definition at line 651 of file rpki/rpkid.py.


Member Function Documentation

def rpki::rpkid::ca_detail_obj::activate (   self,
  ca,
  cert,
  uri,
  callback,
  errback,
  predecessor = None 
)
Activate this ca_detail.

Definition at line 753 of file rpki/rpkid.py.

def rpki::rpkid::ca_detail_obj::ca (   self)
Fetch CA object to which this ca_detail links.

Definition at line 686 of file rpki/rpkid.py.

References ca_id, rpki::rpkid::ca_obj::gctx, and gctx.

Referenced by crl_uri(), generate_manifest_cert(), and manifest_uri().

Here is the caller graph for this function:

def rpki::rpkid::ca_detail_obj::child_certs (   self)
Fetch all child_cert objects that link to this ca_detail.

Definition at line 699 of file rpki/rpkid.py.

References fetch_child_certs(), and rpki::left_right::child_elt::fetch_child_certs().

Referenced by delete(), reissue(), and update().

Here is the call graph for this function:

Here is the caller graph for this function:

def rpki::rpkid::ca_detail_obj::create (   cls,
  ca 
)
Create a new ca_detail object for a specified CA.

Definition at line 911 of file rpki/rpkid.py.

def rpki::rpkid::ca_detail_obj::crl_published_callback (   self,
  pdu 
)
Check result of CRL publication.

Definition at line 1034 of file rpki/rpkid.py.

References crl_published, and rpki::sql::sql_persistent::sql_mark_dirty().

Here is the call graph for this function:

def rpki::rpkid::ca_detail_obj::crl_uri (   self)
Return publication URI for this ca_detail's CRL.

Definition at line 727 of file rpki/rpkid.py.

References ca(), and crl_uri_tail().

Referenced by delete(), issue(), and issue_ee().

Here is the call graph for this function:

Here is the caller graph for this function:

def rpki::rpkid::ca_detail_obj::crl_uri_tail (   self)
Return tail (filename portion) of publication URI for this ca_detail's CRL.

Definition at line 734 of file rpki/rpkid.py.

Referenced by crl_uri().

Here is the caller graph for this function:

def rpki::rpkid::ca_detail_obj::delete (   self,
  ca,
  publisher,
  allow_failure = False 
)
Delete this ca_detail and all of the certs it issued.

If allow_failure is true, we clean up as much as we can but don't
raise an exception.

Definition at line 780 of file rpki/rpkid.py.

References child_certs(), rpki::left_right::child_elt::child_certs(), crl_uri(), rpki::left_right::self_elt::ghostbusters(), ghostbusters(), latest_crl, latest_manifest, rpki::rcynic::rcynic_certificate::manifest_uri, manifest_uri(), revoked_certs(), rpki::left_right::self_elt::roas(), roas(), and rpki::sql::sql_persistent::sql_delete().

Here is the call graph for this function:

def rpki::rpkid::ca_detail_obj::fetch_child_certs (   self,
  child = None,
  ski = None,
  unique = False 
)
Fetch all child_cert objects that link to this ca_detail.

Definition at line 692 of file rpki/rpkid.py.

References rpki::rpkid::ca_obj::gctx, and gctx.

Referenced by child_certs().

Here is the caller graph for this function:

def rpki::rpkid::ca_detail_obj::generate_crl (   self,
  publisher,
  nextUpdate = None 
)
Generate a new CRL for this ca_detail.  At the moment this is
unconditional, that is, it is up to the caller to decide whether a
new CRL is needed.

Definition at line 998 of file rpki/rpkid.py.

def rpki::rpkid::ca_detail_obj::generate_manifest (   self,
  publisher,
  nextUpdate = None 
)
Generate a new manifest for this ca_detail.

Definition at line 1042 of file rpki/rpkid.py.

Referenced by issue().

Here is the caller graph for this function:

def rpki::rpkid::ca_detail_obj::generate_manifest_cert (   self)
Generate a new manifest certificate for this ca_detail.

Definition at line 946 of file rpki/rpkid.py.

References ca(), issue_ee(), latest_manifest_cert, and manifest_public_key.

Here is the call graph for this function:

def rpki::rpkid::ca_detail_obj::ghostbusters (   self)
Fetch all Ghostbuster objects that link to this ca_detail.

Definition at line 720 of file rpki/rpkid.py.

References rpki::rpkid::child_cert_obj::ca_detail_id, rpki::rpkid::revoked_cert_obj::ca_detail_id, rpki::rpkid::roa_obj::ca_detail_id, rpki::rpkid::ghostbuster_obj::ca_detail_id, rpki::rpkid::ca_obj::gctx, and gctx.

Referenced by delete(), and reissue().

Here is the caller graph for this function:

def rpki::rpkid::ca_detail_obj::has_expired (   self)
Return whether this ca_detail's certificate has expired.

