Add Root model to rpki.rpkidb and root-related attributes to

left-right schema. Not really using of this stuff yet, but haven't broken existing code yet either. svn path=/branches/tk705/; revision=6371
author: Rob Austein <sra@hactrn.net> 2016-04-23 15:03:14 +0000
committer: Rob Austein <sra@hactrn.net> 2016-04-23 15:03:14 +0000
commit: c7d9a8366304b2a79c97948890656644218e6f97 (patch)
tree: 37f09cb3a7c4de29e8772d2428ae1684cfd5b3ac
parent: 44d1c604a15ff23151b5b7b40a5953b2af9ca935 (diff)
6 files changed, 301 insertions, 72 deletions
diff --git a/ca/tests/left-right-protocol-samples.xml b/ca/tests/left-right-protocol-samples.xml
index 9729c68c..c3d24b9d 100644
--- a/ca/tests/left-right-protocol-samples.xml
+++ b/ca/tests/left-right-protocol-samples.xml
@@ -2,11 +2,11 @@
   -  $Id$
   -
   - Copyright (C) 2010  Internet Systems Consortium ("ISC")
-  - 
+  -
   - Permission to use, copy, modify, and distribute this software for any
   - purpose with or without fee is hereby granted, provided that the above
   - copyright notice and this permission notice appear in all copies.
-  - 
+  -
   - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
   - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
   - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
@@ -14,7 +14,7 @@
   - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
   - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
   - PERFORMANCE OF THIS SOFTWARE.
-  - 
+  -
   - Portions copyright (C) 2007-2008  American Registry for Internet Numbers ("ARIN")
   -
   - Permission to use, copy, modify, and distribute this software for any
@@ -35,15 +35,15 @@
   -->
 
