diff options
| author | Rob Austein <sra@hactrn.net> | 2008-06-02 23:43:01 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-06-02 23:43:01 +0000 |
| commit | 7fe2be97aa63bff93e7afca074d42e169a8b92f5 (patch) | |
| tree | 37960080bd1fdc7b0de75d9c52549a41b13d7897 /rpkid | |
| parent | fec873c92b1fb4445d30dd03592a0b8935a460fa (diff) | |
Add BPKI CRL to pubd's SQL database, and clean up a lot of redundant
SAX code.
svn path=/rpkid/irbe-cli.py; revision=1835
Diffstat (limited to 'rpkid')
50 files changed, 602 insertions, 462 deletions
diff --git a/rpkid/irbe-cli.py b/rpkid/irbe-cli.py index e50bdec6..fa4fc103 100755 --- a/rpkid/irbe-cli.py +++ b/rpkid/irbe-cli.py @@ -28,9 +28,16 @@ pem_out = None class cmd_mixin(object): """Left-right protocol mix-in for command line client.""" + ## @var excludes + # XML attributes and elements that should not be allowed as command + # line arguments. At the moment the only such is the + # bsc.pkcs10_request sub-element, but writing this generally is no + # harder than handling that one special case. + excludes = () + def client_getopt(self, argv): """Parse options for this class.""" - opts, argv = getopt.getopt(argv, "", [x + "=" for x in self.attributes + self.elements] + list(self.booleans)) + opts, argv = getopt.getopt(argv, "", [x + "=" for x in self.attributes + self.elements if x not in self.excludes] + list(self.booleans)) for o, a in opts: o = o[2:] handler = getattr(self, "client_query_" + o, None) @@ -81,6 +88,8 @@ class self_elt(cmd_mixin, rpki.left_right.self_elt): class bsc_elt(cmd_mixin, rpki.left_right.bsc_elt): + excludes = ("pkcs10_request",) + def client_query_signing_cert(self, arg): """--signing_cert option.""" self.signing_cert = rpki.x509.X509(Auto_file=arg) @@ -113,11 +122,11 @@ class route_origin_elt(cmd_mixin, rpki.left_right.route_origin_elt): def client_query_ipv4(self, arg): """Handle IPv4 addresses.""" - self.ipv4 = resource_set.resource_set_ipv4(arg) + self.ipv4 = resource_set.roa_prefix_set_ipv4(arg) def client_query_ipv6(self, arg): """Handle IPv6 addresses.""" - self.ipv6 = resource_set.resource_set_ipv6(arg) + self.ipv6 = resource_set.roa_prefix_set_ipv6(arg) class msg(rpki.left_right.msg): pdus = dict((x.element_name, x) @@ -135,7 +144,7 @@ def usage(code=1): print "Usage:", sys.argv[0], " ".join(["--" + x for x in top_opts]) for k,v in msg.pdus.items(): print " ", k, \ - " ".join(["--" + x + "=" for x in v.attributes + v.elements]), \ + " ".join(["--" + x + "=" for x in v.attributes + v.elements if x not in v.excludes]), \ " ".join(["--" + x for x in v.booleans]) sys.exit(code) diff --git a/rpkid/left-right-protocol-samples.xml b/rpkid/left-right-protocol-samples.xml index b7af5830..b9189c0c 100644 --- a/rpkid/left-right-protocol-samples.xml +++ b/rpkid/left-right-protocol-samples.xml @@ -1196,7 +1196,7 @@ <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> <route_origin action="set" self_id="42" route_origin_id="88" suppress_publication="yes" - as_number="12345" exact_match="true" ipv4="10.0.0.44/32" ipv6="2002:a00::/48"/> + as_number="12345" ipv4="10.0.0.44/32" ipv6="2002:a00::/48-56"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> @@ -1209,7 +1209,7 @@ <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> <route_origin action="get" self_id="42" route_origin_id="88" - as_number="12345" exact_match="true" ipv4="10.0.0.44/32" ipv6="2002:a00::/48"/> + as_number="12345" ipv4="10.0.0.44/32" ipv6="2002:a00::/48-56"/> </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> diff --git a/rpkid/left-right-protocol-samples/pdu.053.xml b/rpkid/left-right-protocol-samples/pdu.053.xml index 960e8709..b7db126d 100644 --- a/rpkid/left-right-protocol-samples/pdu.053.xml +++ b/rpkid/left-right-protocol-samples/pdu.053.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1" type="query"> - <route_origin action="set" self_id="42" route_origin_id="88" suppress_publication="yes" as_number="12345" exact_match="true" ipv4="10.0.0.44/32" ipv6="2002:a00::/48"/> + <route_origin action="set" self_id="42" route_origin_id="88" suppress_publication="yes" as_number="12345" ipv4="10.0.0.44/32" ipv6="2002:a00::/48-56"/> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.056.xml b/rpkid/left-right-protocol-samples/pdu.056.xml index f55d117d..55cd2c78 100644 --- a/rpkid/left-right-protocol-samples/pdu.056.xml +++ b/rpkid/left-right-protocol-samples/pdu.056.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1" type="reply"> - <route_origin action="get" self_id="42" route_origin_id="88" as_number="12345" exact_match="true" ipv4="10.0.0.44/32" ipv6="2002:a00::/48"/> + <route_origin action="get" self_id="42" route_origin_id="88" as_number="12345" ipv4="10.0.0.44/32" ipv6="2002:a00::/48-56"/> </msg> diff --git a/rpkid/left-right-schema.rnc b/rpkid/left-right-schema.rnc index f24dbb90..1b410f36 100644 --- a/rpkid/left-right-schema.rnc +++ b/rpkid/left-right-schema.rnc @@ -194,7 +194,6 @@ route_origin_id = attribute route_origin_id { sql_id } route_origin_bool = attribute suppress_publication { "yes" }? route_origin_payload = (attribute as_number { xsd:positiveInteger }?, - attribute exact_match { xsd:boolean }?, attribute ipv4 { ipv4_list }?, attribute ipv6 { ipv6_list }?) diff --git a/rpkid/left-right-schema.rng b/rpkid/left-right-schema.rng index 48f6ffb9..337c6852 100644 --- a/rpkid/left-right-schema.rng +++ b/rpkid/left-right-schema.rng @@ -795,11 +795,6 @@ </attribute> </optional> <optional> - <attribute name="exact_match"> - <data type="boolean"/> - </attribute> - </optional> - <optional> <attribute name="ipv4"> <ref name="ipv4_list"/> </attribute> diff --git a/rpkid/pubd.py b/rpkid/pubd.py index 818370b3..a96e75f0 100755 --- a/rpkid/pubd.py +++ b/rpkid/pubd.py @@ -48,11 +48,11 @@ class pubd_context(rpki.gctx.global_context): self.sql_cache = {} self.sql_dirty = set() - def handler_common(self, query, client, certs): + def handler_common(self, query, client, certs, crl = None): """Common PDU handler code.""" q_msg = rpki.publication.cms_msg.unwrap(query, certs) r_msg = q_msg.serve_top_level(self, client) - reply = rpki.publication.cms_msg.wrap(r_msg, self.pubd_key, self.pubd_cert) + reply = rpki.publication.cms_msg.wrap(r_msg, self.pubd_key, self.pubd_cert, crl) self.sql_sweep() return reply @@ -75,7 +75,10 @@ class pubd_context(rpki.gctx.global_context): client = rpki.publication.client_elt.sql_fetch(self, long(client_id)) if client is None: raise rpki.exceptions.ClientNotFound, "Could not find client %s" % client_id - return 200, self.handler_common(query, client, (self.bpki_ta, client.bpki_cert, client.bpki_glue)) + config = rpki.publication.config_elt.fetch(self) + if config is None or config.bpki_crl is None: + raise rpki.exceptions.CMSCRLNotSet + return 200, self.handler_common(query, client, (self.bpki_ta, client.bpki_cert, client.bpki_glue), config.bpki_crl) except Exception, data: rpki.log.error(traceback.format_exc()) return 500, "Could not process PDU: %s" % data diff --git a/rpkid/pubd.sql b/rpkid/pubd.sql index d8a9938c..2e9e235d 100644 --- a/rpkid/pubd.sql +++ b/rpkid/pubd.sql @@ -16,6 +16,18 @@ -- SQL objects needed by pubd.py. +-- The config table is weird because we're really only using it +-- to store one BPKI CRL, but putting this here lets us use a lot of +-- existing machinery and the alternatives are whacky in other ways. + +DROP TABLE IF EXISTS config; + +CREATE TABLE config ( + config_id SERIAL NOT NULL, + bpki_crl LONGBLOB, + PRIMARY KEY (config_id) +); + DROP TABLE IF EXISTS client; CREATE TABLE client ( diff --git a/rpkid/publication-protocol-samples.xml b/rpkid/publication-protocol-samples.xml index 0d1eb6fb..debae3b5 100644 --- a/rpkid/publication-protocol-samples.xml +++ b/rpkid/publication-protocol-samples.xml @@ -22,6 +22,46 @@ <completely_gratuitous_wrapper_element_to_let_me_run_this_through_xmllint> + <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" type="query" version="1"> + <config action="set"> + <bpki_crl> + MIIBezBlAgEBMA0GCSqGSIb3DQEBCwUAMCMxITAfBgNVBAMTGFRlc3QgQ2VydGlm + aWNhdGUgcHViZCBUQRcNMDgwNjAyMjE0OTQ1WhcNMDgwNzAyMjE0OTQ1WqAOMAww + CgYDVR0UBAMCAQEwDQYJKoZIhvcNAQELBQADggEBAFWCWgBl4ljVqX/CHo+RpqYt + vmKMnjPVflMXUB7i28RGP4DAq4l7deDU7Q82xEJyE4TXMWDWAV6UG6uUGum0VHWO + cj9ohqyiZUGfOsKg2hbwkETm8sAENOsi1yNdyKGk6jZ16aF5fubxQqZa1pdGCSac + 1/ZYC5sLLhEz3kmz+B9z9mXFVc5TgAh4dN3Gy5ftF8zZAFpDGnS4biCnRVqhGv6R + 0Lh/5xmii+ZU6kNDhbeMsjJg+ZOmtN+wMeHSIbjiy0WuuaZ3k2xSh0C94anrHBZA + vvCRhbazjR0Ef5OMZ5lcllw3uO8IHuoisHKkehy4Y0GySdj98fV+OuiRTH9vt/M= + </bpki_crl> + </config> + </msg> + + <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" type="reply" version="1"> + <config action="set"/> + </msg> + + <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" type="query" version="1"> + <config action="get"/> + </msg> + + <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" type="reply" version="1"> + <config action="get"> + <bpki_crl> + MIIBezBlAgEBMA0GCSqGSIb3DQEBCwUAMCMxITAfBgNVBAMTGFRlc3QgQ2VydGlm + aWNhdGUgcHViZCBUQRcNMDgwNjAyMjE0OTQ1WhcNMDgwNzAyMjE0OTQ1WqAOMAww + CgYDVR0UBAMCAQEwDQYJKoZIhvcNAQELBQADggEBAFWCWgBl4ljVqX/CHo+RpqYt + vmKMnjPVflMXUB7i28RGP4DAq4l7deDU7Q82xEJyE4TXMWDWAV6UG6uUGum0VHWO + cj9ohqyiZUGfOsKg2hbwkETm8sAENOsi1yNdyKGk6jZ16aF5fubxQqZa1pdGCSac + 1/ZYC5sLLhEz3kmz+B9z9mXFVc5TgAh4dN3Gy5ftF8zZAFpDGnS4biCnRVqhGv6R + 0Lh/5xmii+ZU6kNDhbeMsjJg+ZOmtN+wMeHSIbjiy0WuuaZ3k2xSh0C94anrHBZA + vvCRhbazjR0Ef5OMZ5lcllw3uO8IHuoisHKkehy4Y0GySdj98fV+OuiRTH9vt/M= + </bpki_crl> + </config> + </msg> + + <!