diff options
| author | Rob Austein <sra@hactrn.net> | 2008-04-25 06:45:10 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-04-25 06:45:10 +0000 |
| commit | aac95769f39e37f89ca4b304d76dc514822a7271 (patch) | |
| tree | a131f06614dea05d3c7193730e25fb43ff7e5654 /rpkid | |
| parent | f4d16327a6048cf932b53e40247df0b820e2dccf (diff) | |
New trust anchor model sort of working. make test runs again, anyway.
svn path=/docs/left-right-xml; revision=1704
Diffstat (limited to 'rpkid')
28 files changed, 648 insertions, 244 deletions
diff --git a/rpkid/Makefile b/rpkid/Makefile index 46a0e86d..72d559c3 100644 --- a/rpkid/Makefile +++ b/rpkid/Makefile @@ -55,7 +55,7 @@ dox doxygen: ${TWEAKHTML} rpki/html/Operation.html | ${HTML2TEXT} >OPERATION tags: - find . -type f -name '*.py' | etags - + find . -type f -name '*.py' ! -name relaxng.py | etags - all:: rpki/relaxng.py diff --git a/rpkid/irbe-cli.py b/rpkid/irbe-cli.py index c04b8eac..02c55a6c 100755 --- a/rpkid/irbe-cli.py +++ b/rpkid/irbe-cli.py @@ -48,13 +48,29 @@ class cmd_mixin(object): self.action = arg self.type = "query" - def client_query_peer_biz_cert(self, arg): - """Special handler for --peer_biz_cert option.""" - self.peer_biz_cert = rpki.x509.X509(Auto_file=arg) + def client_query_bpki_cert(self, arg): + """Special handler for --bpki_cert option.""" + self.bpki_cert = rpki.x509.X509(Auto_file=arg) - def client_query_https_ta(self, arg): - """Special handler for --peer_biz_glue option.""" - self.peer_biz_glue = rpki.x509.X509(Auto_file=arg) + def client_query_glue(self, arg): + """Special handler for --bpki_glue option.""" + self.bpki_glue = rpki.x509.X509(Auto_file=arg) + + def client_query_bpki_cms_cert(self, arg): + """Special handler for --bpki_cms_cert option.""" + self.bpki_cms_cert = rpki.x509.X509(Auto_file=arg) + + def client_query_cms_glue(self, arg): + """Special handler for --bpki_cms_glue option.""" + self.bpki_cms_glue = rpki.x509.X509(Auto_file=arg) + + def client_query_bpki_https_cert(self, arg): + """Special handler for --bpki_https_cert option.""" + self.bpki_https_cert = rpki.x509.X509(Auto_file=arg) + + def client_query_https_glue(self, arg): + """Special handler for --bpki_https_glue option.""" + self.bpki_https_glue = rpki.x509.X509(Auto_file=arg) def client_reply_decode(self): pass diff --git a/rpkid/irbe-setup.py b/rpkid/irbe-setup.py index e32d6663..1ded8e3e 100644 --- a/rpkid/irbe-setup.py +++ b/rpkid/irbe-setup.py @@ -88,7 +88,7 @@ repository_id = pdu.repository_id print "Create a parent context" ta = rpki.x509.X509(Auto_file = "biz-certs/Elena-Root.cer") pdu = call_rpkid(rpki.left_right.parent_elt.make_pdu( - action = "create", self_id = self_id, bsc_id = bsc_id, repository_id = repository_id, peer_biz_cert = ta, + action = "create", self_id = self_id, bsc_id = bsc_id, repository_id = repository_id, bpki_cms_cert = ta, peer_contact_uri = "https://localhost:44333/", sia_base = "rsync://wombat.invalid/")) parent_id = pdu.parent_id @@ -102,7 +102,7 @@ registrants = cur.fetchall() for registrant_id, subject_name in registrants: print "Attempting to bind", registrant_id, subject_name - pdu = call_rpkid(rpki.left_right.child_elt.make_pdu(action = "create", self_id = self_id, bsc_id = bsc_id, peer_biz_cert = cer)) + pdu = call_rpkid(rpki.left_right.child_elt.make_pdu(action = "create", self_id = self_id, bsc_id = bsc_id, bpki_cms_cert = cer)) print "Attempting to bind", registrant_id, subject_name, pdu.child_id cur.execute("""UPDATE registrant SET rpki_self_id = %d, rpki_child_id = %d diff --git a/rpkid/left-right-protocol-samples/pdu.003.xml b/rpkid/left-right-protocol-samples/pdu.003.xml index efca2484..aa900872 100644 --- a/rpkid/left-right-protocol-samples/pdu.003.xml +++ b/rpkid/left-right-protocol-samples/pdu.003.xml @@ -2,8 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <self action="set" type="query" self_id="42" rekey="yes" reissue="yes" revoke="yes" run_now="yes" publish_world_now="yes" clear_extension_preferences="yes" crl_interval="3600" regen_margin="86400" use_hsm="no"> - <extension_preference name="color">Blue</extension_preference> - <biz_cert> + <bpki_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -21,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </biz_cert> - <biz_glue> + </bpki_cert> + <bpki_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -40,6 +39,7 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </biz_glue> + </bpki_glue> + <extension_preference name="color">Blue</extension_preference> </self> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.006.xml