 <completely_gratuitous_wrapper_element_to_let_me_run_this_through_xmllint>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<tenant action="create" tag="a000" tenant_handle="42"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<tenant action="create" tag="a000" tenant_handle="42"/>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<tenant action="set" tenant_handle="42"
 		rekey="yes"
@@ -94,15 +94,15 @@
 	    </bpki_glue>
 	</tenant>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<tenant action="set" tenant_handle="42"/>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<tenant action="get" tenant_handle="42"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<tenant action="get" tenant_handle="42">
 	    <bpki_cert>
@@ -145,11 +145,11 @@
 	    </bpki_glue>
 	</tenant>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<tenant action="list"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<tenant action="list" tenant_handle="42">
 	    <bpki_cert>
@@ -193,17 +193,17 @@
 	</tenant>
 	<tenant action="list" tenant_handle="99"/>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<tenant action="destroy" tenant_handle="42"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<tenant action="destroy" tenant_handle="42"/>
     </msg>
-    
+
     <!-- ==== -->
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<bsc action="create" tenant_handle="42" bsc_handle="17"
 		generate_keypair="yes"
@@ -231,13 +231,13 @@
 	    </signing_cert>
 	</bsc>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<bsc action="create" tenant_handle="42" bsc_handle="17">
 	    <pkcs10_request>cmVxdWVzdAo=</pkcs10_request>
 	</bsc>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<bsc action="set" tenant_handle="42" bsc_handle="17">
 	    <signing_cert>
@@ -272,15 +272,15 @@
 	    </signing_cert_crl>
 	</bsc>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<bsc action="set" tenant_handle="42" bsc_handle="17"/>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<bsc action="get" tenant_handle="42" bsc_handle="17"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<bsc action="get" tenant_handle="42" bsc_handle="17">
 	    <signing_cert>
@@ -304,11 +304,11 @@
 	    </signing_cert>
 	</bsc>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<bsc action="list" tenant_handle="42"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<bsc action="get" tenant_handle="42" bsc_handle="17">
 	    <signing_cert>
@@ -332,17 +332,17 @@
 	    </signing_cert>
 	</bsc>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<bsc action="destroy" tenant_handle="42" bsc_handle="17"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<bsc action="destroy" tenant_handle="42" bsc_handle="17"/>
     </msg>
-    
+
     <!-- ==== -->
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<parent action="create" tenant_handle="42" parent_handle="666"
 		peer_contact_uri="https://re.bar.example/bandicoot/"
@@ -391,11 +391,56 @@
 	    </bpki_glue>
 	</parent>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<parent action="create" tenant_handle="42" parent_handle="666"/>
     </msg>
-    
+
+    <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
+	<parent action="create" tenant_handle="42" parent_handle="666"
+		peer_contact_uri="https://re.bar.example/bandicoot/"
+		sia_base="rsync://repo.foo.example/wombat/"
+		bsc_handle="17"
+		repository_handle="120"
+		sender_name="tweedledee"
+		recipient_name="tweedledum"
+		root_asn_resources="17,42,666"
+		root_ipv4_resources="10.0.0.0/8,192.168.0.0/16"
+		root_ipv6_resources="">
+	</parent>
+    </msg>
+
+    <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
+	<parent action="create" tenant_handle="42" parent_handle="666">
+	    <rpki_root_cert>
+		MIIEaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhFRjE5
+		QTdDQUE3MDg0NUZCNkYzRjlEOUFBOEE4OTBDRTg5QTgxMUQzMB4XDTE2MDQxNDIy
+		NTE0N1oXDTE3MDQxNDIyNTE0N1owMzExMC8GA1UEAxMoRUYxOUE3Q0FBNzA4NDVG
+		QjZGM0Y5RDlBQThBODkwQ0U4OUE4MTFEMzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+		ADCCAQoCggEBAKLVZcQPCPyKX21GYGuB5OPNh224HY9ndD1TU5r4yzJWCDN7Rfku
+		ftDPOG9qVOp8EMEgr+xsH7tm5LcyuJt1+KHhQD0JT44J6LCUtn2xJPINIDQCbaXm
+		L+RGAX+GlWesC9yxjnGBjLFSQJ9qN2QeR1MBeaL8iP/vyXq9hgEbuHTQliUqg/6n
+		bZ7+JShIQHrgNvv4wTLtrD7JoL+hDvnIhpt3OSwwzb1QvTfUEZ9mv8IE/Zpe2Kk6
+		MXcbFjhWgmGS1ZpQjfWQYkbHnSrkZd7IhGKyPj/x/mV3P7tmHBKXo1TnRbKd/ij5
+		ZjNDSnW144CvAiTcpj9xnKgtQLqfbsEt4ccCAwEAAaOCAYUwggGBMB0GA1UdDgQW
+		BBTvGafKpwhF+28/nZqoqJDOiagR0zAfBgNVHSMEGDAWgBTvGafKpwhF+28/nZqo
+		qJDOiagR0zAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMA8GA1UdEwEB/wQFMAMB
+		Af8wDgYDVR0PAQH/BAQDAgEGMIG3BggrBgEFBQcBCwSBqjCBpzA2BggrBgEFBQcw