-- === --> + <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/publication-spec/"> <client action="create" base_uri="rsync://wombat.invalid/"> <bpki_cert> diff --git a/rpkid/publication-protocol-samples/pdu.001.xml b/rpkid/publication-protocol-samples/pdu.001.xml index 1537fce0..99b676d9 100644 --- a/rpkid/publication-protocol-samples/pdu.001.xml +++ b/rpkid/publication-protocol-samples/pdu.001.xml @@ -1,25 +1,16 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> -<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> - <client action="create" base_uri="rsync://wombat.invalid/"> - <bpki_cert> - MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV - BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN - MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS - b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S - G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G - Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC - DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM - uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP - 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ - diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 - ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq - hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg - cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 - XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm - sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH - YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq - 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </bpki_cert> - </client> +<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" type="query" version="1"> + <config action="set"> + <bpki_crl> + MIIBezBlAgEBMA0GCSqGSIb3DQEBCwUAMCMxITAfBgNVBAMTGFRlc3QgQ2VydGlm + aWNhdGUgcHViZCBUQRcNMDgwNjAyMjE0OTQ1WhcNMDgwNzAyMjE0OTQ1WqAOMAww + CgYDVR0UBAMCAQEwDQYJKoZIhvcNAQELBQADggEBAFWCWgBl4ljVqX/CHo+RpqYt + vmKMnjPVflMXUB7i28RGP4DAq4l7deDU7Q82xEJyE4TXMWDWAV6UG6uUGum0VHWO + cj9ohqyiZUGfOsKg2hbwkETm8sAENOsi1yNdyKGk6jZ16aF5fubxQqZa1pdGCSac + 1/ZYC5sLLhEz3kmz+B9z9mXFVc5TgAh4dN3Gy5ftF8zZAFpDGnS4biCnRVqhGv6R + 0Lh/5xmii+ZU6kNDhbeMsjJg+ZOmtN+wMeHSIbjiy0WuuaZ3k2xSh0C94anrHBZA + vvCRhbazjR0Ef5OMZ5lcllw3uO8IHuoisHKkehy4Y0GySdj98fV+OuiRTH9vt/M= + </bpki_crl> + </config> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.002.xml b/rpkid/publication-protocol-samples/pdu.002.xml index 8b2d517b..33b53084 100644 --- a/rpkid/publication-protocol-samples/pdu.002.xml +++ b/rpkid/publication-protocol-samples/pdu.002.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> -<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <client action="create" client_id="3"/> +<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" type="reply" version="1"> + <config action="set"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.003.xml b/rpkid/publication-protocol-samples/pdu.003.xml index bf6167f5..c9325602 100644 --- a/rpkid/publication-protocol-samples/pdu.003.xml +++ b/rpkid/publication-protocol-samples/pdu.003.xml @@ -1,25 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> -<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> - <client action="set" client_id="3"> - <bpki_glue> - MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV - BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN - MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS - b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S - G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G - Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC - DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM - uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP - 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ - diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 - ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq - hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg - cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 - XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm - sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH - YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq - 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </bpki_glue> - </client> +<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" type="query" version="1"> + <config action="get"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.004.xml b/rpkid/publication-protocol-samples/pdu.004.xml index 59d78276..745ef003 100644 --- a/rpkid/publication-protocol-samples/pdu.004.xml +++ b/rpkid/publication-protocol-samples/pdu.004.xml @@ -1,5 +1,16 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> -<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <client action="set" client_id="3"/> +<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" type="reply" version="1"> + <config action="get"> + <bpki_crl> + MIIBezBlAgEBMA0GCSqGSIb3DQEBCwUAMCMxITAfBgNVBAMTGFRlc3QgQ2VydGlm + aWNhdGUgcHViZCBUQRcNMDgwNjAyMjE0OTQ1WhcNMDgwNzAyMjE0OTQ1WqAOMAww + CgYDVR0UBAMCAQEwDQYJKoZIhvcNAQELBQADggEBAFWCWgBl4ljVqX/CHo+RpqYt + vmKMnjPVflMXUB7i28RGP4DAq4l7deDU7Q82xEJyE4TXMWDWAV6UG6uUGum0VHWO + cj9ohqyiZUGfOsKg2hbwkETm8sAENOsi1yNdyKGk6jZ16aF5fubxQqZa1pdGCSac + 1/ZYC5sLLhEz3kmz+B9z9mXFVc5TgAh4dN3Gy5ftF8zZAFpDGnS4biCnRVqhGv6R + 0Lh/5xmii+ZU6kNDhbeMsjJg+ZOmtN+wMeHSIbjiy0WuuaZ3k2xSh0C94anrHBZA + vvCRhbazjR0Ef5OMZ5lcllw3uO8IHuoisHKkehy4Y0GySdj98fV+OuiRTH9vt/M= + </bpki_crl> + </config> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.005.xml b/rpkid/publication-protocol-samples/pdu.005.xml index 288881c3..1537fce0 100644 --- a/rpkid/publication-protocol-samples/pdu.005.xml +++ b/rpkid/publication-protocol-samples/pdu.005.xml @@ -1,5 +1,25 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> - <client action="get" client_id="3"/> + <client action="create" base_uri="rsync://wombat.invalid/"> + <bpki_cert> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_cert> + </client> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.006.xml b/rpkid/publication-protocol-samples/pdu.006.xml index 81ee4943..8b2d517b 100644 --- a/rpkid/publication-protocol-samples/pdu.006.xml +++ b/rpkid/publication-protocol-samples/pdu.006.xml @@ -1,25 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <client action="get" client_id="3" base_uri="rsync://wombat.invalid/"> - <bpki_cert> - MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV - BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN - MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS - b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S - G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G - Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC - DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM - uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP - 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ - diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 - ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq - hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg - cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 - XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm - sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH - YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq - 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </bpki_cert> - </client> + <client action="create" client_id="3"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.007.xml b/rpkid/publication-protocol-samples/pdu.007.xml index b930d604..bf6167f5 100644 --- a/rpkid/publication-protocol-samples/pdu.007.xml +++ b/rpkid/publication-protocol-samples/pdu.007.xml @@ -1,5 +1,25 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> - <client action="list"/> + <client action="set" client_id="3"> + <bpki_glue> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_glue> + </client> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.008.xml b/rpkid/publication-protocol-samples/pdu.008.xml index 15464eab..59d78276 100644 --- a/rpkid/publication-protocol-samples/pdu.008.xml +++ b/rpkid/publication-protocol-samples/pdu.008.xml @@ -1,25 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <client action="list" client_id="3"> - <bpki_cert> - MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV - BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN - MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS - b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S - G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G - Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC - DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM - uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP - 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ - diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 - ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq - hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg - cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 - XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm - sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH - YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq - 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </bpki_cert> - </client> + <client action="set" client_id="3"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.009.xml b/rpkid/publication-protocol-samples/pdu.009.xml index 47b78520..288881c3 100644 --- a/rpkid/publication-protocol-samples/pdu.009.xml +++ b/rpkid/publication-protocol-samples/pdu.009.