b/rpkid/left-right-protocol-samples/pdu.006.xml index d53fd517..2a32e83b 100644 --- a/rpkid/left-right-protocol-samples/pdu.006.xml +++ b/rpkid/left-right-protocol-samples/pdu.006.xml @@ -2,10 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <self action="get" type="reply" self_id="42"> - <extension_preference name="name">Launcelot</extension_preference> - <extension_preference name="quest">Holy Grail</extension_preference> - <extension_preference name="color">Blue</extension_preference> - <biz_cert> + <bpki_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -23,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </biz_cert> - <biz_glue> + </bpki_cert> + <bpki_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -42,6 +39,9 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </biz_glue> + </bpki_glue> + <extension_preference name="name">Launcelot</extension_preference> + <extension_preference name="quest">Holy Grail</extension_preference> + <extension_preference name="color">Blue</extension_preference> </self> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.008.xml b/rpkid/left-right-protocol-samples/pdu.008.xml index 5ae57612..feb7246c 100644 --- a/rpkid/left-right-protocol-samples/pdu.008.xml +++ b/rpkid/left-right-protocol-samples/pdu.008.xml @@ -2,10 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <self action="list" type="reply" self_id="42"> - <extension_preference name="name">Launcelot</extension_preference> - <extension_preference name="quest">Holy Grail</extension_preference> - <extension_preference name="color">Blue</extension_preference> - <biz_cert> + <bpki_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -23,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </biz_cert> - <biz_glue> + </bpki_cert> + <bpki_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -42,7 +39,10 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </biz_glue> + </bpki_glue> + <extension_preference name="name">Launcelot</extension_preference> + <extension_preference name="quest">Holy Grail</extension_preference> + <extension_preference name="color">Blue</extension_preference> </self> <self action="list" type="reply" self_id="99"> <extension_preference name="name">Arthur, King of the Britons</extension_preference> diff --git a/rpkid/left-right-protocol-samples/pdu.021.xml b/rpkid/left-right-protocol-samples/pdu.021.xml index 5159f7cb..73063525 100644 --- a/rpkid/left-right-protocol-samples/pdu.021.xml +++ b/rpkid/left-right-protocol-samples/pdu.021.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <parent action="create" type="query" self_id="42" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120" sender_name="tweedledee" recipient_name="tweedledum"> - <peer_biz_cert> + <bpki_cms_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_cert> - <peer_biz_glue> + </bpki_cms_cert> + <bpki_cms_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,44 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_glue> + </bpki_cms_glue> + <bpki_https_cert> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_cert> + <bpki_https_glue> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_glue> </parent> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.023.xml b/rpkid/left-right-protocol-samples/pdu.023.xml index 100b2c74..bb47fca3 100644 --- a/rpkid/left-right-protocol-samples/pdu.023.xml +++ b/rpkid/left-right-protocol-samples/pdu.023.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <parent action="set" type="query" self_id="42" parent_id="666" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120" rekey="yes" reissue="yes" revoke="yes"> - <peer_biz_cert> + <bpki_cms_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_cert> - <peer_biz_glue> + </bpki_cms_cert> + <bpki_cms_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,44 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_glue> + </bpki_cms_glue> + <bpki_https_cert> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_cert> + <bpki_https_glue> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_glue> </parent> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.026.xml b/rpkid/left-right-protocol-samples/pdu.026.xml index 7e45a2e2..0dac009d 100644 --- a/rpkid/left-right-protocol-samples/pdu.026.xml +++ b/rpkid/left-right-protocol-samples/pdu.026.