+		BYYqcnN5bmM6Ly9sb2NhbGhvc3Q6NDQxMC9ycGtpL1JJUi1yb290L3Jvb3QvMD4G
+		CCsGAQUFBzAKhjJyc3luYzovL2xvY2FsaG9zdDo0NDEwL3Jwa2kvUklSLXJvb3Qv
+		cm9vdC9yb290Lm1mdDAtBggrBgEFBQcwDYYhaHR0cHM6Ly9sb2NhbGhvc3Q6NDQx
+		MS9ub3RpZnkueG1sMCEGCCsGAQUFBwEIAQH/BBIwEKAOMAwwCgIBAAIFAP////8w
+		JwYIKwYBBQUHAQcBAf8EGDAWMAkEAgABMAMDAQAwCQQCAAIwAwMBADANBgkqhkiG
+		9w0BAQsFAAOCAQEAADpTJlaW/YBhvM4d8+VJwGMNgRy1gIbNfikXbDJunIsfVvQH
+		6Cvu+G9LHwzr41S31gLDPiI5xqlYIcOLNmD4kFF+FkI5pmdZaYyE7cmUrV9LfJSp
+		6AjwNGhOlFDQJbfvndxAmTpAimvC/eKdB4nsbun3ewddIBbz7meq8FD/anrsU9F7
+		ezLgQuChwzshV29wqyM97RQ1J8xeBdadWv8DKxrYj2OkHAZCzQNoYp33i6B/qHf2
+		+350IE4Shix6fGfOuhq3BKSMEzBFUUK6RDmUrBfJlyCwD9+DWkgXb6gdw4MHLEEK
+		34fI46rg3JkTm9LK4glhTSSdXNuSgQNiNt1sYA==
+	    </rpki_root_cert>
+	</parent>
+    </msg>
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<parent action="set" tenant_handle="42" parent_handle="666"
 		peer_contact_uri="https://re.bar.example/bandicoot/"
@@ -445,15 +490,58 @@
 	    </bpki_glue>
 	</parent>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<parent action="set" tenant_handle="42" parent_handle="666"/>
     </msg>
-    
+
+    <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
+	<parent action="set" tenant_handle="42" parent_handle="666"
+		peer_contact_uri="https://re.bar.example/bandicoot/"
+		sia_base="rsync://repo.foo.example/wombat/"
+		bsc_handle="17"
+		repository_handle="120"
+		root_asn_resources="17,42,666"
+		root_ipv4_resources="10.0.0.0/8,192.168.0.0/16"
+		root_ipv6_resources="">
+	</parent>
+    </msg>
+
+    <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
+	<parent action="set" tenant_handle="42" parent_handle="666">
+	    <rpki_root_cert>
+		MIIEaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhFRjE5
+		QTdDQUE3MDg0NUZCNkYzRjlEOUFBOEE4OTBDRTg5QTgxMUQzMB4XDTE2MDQxNDIy
+		NTE0N1oXDTE3MDQxNDIyNTE0N1owMzExMC8GA1UEAxMoRUYxOUE3Q0FBNzA4NDVG
+		QjZGM0Y5RDlBQThBODkwQ0U4OUE4MTFEMzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+		ADCCAQoCggEBAKLVZcQPCPyKX21GYGuB5OPNh224HY9ndD1TU5r4yzJWCDN7Rfku
+		ftDPOG9qVOp8EMEgr+xsH7tm5LcyuJt1+KHhQD0JT44J6LCUtn2xJPINIDQCbaXm
+		L+RGAX+GlWesC9yxjnGBjLFSQJ9qN2QeR1MBeaL8iP/vyXq9hgEbuHTQliUqg/6n
+		bZ7+JShIQHrgNvv4wTLtrD7JoL+hDvnIhpt3OSwwzb1QvTfUEZ9mv8IE/Zpe2Kk6
+		MXcbFjhWgmGS1ZpQjfWQYkbHnSrkZd7IhGKyPj/x/mV3P7tmHBKXo1TnRbKd/ij5
+		ZjNDSnW144CvAiTcpj9xnKgtQLqfbsEt4ccCAwEAAaOCAYUwggGBMB0GA1UdDgQW
+		BBTvGafKpwhF+28/nZqoqJDOiagR0zAfBgNVHSMEGDAWgBTvGafKpwhF+28/nZqo
+		qJDOiagR0zAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMA8GA1UdEwEB/wQFMAMB
+		Af8wDgYDVR0PAQH/BAQDAgEGMIG3BggrBgEFBQcBCwSBqjCBpzA2BggrBgEFBQcw
+		BYYqcnN5bmM6Ly9sb2NhbGhvc3Q6NDQxMC9ycGtpL1JJUi1yb290L3Jvb3QvMD4G
+		CCsGAQUFBzAKhjJyc3luYzovL2xvY2FsaG9zdDo0NDEwL3Jwa2kvUklSLXJvb3Qv
+		cm9vdC9yb290Lm1mdDAtBggrBgEFBQcwDYYhaHR0cHM6Ly9sb2NhbGhvc3Q6NDQx
+		MS9ub3RpZnkueG1sMCEGCCsGAQUFBwEIAQH/BBIwEKAOMAwwCgIBAAIFAP////8w
+		JwYIKwYBBQUHAQcBAf8EGDAWMAkEAgABMAMDAQAwCQQCAAIwAwMBADANBgkqhkiG
+		9w0BAQsFAAOCAQEAADpTJlaW/YBhvM4d8+VJwGMNgRy1gIbNfikXbDJunIsfVvQH
+		6Cvu+G9LHwzr41S31gLDPiI5xqlYIcOLNmD4kFF+FkI5pmdZaYyE7cmUrV9LfJSp
+		6AjwNGhOlFDQJbfvndxAmTpAimvC/eKdB4nsbun3ewddIBbz7meq8FD/anrsU9F7
+		ezLgQuChwzshV29wqyM97RQ1J8xeBdadWv8DKxrYj2OkHAZCzQNoYp33i6B/qHf2
+		+350IE4Shix6fGfOuhq3BKSMEzBFUUK6RDmUrBfJlyCwD9+DWkgXb6gdw4MHLEEK
+		34fI46rg3JkTm9LK4glhTSSdXNuSgQNiNt1sYA==
+	    </rpki_root_cert>
+	</parent>
+    </msg>
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<parent action="get" tenant_handle="42" parent_handle="666"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<parent action="get" tenant_handle="42" parent_handle="666"
 		peer_contact_uri="https://re.bar.example/bandicoot/"
@@ -498,13 +586,39 @@
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
 	    </bpki_glue>
+	    <rpki_root_cert>
+	        MIIEaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhFRjE5
+		QTdDQUE3MDg0NUZCNkYzRjlEOUFBOEE4OTBDRTg5QTgxMUQzMB4XDTE2MDQxNDIy
+		NTE0N1oXDTE3MDQxNDIyNTE0N1owMzExMC8GA1UEAxMoRUYxOUE3Q0FBNzA4NDVG
+		QjZGM0Y5RDlBQThBODkwQ0U4OUE4MTFEMzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+		ADCCAQoCggEBAKLVZcQPCPyKX21GYGuB5OPNh224HY9ndD1TU5r4yzJWCDN7Rfku
+		ftDPOG9qVOp8EMEgr+xsH7tm5LcyuJt1+KHhQD0JT44J6LCUtn2xJPINIDQCbaXm
+		L+RGAX+GlWesC9yxjnGBjLFSQJ9qN2QeR1MBeaL8iP/vyXq9hgEbuHTQliUqg/6n
+		bZ7+JShIQHrgNvv4wTLtrD7JoL+hDvnIhpt3OSwwzb1QvTfUEZ9mv8IE/Zpe2Kk6
+		MXcbFjhWgmGS1ZpQjfWQYkbHnSrkZd7IhGKyPj/x/mV3P7tmHBKXo1TnRbKd/ij5
+		ZjNDSnW144CvAiTcpj9xnKgtQLqfbsEt4ccCAwEAAaOCAYUwggGBMB0GA1UdDgQW
+		BBTvGafKpwhF+28/nZqoqJDOiagR0zAfBgNVHSMEGDAWgBTvGafKpwhF+28/nZqo
+		qJDOiagR0zAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMA8GA1UdEwEB/wQFMAMB