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> - <client action="destroy" client_id="3"/> + <client action="get" client_id="3"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.010.xml b/rpkid/publication-protocol-samples/pdu.010.xml index e71fd39e..81ee4943 100644 --- a/rpkid/publication-protocol-samples/pdu.010.xml +++ b/rpkid/publication-protocol-samples/pdu.010.xml @@ -1,5 +1,25 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <client action="destroy" client_id="3"/> + <client action="get" client_id="3" base_uri="rsync://wombat.invalid/"> + <bpki_cert> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_cert> + </client> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.011.xml b/rpkid/publication-protocol-samples/pdu.011.xml index 2ba77edf..b930d604 100644 --- a/rpkid/publication-protocol-samples/pdu.011.xml +++ b/rpkid/publication-protocol-samples/pdu.011.xml @@ -1,30 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> - <certificate action="publish" uri="rsync://wombat.invalid/testbed/RIR/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.cer"> - MIIE+jCCA+KgAwIBAgIBDTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhERjRBODAxN0U2 - NkE5RTkxNzJFNDYxMkQ4Q0Y0QzgzRjIzOERFMkEzMB4XDTA4MDUyMjE4MDUxMloXDTA4MDUy - NDE3NTQ1M1owMzExMC8GA1UEAxMoOEZCODIxOEYwNkU1MEFCNzAyQTdEOTZEQzhGMENEQ0Q4 - MjhGN0YxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMeziKp0k5nP7v6SZoNs - XIMQYRgNtC6Fr/9Xm/1yQHomiPqHUk47rHhGojYiK5AhkrwoYhkH4UjJl2iwklDYczXuaBU3 - F5qrKlZ4aZnjIxdlP7+hktVpeApL6yuJTUAYeC3UIxnLDVdD6phydZ/FOQluffiNDjzteCCv - oyOUatqt8WB+oND6LToHp028g1YUYLHG6mur0dPdcHOVXLSmUDuZ1HDz1nDuYvIVKjB/MpH9 - aW9XeaQ6ZFIlZVPwuuvI2brR+ThH7Gv27GL/o8qFdC300VQfoTZ+rKPGDE8K1cI906BL4kiw - x9z0oiDcE96QCz+B0vsjc9mGaA1jgAxlXWsCAwEAAaOCAhcwggITMB0GA1UdDgQWBBSPuCGP - BuUKtwKn2W3I8M3Ngo9/FzAfBgNVHSMEGDAWgBTfSoAX5mqekXLkYS2M9Mg/I43iozBVBgNV - HR8ETjBMMEqgSKBGhkRyc3luYzovL2xvY2FsaG9zdDo0NDAwL3Rlc3RiZWQvUklSLzEvMzBx - QUYtWnFucEZ5NUdFdGpQVElQeU9ONHFNLmNybDBFBggrBgEFBQcBAQQ5MDcwNQYIKwYBBQUH - MAKGKXJzeW5jOi8vbG9jYWxob3N0OjQ0MDAvdGVzdGJlZC9XT01CQVQuY2VyMBgGA1UdIAEB - /wQOMAwwCgYIKwYBBQUHDgIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgZsG - CCsGAQUFBwELBIGOMIGLMDQGCCsGAQUFBzAFhihyc3luYzovL2xvY2FsaG9zdDo0NDAwL3Rl - c3RiZWQvUklSL1IwLzEvMFMGCCsGAQUFBzAKhkdyc3luYzovL2xvY2FsaG9zdDo0NDAwL3Rl - c3RiZWQvUklSL1IwLzEvajdnaGp3YmxDcmNDcDlsdHlQRE56WUtQZnhjLm1uZjAaBggrBgEF - BQcBCAEB/wQLMAmgBzAFAgMA/BUwPgYIKwYBBQUHAQcBAf8ELzAtMCsEAgABMCUDAwAKAzAO - AwUAwAACAQMFAcAAAiAwDgMFAsAAAiwDBQDAAAJkMA0GCSqGSIb3DQEBCwUAA4IBAQCEhuH7 - jtI2PJY6+zwv306vmCuXhtu9Lr2mmRw2ZErB8EMcb5xypMrNqMoKeu14K2x4a4RPJkK4yATh - M81FPNRsU5mM0acIRnAPtxjHvPME7PHN2w2nGLASRsZmaa+b8A7SSOxVcFURazENztppsolH - eTpm0cpLItK7mNpudUg1JGuFo94VLf1MnE2EqARG1vTsNhel/SM/UvOArCCOBvf0Gz7kSuup - DSZ7qx+LiDmtEsLdbGNQBiYPbLrDk41PHrxdx28qIj7ejZkRzNFw/3pi8/XK281h8zeHoFVu - 6ghRPy5dbOA4akX/KG6b8XIx0iwPYdLiDbdWFbtTdPcXBauY - </certificate> + <client action="list"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.012.xml b/rpkid/publication-protocol-samples/pdu.012.xml index c548bceb..15464eab 100644 --- a/rpkid/publication-protocol-samples/pdu.012.xml +++ b/rpkid/publication-protocol-samples/pdu.012.xml @@ -1,5 +1,25 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <certificate action="publish" uri="rsync://wombat.invalid/testbed/RIR/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.cer"/> + <client action="list" client_id="3"> + <bpki_cert> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_cert> + </client> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.013.xml b/rpkid/publication-protocol-samples/pdu.013.xml index cd6001f5..47b78520 100644 --- a/rpkid/publication-protocol-samples/pdu.013.xml +++ b/rpkid/publication-protocol-samples/pdu.013.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> - <certificate action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.cer"/> + <client action="destroy" client_id="3"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.014.xml b/rpkid/publication-protocol-samples/pdu.014.xml index 4e5d606a..e71fd39e 100644 --- a/rpkid/publication-protocol-samples/pdu.014.xml +++ b/rpkid/publication-protocol-samples/pdu.014.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <certificate action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.cer"/> + <client action="destroy" client_id="3"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.015.xml b/rpkid/publication-protocol-samples/pdu.015.xml index e404c3b9..2ba77edf 100644 --- a/rpkid/publication-protocol-samples/pdu.015.xml +++ b/rpkid/publication-protocol-samples/pdu.015.xml @@ -1,15 +1,30 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> - <crl action="publish" uri="rsync://wombat.invalid/testbed/RIR/1/30qAF-ZqnpFy5GEtjPTIPyON4qM.crl"> - MIIBwzCBrAIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhERjRBODAxN0U2NkE5RTkx - NzJFNDYxMkQ4Q0Y0QzgzRjIzOERFMkEzFw0wODA1MjIxODA0MTZaFw0wODA1MjIxODA1MTZa - MBQwEgIBAhcNMDgwNTIyMTc1ODQwWqAvMC0wHwYDVR0jBBgwFoAU30qAF+ZqnpFy5GEtjPTI - PyON4qMwCgYDVR0UBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKkM0Fb/pJpHVHWZyjp4wojH - W2KkvA/DFtBiz3moxocSnkDVP3QI19uVvqdC6nH3hJyFmsAMwULR0f1XU/V4j+X+FqYEl6Nv - p8zAEPIB4r8xbEFs7udRwXRAjkJmOQbv9aomF2i+d7jpTFVJxShZWOgsoGEhIy/aktKQrOIR - c4ZDrXpQwXVj2Y7+cGVfQ4gvnPOdlyLcnNovoegazATvA3EcidBNPWRg7XTCz0LVBEB7JgPd - nNyXRg35HdMEHBl7U9uUQJXP7S02oaQ1ehNDMfaJPgBBpQtAnM1lIzJfevd9+e4ywGsRpxAV - 8wxTXSPd1jwuKtS0kwrgsrQ8Ya85xUE= - </crl> + <certificate action="publish" uri="rsync://wombat.invalid/testbed/RIR/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.cer"> + MIIE+jCCA+KgAwIBAgIBDTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhERjRBODAxN0U2 + NkE5RTkxNzJFNDYxMkQ4Q0Y0QzgzRjIzOERFMkEzMB4XDTA4MDUyMjE4MDUxMloXDTA4MDUy + NDE3NTQ1M1owMzExMC8GA1UEAxMoOEZCODIxOEYwNkU1MEFCNzAyQTdEOTZEQzhGMENEQ0Q4 + MjhGN0YxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMeziKp0k5nP7v6SZoNs + XIMQYRgNtC6Fr/9Xm/1yQHomiPqHUk47rHhGojYiK5AhkrwoYhkH4UjJl2iwklDYczXuaBU3 + F5qrKlZ4aZnjIxdlP7+hktVpeApL6yuJTUAYeC3UIxnLDVdD6phydZ/FOQluffiNDjzteCCv + oyOUatqt8WB+oND6LToHp028g1YUYLHG6mur0dPdcHOVXLSmUDuZ1HDz1nDuYvIVKjB/MpH9 + aW9XeaQ6ZFIlZVPwuuvI2brR+ThH7Gv27GL/o8qFdC300VQfoTZ+rKPGDE8K1cI906BL4kiw + x9z0oiDcE96QCz+B0vsjc9mGaA1jgAxlXWsCAwEAAaOCAhcwggITMB0GA1UdDgQWBBSPuCGP + BuUKtwKn2W3I8M3Ngo9/FzAfBgNVHSMEGDAWgBTfSoAX5mqekXLkYS2M9Mg/I43iozBVBgNV + HR8ETjBMMEqgSKBGhkRyc3luYzovL2xvY2FsaG9zdDo0NDAwL3Rlc3RiZWQvUklSLzEvMzBx + QUYtWnFucEZ5NUdFdGpQVElQeU9ONHFNLmNybDBFBggrBgEFBQcBAQQ5MDcwNQYIKwYBBQUH + MAKGKXJzeW5jOi8vbG9jYWxob3N0OjQ0MDAvdGVzdGJlZC9XT01CQVQuY2VyMBgGA1UdIAEB + /wQOMAwwCgYIKwYBBQUHDgIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgZsG + CCsGAQUFBwELBIGOMIGLMDQGCCsGAQUFBzAFhihyc3luYzovL2xvY2FsaG9zdDo0NDAwL3Rl + c3RiZWQvUklSL1IwLzEvMFMGCCsGAQUFBzAKhkdyc3luYzovL2xvY2FsaG9zdDo0NDAwL3Rl + c3RiZWQvUklSL1IwLzEvajdnaGp3YmxDcmNDcDlsdHlQRE56WUtQZnhjLm1uZjAaBggrBgEF + BQcBCAEB/wQLMAmgBzAFAgMA/BUwPgYIKwYBBQUHAQcBAf8ELzAtMCsEAgABMCUDAwAKAzAO + AwUAwAACAQMFAcAAAiAwDgMFAsAAAiwDBQDAAAJkMA0GCSqGSIb3DQEBCwUAA4IBAQCEhuH7 + jtI2PJY6+zwv306vmCuXhtu9Lr2mmRw2ZErB8EMcb5xypMrNqMoKeu14K2x4a4RPJkK4yATh + M81FPNRsU5mM0acIRnAPtxjHvPME7PHN2w2nGLASRsZmaa+b8A7SSOxVcFURazENztppsolH + eTpm0cpLItK7mNpudUg1JGuFo94VLf1MnE2EqARG1vTsNhel/SM/UvOArCCOBvf0Gz7kSuup + DSZ7qx+LiDmtEsLdbGNQBiYPbLrDk41PHrxdx28qIj7ejZkRzNFw/3pi8/XK281h8zeHoFVu + 6ghRPy5dbOA4akX/KG6b8XIx0iwPYdLiDbdWFbtTdPcXBauY + </certificate> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.016.xml b/rpkid/publication-protocol-samples/pdu.016.xml index b94b45a4..c548bceb 100644 --- a/rpkid/publication-protocol-samples/pdu.016.xml +++ b/rpkid/publication-protocol-samples/pdu.016.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <crl action="publish" uri="rsync://wombat.invalid/testbed/RIR/1/30qAF-ZqnpFy5GEtjPTIPyON4qM.crl"/> + <certificate action="publish" uri="rsync://wombat.invalid/testbed/RIR/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.cer"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.017.xml b/rpkid/publication-protocol-samples/pdu.017.xml index f54f18e4..cd6001f5 100644 --- a/rpkid/publication-protocol-samples/pdu.017.xml +++ b/rpkid/publication-protocol-samples/pdu.017.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> - <crl action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/1/30qAF-ZqnpFy5GEtjPTIPyON4qM.crl"/> + <certificate action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.cer"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.018.xml b/rpkid/publication-protocol-samples/pdu.018.xml index 20c30004..4e5d606a 100644 --- a/rpkid/publication-protocol-samples/pdu.018.xml +++ b/rpkid/publication-protocol-samples/pdu.018.