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <parent action="get" type="reply" self_id="42" parent_id="666" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120"> - <peer_biz_cert> + <bpki_cms_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_cert> - <peer_biz_glue> + </bpki_cms_cert> + <bpki_cms_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,44 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_glue> + </bpki_cms_glue> + <bpki_https_cert> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_cert> + <bpki_https_glue> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_glue> </parent> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.028.xml b/rpkid/left-right-protocol-samples/pdu.028.xml index 217dd456..b8d89efc 100644 --- a/rpkid/left-right-protocol-samples/pdu.028.xml +++ b/rpkid/left-right-protocol-samples/pdu.028.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <parent action="list" type="reply" self_id="42" parent_id="666" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120"> - <peer_biz_cert> + <bpki_cms_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_cert> - <peer_biz_glue> + </bpki_cms_cert> + <bpki_cms_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,44 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_glue> + </bpki_cms_glue> + <bpki_https_cert> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_cert> + <bpki_https_glue> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_glue> </parent> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.031.xml b/rpkid/left-right-protocol-samples/pdu.031.xml index 1c7c8502..d5b2b732 100644 --- a/rpkid/left-right-protocol-samples/pdu.031.xml +++ b/rpkid/left-right-protocol-samples/pdu.031.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <child action="create" type="query" self_id="42" bsc_id="17"> - <peer_biz_cert> + <bpki_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,6 +20,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_cert> + </bpki_cert> </child> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.033.xml b/rpkid/left-right-protocol-samples/pdu.033.xml index 9acfd9ae..500a2f22 100644 --- a/rpkid/left-right-protocol-samples/pdu.033.xml +++ b/rpkid/left-right-protocol-samples/pdu.033.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <child action="set" type="query" self_id="42" child_id="3" bsc_id="17" reissue="yes"> - <peer_biz_cert> + <bpki_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,6 +20,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_cert> + </bpki_cert> </child> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.036.xml b/rpkid/left-right-protocol-samples/pdu.036.xml index 333b70dd..a02ff46d 100644 --- a/rpkid/left-right-protocol-samples/pdu.036.xml +++ b/rpkid/left-right-protocol-samples/pdu.036.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <child action="get" type="reply" self_id="42" child_id="3" bsc_id="17"> - <peer_biz_cert> + <bpki_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,6 +20,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_cert> + </bpki_cert> </child> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.038.xml b/rpkid/left-right-protocol-samples/pdu.038.xml index 9c8244ee..87cef4e7 100644 --- a/rpkid/left-right-protocol-samples/pdu.038.xml +++ b/rpkid/left-right-protocol-samples/pdu.038.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <child action="list" type="reply" self_id="42" child_id="3" bsc_id="17"> - <peer_biz_cert> + <bpki_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,6 +20,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_cert> + </bpki_cert> </child> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.041.xml b/rpkid/left-right-protocol-samples/pdu.041.xml index 5f489e64..771f5fa9 100644 --- a/rpkid/left-right-protocol-samples/pdu.041.xml +++ b/rpkid/left-right-protocol-samples/pdu.041.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <repository action="create" type="query" self_id="42" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17"> - <peer_biz_cert> + <bpki_cms_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_cert> - <peer_biz_glue> + </bpki_cms_cert> + <bpki_cms_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,44 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_glue> + </bpki_cms_glue> + <bpki_https_cert> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_cert> + <bpki_https_glue> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_glue> </repository> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.043.xml b/rpkid/left-right-protocol-samples/pdu.043.xml index 86c2fdc3..96668568 100644 --- a/rpkid/left-right-protocol-samples/pdu.043.xml +++ b/rpkid/left-right-protocol-samples/pdu.043.