# File ../../auditor/lib/kasp_auditor/key_tracker.rb, line 371 def update_cache(keys, keys_used) # We need to update the cache with this new information. # We can obviously add any revoked keys to retired. # Any keys in the cache that aren't in the zone are moved to dead # Any new keys are added to the appropriate state # All continuing keys are updated # This means : # a) All keys in keys_used should be in inuse # b) inuse should contain no other keys (than those in keys_usd) # c) only keys in keys should be in prepublished or retired # d) All keys with REVOKED should be retired # e) If not previously seen, keys in keys but not keys_used should be in prepublished # f) Keys which are not inuse, but still in zone, and which were previously known, should be retired keys.each {|key| # print "Checking published key #{key.key_tag_pre_revoked}\n" if !@cache.include_inuse_key?(key) # print "Unseen key #{key.key_tag_pre_revoked}\n" if !keys_used.include?(key.key_tag_pre_revoked) # print "Unseen key #{key.key_tag_pre_revoked} not in use - adding to prepublished\n" @cache.add_prepublished_key(key) end else if key.revoked? # print "Handling revoked key #{key.key_tag_pre_revoked}\n" @cache.add_retired_key(key) @cache.delete_prepublished_key(key) elsif !keys_used.include?(key.key_tag_pre_revoked) # print "Previously seen non-revoked key #{key.key_tag} still published but not in use - adding to retired\n" @cache.add_retired_key(key) @cache.delete_prepublished_key(key) end end } keys_used.each {|key| # Now find the key with that tag keys.each {|k| if (key == k.key_tag) # print "Taking inuse key #{key} and removing from prepublished\n" @cache.add_inuse_key(k) @cache.delete_prepublished_key(k) end } } @cache.inuse.keys.each {|key| if !keys_used.include?key.key_tag_pre_revoked # print "Deleting key #{key.key_tag_pre_revoked} from inuse\n" @cache.delete_inuse_key(key) end } @cache.prepublished.keys.each {|key| found = false keys.each {|k| if ((key == k) || (k.key_tag_pre_revoked == key.key_tag_pre_revoked)) found = true end } # print "Deleting missing #{key.key_tag_pre_revoked} key from prepublished\n" if !found @cache.delete_prepublished_key(key) if !found } @cache.retired.keys.each {|key| found = false keys.each {|k| if ((key == k) || (k.key_tag_pre_revoked == key.key_tag_pre_revoked)) found = true end } # print "Deleting missing #{key.key_tag_pre_revoked} key from retired\n" if !found @cache.delete_retired_key(key) if !found } end