+		Af8wDgYDVR0PAQH/BAQDAgEGMIG3BggrBgEFBQcBCwSBqjCBpzA2BggrBgEFBQcw
+		BYYqcnN5bmM6Ly9sb2NhbGhvc3Q6NDQxMC9ycGtpL1JJUi1yb290L3Jvb3QvMD4G
+		CCsGAQUFBzAKhjJyc3luYzovL2xvY2FsaG9zdDo0NDEwL3Jwa2kvUklSLXJvb3Qv
+		cm9vdC9yb290Lm1mdDAtBggrBgEFBQcwDYYhaHR0cHM6Ly9sb2NhbGhvc3Q6NDQx
+		MS9ub3RpZnkueG1sMCEGCCsGAQUFBwEIAQH/BBIwEKAOMAwwCgIBAAIFAP////8w
+		JwYIKwYBBQUHAQcBAf8EGDAWMAkEAgABMAMDAQAwCQQCAAIwAwMBADANBgkqhkiG
+		9w0BAQsFAAOCAQEAADpTJlaW/YBhvM4d8+VJwGMNgRy1gIbNfikXbDJunIsfVvQH
+		6Cvu+G9LHwzr41S31gLDPiI5xqlYIcOLNmD4kFF+FkI5pmdZaYyE7cmUrV9LfJSp
+		6AjwNGhOlFDQJbfvndxAmTpAimvC/eKdB4nsbun3ewddIBbz7meq8FD/anrsU9F7
+		ezLgQuChwzshV29wqyM97RQ1J8xeBdadWv8DKxrYj2OkHAZCzQNoYp33i6B/qHf2
+		+350IE4Shix6fGfOuhq3BKSMEzBFUUK6RDmUrBfJlyCwD9+DWkgXb6gdw4MHLEEK
+		34fI46rg3JkTm9LK4glhTSSdXNuSgQNiNt1sYA==
+	    </rpki_root_cert>
 	</parent>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<parent action="list" tenant_handle="42"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<parent action="list" tenant_handle="42" parent_handle="666"
 		peer_contact_uri="https://re.bar.example/bandicoot/"
@@ -549,19 +663,45 @@
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
 	    </bpki_glue>
+	    <rpki_root_cert>
+	        MIIEaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhFRjE5
+		QTdDQUE3MDg0NUZCNkYzRjlEOUFBOEE4OTBDRTg5QTgxMUQzMB4XDTE2MDQxNDIy
+		NTE0N1oXDTE3MDQxNDIyNTE0N1owMzExMC8GA1UEAxMoRUYxOUE3Q0FBNzA4NDVG
+		QjZGM0Y5RDlBQThBODkwQ0U4OUE4MTFEMzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+		ADCCAQoCggEBAKLVZcQPCPyKX21GYGuB5OPNh224HY9ndD1TU5r4yzJWCDN7Rfku
+		ftDPOG9qVOp8EMEgr+xsH7tm5LcyuJt1+KHhQD0JT44J6LCUtn2xJPINIDQCbaXm
+		L+RGAX+GlWesC9yxjnGBjLFSQJ9qN2QeR1MBeaL8iP/vyXq9hgEbuHTQliUqg/6n
+		bZ7+JShIQHrgNvv4wTLtrD7JoL+hDvnIhpt3OSwwzb1QvTfUEZ9mv8IE/Zpe2Kk6
+		MXcbFjhWgmGS1ZpQjfWQYkbHnSrkZd7IhGKyPj/x/mV3P7tmHBKXo1TnRbKd/ij5
+		ZjNDSnW144CvAiTcpj9xnKgtQLqfbsEt4ccCAwEAAaOCAYUwggGBMB0GA1UdDgQW
+		BBTvGafKpwhF+28/nZqoqJDOiagR0zAfBgNVHSMEGDAWgBTvGafKpwhF+28/nZqo
+		qJDOiagR0zAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMA8GA1UdEwEB/wQFMAMB
+		Af8wDgYDVR0PAQH/BAQDAgEGMIG3BggrBgEFBQcBCwSBqjCBpzA2BggrBgEFBQcw
+		BYYqcnN5bmM6Ly9sb2NhbGhvc3Q6NDQxMC9ycGtpL1JJUi1yb290L3Jvb3QvMD4G
+		CCsGAQUFBzAKhjJyc3luYzovL2xvY2FsaG9zdDo0NDEwL3Jwa2kvUklSLXJvb3Qv
+		cm9vdC9yb290Lm1mdDAtBggrBgEFBQcwDYYhaHR0cHM6Ly9sb2NhbGhvc3Q6NDQx
+		MS9ub3RpZnkueG1sMCEGCCsGAQUFBwEIAQH/BBIwEKAOMAwwCgIBAAIFAP////8w
+		JwYIKwYBBQUHAQcBAf8EGDAWMAkEAgABMAMDAQAwCQQCAAIwAwMBADANBgkqhkiG
+		9w0BAQsFAAOCAQEAADpTJlaW/YBhvM4d8+VJwGMNgRy1gIbNfikXbDJunIsfVvQH
+		6Cvu+G9LHwzr41S31gLDPiI5xqlYIcOLNmD4kFF+FkI5pmdZaYyE7cmUrV9LfJSp
+		6AjwNGhOlFDQJbfvndxAmTpAimvC/eKdB4nsbun3ewddIBbz7meq8FD/anrsU9F7
+		ezLgQuChwzshV29wqyM97RQ1J8xeBdadWv8DKxrYj2OkHAZCzQNoYp33i6B/qHf2
+		+350IE4Shix6fGfOuhq3BKSMEzBFUUK6RDmUrBfJlyCwD9+DWkgXb6gdw4MHLEEK
+		34fI46rg3JkTm9LK4glhTSSdXNuSgQNiNt1sYA==
+	    </rpki_root_cert>
 	</parent>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<parent action="destroy" tenant_handle="42"
     parent_handle="666"/> </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<parent action="destroy" tenant_handle="42" parent_handle="666"/>
     </msg>
-    
+
     <!-- ==== -->
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<child action="create" tenant_handle="42" child_handle="3"
 		bsc_handle="17">
@@ -586,11 +726,11 @@
 	    </bpki_cert>
 	</child>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<child action="create" tenant_handle="42" child_handle="3"/>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<child action="set" tenant_handle="42" child_handle="3"
 		bsc_handle="17"
@@ -616,15 +756,15 @@
 	    </bpki_cert>
 	</child>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<child action="set" tenant_handle="42" child_handle="3"/>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<child action="get" tenant_handle="42" child_handle="3"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<child action="get" tenant_handle="42" child_handle="3"
 		bsc_handle="17">
@@ -649,11 +789,11 @@
 	    </bpki_cert>
 	</child>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<child action="list" tenant_handle="42"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<child action="list" tenant_handle="42" child_handle="3"
 		bsc_handle="17">
@@ -678,15 +818,15 @@
 	    </bpki_cert>
 	</child>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<child action="destroy" tenant_handle="42" child_handle="3"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<child action="destroy" tenant_handle="42" child_handle="3"/>
     </msg>
-    
+
     <!-- ==== -->
 