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <repository action="set" type="query" self_id="42" repository_id="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17"> - <peer_biz_cert> + <bpki_cms_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_cert> - <peer_biz_glue> + </bpki_cms_cert> + <bpki_cms_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,44 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_glue> + </bpki_cms_glue> + <bpki_https_cert> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_cert> + <bpki_https_glue> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_glue> </repository> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.046.xml b/rpkid/left-right-protocol-samples/pdu.046.xml index 3900f7ff..e9ce67fe 100644 --- a/rpkid/left-right-protocol-samples/pdu.046.xml +++ b/rpkid/left-right-protocol-samples/pdu.046.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <repository action="get" type="reply" self_id="42" repository_id="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17"> - <peer_biz_cert> + <bpki_cms_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_cert> - <peer_biz_glue> + </bpki_cms_cert> + <bpki_cms_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,44 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_glue> + </bpki_cms_glue> + <bpki_https_cert> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_cert> + <bpki_https_glue> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_glue> </repository> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.048.xml b/rpkid/left-right-protocol-samples/pdu.048.xml index 156ec518..e14371e3 100644 --- a/rpkid/left-right-protocol-samples/pdu.048.xml +++ b/rpkid/left-right-protocol-samples/pdu.048.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <repository action="list" type="reply" self_id="42" repository_id="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17"> - <peer_biz_cert> + <bpki_cms_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_cert> - <peer_biz_glue> + </bpki_cms_cert> + <bpki_cms_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,44 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </peer_biz_glue> + </bpki_cms_glue> + <bpki_https_cert> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_cert> + <bpki_https_glue> + MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV + BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN + MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS + b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S + G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G + Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC + DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM + uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP + 2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ + diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4 + ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq + hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg + cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4 + XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm + sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH + YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq + 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== + </bpki_https_glue> </repository> </msg> diff --git a/rpkid/left-right-schema.rnc b/rpkid/left-right-schema.rnc index 88adb520..243990cc 100644 --- a/rpkid/left-right-schema.rnc +++ b/rpkid/left-right-schema.rnc @@ -35,10 +35,6 @@ ctl_dr = attribute action { "destroy" }, attribute type { "reply" }, tag # Base64 encoded DER stuff base64 = xsd:base64Binary { maxLength="512000" } -# How we wrap peer business cert elements -peer_biz_cert = element peer_biz_cert { base64 } -peer_biz_glue = element peer_biz_glue { base64 } - # Base definition for all fields that are really just SQL primary indices sql_id = xsd:token { maxLength="1024" } @@ -54,12 +50,12 @@ self_bool = (attribute rekey { "yes" }?, self_payload = (attribute use_hsm { "yes" | "no" }?, attribute crl_interval { xsd:positiveInteger }?, attribute regen_margin { xsd:positiveInteger }?, + element bpki_cert { base64 }?, + element bpki_glue { base64 }?, element extension_preference { attribute name { xsd:token { maxLength="1024" } }, xsd:string { maxLength="512000" } - }*, - element biz_cert { base64 }?, - element biz_glue { base64 }?) + }*) self_id = attribute self_id { sql_id } @@ -113,8 +109,10 @@ parent_payload = (attribute peer_contact_uri { xsd:anyURI { maxLength="1024" } } attribute repository_id { xsd:token { maxLength="1024" } }?, attribute sender_name { xsd:token { maxLength="1024" } }?, attribute recipient_name { xsd:token { maxLength="1024" } }?, - peer_biz_cert?, - peer_biz_glue?) + element