Definition at line 747 of file rpki/rpkid.py.

def rpki::rpkid::ca_detail_obj::issue (   self,
  ca,
  child,
  subject_key,
  sia,
  resources,
  publisher,
  child_cert = None 
)
Issue a new certificate to a child.  Optional child_cert argument
specifies an existing child_cert object to update in place; if not
specified, we create a new one.  Returns the child_cert object
containing the newly issued cert.

Definition at line 954 of file rpki/rpkid.py.

References ca_cert_uri, rpki::rpkid::child_cert_obj::ca_detail_id, rpki::rpkid::revoked_cert_obj::ca_detail_id, rpki::rpkid::roa_obj::ca_detail_id, rpki::rpkid::ghostbuster_obj::ca_detail_id, crl_uri(), generate_manifest(), rpki::left_right::bsc_elt::private_key_id, and private_key_id.

Here is the call graph for this function:

def rpki::rpkid::ca_detail_obj::issue_ee (   self,
  ca,
  resources,
  subject_key,
  sia = None 
)
Issue a new EE certificate.

Definition at line 929 of file rpki/rpkid.py.

References ca_cert_uri, crl_uri(), rpki::left_right::bsc_elt::private_key_id, and private_key_id.

Referenced by generate_manifest_cert().

Here is the call graph for this function:

Here is the caller graph for this function:

def rpki::rpkid::ca_detail_obj::manifest_published_callback (   self,
  pdu 
)
Check result of manifest publication.

Definition at line 1077 of file rpki/rpkid.py.

References manifest_published, and rpki::sql::sql_persistent::sql_mark_dirty().

Here is the call graph for this function:

def rpki::rpkid::ca_detail_obj::manifest_uri (   self)
Return publication URI for this ca_detail's manifest.

Definition at line 741 of file rpki/rpkid.py.

References ca().

Referenced by delete().

Here is the call graph for this function:

Here is the caller graph for this function:

def rpki::rpkid::ca_detail_obj::reissue (   self,
  cb,
  eb 
)
Reissue all current certificates issued by this ca_detail.

Definition at line 1085 of file rpki/rpkid.py.

References child_certs(), rpki::left_right::child_elt::child_certs(), rpki::left_right::self_elt::ghostbusters(), ghostbusters(), rpki::left_right::self_elt::roas(), and roas().

Here is the call graph for this function:

def rpki::rpkid::ca_detail_obj::revoke (   self,
  cb,
  eb 
)
Request revocation of all certificates whose SKI matches the key
for this ca_detail.

Tasks:

- Request revocation of old keypair by parent.

- Revoke all child certs issued by the old keypair.

- Generate a final CRL, signed with the old keypair, listing all
  the revoked certs, with a next CRL time after the last cert or
  CRL signed by the old keypair will have expired.

- Generate a corresponding final manifest.

- Destroy old keypairs.

- Leave final CRL and manifest in place until their nextupdate
  time has passed.

Definition at line 814 of file rpki/rpkid.py.

Referenced by rpki::rpkid::roa_obj::regenerate(), and rpki::rpkid::ghostbuster_obj::regenerate().

Here is the caller graph for this function:

def rpki::rpkid::ca_detail_obj::revoked_certs (   self)
Fetch all revoked_cert objects that link to this ca_detail.

Definition at line 706 of file rpki/rpkid.py.

References rpki::rpkid::child_cert_obj::ca_detail_id, rpki::rpkid::revoked_cert_obj::ca_detail_id, rpki::rpkid::roa_obj::ca_detail_id, rpki::rpkid::ghostbuster_obj::ca_detail_id, rpki::rpkid::ca_obj::gctx, and gctx.

Referenced by delete().

Here is the caller graph for this function:

def rpki::rpkid::ca_detail_obj::roas (   self)
Fetch all ROA objects that link to this ca_detail.

Definition at line 713 of file rpki/rpkid.py.

References rpki::rpkid::child_cert_obj::ca_detail_id, rpki::rpkid::revoked_cert_obj::ca_detail_id, rpki::rpkid::roa_obj::ca_detail_id, rpki::rpkid::ghostbuster_obj::ca_detail_id, rpki::rpkid::ca_obj::gctx, and gctx.

Referenced by delete(), and reissue().

Here is the caller graph for this function:

def rpki::rpkid::ca_detail_obj::sql_decode (   self,
  vals 
)
Extra assertions for SQL decode of a ca_detail_obj.

Reimplemented from rpki::sql::sql_persistent.

Definition at line 677 of file rpki/rpkid.py.

References manifest_private_key_id, manifest_public_key, rpki::left_right::bsc_elt::private_key_id, private_key_id, and public_key.

def rpki::rpkid::ca_detail_obj::update (   self,
  parent,
  ca,
  rc,
  sia_uri_changed,
  old_resources,
  callback,
  errback 
)
Need to get a new certificate for this ca_detail and perhaps frob
children of this ca_detail.

Definition at line 886 of file rpki/rpkid.py.

References child_certs(), rpki::left_right::child_elt::child_certs(), and latest_ca_cert.