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
@@ -733,11 +873,11 @@
 	    </bpki_glue>
 	</repository>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<repository action="create" tenant_handle="42" repository_handle="120"/>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<repository action="set" tenant_handle="42" repository_handle="120"
 		peer_contact_uri="https://re.bar.example/bandicoot/"
@@ -782,15 +922,15 @@
 	    </bpki_glue>
 	</repository>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<repository action="set" tenant_handle="42" repository_handle="120"/>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<repository action="get" tenant_handle="42" repository_handle="120"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<repository action="get" tenant_handle="42" repository_handle="120"
 		peer_contact_uri="https://re.bar.example/bandicoot/"
@@ -835,11 +975,11 @@
 	    </bpki_glue>
 	</repository>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<repository action="list" tenant_handle="42"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<repository action="list" tenant_handle="42" repository_handle="120"
 		peer_contact_uri="https://re.bar.example/bandicoot/"
@@ -884,21 +1024,21 @@
 	    </bpki_glue>
 	</repository>
     </msg>
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<repository action="destroy" tenant_handle="42" repository_handle="120"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<repository action="destroy" tenant_handle="42" repository_handle="120"/>
     </msg>
 
     <!-- ==== -->
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<list_resources tenant_handle="42" child_handle="289"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<list_resources tenant_handle="42" child_handle="289"
 			valid_until="2008-04-01T00:00:00Z"
@@ -906,13 +1046,13 @@
 			ipv6="fe80:deed:f00d::/48,fe80:dead:beef:2::-fe80:dead:beef:2::49"
 			asn="666"/>
     </msg>
-    
+
     <!-- === -->
-    
+
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<list_roa_requests tenant_handle="42"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<list_roa_requests tenant_handle="42"
 			asn="666"
@@ -925,13 +1065,13 @@
 			ipv6="2002:a00::/48-56"
 			/>
     </msg>
-    
+
     <!-- === -->
 