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <crl action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/1/30qAF-ZqnpFy5GEtjPTIPyON4qM.crl"/> + <certificate action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.cer"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.019.xml b/rpkid/publication-protocol-samples/pdu.019.xml index 34606b8d..e404c3b9 100644 --- a/rpkid/publication-protocol-samples/pdu.019.xml +++ b/rpkid/publication-protocol-samples/pdu.019.xml @@ -1,40 +1,15 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> - <manifest action="publish" uri="rsync://wombat.invalid/testbed/RIR/R0/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.mnf"> - MIIHCgYJKoZIhvcNAQcCoIIG+zCCBvcCAQMxDTALBglghkgBZQMEAgEwggEeBgsqhkiG9w0B - CRABGqCCAQ0EggEJMIIBBQIBEhgPMjAwODA1MjIxODA1MTVaGA8yMDA4MDUyMjE4MDYxNVoG - CWCGSAFlAwQCATCB0jBEFh9ZbTVUTzRJYnlDb0pNZ3E2R2o4dG41Mng5U0UuY2VyAyEA4L8Z - WMyuhOx+o6kUfsRR++QjSaRaATy4UOeVtjvZVqYwRBYfWnRxbjB3NEVFbU9hclAzQmd1SUY3 - MDhhNTM4LmNlcgMhAGQI1gYJotxWmwzcmpLNFZJ656uWOjcPYANlbNz80xm8MEQWH2xxa1Vx - RHEwMDBESW9ZVjlybXdLTGdrN2F6by5jZXIDIQB7jRAEpkPvc4s4PX9vDvnTifj3BIE145FO - 1ne2kEejVqCCBBEwggQNMIIC9aADAgECAgEFMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT - KDhGQjgyMThGMDZFNTBBQjcwMkE3RDk2REM4RjBDRENEODI4RjdGMTcwHhcNMDgwNTIyMTc1 - NzQ5WhcNMDgwNTI0MTc1NDUzWjAzMTEwLwYDVQQDEyhERkRBMjMyMUJENEVCMDNFQTE1RkUy - N0NGRkRGMEFGRkU1QjBFNjY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/Gk - AHW5pDqye0+TvUp7sl0rVgmTfeHpVp18ypxvuovogVJgkjEtBEikfaFU0646wYD6JM6IJFJX - lWLWd7bVmhkWViKuZL0VmT2wpUToNHCLUGUQUVVX8R7oSHFdTArv2AqH+6yt0LmczDH1y2M6 - 2Tgkz9wZ9ryyuPx3VX4PkHzUMlkGFICj1fvyXkcAu8jBaxR9UME1c413TPaMi6lMh1HUmtVN - LJMP5+/SnwEAW/Z3dPClCFIgQXK3nAKPVzAIwADEiqhK7cSchhO7ikI1CVt0XzG4n7oaILc3 - Hq/DAxyiutw5GlkUlKPri2YJzJ3+H4P+TveSa/b02fVA5csm/QIDAQABo4IBKjCCASYwHQYD - VR0OBBYEFN/aIyG9TrA+oV/ifP/fCv/lsOZoMB8GA1UdIwQYMBaAFI+4IY8G5Qq3AqfZbcjw - zc2Cj38XMFgGA1UdHwRRME8wTaBLoEmGR3JzeW5jOi8vbG9jYWxob3N0OjQ0MDAvdGVzdGJl - ZC9SSVIvUjAvMS9qN2doandibENyY0NwOWx0eVBETnpZS1BmeGMuY3JsMGAGCCsGAQUFBwEB - BFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9sb2NhbGhvc3Q6NDQwMC90ZXN0YmVkL1JJUi8x - L2o3Z2hqd2JsQ3JjQ3A5bHR5UEROellLUGZ4Yy5jZXIwGAYDVR0gAQH/BA4wDDAKBggrBgEF - BQcOAjAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADpsE9HfgVTgmX1WeJTE - fm87CXuOoGH85RFiAngSt5kR4gYCyadklOZ7Eta+ERUZVu4tcKO6sJOTuHPfVrAvR0VpgH+j - PvXboYWSfwJdi00BC28ScrVM2zarA7B10+J6Oq8tbFlAyVBkrbuPet/axmndBtGWhrBTynGl - nc/5L371Lxy6CrOYqXO0Qx3SrOKaailAe3zTIpHQeACqnPdL00zIBw/hVy/VNaH1wy+FmhAz - TsmsQUrMyovJcu/ry5w0KHlP8BTnqfykikCWR+Lw0VQHmpJGAbtrmsOeIbfLY1zl7A81lDAl - AG/ZH1DUdDOUIXMLHWur+D2rwjp7RL16LHYxggGqMIIBpgIBA4AU39ojIb1OsD6hX+J8/98K - /+Ww5mgwCwYJYIZIAWUDBAIBoGswGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEaMBwGCSqG - SIb3DQEJBTEPFw0wODA1MjIxODA1MTVaMC8GCSqGSIb3DQEJBDEiBCBj/GjEQw3LgKPf5DTz - 8eu1fcp6/cQjqqne6ZqFkF42azANBgkqhkiG9w0BAQEFAASCAQBOY0uHNMwy/o1nFANSgha5 - PZxt8fz+wTrbeomCb+lxqQKq1clcSiQORVGc8NmqC8sS5OR3eTw/3qnK9yPHxz2UQ4hn1pBa - +Zy5veM61qMaXCw6w98EyNcvUfA1AkezAjkabfHQDs3o4Ezh49thXXyRcBoF+O6Lmi+LZbT2 - 4jvfFbaXW9zsb6/DaoDkeHnlk+YYgfSP4wOnkK5uqxtDW8QpMPq3GGdIp0oJDkzEdj7VsWIL - 9JP2mxxL8fTPVUyAPOmURYwYDXqhke2O9eVDiCYhrEfB8/84Rint4Cj8n5aCujnAtqtwxHpD - 0NRYO/V1MjhG+ARy1vRH1Dm0r92RBam3 - </manifest> + <crl action="publish" uri="rsync://wombat.invalid/testbed/RIR/1/30qAF-ZqnpFy5GEtjPTIPyON4qM.crl"> + MIIBwzCBrAIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhERjRBODAxN0U2NkE5RTkx + NzJFNDYxMkQ4Q0Y0QzgzRjIzOERFMkEzFw0wODA1MjIxODA0MTZaFw0wODA1MjIxODA1MTZa + MBQwEgIBAhcNMDgwNTIyMTc1ODQwWqAvMC0wHwYDVR0jBBgwFoAU30qAF+ZqnpFy5GEtjPTI + PyON4qMwCgYDVR0UBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKkM0Fb/pJpHVHWZyjp4wojH + W2KkvA/DFtBiz3moxocSnkDVP3QI19uVvqdC6nH3hJyFmsAMwULR0f1XU/V4j+X+FqYEl6Nv + p8zAEPIB4r8xbEFs7udRwXRAjkJmOQbv9aomF2i+d7jpTFVJxShZWOgsoGEhIy/aktKQrOIR + c4ZDrXpQwXVj2Y7+cGVfQ4gvnPOdlyLcnNovoegazATvA3EcidBNPWRg7XTCz0LVBEB7JgPd + nNyXRg35HdMEHBl7U9uUQJXP7S02oaQ1ehNDMfaJPgBBpQtAnM1lIzJfevd9+e4ywGsRpxAV + 8wxTXSPd1jwuKtS0kwrgsrQ8Ya85xUE= + </crl> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.020.xml b/rpkid/publication-protocol-samples/pdu.020.xml index 8fb07898..b94b45a4 100644 --- a/rpkid/publication-protocol-samples/pdu.020.xml +++ b/rpkid/publication-protocol-samples/pdu.020.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <manifest action="publish" uri="rsync://wombat.invalid/testbed/RIR/R0/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.mnf"/> + <crl action="publish" uri="rsync://wombat.invalid/testbed/RIR/1/30qAF-ZqnpFy5GEtjPTIPyON4qM.crl"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.021.xml b/rpkid/publication-protocol-samples/pdu.021.xml index 22639575..f54f18e4 100644 --- a/rpkid/publication-protocol-samples/pdu.021.xml +++ b/rpkid/publication-protocol-samples/pdu.021.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> - <manifest action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/R0/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.mnf"/> + <crl action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/1/30qAF-ZqnpFy5GEtjPTIPyON4qM.crl"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.022.xml b/rpkid/publication-protocol-samples/pdu.022.xml index 951dde35..20c30004 100644 --- a/rpkid/publication-protocol-samples/pdu.022.xml +++ b/rpkid/publication-protocol-samples/pdu.022.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <manifest action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/R0/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.mnf"/> + <crl action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/1/30qAF-ZqnpFy5GEtjPTIPyON4qM.crl"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.023.xml b/rpkid/publication-protocol-samples/pdu.023.xml index 0a4608b4..34606b8d 100644 --- a/rpkid/publication-protocol-samples/pdu.023.xml +++ b/rpkid/publication-protocol-samples/pdu.023.xml @@ -1,38 +1,40 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> - <roa action="publish" uri="rsync://wombat.invalid/testbed/RIR/R0/1/lqkUqDq000DIoYV9rmwKLgk7azo.roa"> - MIIGmwYJKoZIhvcNAQcCoIIGjDCCBogCAQMxDTALBglghkgBZQMEAgEwKgYLKoZIhvcNAQkQ - ARigGwQZMBcCAgKaMBEwDwQCAAEwCTAHAwUACgMALKCCBJgwggSUMIIDfKADAgECAgEJMA0G - CSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhGQjgyMThGMDZFNTBBQjcwMkE3RDk2REM4RjBD - RENEODI4RjdGMTcwHhcNMDgwNTIyMTc1ODI0WhcNMDgwNTI0MTc1NDUzWjAzMTEwLwYDVQQD - Eyg5NkE5MTRBODNBQjREMzQwQzhBMTg1N0RBRTZDMEEyRTA5M0I2QjNBMIIBIjANBgkqhkiG - 9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoK50BjW5bcF4gsdaYhndtVADZvQk3RCsvuqDElF6uLi - 9BYQq/NHyDOIMyJtvCmzjdv3Y135n1sNO7YvssqHlt7dMfCQTD5ND1GpFnQLdWP7stWM5AbO - nJV6+PtDITUA/QHOli7Do0YCUgR6G+1QJsMu0DK+TRSzBJ6WP7WIYOBOOg3y/NKc1rkWhS1Q - dcQepbHgQYZHzzpjNDR6+oYVuhuUEWx1P6O4pv/p+tpE0SDua7jBjMywIYHkPQBecf2IX1RU - WNojB9dJlnRx5YUUneP2SvF2MrmdDbclgzwhf6alqD2OjiMuoBOG8yeTKcuhzCMnrFAklbst - 6x3Rnq9BswIDAQABo4IBsTCCAa0wHQYDVR0OBBYEFJapFKg6tNNAyKGFfa5sCi4JO2s6MB8G - A1UdIwQYMBaAFI+4IY8G5Qq3AqfZbcjwzc2Cj38XMFgGA1UdHwRRME8wTaBLoEmGR3JzeW5j - Oi8vbG9jYWxob3N0OjQ0MDAvdGVzdGJlZC9SSVIvUjAvMS9qN2doandibENyY0NwOWx0eVBE - TnpZS1BmeGMuY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9sb2Nh - bGhvc3Q6NDQwMC90ZXN0YmVkL1JJUi8xL2o3Z2hqd2JsQ3JjQ3A5bHR5UEROellLUGZ4Yy5j - ZXIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAOBgNVHQ8BAf8EBAMCB4AwYwYIKwYBBQUH - AQsEVzBVMFMGCCsGAQUFBzALhkdyc3luYzovL2xvY2FsaG9zdDo0NDAwL3Rlc3RiZWQvUklS - L1IwLzEvbHFrVXFEcTAwMERJb1lWOXJtd0tMZ2s3YXpvLnJvYTAgBggrBgEFBQcBBwEB/wQR - MA8wDQQCAAEwBwMFAAoDACwwDQYJKoZIhvcNAQELBQADggEBAL8iHwsyGOYhhIf3nVuL361y - TOJSP8SR0mtQLHULPl+GkYk+5MRNWtL8ucTXFvniYJtOCXEGGEIO9eDXvkQIXQSz/qbF9URQ - fuf38ghRza257syVhal6UHTgCFYuRIO9CUjcU1vkWUxH05BBIHlYdtlIQbAG/mRsCPCEgSmG - bbQaomGlUOqmJMlKxLLcoAtz2vDrwVotgHyfS5h2mgINFjnlLcNLTci+sfs7/aQAkDYx7K98 - se/ZlMorvGkFNhHoOTcGIrWkYsfkbTygVwWRm278PaB3o4449Kvsg/gb8BZeHXRs68cr5Mcf - jP7Q6jeypjTgDBnwb1yzoJIKWszFuSgxggGqMIIBpgIBA4AUlqkUqDq000DIoYV9rmwKLgk7 - azowCwYJYIZIAWUDBAIBoGswGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEYMBwGCSqGSIb3 - DQEJBTEPFw0wODA1MjIxNzU4MjRaMC8GCSqGSIb3DQEJBDEiBCDCyf9v9Wed515TRp2WwnyM - 1rk6dB///X+aqIym2e9jdTANBgkqhkiG9w0BAQEFAASCAQAFvzrHeRPW+wn4WSyoyBEq0zKS - Cyh5tu1qTR0NHs6Rr/p8Pk81P1HQLND/U+znJZKLWlO2niEHUXPIicPDYchbj8ApH9VxKA+1 - lCWllOzFAsYyZFr3/VNs9pVp2eT4F9eEYBrBVDSNrD72MMTlWm1T5MEXqltTJJOCKzUEX96x - 91iW6A+4erop7S8hpCnxqkTin4bFVreqYcGc4CC4bh+L9pPqJnURcEk7Qeu/WEHQBm38voB4 - S11qRZNrJMQ99oiJR7hXDIBm66HjGqoUL2gPCfpgJEVVnM9pVv2k889z4eTTck2Qj54gga2W - Xkvw4Je420aDx88s9T2+PqXcbZ4g - </roa> + <manifest action="publish" uri="rsync://wombat.invalid/testbed/RIR/R0/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.mnf"> + MIIHCgYJKoZIhvcNAQcCoIIG+zCCBvcCAQMxDTALBglghkgBZQMEAgEwggEeBgsqhkiG9w0B + CRABGqCCAQ0EggEJMIIBBQIBEhgPMjAwODA1MjIxODA1MTVaGA8yMDA4MDUyMjE4MDYxNVoG + CWCGSAFlAwQCATCB0jBEFh9ZbTVUTzRJYnlDb0pNZ3E2R2o4dG41Mng5U0UuY2VyAyEA4L8Z + WMyuhOx+o6kUfsRR++QjSaRaATy4UOeVtjvZVqYwRBYfWnRxbjB3NEVFbU9hclAzQmd1SUY3 + MDhhNTM4LmNlcgMhAGQI1gYJotxWmwzcmpLNFZJ656uWOjcPYANlbNz80xm8MEQWH2xxa1Vx + RHEwMDBESW9ZVjlybXdLTGdrN2F6by5jZXIDIQB7jRAEpkPvc4s4PX9vDvnTifj3BIE145FO + 1ne2kEejVqCCBBEwggQNMIIC9aADAgECAgEFMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT + KDhGQjgyMThGMDZFNTBBQjcwMkE3RDk2REM4RjBDRENEODI4RjdGMTcwHhcNMDgwNTIyMTc1 + NzQ5WhcNMDgwNTI0MTc1NDUzWjAzMTEwLwYDVQQDEyhERkRBMjMyMUJENEVCMDNFQTE1RkUy + N0NGRkRGMEFGRkU1QjBFNjY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/Gk + AHW5pDqye0+TvUp7sl0rVgmTfeHpVp18ypxvuovogVJgkjEtBEikfaFU0646wYD6JM6IJFJX + lWLWd7bVmhkWViKuZL0VmT2wpUToNHCLUGUQUVVX8R7oSHFdTArv2AqH+6yt0LmczDH1y2M6 + 2Tgkz9wZ9ryyuPx3VX4PkHzUMlkGFICj1fvyXkcAu8jBaxR9UME1c413TPaMi6lMh1HUmtVN + LJMP5+/SnwEAW/Z3dPClCFIgQXK3nAKPVzAIwADEiqhK7cSchhO7ikI1CVt0XzG4n7oaILc3 + Hq/DAxyiutw5GlkUlKPri2YJzJ3+H4P+TveSa/b02fVA5csm/QIDAQABo4IBKjCCASYwHQYD + VR0OBBYEFN/aIyG9TrA+oV/ifP/fCv/lsOZoMB8GA1UdIwQYMBaAFI+4IY8G5Qq3AqfZbcjw + zc2Cj38XMFgGA1UdHwRRME8wTaBLoEmGR3JzeW5jOi8vbG9jYWxob3N0OjQ0MDAvdGVzdGJl + ZC9SSVIvUjAvMS9qN2doandibENyY0NwOWx0eVBETnpZS1BmeGMuY3JsMGAGCCsGAQUFBwEB + BFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9sb2NhbGhvc3Q6NDQwMC90ZXN0YmVkL1JJUi8x + L2o3Z2hqd2JsQ3JjQ3A5bHR5UEROellLUGZ4Yy5jZXIwGAYDVR0gAQH/BA4wDDAKBggrBgEF + BQcOAjAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADpsE9HfgVTgmX1WeJTE + fm87CXuOoGH85RFiAngSt5kR4gYCyadklOZ7Eta+ERUZVu4tcKO6sJOTuHPfVrAvR0VpgH+j + PvXboYWSfwJdi00BC28ScrVM2zarA7B10+J6Oq8tbFlAyVBkrbuPet/axmndBtGWhrBTynGl + nc/5L371Lxy6CrOYqXO0Qx3SrOKaailAe3zTIpHQeACqnPdL00zIBw/hVy/VNaH1wy+FmhAz + TsmsQUrMyovJcu/ry5w0KHlP8BTnqfykikCWR+Lw0VQHmpJGAbtrmsOeIbfLY1zl7A81lDAl + AG/ZH1DUdDOUIXMLHWur+D2rwjp7RL16LHYxggGqMIIBpgIBA4AU39ojIb1OsD6hX+J8/98K + /+Ww5mgwCwYJYIZIAWUDBAIBoGswGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEaMBwGCSqG + SIb3DQEJBTEPFw0wODA1MjIxODA1MTVaMC8GCSqGSIb3DQEJBDEiBCBj/GjEQw3LgKPf5DTz + 8eu1fcp6/cQjqqne6ZqFkF42azANBgkqhkiG9w0BAQEFAASCAQBOY0uHNMwy/o1nFANSgha5 + PZxt8fz+wTrbeomCb+lxqQKq1clcSiQORVGc8NmqC8sS5OR3eTw/3qnK9yPHxz2UQ4hn1pBa + +Zy5veM61qMaXCw6w98EyNcvUfA1AkezAjkabfHQDs3o4Ezh49thXXyRcBoF+O6Lmi+LZbT2 + 4jvfFbaXW9zsb6/DaoDkeHnlk+YYgfSP4wOnkK5uqxtDW8QpMPq3GGdIp0oJDkzEdj7VsWIL + 9JP2mxxL8fTPVUyAPOmURYwYDXqhke2O9eVDiCYhrEfB8/84Rint4Cj8n5aCujnAtqtwxHpD + 0NRYO/V1MjhG+ARy1vRH1Dm0r92RBam3 + </manifest> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.024.xml b/rpkid/publication-protocol-samples/pdu.024.xml index 8f4c22dc..8fb07898 100644 --- a/rpkid/publication-protocol-samples/pdu.024.xml +++ b/rpkid/publication-protocol-samples/pdu.024.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <roa action="publish" uri="rsync://wombat.invalid/testbed/RIR/R0/1/lqkUqDq000DIoYV9rmwKLgk7azo.roa"/> + <manifest action="publish" uri="rsync://wombat.invalid/testbed/RIR/R0/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.mnf"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.025.xml b/rpkid/publication-protocol-samples/pdu.025.xml index 6319d0be..22639575 100644 --- a/rpkid/publication-protocol-samples/pdu.025.xml +++ b/rpkid/publication-protocol-samples/pdu.025.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> - <roa action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/R0/1/lqkUqDq000DIoYV9rmwKLgk7azo.roa"/> + <manifest action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/R0/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.mnf"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.026.xml b/rpkid/publication-protocol-samples/pdu.026.xml index a0dc50a9..951dde35 100644 --- a/rpkid/publication-protocol-samples/pdu.026.xml +++ b/rpkid/publication-protocol-samples/pdu.026.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <roa action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/R0/1/lqkUqDq000DIoYV9rmwKLgk7azo.roa"/> + <manifest action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/R0/1/j7ghjwblCrcCp9ltyPDNzYKPfxc.mnf"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.027.xml b/rpkid/publication-protocol-samples/pdu.027.xml index 544c817e..0a4608b4 100644 --- a/rpkid/publication-protocol-samples/pdu.027.xml +++ b/rpkid/publication-protocol-samples/pdu.027.xml @@ -1,5 +1,38 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> -<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <report_error error_code="your_hair_is_on_fire">text string</report_error> +<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> + <roa action="publish" uri="rsync://wombat.invalid/testbed/RIR/R0/1/lqkUqDq000DIoYV9rmwKLgk7azo.roa"> + MIIGmwYJKoZIhvcNAQcCoIIGjDCCBogCAQMxDTALBglghkgBZQMEAgEwKgYLKoZIhvcNAQkQ + ARigGwQZMBcCAgKaMBEwDwQCAAEwCTAHAwUACgMALKCCBJgwggSUMIIDfKADAgECAgEJMA0G + CSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhGQjgyMThGMDZFNTBBQjcwMkE3RDk2REM4RjBD + RENEODI4RjdGMTcwHhcNMDgwNTIyMTc1ODI0WhcNMDgwNTI0MTc1NDUzWjAzMTEwLwYDVQQD + Eyg5NkE5MTRBODNBQjREMzQwQzhBMTg1N0RBRTZDMEEyRTA5M0I2QjNBMIIBIjANBgkqhkiG + 9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoK50BjW5bcF4gsdaYhndtVADZvQk3RCsvuqDElF6uLi + 9BYQq/NHyDOIMyJtvCmzjdv3Y135n1sNO7YvssqHlt7dMfCQTD5ND1GpFnQLdWP7stWM5AbO + nJV6+PtDITUA/QHOli7Do0YCUgR6G+1QJsMu0DK+TRSzBJ6WP7WIYOBOOg3y/NKc1rkWhS1Q + dcQepbHgQYZHzzpjNDR6+oYVuhuUEWx1P6O4pv/p+tpE0SDua7jBjMywIYHkPQBecf2IX1RU + WNojB9dJlnRx5YUUneP2SvF2MrmdDbclgzwhf6alqD2OjiMuoBOG8yeTKcuhzCMnrFAklbst + 6x3Rnq9BswIDAQABo4IBsTCCAa0wHQYDVR0OBBYEFJapFKg6tNNAyKGFfa5sCi4JO2s6MB8G + A1UdIwQYMBaAFI+4IY8G5Qq3AqfZbcjwzc2Cj38XMFgGA1UdHwRRME8wTaBLoEmGR3JzeW5j + Oi8vbG9jYWxob3N0OjQ0MDAvdGVzdGJlZC9SSVIvUjAvMS9qN2doandibENyY0NwOWx0eVBE + TnpZS1BmeGMuY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9sb2Nh + bGhvc3Q6NDQwMC90ZXN0YmVkL1JJUi8xL2o3Z2hqd2JsQ3JjQ3A5bHR5UEROellLUGZ4Yy5j + ZXIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAOBgNVHQ8BAf8EBAMCB4AwYwYIKwYBBQUH + AQsEVzBVMFMGCCsGAQUFBzALhkdyc3luYzovL2xvY2FsaG9zdDo0NDAwL3Rlc3RiZWQvUklS + L1IwLzEvbHFrVXFEcTAwMERJb1lWOXJtd0tMZ2s3YXpvLnJvYTAgBggrBgEFBQcBBwEB/wQR + MA8wDQQCAAEwBwMFAAoDACwwDQYJKoZIhvcNAQELBQADggEBAL8iHwsyGOYhhIf3nVuL361y + TOJSP8SR0mtQLHULPl+GkYk+5MRNWtL8ucTXFvniYJtOCXEGGEIO9eDXvkQIXQSz/qbF9URQ + fuf38ghRza257syVhal6UHTgCFYuRIO9CUjcU1vkWUxH05BBIHlYdtlIQbAG/mRsCPCEgSmG + bbQaomGlUOqmJMlKxLLcoAtz2vDrwVotgHyfS5h2mgINFjnlLcNLTci+sfs7/aQAkDYx7K98 + se/ZlMorvGkFNhHoOTcGIrWkYsfkbTygVwWRm278PaB3o4449Kvsg/gb8BZeHXRs68cr5Mcf + jP7Q6jeypjTgDBnwb1yzoJIKWszFuSgxggGqMIIBpgIBA4AUlqkUqDq000DIoYV9rmwKLgk7 + azowCwYJYIZIAWUDBAIBoGswGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEYMBwGCSqGSIb3 + DQEJBTEPFw0wODA1MjIxNzU4MjRaMC8GCSqGSIb3DQEJBDEiBCDCyf9v9Wed515TRp2WwnyM + 1rk6dB///X+aqIym2e9jdTANBgkqhkiG9w0BAQEFAASCAQAFvzrHeRPW+wn4WSyoyBEq0zKS + Cyh5tu1qTR0NHs6Rr/p8Pk81P1HQLND/U+znJZKLWlO2niEHUXPIicPDYchbj8ApH9VxKA+1 + lCWllOzFAsYyZFr3/VNs9pVp2eT4F9eEYBrBVDSNrD72MMTlWm1T5MEXqltTJJOCKzUEX96x + 91iW6A+4erop7S8hpCnxqkTin4bFVreqYcGc4CC4bh+L9pPqJnURcEk7Qeu/WEHQBm38voB4 + S11qRZNrJMQ99oiJR7hXDIBm66HjGqoUL2gPCfpgJEVVnM9pVv2k889z4eTTck2Qj54gga2W + Xkvw4Je420aDx88s9T2+PqXcbZ4g + </roa> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.028.xml b/rpkid/publication-protocol-samples/pdu.028.xml index 3e9f8c77..8f4c22dc 100644 --- a/rpkid/publication-protocol-samples/pdu.028.xml +++ b/rpkid/publication-protocol-samples/pdu.028.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="US-ASCII"?> <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> - <report_error error_code="your_hair_is_on_fire"/> + <roa action="publish" uri="rsync://wombat.invalid/testbed/RIR/R0/1/lqkUqDq000DIoYV9rmwKLgk7azo.roa"/> </msg> diff --git a/rpkid/publication-protocol-samples/pdu.029.xml b/rpkid/publication-protocol-samples/pdu.029.xml new file mode 100644 index 00000000..6319d0be --- /dev/null +++ b/rpkid/publication-protocol-samples/pdu.029.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="US-ASCII"?> +<!--Automatically generated, do not edit.--> +<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="query"> + <roa action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/R0/1/lqkUqDq000DIoYV9rmwKLgk7azo.roa"/> +</msg> diff --git a/rpkid/publication-protocol-samples/pdu.030.xml b/rpkid/publication-protocol-samples/pdu.030.xml new file mode 100644 index 00000000..a0dc50a9 --- /dev/null +++ b/rpkid/publication-protocol-samples/pdu.030.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="US-ASCII"?> +<!--Automatically generated, do not edit.--> +<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> + <roa action="withdraw" uri="rsync://wombat.invalid/testbed/RIR/R0/1/lqkUqDq000DIoYV9rmwKLgk7azo.roa"/> +</msg> diff --git a/rpkid/publication-protocol-samples/pdu.031.xml b/rpkid/publication-protocol-samples/pdu.031.xml new file mode 100644 index 00000000..544c817e --- /dev/null +++ b/rpkid/publication-protocol-samples/pdu.031.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="US-ASCII"?> +<!--Automatically generated, do not edit.--> +<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> + <report_error error_code="your_hair_is_on_fire">text string</report_error> +</msg> diff --git a/rpkid/publication-protocol-samples/pdu.032.xml b/rpkid/publication-protocol-samples/pdu.032.xml new file mode 100644 index 00000000..3e9f8c77 --- /dev/null +++ b/rpkid/publication-protocol-samples/pdu.032.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="US-ASCII"?> +<!--Automatically generated, do not edit.