Here is the call graph for this function:


Member Data Documentation

Definition at line 755 of file rpki/rpkid.py.

Referenced by issue(), and issue_ee().

Definition at line 673 of file rpki/rpkid.py.

Referenced by crl_published_callback().

Reimplemented from rpki::sql::sql_persistent.

Definition at line 913 of file rpki/rpkid.py.

Referenced by rpki::left_right::data_elt::bsc(), rpki::left_right::self_elt::bscs(), ca(), rpki::rpkid::child_cert_obj::ca_detail(), rpki::rpkid::revoked_cert_obj::ca_detail(), rpki::rpkid::roa_obj::ca_detail(), rpki::rpkid::ghostbuster_obj::ca_detail(), rpki::left_right::child_elt::ca_from_class_name(), rpki::left_right::repository_elt::call_pubd(), rpki::left_right::parent_elt::cas(), rpki::rpkid::child_cert_obj::child(), rpki::left_right::self_elt::children(), rpki::left_right::bsc_elt::children(), fetch_child_certs(), rpki::left_right::child_elt::fetch_child_certs(), rpki::left_right::self_elt::ghostbusters(), ghostbusters(), rpki::left_right::data_elt::make_reply_clone_hook(), rpki::left_right::self_elt::parents(), rpki::left_right::bsc_elt::parents(), rpki::left_right::repository_elt::parents(), rpki::left_right::child_elt::parents(), rpki::left_right::parent_elt::query_up_down(), rpki::left_right::self_elt::repositories(), rpki::left_right::bsc_elt::repositories(), rpki::left_right::parent_elt::repository(), revoked_certs(), rpki::left_right::self_elt::roas(), roas(), rpki::left_right::data_elt::self(), rpki::rpkid::roa_obj::self(), rpki::rpkid::ghostbuster_obj::self(), rpki::left_right::list_published_objects_elt::serve_dispatch(), rpki::left_right::list_received_resources_elt::serve_dispatch(), rpki::left_right::data_elt::serve_fetch_all(), rpki::publication::client_elt::serve_fetch_all(), rpki::left_right::self_elt::serve_fetch_all(), rpki::left_right::data_elt::serve_fetch_one_maybe(), rpki::publication::config_elt::serve_fetch_one_maybe(), rpki::publication::client_elt::serve_fetch_one_maybe(), rpki::left_right::self_elt::serve_fetch_one_maybe(), rpki::left_right::data_elt::serve_pre_save_hook(), rpki::publication::config_elt::serve_set(), rpki::left_right::child_elt::serve_up_down(), rpki::sql::sql_persistent::sql_delete(), rpki::rpkid::roa_obj::sql_fetch_hook(), rpki::sql::sql_persistent::sql_is_dirty(), rpki::sql::sql_persistent::sql_store(), rpki::left_right::self_elt::update_ghostbusters(), rpki::left_right::self_elt::update_roas(), and rpki::publication::publication_object_elt::uri_to_filename().

Definition at line 675 of file rpki/rpkid.py.

Referenced by update().

Definition at line 1002 of file rpki/rpkid.py.

Referenced by delete().

Definition at line 1044 of file rpki/rpkid.py.

Referenced by delete().

Definition at line 834 of file rpki/rpkid.py.

Referenced by generate_manifest_cert().

Definition at line 834 of file rpki/rpkid.py.

Referenced by sql_decode().

Definition at line 834 of file rpki/rpkid.py.

Referenced by generate_manifest_cert(), and sql_decode().

Definition at line 674 of file rpki/rpkid.py.

Referenced by manifest_published_callback().

Definition at line 834 of file rpki/rpkid.py.

Referenced by issue(), issue_ee(), and sql_decode().

Definition at line 913 of file rpki/rpkid.py.

Referenced by sql_decode().

Initial value:
rpki.sql.template(
    "ca_detail",
    "ca_detail_id",
    ("private_key_id",          rpki.x509.RSA),
    ("public_key",              rpki.x509.RSApublic),
    ("latest_ca_cert",          rpki.x509.X509),
    ("manifest_private_key_id", rpki.x509.RSA),
    ("manifest_public_key",     rpki.x509.RSApublic),
    ("latest_manifest_cert",    rpki.x509.X509),
    ("latest_manifest",         rpki.x509.SignedManifest),
    ("latest_crl",              rpki.x509.CRL),
    ("crl_published",           rpki.sundial.datetime),
    ("manifest_published",      rpki.sundial.datetime),
    "state",
    "ca_cert_uri",
    "ca_id")

Definition at line 656 of file rpki/rpkid.py.

Referenced by rpki::xml_utils::data_elt::serve_create(), rpki::sql::sql_persistent::sql_decode(), rpki::sql::sql_persistent::sql_delete(), rpki::sql::sql_persistent::sql_encode(), and rpki::sql::sql_persistent::sql_store().

Definition at line 755 of file rpki/rpkid.py.


The documentation for this class was generated from the following file:
 All Classes Namespaces Files Functions Variables Properties