Inherits rpki::sql::sql_persistent.
Public Member Functions | |
def | activate |
def | ca |
def | child_certs |
def | create |
def | crl_published_callback |
def | crl_uri |
def | crl_uri_tail |
def | delete |
def | generate_crl |
def | generate_manifest |
def | generate_manifest_cert |
def | issue |
def | issue_ee |
def | manifest_published_callback |
def | manifest_uri |
def | revoke |
def | revoked_certs |
def | roas |
def | sql_decode |
def | update |
Public Attributes | |
ca_cert_uri | |
ca_id | |
gctx | |
latest_crl | |
latest_manifest | |
latest_manifest_cert | |
manifest_private_key_id | |
manifest_public_key | |
nextUpdate | |
private_key_id | |
public_key | |
state | |
Static Public Attributes | |
crl_published = None | |
latest_ca_cert = None | |
manifest_published = None | |
tuple | sql_template |
Internal CA detail object.
Definition at line 563 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.activate | ( | self, | ||
ca, | ||||
cert, | ||||
uri, | ||||
callback, | ||||
errback, | ||||
predecessor = None | ||||
) |
Activate this ca_detail.
Definition at line 625 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.ca | ( | self | ) |
Fetch CA object to which this ca_detail links.
Definition at line 597 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.child_certs | ( | self, | ||
child = None , |
||||
ski = None , |
||||
unique = False | ||||
) |
Fetch all child_cert objects that link to this ca_detail.
Definition at line 601 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.create | ( | cls, | ||
ca | ||||
) |
Create a new ca_detail object for a specified CA.
Definition at line 763 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.crl_published_callback | ( | self, | ||
pdu | ||||
) |
Check result of CRL publication.
Definition at line 886 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.crl_uri | ( | self, | ||
ca | ||||
) |
Return publication URI for this ca_detail's CRL.
Definition at line 613 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.crl_uri_tail | ( | self | ) |
Return tail (filename portion) of publication URI for this ca_detail's CRL.
Definition at line 617 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.delete | ( | self, | ||
ca, | ||||
publisher, | ||||
allow_failure = False | ||||
) |
Delete this ca_detail and all of the certs it issued. If allow_failure is true, we clean up as much as we can but don't raise an exception.
Definition at line 650 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.generate_crl | ( | self, | ||
publisher, | ||||
nextUpdate = None | ||||
) |
Generate a new CRL for this ca_detail. At the moment this is unconditional, that is, it is up to the caller to decide whether a new CRL is needed.
Definition at line 850 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.generate_manifest | ( | self, | ||
publisher, | ||||
nextUpdate = None | ||||
) |
Generate a new manifest for this ca_detail.
Definition at line 894 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.generate_manifest_cert | ( | self, | ||
ca | ||||
) |
Generate a new manifest certificate for this ca_detail.
Definition at line 798 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.issue | ( | self, | ||
ca, | ||||
child, | ||||
subject_key, | ||||
sia, | ||||
resources, | ||||
publisher, | ||||
child_cert = None | ||||
) |
Issue a new certificate to a child. Optional child_cert argument specifies an existing child_cert object to update in place; if not specified, we create a new one. Returns the child_cert object containing the newly issued cert.
Definition at line 810 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.issue_ee | ( | self, | ||
ca, | ||||
resources, | ||||
subject_key, | ||||
sia = None | ||||
) |
Issue a new EE certificate.
Definition at line 781 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.manifest_published_callback | ( | self, | ||
pdu | ||||
) |
Check result of manifest publication.
Definition at line 928 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.manifest_uri | ( | self, | ||
ca | ||||
) |
Return publication URI for this ca_detail's manifest.
Definition at line 621 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.revoke | ( | self, | ||
cb, | ||||
eb | ||||
) |
Request revocation of all certificates whose SKI matches the key for this ca_detail. Tasks: - Request revocation of old keypair by parent. - Revoke all child certs issued by the old keypair. - Generate a final CRL, signed with the old keypair, listing all the revoked certs, with a next CRL time after the last cert or CRL signed by the old keypair will have expired. - Generate a corresponding final manifest. - Destroy old keypairs. - Leave final CRL and manifest in place until their nextupdate time has passed.
Definition at line 674 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.revoked_certs | ( | self | ) |
Fetch all revoked_cert objects that link to this ca_detail.
Definition at line 605 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.roas | ( | self | ) |
Fetch all ROA objects that link to this ca_detail.
Definition at line 609 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.sql_decode | ( | self, | ||
vals | ||||
) |
Extra assertions for SQL decode of a ca_detail_obj.
Reimplemented from rpki.sql.sql_persistent.
Definition at line 589 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.update | ( | self, | ||
parent, | ||||
ca, | ||||
rc, | ||||
sia_uri_changed, | ||||
old_resources, | ||||
callback, | ||||
errback | ||||
) |
Need to get a new certificate for this ca_detail and perhaps frob children of this ca_detail.
Definition at line 738 of file rpki_engine.py.
Definition at line 633 of file rpki_engine.py.
Definition at line 769 of file rpki_engine.py.
rpki.rpki_engine.ca_detail_obj.crl_published = None [static] |
Definition at line 585 of file rpki_engine.py.
Reimplemented from rpki.sql.sql_persistent.
Definition at line 768 of file rpki_engine.py.
rpki.rpki_engine.ca_detail_obj.latest_ca_cert = None [static] |
Definition at line 587 of file rpki_engine.py.
Definition at line 873 of file rpki_engine.py.
Definition at line 914 of file rpki_engine.py.
Definition at line 731 of file rpki_engine.py.
Definition at line 729 of file rpki_engine.py.
Definition at line 730 of file rpki_engine.py.
rpki.rpki_engine.ca_detail_obj.manifest_published = None [static] |
Definition at line 586 of file rpki_engine.py.
Definition at line 707 of file rpki_engine.py.
Definition at line 728 of file rpki_engine.py.
Definition at line 773 of file rpki_engine.py.
tuple rpki.rpki_engine.ca_detail_obj.sql_template [static] |
rpki.sql.template( "ca_detail", "ca_detail_id", ("private_key_id", rpki.x509.RSA), ("public_key", rpki.x509.RSApublic), ("latest_ca_cert", rpki.x509.X509), ("manifest_private_key_id", rpki.x509.RSA), ("manifest_public_key", rpki.x509.RSApublic), ("latest_manifest_cert", rpki.x509.X509), ("latest_manifest", rpki.x509.SignedManifest), ("latest_crl", rpki.x509.CRL), ("crl_published", rpki.sundial.datetime), ("manifest_published", rpki.sundial.datetime), "state", "ca_cert_uri", "ca_id")
Definition at line 568 of file rpki_engine.py.
Definition at line 635 of file rpki_engine.py.