--> +<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" version="1" type="reply"> + <report_error error_code="your_hair_is_on_fire"/> +</msg> diff --git a/rpkid/publication-schema.rnc b/rpkid/publication-schema.rnc index 8573f7f1..be815100 100644 --- a/rpkid/publication-schema.rnc +++ b/rpkid/publication-schema.rnc @@ -16,10 +16,10 @@ start = element msg { } # PDUs allowed in a query -query_elt = ( client_query | certificate_query | crl_query | manifest_query | roa_query ) +query_elt = ( config_query | client_query | certificate_query | crl_query | manifest_query | roa_query ) # PDUs allowed in a reply -reply_elt = ( client_reply | certificate_reply | crl_reply | manifest_reply | roa_reply | report_error_reply ) +reply_elt = ( config_reply | client_reply | certificate_reply | crl_reply | manifest_reply | roa_reply | report_error_reply ) # Tag attributes for bulk operations tag = attribute tag { xsd:token {maxLength="1024" } } @@ -31,6 +31,16 @@ base64 = xsd:base64Binary { maxLength="512000" } uri_t = xsd:anyURI { maxLength="4096" } uri = attribute uri { uri_t } +# <config/> element (use restricted to repository operator) +# config_id attribute and list command omitted deliberately, see code for details + +config_payload = (element bpki_crl { base64 }?) + +config_query |= element config { attribute action { "set" }, tag?, config_payload } +config_reply |= element config { attribute action { "set" }, tag? } +config_query |= element config { attribute action { "get" }, tag? } +config_reply |= element config { attribute action { "get" }, tag?, config_payload } + # <client/> element (use restricted to repository operator) client_id = attribute client_id { xsd:nonNegativeInteger } diff --git a/rpkid/publication-schema.rng b/rpkid/publication-schema.rng index 77cc6561..5f0b31ae 100644 --- a/rpkid/publication-schema.rng +++ b/rpkid/publication-schema.rng @@ -39,6 +39,7 @@ <!-- PDUs allowed in a query --> <define name="query_elt"> <choice> + <ref name="config_query"/> <ref name="client_query"/> <ref name="certificate_query"/> <ref name="crl_query"/> @@ -49,6 +50,7 @@ <!-- PDUs allowed in a reply --> <define name="reply_elt"> <choice> + <ref name="config_reply"/> <ref name="client_reply"/> <ref name="certificate_reply"/> <ref name="crl_reply"/> @@ -82,6 +84,59 @@ <ref name="uri_t"/> </attribute> </define> + <!-- + <config/> element (use restricted to repository operator) + config_id attribute and list command omitted deliberately, see code for details + --> + <define name="config_payload"> + <optional> + <element name="bpki_crl"> + <ref name="base64"/> + </element> + </optional> + </define> + <define name="config_query" combine="choice"> + <element name="config"> + <attribute name="action"> + <value>set</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + <ref name="config_payload"/> + </element> + </define> + <define name="config_reply" combine="choice"> + <element name="config"> + <attribute name="action"> + <value>set</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + </element> + </define> + <define name="config_query" combine="choice"> + <element name="config"> + <attribute name="action"> + <value>get</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + </element> + </define> + <define name="config_reply" combine="choice"> + <element name="config"> + <attribute name="action"> + <value>get</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + <ref name="config_payload"/> + </element> + </define> <!-- <client/> element (use restricted to repository operator) --> <define name="client_id"> <attribute name="client_id"> diff --git a/rpkid/rpki/exceptions.py b/rpkid/rpki/exceptions.py index 91f7e351..b3db4737 100644 --- a/rpkid/rpki/exceptions.py +++ b/rpkid/rpki/exceptions.py @@ -120,3 +120,6 @@ class MissingCMSCRL(RPKI_Exception): class UnparsableCMSDER(RPKI_Exception): """Alleged CMS DER wasn't parsable.""" + +class CMSCRLNotSet(RPKI_Exception): + """CMS CRL has not been configured.""" diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py index 900d5e16..04f35529 100644 --- a/rpkid/rpki/left_right.py +++ b/rpkid/rpki/left_right.py @@ -141,31 +141,6 @@ class self_elt(data_elt): """ return self.sql_fetch_all(self.gctx) - def startElement(self, stack, name, attrs): - """Handle <self/> element.""" - if name not in ("bpki_cert", "bpki_glue"): - assert name == "self", "Unexpected name %s, stack %s" % (name, stack) - self.read_attrs(attrs) - - def endElement(self, stack, name, text): - """Handle <self/> element.""" - if name == "bpki_cert": - self.bpki_cert = rpki.x509.X509(Base64 = text) - elif name == "bpki_glue": - self.bpki_glue = rpki.x509.X509(Base64 = text) - else: - assert name == "self", "Unexpected name %s, stack %s" % (name, stack) - stack.pop() - - def toXML(self): - """Generate <self/> element.""" - elt = self.make_elt() - if self.bpki_cert and not self.bpki_cert.empty(): - self.make_b64elt(elt, "bpki_cert", self.bpki_cert.get_DER()) - if self.bpki_glue and not self.bpki_glue.empty(): - self.make_b64elt(elt, "bpki_glue", self.bpki_glue.get_DER()) - return elt - def client_poll(self): """Run the regular client poll cycle with each of this self's parents in turn.""" @@ -261,7 +236,7 @@ class bsc_elt(data_elt): element_name = "bsc" attributes = ("action", "tag", "self_id", "bsc_id", "key_type", "hash_alg", "key_length") - elements = ("signing_cert", "signing_cert_crl") + elements = ("pkcs10_request", "signing_cert", "signing_cert_crl") booleans = ("generate_keypair",) sql_template = rpki.sql.template("bsc", "bsc_id", "self_id", "hash_alg", @@ -299,35 +274,6 @@ class bsc_elt(data_elt): self.pkcs10_request = rpki.x509.PKCS10.create(keypair) r_pdu.pkcs10_request = self.pkcs10_request - def startElement(self, stack, name, attrs): - """Handle <bsc/> element.""" - if name not in ("pkcs10_request", "signing_cert", "signing_cert_crl"): - assert name == "bsc", "Unexpected name %s, stack %s" % (name, stack) - self.read_attrs(attrs) - - def endElement(self, stack, name, text): - """Handle <bsc/> element.""" - if name == "signing_cert": - self.signing_cert = rpki.x509.X509(Base64 = text) - elif name == "signing_cert_crl": - self.signing_cert_crl = rpki.x509.CRL(Base64 = text) - elif name == "pkcs10_request": - self.pkcs10_request = rpki.x509.PKCS10(Base64 = text) - else: - assert name == "bsc", "Unexpected name %s, stack %s" % (name, stack) - stack.pop() - - def toXML(self): - """Generate <bsc/> element.""" - elt = self.make_elt() - if self.signing_cert is not None: - self.make_b64elt(elt, "signing_cert", self.signing_cert.get_DER()) - if self.signing_cert_crl is not None: - self.make_b64elt(elt, "signing_cert_crl", self.signing_cert_crl.get_DER()) - if self.pkcs10_request is not None: - self.make_b64elt(elt, "pkcs10_request", self.pkcs10_request.get_DER()) - return elt - class parent_elt(data_elt): """<parent/> element.""" @@ -373,39 +319,6 @@ class parent_elt(data_elt): for ca in self.cas(): ca.revoke() - def startElement(self, stack, name, attrs): - """Handle <parent/> element.""" - if name not in ("bpki_cms_cert", "bpki_cms_glue", "bpki_https_cert", "bpki_https_glue"): - assert name == "parent", "Unexpected name %s, stack %s" % (name, stack) - self.read_attrs(attrs) - - def endElement(self, stack, name, text): - """Handle <parent/> element.""" - if name == "bpki_cms_cert": - self.bpki_cms_cert = rpki.x509.X509(Base64 = text) - elif name == "bpki_cms_glue": - self.bpki_cms_glue = rpki.x509.X509(Base64 = text) - elif name == "bpki_https_cert": - self.bpki_https_cert = rpki.x509.X509(Base64 = text) - elif name == "bpki_https_glue": - self.bpki_https_glue = rpki.x509.X509(Base64 = text) - else: - assert name == "parent", "Unexpected name %s, stack %s" % (name, stack) - stack.pop() - - def toXML(self): - """Generate <parent/> element.""" - elt = self.make_elt() - if self.bpki_cms_cert and not self.bpki_cms_cert.empty(): - self.make_b64elt(elt, "bpki_cms_cert", self.bpki_cms_cert.get_DER()) - if self.bpki_cms_glue and not self.bpki_cms_glue.empty(): - self.make_b64elt(elt, "bpki_cms_glue", self.bpki_cms_glue.get_DER()) - if self.bpki_https_cert and not self.bpki_https_cert.empty(): - self.make_b64elt(elt, "bpki_https_cert", self.bpki_https_cert.get_DER()) - if self.bpki_https_glue and not self.bpki_https_glue.empty(): - self.make_b64elt(elt, "bpki_https_glue", self.bpki_https_glue.get_DER()) - return elt - def query_up_down(self, q_pdu): """Client code for sending one up-down query PDU to this parent. @@ -492,32 +405,14 @@ class child_elt(data_elt): self.gctx.clear_https_ta_cache() self.clear_https_ta_cache = False - def startElement(self, stack, name, attrs): - """Handle <child/> element.""" - if name not in ("bpki_cert", "bpki_glue"): - assert name == "child", "Unexpected name %s, stack %s" % (name, stack) - self.read_attrs(attrs) - def endElement(self, stack, name, text): - """Handle <child/> element.""" - if name == "bpki_cert": - self.bpki_cert = rpki.x509.X509(Base64 = text) - self.clear_https_ta_cache = True - elif name == "bpki_glue": - self.bpki_glue = rpki.x509.X509(Base64 = text) + """Handle subelements of <child/> element. These require special + handling because modifying them invalidates the HTTPS trust anchor + cache. + """ + rpki.xml_utils.data_elt.endElement(self, stack, name, text) + if name in self.elements: self.clear_https_ta_cache = True - else: - assert name == "child", "Unexpected name %s, stack %s" % (name, stack) - stack.pop() - - def toXML(self): - """Generate <child/> element.""" - elt = self.make_elt() - if self.bpki_cert and not self.bpki_cert.empty(): - self.make_b64elt(elt, "bpki_cert", self.bpki_cert.get_DER()) - if self.bpki_glue and not self.bpki_glue.empty(): - self.make_b64elt(elt, "bpki_glue", self.bpki_glue.get_DER()) - return elt def serve_up_down(self, query): """Outer layer of server handling for one up-down PDU from this child.""" @@ -569,39 +464,6 @@ class repository_elt(data_elt): """Fetch all parent objects that link to this repository object.""" return parent_elt.sql_fetch_where(self.gctx, "repository_id = %s", (self.repository_id,)) - def startElement(self, stack, name, attrs): - """Handle <repository/> element.""" - if name not in ("bpki_cms_cert", "bpki_cms_glue", "bpki_https_cert", "bpki_https_glue"): - assert name == "repository", "Unexpected name %s, stack %s" % (name, stack) - self.read_attrs(attrs) - - def endElement(self, stack, name, text): - """Handle <repository/> element.""" - if name == "bpki_cms_cert": - self.bpki_cms_cert = rpki.x509.X509(Base64 = text) - elif name == "bpki_cms_glue": - self.bpki_cms_glue = rpki.x509.X509(Base64 = text) - elif name == "bpki_https_cert": - self.bpki_https_cert = rpki.x509.X509(Base64 = text) - elif name == "bpki_https_glue": - self.bpki_https_glue = rpki.x509.X509(Base64 = text) - else: - assert name == "repository", "Unexpected name %s, stack %s" % (name, stack) - stack.pop() - - def toXML(self): - """Generate <repository/> element.""" - elt = self.make_elt() - if self.bpki_cms_cert: - self.make_b64elt(elt, "bpki_cms_cert", self.bpki_cms_cert.get_DER()) - if self.bpki_cms_glue: - self.make_b64elt(elt, "bpki_cms_glue", self.bpki_cms_glue.get_DER()) - if self.bpki_https_cert: - self.make_b64elt(elt, "bpki_https_cert", self.bpki_https_cert.get_DER()) - if self.bpki_https_glue: - self.make_b64elt(elt, "bpki_https_glue", self.bpki_https_glue.get_DER()) - return elt - @staticmethod def uri_to_filename(base, uri): """Convert a URI to a filename. [TEMPORARY]""" @@ -715,7 +577,9 @@ class route_origin_elt(data_elt): self.unimplemented_control("suppress_publication") def startElement(self, stack, name, attrs): - """Handle <route_origin/> element.""" + """Handle <route_origin/> element. This requires special + processing due to the data types of some of the attributes. + """ assert name == "route_origin", "Unexpected name %s, stack %s" % (name, stack) self.read_attrs(attrs) if self.as_number is not None: @@ -725,15 +589,6 @@ class route_origin_elt(data_elt): if self.ipv6 is not None: self.ipv6 = rpki.resource_set.roa_prefix_set_ipv6(self.ipv6) - def endElement(self, stack, name, text): - """Handle <route_origin/> element.""" - assert name == "route_origin", "Unexpected name %s, stack %s" % (name, stack) - stack.pop() - - def toXML(self): - """Generate <route_origin/> element.""" - return self.make_elt() - def update_roa(self): """Bring this route_origin's ROA up to date if necesssary.""" @@ -884,7 +739,9 @@ class list_resources_elt(rpki.xml_utils.base_elt, left_right_namespace): valid_until = None def startElement(self, stack, name, attrs): - """Handle <list_resources/> element.""" + """Handle <list_resources/> element. This requires special + handling due to the data types of some of the attributes. + """ assert name == "list_resources", "Unexpected name %s, stack %s" % (name, stack) self.read_attrs(attrs) if isinstance(self.valid_until, str): @@ -897,7 +754,9 @@ class list_resources_elt(rpki.xml_utils.base_elt, left_right_namespace): self.ipv6 = rpki.resource_set.resource_set_ipv6(self.ipv6) def toXML(self): - """Generate <list_resources/> element.""" + """Generate <list_resources/> element. This requires special + handling due to the data types of some of the attributes. + """ elt = self.make_elt() if isinstance(self.valid_until, int): elt.set("valid_until", self.valid_until.toXMLtime()) @@ -909,15 +768,6 @@ class report_error_elt(rpki.xml_utils.base_elt, left_right_namespace): element_name = "report_error" attributes = ("tag", "self_id", "error_code") - def startElement(self, stack, name, attrs): - """Handle <report_error/> element.""" - assert name == self.element_name, "Unexpected name %s, stack %s" % (name, stack) - self.read_attrs(attrs) - - def toXML(self): - """Generate <report_error/> element.""" - return self.make_elt() - @classmethod def from_exception(cls, exc, self_id = None): """Generate a <report_error/> element from an exception.""" diff --git a/rpkid/rpki/publication.py b/rpkid/rpki/publication.py index 07fffa83..82ff30ff 100644 --- a/rpkid/rpki/publication.py +++ b/rpkid/rpki/publication.py @@ -26,7 +26,68 @@ class publication_namespace(object): xmlns = "http://www.hactrn.net/uris/rpki/publication-spec/" nsmap = { None : xmlns } -class client_elt(rpki.xml_utils.data_elt, rpki.sql.sql_persistant, publication_namespace): +class control_elt(rpki.xml_utils.data_elt, rpki.sql.sql_persistant, publication_namespace): + """Virtual class for control channel objects.""" + + def serve_dispatch(self, r_msg, client): + """Action dispatch handler. This needs special handling because + we need to make sure that this PDU arrived via the control channel. + """ + if client is not None: + raise rpki.exceptions.BadQuery, "Control query received on client channel" + rpki.xml_utils.data_elt.serve_dispatch(self, r_msg) + +class config_elt(control_elt): + """<config/> element. This is a little weird because there should + never be more than one row in the SQL config table, but we have to + put the BPKI CRL somewhere and SQL is the least bad place available. + + So we reuse a lot of the SQL machinery, but we nail config_id at 1, + we don't expose it in the XML protocol, and we only support the get + and set actions. + """ + + attributes = ("action", "tag") + element_name = "config" + elements = ("bpki_crl",) + + sql_template = rpki.sql.template("config", "config_id", ("bpki_crl", rpki.x509.CRL)) + + wired_in_config_id = 1 + + def startElement(self, stack, name, attrs): + """StartElement() handler for config object. This requires + special handling because of the weird way we treat config_id. + """ + control_elt.startElement(self, stack, name, attrs) + self.config_id = self.wired_in_config_id + + @classmethod + def fetch(cls, gctx): + """Fetch the config object from SQL. This requires special + handling because of the weird way we treat config_id. + """ + return cls.sql_fetch(gctx, cls.wired_in_config_id) + + def serve_set(self, r_msg): + """Handle a set action. This requires special handling because + config we don't support the create method. + """ + if self.sql_fetch(self.gctx, self.config_id) is None: + control_elt.serve_create(self, r_msg) + else: + control_elt.serve_set(self, r_msg) + + def serve_fetch_one(self): + """Find the config object on which a get or set method should + operate. + """ + r = self.sql_fetch(self.gctx, self.config_id) + if r is None: + raise rpki.exceptions.NotFound + return r + +class client_elt(control_elt): """<client/> element.""" element_name = "client" @@ -41,32 +102,14 @@ class client_elt(rpki.xml_utils.data_elt, rpki.sql.sql_persistant, publication_n clear_https_ta_cache = False - def startElement(self, stack, name, attrs): - """Handle <client/> element.""" - if name not in ("bpki_cert", "bpki_glue"): - assert name == self.element_name, "Unexpected name %s, stack %s" % (name, stack) - self.read_attrs(attrs) - def endElement(self, stack, name, text): - """Handle <client/> element.""" - if name == "bpki_cert": - self.bpki_cert = rpki.x509.X509(Base64 = text) - self.clear_https_ta_cache = True - elif name == "bpki_glue": - self.bpki_glue = rpki.x509.X509(Base64 = text) + """Handle subelements of <client/> element. These require special + handling because modifying them invalidates the HTTPS trust anchor + cache. + """ + control_elt.endElement(self, stack, name, text) + if name in self.elements: self.clear_https_ta_cache = True - else: - assert name == self.element_name, "Unexpected name %s, stack %s" % (name, stack) - stack.pop() - - def toXML(self): - """Generate <client/> element.""" - elt = self.make_elt() - if self.bpki_cert and not self.bpki_cert.empty(): - self.make_b64elt(elt, "bpki_cert", self.bpki_cert.get_DER()) - if self.bpki_glue and not self.bpki_glue.empty(): - self.make_b64elt(elt, "bpki_glue", self.bpki_glue.get_DER()) - return elt def serve_post_save_hook(self, q_pdu, r_pdu): """Extra server actions for client_elt.""" @@ -87,29 +130,22 @@ class client_elt(rpki.xml_utils.data_elt, rpki.sql.sql_persistant, publication_n """Find client objects on which a list method should operate.""" return self.sql_fetch_all(self.gctx) - def serve_dispatch(self, r_msg, client): - """Action dispatch handler.""" - if client is not None: - raise rpki.exceptions.BadQuery, "Client query received on control channel" - rpki.xml_utils.data_elt.serve_dispatch(self, r_msg) - def check_allowed_uri(self, uri): if not uri.startswith(self.base_uri): raise rpki.exceptions.ForbiddenURI class publication_object_elt(rpki.xml_utils.base_elt, publication_namespace): """Virtual class for publishable objects. These have very similar - syntax, differences lie in