From c5d34ff48c9d01f9cf4063b350eb0f43e5ae28bd Mon Sep 17 00:00:00 2001
From: Martin Hoffmann <martin@nlnetlabs.nl>
Date: Thu, 13 Jun 2024 21:04:02 +0200
Subject: [PATCH] =?UTF-8?q?Don=E2=80=99t=20try=20to=20revoke=20child=20key?=
 =?UTF-8?q?s=20for=20non-existing=20resource=20classes.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/daemon/ca/certauth.rs | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/daemon/ca/certauth.rs b/src/daemon/ca/certauth.rs
index 3eeea8205..625d32285 100644
--- a/src/daemon/ca/certauth.rs
+++ b/src/daemon/ca/certauth.rs
@@ -905,6 +905,15 @@ impl CertAuth {
     fn child_revoke_key(&self, child_handle: ChildHandle, request: RevocationRequest) -> KrillResult<Vec<CaEvt>> {
         let (rcn, key) = request.unpack();
 
+        if !self.resources.contains_key(&rcn) {
+            // This request is for a resource class we don't have. We should
+            // not get such requests but telling this to a child may confuse
+            // them more, so just return with an empty vec of events - there
+            // is no work to do - and ensure that the child just gets a
+            // confirmation where this is called.
+            return Ok(vec![])
+        }
+
         let child = self.get_child(&child_handle)?;
 
         if !child.is_issued(&key) {