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<list_received_resources tenant_handle="42"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<list_received_resources tenant_handle="42"
 				 parent_handle="Alice"
@@ -954,13 +1094,13 @@
 				 ipv6="2001:4f8::/32,2001:500::/48,2001:500:2e::/47,2001:500:60::-2001:500:7c:ffff:ffff:ffff:ffff:ffff,2001:500:85::/48"/>
     </msg>
 
-    
+
     <!-- === -->
 
     <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<list_published_objects tenant_handle="42"/>
     </msg>
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<list_published_objects tenant_handle="42" uri="rsync://rpki.example.org/rpki/DEMEtlxZrZes7TNGbe7XwVSMgW0.crl">
 		MIIBrjCBlwIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygwQzQzMDRCNjVDNTlBRDk3
@@ -1081,7 +1221,7 @@
     </msg>
 
     <!-- === -->
-    
+
     <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/">
 	<report_error tenant_handle="42" error_code="your_hair_is_on_fire">text string</report_error>
     </msg>
diff --git a/rpki/relaxng.py b/rpki/relaxng.py
index 7375a077..9a01306c 100644
--- a/rpki/relaxng.py
+++ b/rpki/relaxng.py
@@ -8,7 +8,7 @@ from rpki.relaxng_parser import RelaxNGParser
 ## Parsed RelaxNG left_right schema
 left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?>
 <!--
-  $Id: left-right.rnc 6137 2015-10-20 19:21:37Z sra $
+  $Id$
   
   RelaxNG schema for RPKI left-right protocol.
   
