Public Member Functions | |
def | activate |
def | ca |
def | child_certs |
def | create |
def | crl_uri |
def | crl_uri_tail |
def | delete |
def | generate_crl |
def | generate_manifest |
def | generate_manifest_cert |
def | issue |
def | issue_ee |
def | manifest_uri |
def | revoke |
def | revoked_certs |
def | roas |
def | sql_decode |
def | update |
Public Attributes | |
ca_cert_uri | |
ca_id | |
gctx | |
latest_ca_cert | |
latest_crl | |
latest_manifest | |
latest_manifest_cert | |
manifest_private_key_id | |
manifest_public_key | |
nextUpdate | |
private_key_id | |
public_key | |
state | |
Static Public Attributes | |
tuple | sql_template |
Internal CA detail object.
Definition at line 474 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.activate | ( | self, | ||
ca, | ||||
cert, | ||||
uri, | ||||
callback, | ||||
errback, | ||||
predecessor = None | ||||
) |
def rpki.rpki_engine.ca_detail_obj.ca | ( | self | ) |
def rpki.rpki_engine.ca_detail_obj.child_certs | ( | self, | ||
child = None , |
||||
ski = None , |
||||
unique = False | ||||
) |
Fetch all child_cert objects that link to this ca_detail.
Definition at line 508 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.create | ( | cls, | ||
ca | ||||
) |
def rpki.rpki_engine.ca_detail_obj.crl_uri | ( | self, | ||
ca | ||||
) |
def rpki.rpki_engine.ca_detail_obj.crl_uri_tail | ( | self | ) |
Return tail (filename portion) of publication URI for this ca_detail's CRL.
Definition at line 524 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.delete | ( | self, | ||
ca, | ||||
repository, | ||||
cb, | ||||
eb | ||||
) |
Delete this ca_detail and all of the certs it issued.
Definition at line 565 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.generate_crl | ( | self, | ||
callback, | ||||
errback, | ||||
nextUpdate = None | ||||
) |
Generate a new CRL for this ca_detail. At the moment this is unconditional, that is, it is up to the caller to decide whether a new CRL is needed.
Definition at line 777 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.generate_manifest | ( | self, | ||
callback, | ||||
errback, | ||||
nextUpdate = None | ||||
) |
def rpki.rpki_engine.ca_detail_obj.generate_manifest_cert | ( | self, | ||
ca | ||||
) |
Generate a new manifest certificate for this ca_detail.
Definition at line 721 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.issue | ( | self, | ||
ca, | ||||
child, | ||||
subject_key, | ||||
sia, | ||||
resources, | ||||
callback, | ||||
errback, | ||||
child_cert = None | ||||
) |
Issue a new certificate to a child. Optional child_cert argument specifies an existing child_cert object to update in place; if not specified, we create a new one. Returns the child_cert object containing the newly issued cert.
Definition at line 733 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.issue_ee | ( | self, | ||
ca, | ||||
resources, | ||||
subject_key, | ||||
sia = None | ||||
) |
def rpki.rpki_engine.ca_detail_obj.manifest_uri | ( | self, | ||
ca | ||||
) |
Return publication URI for this ca_detail's manifest.
Definition at line 528 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.revoke | ( | self, | ||
cb, | ||||
eb | ||||
) |
Request revocation of all certificates whose SKI matches the key for this ca_detail. Tasks: - Request revocation of old keypair by parent. - Revoke all child certs issued by the old keypair. - Generate a final CRL, signed with the old keypair, listing all the revoked certs, with a next CRL time after the last cert or CRL signed by the old keypair will have expired. - Generate a corresponding final manifest. - Destroy old keypairs. - Leave final CRL and manifest in place until their nextupdate time has passed.
Definition at line 593 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.revoked_certs | ( | self | ) |
Fetch all revoked_cert objects that link to this ca_detail.
Definition at line 512 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.roas | ( | self | ) |
def rpki.rpki_engine.ca_detail_obj.sql_decode | ( | self, | ||
vals | ||||
) |
Extra assertions for SQL decode of a ca_detail_obj.
Reimplemented from rpki.sql.sql_persistent.
Definition at line 494 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.update | ( | self, | ||
parent, | ||||
ca, | ||||
rc, | ||||
sia_uri_changed, | ||||
old_resources, | ||||
callback, | ||||
errback | ||||
) |
Need to get a new certificate for this ca_detail and perhaps frob children of this ca_detail.
Definition at line 657 of file rpki_engine.py.
Definition at line 538 of file rpki_engine.py.
Definition at line 692 of file rpki_engine.py.
Definition at line 537 of file rpki_engine.py.
Definition at line 801 of file rpki_engine.py.
Definition at line 834 of file rpki_engine.py.
Definition at line 648 of file rpki_engine.py.
Definition at line 646 of file rpki_engine.py.
Definition at line 647 of file rpki_engine.py.
Definition at line 625 of file rpki_engine.py.
Definition at line 645 of file rpki_engine.py.
Definition at line 696 of file rpki_engine.py.
tuple rpki.rpki_engine.ca_detail_obj.sql_template [static] |
Initial value:
rpki.sql.template( "ca_detail", "ca_detail_id", ("private_key_id", rpki.x509.RSA), ("public_key", rpki.x509.RSApublic), ("latest_ca_cert", rpki.x509.X509), ("manifest_private_key_id", rpki.x509.RSA), ("manifest_public_key", rpki.x509.RSApublic), ("latest_manifest_cert", rpki.x509.X509), ("latest_manifest", rpki.x509.SignedManifest), ("latest_crl", rpki.x509.CRL), "state", "ca_cert_uri", "ca_id")
Definition at line 479 of file rpki_engine.py.
Definition at line 545 of file rpki_engine.py.