underlying datatype and methods. + syntax, differences lie in underlying datatype and methods. XML + methods are a little different from the pattern used for objects + that support the create/set/get/list/destroy actions, but + publishable objects don't go in SQL either so these classes would be + different in any case. """ attributes = ("action", "tag", "client_id", "uri") payload = None - def startElement(self, stack, name, attrs): - """Handle a publishable element.""" - assert name == self.element_name, "Unexpected name %s, stack %s" % (name, stack) - self.read_attrs(attrs) - def endElement(self, stack, name, text): """Handle a publishable element element.""" assert name == self.element_name, "Unexpected name %s, stack %s" % (name, stack) @@ -127,7 +163,7 @@ class publication_object_elt(rpki.xml_utils.base_elt, publication_namespace): def serve_dispatch(self, r_msg, client): """Action dispatch handler.""" if client is None: - raise rpki.exceptions.BadQuery, "Control query received on client channel" + raise rpki.exceptions.BadQuery, "Client query received on control channel" dispatch = { "publish" : self.serve_publish, "withdraw" : self.serve_withdraw } if self.action not in dispatch: @@ -200,15 +236,6 @@ class report_error_elt(rpki.xml_utils.base_elt, publication_namespace): element_name = "report_error" attributes = ("tag", "error_code") - def startElement(self, stack, name, attrs): - """Handle <report_error/> element.""" - assert name == self.element_name, "Unexpected name %s, stack %s" % (name, stack) - self.read_attrs(attrs) - - def toXML(self): - """Generate <report_error/> element.""" - return self.make_elt() - @classmethod def from_exception(cls, exc): """Generate a <report_error/> element from an exception.""" @@ -226,7 +253,7 @@ class msg(rpki.xml_utils.msg, publication_namespace): ## @var pdus # Dispatch table of PDUs for this protocol. pdus = dict((x.element_name, x) - for x in (client_elt, certificate_elt, crl_elt, manifest_elt, roa_elt, report_error_elt)) + for x in (config_elt, client_elt, certificate_elt, crl_elt, manifest_elt, roa_elt, report_error_elt)) def serve_top_level(self, gctx, client): """Serve one msg PDU.""" diff --git a/rpkid/rpki/relaxng.py b/rpkid/rpki/relaxng.py index 87230bcf..017209b6 100644 --- a/rpkid/rpki/relaxng.py +++ b/rpkid/rpki/relaxng.py @@ -801,11 +801,6 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc </attribute> </optional> <optional> - <attribute name="exact_match"> - <data type="boolean"/> - </attribute> - </optional> - <optional> <attribute name="ipv4"> <ref name="ipv4_list"/> </attribute> @@ -1257,6 +1252,7 @@ publication = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" en <!-- PDUs allowed in a query --> <define name="query_elt"> <choice> + <ref name="config_query"/> <ref name="client_query"/> <ref name="certificate_query"/> <ref name="crl_query"/> @@ -1267,6 +1263,7 @@ publication = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" en <!-- PDUs allowed in a reply --> <define name="reply_elt"> <choice> + <ref name="config_reply"/> <ref name="client_reply"/> <ref name="certificate_reply"/> <ref name="crl_reply"/> @@ -1300,6 +1297,59 @@ publication = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" en <ref name="uri_t"/> </attribute> </define> + <!-- + <config/> element (use restricted to repository operator) + config_id attribute and list command omitted deliberately, see code for details + --> + <define name="config_payload"> + <optional> + <element name="bpki_crl"> + <ref name="base64"/> + </element> + </optional> + </define> + <define name="config_query" combine="choice"> + <element name="config"> + <attribute name="action"> + <value>set</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + <ref name="config_payload"/> + </element> + </define> + <define name="config_reply" combine="choice"> + <element name="config"> + <attribute name="action"> + <value>set</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + </element> + </define> + <define name="config_query" combine="choice"> + <element name="config"> + <attribute name="action"> + <value>get</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + </element> + </define> + <define name="config_reply" combine="choice"> + <element name="config"> + <attribute name="action"> + <value>get</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + <ref name="config_payload"/> + </element> + </define> <!-- <client/> element (use restricted to repository operator) --> <define name="client_id"> <attribute name="client_id"> diff --git a/rpkid/rpki/xml_utils.py b/rpkid/rpki/xml_utils.py index 97f9c5f7..5e9c613e 100644 --- a/rpkid/rpki/xml_utils.py +++ b/rpkid/rpki/xml_utils.py @@ -117,12 +117,19 @@ class base_elt(object): def startElement(self, stack, name, attrs): """Default startElement() handler: just process attributes.""" - self.read_attrs(attrs) + if name not in self.elements: + assert name == self.element_name, "Unexpected name %s, stack %s" % (name, stack) + self.read_attrs(attrs) def endElement(self, stack, name, text): """Default endElement() handler: just pop the stack.""" + assert name == self.element_name, "Unexpected name %s, stack %s" % (name, stack) stack.pop() + def toXML(self): + """Default toXML() element generator.""" + return self.make_elt() + def read_attrs(self, attrs): """Template-driven attribute reader.""" for key in self.attributes: @@ -172,6 +179,29 @@ class data_elt(base_elt): attribute. """ + def endElement(self, stack, name, text): + """Default endElement handler for SQL-based objects. This assumes + that sub-elements are Base64-encoded using the sql_template mechanism. + """ + if name in self.elements: + elt_type = self.sql_template.map.get(name) + assert elt_type is not None, "Couldn't find element type for %s, stack %s" % (name, stack) + setattr(self, name, elt_type(Base64 = text)) + else: + assert name == self.element_name, "Unexpected name %s, stack %s" % (name, stack) + stack.pop() + + def toXML(self): + """Default element generator for SQL-based objects. This assumes + that sub-elements are Base64-encoded DER objects. + """ + elt = self.make_elt() + for i in self.elements: + x = getattr(self, i, None) + if x and not x.empty(): + self.make_b64elt(elt, i, x.get_DER()) + return elt + def make_reply(self, r_pdu = None): """Construct a reply PDU.""" if r_pdu is None: diff --git a/rpkid/testbed.1.yaml b/rpkid/testbed.1.yaml index b18d13b9..e53b63b6 100644 --- a/rpkid/testbed.1.yaml +++ b/rpkid/testbed.1.yaml @@ -15,8 +15,8 @@ # PERFORMANCE OF THIS SOFTWARE. name: RIR -crl_interval: 60s -regen_margin: 30s +crl_interval: 5m +regen_margin: 2m valid_for: 2d kids: - name: R0 diff --git a/rpkid/testbed.py b/rpkid/testbed.py index 8324fc44..b53604e8 100644 --- a/rpkid/testbed.py +++ b/rpkid/testbed.py @@ -192,9 +192,15 @@ def main(): for a in db.leaves: a.setup_yaml_leaf() + # Set pubd's BPKI CRL + set_pubd_crl() + # Loop until we run out of control YAML while True: + # This is probably where we should be updating expired BPKI + # objects, particular CRLs + # Run cron in all RPKI instances for a in db.engines: a.run_cron() @@ -267,11 +273,10 @@ cmds = { "sleep" : cmd_sleep, class route_origin(object): """Representation for a route_origin object.""" - def __init__(self, asn, ipv4, ipv6, exact_match): + def __init__(self, asn, ipv4, ipv6): self.asn = asn self.v4 = rpki.resource_set.roa_prefix_set_ipv4("".join(ipv4.split())) if ipv4 else None self.v6 = rpki.resource_set.roa_prefix_set_ipv6("".join(ipv6.split())) if ipv6 else None - self.exact_match = exact_match def __eq__(self, other): return self.asn == other.asn and self.v4 == other.v4 and self.v6 == other.v6 @@ -289,7 +294,7 @@ class route_origin(object): @classmethod def parse(cls, yaml): - return cls(yaml.get("asn"), yaml.get("ipv4"), yaml.get("ipv6"), yaml.get("exact_match", False)) + return cls(yaml.get("asn"), yaml.get("ipv4"), yaml.get("ipv6")) class allocation_db(list): """Representation of all the entities and allocations in the test system. @@ -671,8 +676,8 @@ class allocation(object): rpki.log.info("Creating rpkid route_origin objects for %s" % self.name) for ro in self.route_origins: ro.route_origin_id = self.call_rpkid(rpki.left_right.route_origin_elt.make_pdu( - action = "create", self_id = self.self_id, as_number = ro.asn, - exact_match = ro.exact_match, ipv4 = ro.v4, ipv6 = ro.v6)).route_origin_id + action = "create", self_id = self.self_id, + as_number = ro.asn, ipv4 = ro.v4, ipv6 = ro.v6)).route_origin_id def setup_yaml_leaf(self): """Generate certificates and write YAML scripts for leaf nodes. @@ -836,6 +841,16 @@ def call_pubd(*pdu): assert not isinstance(pdu, rpki.publication.report_error_elt) return msg[0] if len(msg) == 1 else msg +def set_pubd_crl(): + """Whack publication daemon's bpki_crl. This must be configured + before publication daemon starts talking to its clients, and must be + updated whenever we update the CRL. + """ + rpki.log.info("Setting pubd's BPKI CRL") + call_pubd(rpki.publication.config_elt.make_pdu( + action = "set", + bpki_crl = rpki.x509.CRL(Auto_file = pubd_name + "-TA.crl"))) + def run_rcynic(): """Run rcynic to see whether what was published makes sense.""" rpki.log.info("Running rcynic") |