@@ -554,6 +554,21 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?>
       </attribute>
     </optional>
     <optional>
+      <attribute name="root_asn_resources">
+        <ref name="asn_list"/>
+      </attribute>
+    </optional>
+    <optional>
+      <attribute name="root_ipv4_resources">
+        <ref name="ipv4_list"/>
+      </attribute>
+    </optional>
+    <optional>
+      <attribute name="root_ipv6_resources">
+        <ref name="ipv6_list"/>
+      </attribute>
+    </optional>
+    <optional>
       <element name="bpki_cert">
         <ref name="base64"/>
       </element>
@@ -564,6 +579,13 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?>
       </element>
     </optional>
   </define>
+  <define name="parent_readonly">
+    <optional>
+      <element name="rpki_root_cert">
+        <ref name="base64"/>
+      </element>
+    </optional>
+  </define>
   <define name="parent_query" combine="choice">
     <element name="parent">
       <ref name="ctl_create"/>
@@ -578,6 +600,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?>
       <ref name="ctl_create"/>
       <ref name="tenant_handle"/>
       <ref name="parent_handle"/>
+      <ref name="parent_readonly"/>
     </element>
   </define>
   <define name="parent_query" combine="choice">
@@ -594,6 +617,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?>
       <ref name="ctl_set"/>
       <ref name="tenant_handle"/>
       <ref name="parent_handle"/>
+      <ref name="parent_readonly"/>
     </element>
   </define>
   <define name="parent_query" combine="choice">
@@ -609,6 +633,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?>
       <ref name="tenant_handle"/>
       <ref name="parent_handle"/>
       <ref name="parent_payload"/>
+      <ref name="parent_readonly"/>
     </element>
   </define>
   <define name="parent_query" combine="choice">
@@ -623,6 +648,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?>
       <ref name="tenant_handle"/>
       <ref name="parent_handle"/>
       <ref name="parent_payload"/>
+      <ref name="parent_readonly"/>
     </element>
   </define>
   <define name="parent_query" combine="choice">
diff --git a/rpki/rpkidb/migrations/0007_root.py b/rpki/rpkidb/migrations/0007_root.py
new file mode 100644
index 00000000..f319b477
--- /dev/null
+++ b/rpki/rpkidb/migrations/0007_root.py
@@ -0,0 +1,25 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('rpkidb', '0006_turtle_rename'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Root',
+            fields=[
+                ('turtle_ptr', models.OneToOneField(parent_link=True, auto_created=True, primary_key=True, serialize=False, to='rpkidb.Turtle')),
+                ('asn_resources', models.TextField()),
+                ('ipv4_resources', models.TextField()),
+                ('ipv6_resources', models.TextField()),
+                ('worker', models.OneToOneField(related_name='rooter', to='rpkidb.Parent')),
+            ],
+            bases=('rpkidb.turtle',),
+        ),
+    ]
diff --git a/rpki/rpkidb/models.py b/rpki/rpkidb/models.py
index 4bb95932..d2d6c6f2 100644
--- a/rpki/rpkidb/models.py
+++ b/rpki/rpkidb/models.py
@@ -789,6 +789,13 @@ class Parent(Turtle):
         return sia_uri
 
 
+class Root(Turtle):
+    asn_resources = models.TextField()
+    ipv4_resources = models.TextField()
+    ipv6_resources = models.TextField()
+    worker = models.OneToOneField(Parent, related_name = "rooter")
+
+
 class CA(models.Model):
     last_crl_manifest_number = models.BigIntegerField(default = 1)
     last_issued_sn = models.BigIntegerField(default = 1)
diff --git a/schemas/relaxng/left-right.rnc b/schemas/relaxng/left-right.rnc
index 1d132443..c2592c0f 100644
--- a/schemas/relaxng/left-right.rnc
+++ b/schemas/relaxng/left-right.rnc
@@ -162,17 +162,22 @@ parent_payload = (attribute peer_contact_uri { uri }?,
                   repository_handle?,
                   attribute sender_name { up_down_name }?,
                   attribute recipient_name { up_down_name }?,
+                  attribute root_asn_resources  { asn_list }?,
+                  attribute root_ipv4_resources { ipv4_list }?,
+                  attribute root_ipv6_resources { ipv6_list }?,
                   element bpki_cert { base64 }?,
                   element bpki_glue { base64 }?)
 
