Public Member Functions | |
def | activate |
def | ca |
def | child_certs |
def | create |
def | crl_uri |
def | crl_uri_tail |
def | delete |
def | generate_crl |
def | generate_manifest |
def | generate_manifest_cert |
def | issue |
def | issue_ee |
def | manifest_uri |
def | revoke |
def | revoked_certs |
def | route_origins |
def | sql_decode |
def | update |
Public Attributes | |
ca_cert_uri | |
ca_id | |
gctx | |
latest_ca_cert | |
latest_crl | |
latest_manifest | |
latest_manifest_cert | |
manifest_private_key_id | |
manifest_public_key | |
private_key_id | |
public_key | |
state | |
Static Public Attributes | |
tuple | sql_template |
Internal CA detail object.
Definition at line 342 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.activate | ( | self, | ||
ca, | ||||
cert, | ||||
uri, | ||||
predecessor = None | ||||
) |
def rpki.rpki_engine.ca_detail_obj.ca | ( | self | ) |
def rpki.rpki_engine.ca_detail_obj.child_certs | ( | self, | ||
child = None , |
||||
ski = None , |
||||
unique = False | ||||
) |
Fetch all child_cert objects that link to this ca_detail.
Definition at line 372 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.create | ( | cls, | ||
ca | ||||
) |
def rpki.rpki_engine.ca_detail_obj.crl_uri | ( | self, | ||
ca | ||||
) |
def rpki.rpki_engine.ca_detail_obj.crl_uri_tail | ( | self | ) |
Return tail (filename portion) of publication URI for this ca_detail's CRL.
Definition at line 388 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.delete | ( | self, | ||
ca, | ||||
repository | ||||
) |
Delete this ca_detail and all of the certs it issued.
Definition at line 415 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.generate_crl | ( | self, | ||
nextUpdate = None | ||||
) |
Generate a new CRL for this ca_detail. At the moment this is unconditional, that is, it is up to the caller to decide whether a new CRL is needed.
Definition at line 583 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.generate_manifest | ( | self, | ||
nextUpdate = None | ||||
) |
def rpki.rpki_engine.ca_detail_obj.generate_manifest_cert | ( | self, | ||
ca | ||||
) |
Generate a new manifest certificate for this ca_detail.
Definition at line 532 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.issue | ( | self, | ||
ca, | ||||
child, | ||||
subject_key, | ||||
sia, | ||||
resources, | ||||
child_cert = None | ||||
) |
Issue a new certificate to a child. Optional child_cert argument specifies an existing child_cert object to update in place; if not specified, we create a new one. Returns the child_cert object containing the newly issued cert.
Definition at line 542 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.issue_ee | ( | self, | ||
ca, | ||||
resources, | ||||
subject_key, | ||||
sia = None | ||||
) |
def rpki.rpki_engine.ca_detail_obj.manifest_uri | ( | self, | ||
ca | ||||
) |
Return publication URI for this ca_detail's manifest.
Definition at line 392 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.revoke | ( | self | ) |
Request revocation of all certificates whose SKI matches the key for this ca_detail. Tasks: - Request revocation of old keypair by parent. - Revoke all child certs issued by the old keypair. - Generate a final CRL, signed with the old keypair, listing all the revoked certs, with a next CRL time after the last cert or CRL signed by the old keypair will have expired. - Destroy old keypair (and manifest keypair). - Leave final CRL in place until its next CRL time has passed.
Definition at line 429 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.revoked_certs | ( | self | ) |
Fetch all revoked_cert objects that link to this ca_detail.
Definition at line 376 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.route_origins | ( | self | ) |
Fetch all route_origin objects that link to this ca_detail.
Definition at line 380 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.sql_decode | ( | self, | ||
vals | ||||
) |
Extra assertions for SQL decode of a ca_detail_obj.
Reimplemented from rpki.sql.sql_persistant.
Definition at line 360 of file rpki_engine.py.
def rpki.rpki_engine.ca_detail_obj.update | ( | self, | ||
parent, | ||||
ca, | ||||
rc, | ||||
sia_uri_changed, | ||||
old_resources | ||||
) |
Need to get a new certificate for this ca_detail and perhaps frob children of this ca_detail.
Definition at line 481 of file rpki_engine.py.
Definition at line 400 of file rpki_engine.py.
Definition at line 505 of file rpki_engine.py.
Definition at line 399 of file rpki_engine.py.
Definition at line 606 of file rpki_engine.py.
Definition at line 635 of file rpki_engine.py.
Definition at line 477 of file rpki_engine.py.
Definition at line 475 of file rpki_engine.py.
Definition at line 476 of file rpki_engine.py.
Definition at line 474 of file rpki_engine.py.
Definition at line 509 of file rpki_engine.py.
tuple rpki.rpki_engine.ca_detail_obj.sql_template [static] |
Initial value:
rpki.sql.template( "ca_detail", "ca_detail_id", ("private_key_id", rpki.x509.RSA), ("public_key", rpki.x509.RSApublic), ("latest_ca_cert", rpki.x509.X509), ("manifest_private_key_id", rpki.x509.RSA), ("manifest_public_key", rpki.x509.RSApublic), ("latest_manifest_cert", rpki.x509.X509), ("latest_manifest", rpki.x509.SignedManifest), ("latest_crl", rpki.x509.CRL), "state", "ca_cert_uri", "ca_id")
Definition at line 345 of file rpki_engine.py.
Definition at line 404 of file rpki_engine.py.