+parent_readonly = element rpki_root_cert { base64 }?
+
 parent_query |= element parent { ctl_create,  tenant_handle, parent_handle, parent_bool, parent_payload }
-parent_reply |= element parent { ctl_create,  tenant_handle, parent_handle }
+parent_reply |= element parent { ctl_create,  tenant_handle, parent_handle, parent_readonly }
 parent_query |= element parent { ctl_set,     tenant_handle, parent_handle, parent_bool, parent_payload }
-parent_reply |= element parent { ctl_set,     tenant_handle, parent_handle }
+parent_reply |= element parent { ctl_set,     tenant_handle, parent_handle, parent_readonly }
 parent_query |= element parent { ctl_get,     tenant_handle, parent_handle }
-parent_reply |= element parent { ctl_get,     tenant_handle, parent_handle, parent_payload }
+parent_reply |= element parent { ctl_get,     tenant_handle, parent_handle, parent_payload, parent_readonly }
 parent_query |= element parent { ctl_list,    tenant_handle }
-parent_reply |= element parent { ctl_list,    tenant_handle, parent_handle, parent_payload }
+parent_reply |= element parent { ctl_list,    tenant_handle, parent_handle, parent_payload, parent_readonly }
 parent_query |= element parent { ctl_destroy, tenant_handle, parent_handle }
 parent_reply |= element parent { ctl_destroy, tenant_handle, parent_handle }
 
diff --git a/schemas/relaxng/left-right.rng b/schemas/relaxng/left-right.rng
index 82ae1d63..cd8c1896 100644
--- a/schemas/relaxng/left-right.rng
+++ b/schemas/relaxng/left-right.rng
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  $Id: left-right.rnc 6137 2015-10-20 19:21:37Z sra $
+  $Id$
   
   RelaxNG schema for RPKI left-right protocol.
   
@@ -546,6 +546,21 @@
       </attribute>
     </optional>
     <optional>
+      <attribute name="root_asn_resources">
+        <ref name="asn_list"/>
+      </attribute>
+    </optional>
+    <optional>
+      <attribute name="root_ipv4_resources">
+        <ref name="ipv4_list"/>
+      </attribute>
+    </optional>
+    <optional>
+      <attribute name="root_ipv6_resources">
+        <ref name="ipv6_list"/>
+      </attribute>
+    </optional>
+    <optional>
       <element name="bpki_cert">
         <ref name="base64"/>
       </element>
@@ -556,6 +571,13 @@
       </element>
     </optional>
   </define>
+  <define name="parent_readonly">
+    <optional>
+      <element name="rpki_root_cert">
+        <ref name="base64"/>
+      </element>
+    </optional>
+  </define>
   <define name="parent_query" combine="choice">
     <element name="parent">
       <ref name="ctl_create"/>
@@ -570,6 +592,7 @@
       <ref name="ctl_create"/>
       <ref name="tenant_handle"/>
       <ref name="parent_handle"/>
+      <ref name="parent_readonly"/>
     </element>
   </define>
   <define name="parent_query" combine="choice">
@@ -586,6 +609,7 @@
       <ref name="ctl_set"/>
       <ref name="tenant_handle"/>
       <ref name="parent_handle"/>
+      <ref name="parent_readonly"/>
     </element>
   </define>
   <define name="parent_query" combine="choice">
@@ -601,6 +625,7 @@
       <ref name="tenant_handle"/>
       <ref name="parent_handle"/>
       <ref name="parent_payload"/>
+      <ref name="parent_readonly"/>
     </element>
   </define>
   <define name="parent_query" combine="choice">
@@ -615,6 +640,7 @@
       <ref name="tenant_handle"/>
       <ref name="parent_handle"/>
       <ref name="parent_payload"/>
+      <ref name="parent_readonly"/>
     </element>
   </define>
   <define name="parent_query" combine="choice">
author	Rob Austein <sra@hactrn.net>	2016-04-23 15:03:14 +0000
committer	Rob Austein <sra@hactrn.net>	2016-04-23 15:03:14 +0000
commit	c7d9a8366304b2a79c97948890656644218e6f97 (patch)
tree	37f09cb3a7c4de29e8772d2428ae1684cfd5b3ac
parent	44d1c604a15ff23151b5b7b40a5953b2af9ca935 (diff)