bpki_cms_cert { base64 }?, + element bpki_cms_glue { base64 }?, + element bpki_https_cert { base64 }?, + element bpki_https_glue { base64 }?) parent_elt |= element parent { ctl_cq, self_id, parent_bool, parent_payload } parent_elt |= element parent { ctl_cr, self_id, parent_id } @@ -134,8 +132,8 @@ child_id = attribute child_id { sql_id } child_bool = attribute reissue { "yes" }? child_payload = (attribute bsc_id { xsd:token { maxLength="1024" } }?, - peer_biz_cert?, - peer_biz_glue?) + element bpki_cert { base64 }?, + element bpki_glue { base64 }?) child_elt |= element child { ctl_cq, self_id, child_bool, child_payload } child_elt |= element child { ctl_cr, self_id, child_id } @@ -154,8 +152,10 @@ repository_id = attribute repository_id { sql_id } repository_payload = (attribute peer_contact_uri { xsd:anyURI { maxLength="1024" } }?, attribute bsc_id { xsd:token { maxLength="1024" } }?, - peer_biz_cert?, - peer_biz_glue?) + element bpki_cms_cert { base64 }?, + element bpki_cms_glue { base64 }?, + element bpki_https_cert { base64 }?, + element bpki_https_glue { base64 }?) repository_elt |= element repository { ctl_cq, self_id, repository_payload } repository_elt |= element repository { ctl_cr, self_id, repository_id } diff --git a/rpkid/left-right-schema.rng b/rpkid/left-right-schema.rng index 05bb94a5..b548a079 100644 --- a/rpkid/left-right-schema.rng +++ b/rpkid/left-right-schema.rng @@ -140,17 +140,6 @@ <param name="maxLength">512000</param> </data> </define> - <!-- How we wrap peer business cert elements --> - <define name="peer_biz_cert"> - <element name="peer_biz_cert"> - <ref name="base64"/> - </element> - </define> - <define name="peer_biz_glue"> - <element name="peer_biz_glue"> - <ref name="base64"/> - </element> - </define> <!-- Base definition for all fields that are really just SQL primary indices --> <define name="sql_id"> <data type="token"> @@ -209,6 +198,16 @@ <data type="positiveInteger"/> </attribute> </optional> + <optional> + <element name="bpki_cert"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_glue"> + <ref name="base64"/> + </element> + </optional> <zeroOrMore> <element name="extension_preference"> <attribute name="name"> @@ -221,16 +220,6 @@ </data> </element> </zeroOrMore> - <optional> - <element name="biz_cert"> - <ref name="base64"/> - </element> - </optional> - <optional> - <element name="biz_glue"> - <ref name="base64"/> - </element> - </optional> </define> <define name="self_id"> <attribute name="self_id"> @@ -493,10 +482,24 @@ </attribute> </optional> <optional> - <ref name="peer_biz_cert"/> + <element name="bpki_cms_cert"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_cms_glue"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_https_cert"> + <ref name="base64"/> + </element> </optional> <optional> - <ref name="peer_biz_glue"/> + <element name="bpki_https_glue"> + <ref name="base64"/> + </element> </optional> </define> <define name="parent_elt" combine="choice"> @@ -595,10 +598,14 @@ </attribute> </optional> <optional> - <ref name="peer_biz_cert"/> + <element name="bpki_cert"> + <ref name="base64"/> + </element> </optional> <optional> - <ref name="peer_biz_glue"/> + <element name="bpki_glue"> + <ref name="base64"/> + </element> </optional> </define> <define name="child_elt" combine="choice"> @@ -697,10 +704,24 @@ </attribute> </optional> <optional> - <ref name="peer_biz_cert"/> + <element name="bpki_cms_cert"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_cms_glue"> + <ref name="base64"/> + </element> </optional> <optional> - <ref name="peer_biz_glue"/> + <element name="bpki_https_cert"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_https_glue"> + <ref name="base64"/> + </element> </optional> </define> <define name="repository_elt" combine="choice"> diff --git a/rpkid/rootd.py b/rpkid/rootd.py index b60bc4a8..8944d7f2 100755 --- a/rpkid/rootd.py +++ b/rpkid/rootd.py @@ -53,17 +53,17 @@ def stash_subject_pkcs10(pkcs10): f.close() def compose_response(r_msg): - rc = rpki.up_down.class_elt() - rc.class_name = rootd_name - rc.cert_url = rpki.up_down.multi_uri(rootd_cert) - rc.from_resource_bag(rpki_issuer.get_3779resources()) - rc.issuer = rpki_issuer - r_msg.payload.classes.append(rc) - rpki_subject = get_subject_cert() - if rpki_subject is not None: - rc.certs.append(rpki.up_down.certificate_elt()) - rc.certs[0].cert_url = rpki.up_down.multi_uri(rootd_cert) - rc.certs[0].cert = rpki_subject + rc = rpki.up_down.class_elt() + rc.class_name = rootd_name + rc.cert_url = rpki.up_down.multi_uri(rootd_cert) + rc.from_resource_bag(rpki_issuer.get_3779resources()) + rc.issuer = rpki_issuer + r_msg.payload.classes.append(rc) + rpki_subject = get_subject_cert() + if rpki_subject is not None: + rc.certs.append(rpki.up_down.certificate_elt()) + rc.certs[0].cert_url = rpki.up_down.multi_uri(rootd_cert) + rc.certs[0].cert = rpki_subject class list_pdu(rpki.up_down.list_pdu): def serve_pdu(self, q_msg, r_msg, ignored): @@ -177,7 +177,7 @@ child_bpki_cert = rpki.x509.X509(Auto_file = cfg.get("child-bpki-cert")) https_server_host = cfg.get("server-host", "") https_server_port = int(cfg.get("server-port")) -rpki_key = rpki.x509.RSA(Auto_file = cfg.get("rpki-key")) +rpki_key = rpki.x509.RSA( Auto_file = cfg.get("rpki-key")) rpki_issuer = rpki.x509.X509(Auto_file = cfg.get("rpki-issuer")) rpki_subject_filename = cfg.get("rpki-subject-filename") diff --git a/rpkid/rpki/__init__.py b/rpkid/rpki/__init__.py index 3e0c653b..00c921e3 100644 --- a/rpkid/rpki/__init__.py +++ b/rpkid/rpki/__init__.py @@ -464,18 +464,23 @@ ## parent --action= --type= --tag= --self_id= --parent_id= ## --bsc_id= --repository_id= --peer_contact_uri= ## --sia_base= --sender_name= --recipient_name= -## --peer_biz_cert= --peer_biz_glue= --rekey --reissue --revoke +## --bpki_cms_cert= --bpki_cms_glue= +## --bpki_https_cert= --bpki_https_glue= +## --rekey --reissue --revoke ## ## repository --action= --type= --tag= --self_id= --repository_id= -## --bsc_id= --peer_contact_uri= --peer_biz_cert= --peer_biz_glue= +## --bsc_id= --peer_contact_uri= +## --bpki_cms_cert= --bpki_cms_glue= +## --bpki_https_cert= --bpki_https_glue= ## ## self --action= --type= --tag= --self_id= --crl_interval= +## --bpki_cert= --bpki_glue= ## --extension_preference= --rekey --reissue --revoke -## --run_now --publish_world_now -## --clear_extension_preferences +## --run_now --publish_world_now +## --clear_extension_preferences ## ## child --action= --type= --tag= --self_id= --child_id= -## --bsc_id= --peer_biz_cert= --peer_biz_glue= --reissue +## --bsc_id= --bpki_cms_cert= --bpki_cms_glue= --reissue ## ## route_origin --action= --type= --tag= --self_id= --route_origin_id= ## --as_number= --ipv4= --ipv6= --suppress_publication diff --git a/rpkid/rpki/gctx.py b/rpkid/rpki/gctx.py index 127205f7..f3c8c4b4 100644 --- a/rpkid/rpki/gctx.py +++ b/rpkid/rpki/gctx.py @@ -72,12 +72,12 @@ class global_context(object): q_msg[0].child_id = child_id q_cms = rpki.left_right.cms_msg.wrap(q_msg, self.rpkid_key, self.rpkid_cert) der = rpki.https.client( + server_ta = (self.bpki_ta, self.irdb_cert), client_key = self.rpkid_key, client_cert = self.rpkid_cert, - server_ta = self.irdb_cert, url = self.irdb_url, msg = q_cms) - r_msg = rpki.left_right.cms_msg.unwrap(der, self.irdb_cert) + r_msg = rpki.left_right.cms_msg.unwrap(der, (self.bpki_ta, self.irdb_cert)) if len(r_msg) == 0 or not isinstance(r_msg[0], rpki.left_right.list_resources_elt) or r_msg[0].type != "reply": raise rpki.exceptions.BadIRDBReply, "Unexpected response to IRDB query: %s" % lxml.etree.tostring(r_msg.toXML(), pretty_print = True, encoding = "us-ascii") return rpki.resource_set.resource_bag( @@ -172,14 +172,14 @@ class global_context(object): store = POW.X509Store() selves = rpki.left_right.self_elt.sql_fetch_all(self) children = rpki.left_right.child_elt.sql_fetch_all(self) - certs = [c.peer_biz_cert for c in children if c.peer_biz_cert is not None] + \ - [c.peer_biz_glue for c in children if c.peer_biz_glue is not None] + \ - [s.biz_cert for s in selves if s.biz_cert is not None] + \ - [s.biz_glue for s in selves if s.biz_glue is not None] + \ + certs = [c.bpki_cert for c in children if c.bpki_cert is not None] + \ + [c.bpki_glue for c in children if c.bpki_glue is not None] + \ + [s.bpki_cert for s in selves if s.bpki_cert is not None] + \ + [s.bpki_glue for s in selves if s.bpki_glue is not None] + \ [self.irbe_cert, self.irdb_cert, self.bpki_ta] for x in certs: if rpki.https.debug_tls_certs: - rpki.log.debug("HTTPS dynamic trusted cert %s" % x.getSubject()) + rpki.log.debug("HTTPS dynamic trusted cert issuer %s subject %s" % (x.getIssuer(), x.getSubject())) store.addTrust(x.get_POW()) self.https_ta_cache = store diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py index b5338f5d..2e70455b 100644 --- a/rpkid/rpki/https.py +++ b/rpkid/rpki/https.py @@ -60,7 +60,7 @@ class Checker(tlslite.api.Checker): for x in trust_anchor: if debug_tls_certs: - rpki.log.debug("HTTPS trusted cert %s" % x.getSubject()) + rpki.log.debug("HTTPS trusted cert issuer %s subject %s" % (x.getIssuer(), x.getSubject())) self.x509store.addTrust(x.get_POW()) def x509store_thunk(self): @@ -83,7 +83,7 @@ class Checker(tlslite.api.Checker): if debug_tls_certs: for i in range(len(chain)): - rpki.log.debug("Received %s TLS cert[%d] %s" % (peer, i, chain[i].getSubject())) + rpki.log.debug("Received %s TLS cert[%d] issuer %s subject %s" % (peer, i, chain[i].getIssuer(), chain[i].getSubject())) if not self.x509store_thunk().verifyChain(chain[0].get_POW(), [x.get_POW() for x in chain[1:]]): if disable_tls_certificate_validation_exceptions: @@ -123,9 +123,11 @@ def client(msg, client_key, client_cert, server_ta, url, timeout = 300): u.query == "" and \ u.fragment == "" + rpki.log.debug("Contacting URL %s" % url) + if debug_tls_certs: for cert in (client_cert,) if isinstance(client_cert, rpki.x509.X509) else client_cert: - rpki.log.debug("Sending client TLS cert %s" % cert.getSubject()) + rpki.log.debug("Sending client TLS cert issuer %s subject %s" % (cert.getIssuer(), cert.getSubject())) # We could add a "settings = foo" argument to the following call to # pass in a tlslite.HandshakeSettings object that would let us diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py index db7f9191..2edd8ca3 100644 --- a/rpkid/rpki/left_right.py +++ b/rpkid/rpki/left_right.py @@ -215,18 +215,18 @@ class self_elt(data_elt): element_name = "self" attributes = ("action", "type", "tag", "self_id", "crl_interval", "regen_margin") - elements = ("extension_preference", "biz_cert", "biz_glue") + elements = ("extension_preference", "bpki_cert", "bpki_glue") booleans = ("rekey", "reissue", "revoke", "run_now", "publish_world_now", "clear_extension_preferences") sql_template = rpki.sql.template("self", "self_id", "use_hsm", "crl_interval", "regen_margin", - ("biz_cert", rpki.x509.X509), ("biz_glue", rpki.x509.X509)) + ("bpki_cert", rpki.x509.X509), ("bpki_glue", rpki.x509.X509)) self_id = None use_hsm = False crl_interval = None regen_margin = None - biz_cert = None - biz_glue = None + bpki_cert = None + bpki_glue = None def __init__(self): """Initialize a self_elt.""" @@ -325,16 +325,16 @@ class self_elt(data_elt): self.prefs.append(pref) stack.append(pref) pref.startElement(stack, name, attrs) - elif name not in ("biz_cert", "biz_glue"): + elif name not in ("bpki_cert", "bpki_glue"): assert name == "self", "Unexpected name %s, stack %s" % (name, stack) self.read_attrs(attrs) def endElement(self, stack, name, text): """Handle <self/> element.""" - if name == "biz_cert": - self.biz_cert = rpki.x509.X509(Base64 = text) - elif name == "biz_glue": - self.biz_glue = rpki.x509.X509(Base64 = text) + if name == "bpki_cert": + self.bpki_cert = rpki.x509.X509(Base64 = text) + elif name == "bpki_glue": + self.bpki_glue = rpki.x509.X509(Base64 = text) else: assert name == "self", "Unexpected name %s, stack %s" % (name, stack) stack.pop() @@ -342,6 +342,10 @@ class self_elt(data_elt): def toXML(self): """Generate <self/> element.""" elt = self.make_elt() + if self.bpki_cert and not self.bpki_cert.empty(): + self.make_b64elt(elt, "bpki_cert", self.bpki_cert.get_DER()) + if self.bpki_glue and not self.bpki_glue.empty(): + self.make_b64elt(elt, "bpki_glue", self.bpki_glue.get_DER()) elt.extend([i.toXML() for i in self.prefs]) return elt @@ -532,15 +536,18 @@ class parent_elt(data_elt): element_name = "parent" attributes = ("action", "type", "tag", "self_id", "parent_id", "bsc_id", "repository_id", "peer_contact_uri", "sia_base", "sender_name", "recipient_name") - elements = ("peer_biz_cert", "peer_biz_glue") + elements = ("bpki_cms_cert", "bpki_cms_glue", "bpki_https_cert", "bpki_https_glue") booleans = ("rekey", "reissue", "revoke") sql_template = rpki.sql.template("parent", "parent_id", "self_id", "bsc_id", "repository_id", - ("peer_biz_cert", rpki.x509.X509), ("peer_biz_glue", rpki.x509.X509), + ("bpki_cms_cert", rpki.x509.X509), ("bpki_cms_glue", rpki.x509.X509), + ("bpki_https_cert", rpki.x509.X509), ("bpki_https_glue", rpki.x509.X509), "peer_contact_uri", "sia_base", "sender_name", "recipient_name") - peer_biz_cert = None - peer_biz_glue = None + bpki_cms_cert = None + bpki_cms_glue = None + bpki_https_cert = None + bpki_https_glue = None def repository(self): """Fetch repository object to which this parent object links.""" @@ -570,16 +577,20 @@ class parent_elt(data_elt): def startElement(self, stack, name, attrs): """Handle <parent/> element.""" - if name not in ("peer_biz_cert", "peer_biz_glue"): + if name not in ("bpki_cms_cert", "bpki_cms_glue", "bpki_https_cert", "bpki_https_glue"): assert name == "parent", "Unexpected name %s, stack %s" % (name, stack) self.read_attrs(attrs) def endElement(self, stack, name, text): """Handle <parent/> element.""" - if name == "peer_biz_cert": - self.peer_biz_cert = rpki.x509.X509(Base64 = text) - elif name == "peer_biz_glue": - self.peer_biz_glue = rpki.x509.X509(Base64 = text) + if name == "bpki_cms_cert": + self.bpki_cms_cert = rpki.x509.X509(Base64 = text) + elif name == "bpki_cms_glue": + self.bpki_cms_glue = rpki.x509.X509(Base64 = text) + elif name == "bpki_https_cert": + self.bpki_https_cert = rpki.x509.X509(Base64 = text) + elif name == "bpki_https_glue": + self.bpki_https_glue = rpki.x509.X509(Base64 = text) else: assert name == "parent", "Unexpected name %s, stack %s" % (name, stack) stack.pop() @@ -587,10 +598,14 @@ class parent_elt(data_elt): def toXML(self): """Generate <parent/> element.""" elt = self.make_elt() - if self.peer_biz_cert and not self.peer_biz_cert.empty(): - self.make_b64elt(elt, "peer_biz_cert", self.peer_biz_cert.get_DER()) - if self.peer_biz_glue and not self.peer_biz_glue.empty(): - self.make_b64elt(elt, "peer_biz_glue", self.peer_biz_glue.get_DER()) + if self.bpki_cms_cert and not self.bpki_cms_cert.empty(): + self.make_b64elt(elt, "bpki_cms_cert", self.bpki_cms_cert.get_DER()) + if self.bpki_cms_glue and not self.bpki_cms_glue.empty(): + self.make_b64elt(elt, "bpki_cms_glue", self.bpki_cms_glue.get_DER()) + if self.bpki_https_cert and not self.bpki_https_cert.empty(): + self.make_b64elt(elt, "bpki_https_cert", self.bpki_https_cert.get_DER()) + if self.bpki_https_glue and not self.bpki_https_glue.empty(): + self.make_b64elt(elt, "bpki_https_glue", self.bpki_https_glue.get_DER()) return elt def query_up_down(self, q_pdu): @@ -619,13 +634,16 @@ class parent_elt(data_elt): recipient = self.recipient_name) q_cms = rpki.up_down.cms_msg.wrap(q_msg, bsc.private_key_id, bsc.signing_cert) - der = rpki.https.client(server_ta = self.peer_biz_cert, + assert self.self().bpki_cert is not None + assert self.bpki_https_cert is not None + + der = rpki.https.client(server_ta = (self.gctx.bpki_ta, self.self().bpki_cert, self.bpki_https_cert), client_key = bsc.private_key_id, client_cert = bsc.signing_cert, msg = q_cms, url = self.peer_contact_uri) - r_msg = rpki.up_down.cms_msg.unwrap(der, self.peer_biz_cert) + r_msg = rpki.up_down.cms_msg.unwrap(der, (self.gctx.bpki_ta, self.self().bpki_cert, self.bpki_cms_cert)) r_msg.payload.check_response() return r_msg @@ -635,13 +653,15 @@ class child_elt(data_elt): element_name = "child" attributes = ("action", "type", "tag", "self_id", "child_id", "bsc_id") - elements = ("peer_biz_cert", "peer_biz_glue") + elements = ("bpki_cert", "bpki_glue") booleans = ("reissue", ) - sql_template = rpki.sql.template("child", "child_id", "self_id", "bsc_id", ("peer_biz_cert", rpki.x509.X509)) + sql_template = rpki.sql.template("child", "child_id", "self_id", "bsc_id", + ("bpki_cert", rpki.x509.X509), + ("bpki_glue", rpki.x509.X509)) - peer_biz_cert = None - peer_biz_glue = None + bpki_cert = None + bpki_glue = None clear_https_ta_cache = False def child_certs(self, ca_detail = None, ski = None, unique = False): @@ -671,17 +691,17 @@ class child_elt(data_elt): def startElement(self, stack, name, attrs): """Handle <child/> element.""" - if name not in ("peer_biz_cert", "peer_biz_glue"): + if name not in ("bpki_cert", "bpki_glue"): assert name == "child", "Unexpected name %s, stack %s" % (name, stack) self.read_attrs(attrs) def endElement(self, stack, name, text): """Handle <child/> element.""" - if name == "peer_biz_cert": - self.peer_biz_cert = rpki.x509.X509(Base64 = text) + if name == "bpki_cert": + self.bpki_cert = rpki.x509.X509(Base64 = text) self.clear_https_ta_cache = True - elif name == "peer_biz_glue": - self.peer_biz_glue = rpki.x509.X509(Base64 = text) + elif name == "bpki_glue": + self.bpki_glue = rpki.x509.X509(Base64 = text) self.clear_https_ta_cache = True else: assert name == "child", "Unexpected name %s, stack %s" % (name, stack) @@ -690,10 +710,10 @@ class child_elt(data_elt): def toXML(self): """Generate <child/> element.""" elt = self.make_elt() - if self.peer_biz_cert and not self.peer_biz_cert.empty(): - self.make_b64elt(elt, "peer_biz_cert", self.peer_biz_cert.get_DER()) - if self.peer_biz_glue and not self.peer_biz_glue.empty(): - self.make_b64elt(elt, "peer_biz_glue", self.peer_biz_glue.get_DER()) + if self.bpki_cert and not self.bpki_cert.empty(): + self.make_b64elt(elt, "bpki_cert", self.bpki_cert.get_DER()) + if self.bpki_glue and not self.bpki_glue.empty(): + self.make_b64elt(elt, "bpki_glue", self.bpki_glue.get_DER()) return elt def serve_up_down(self, query): @@ -704,7 +724,7 @@ class child_elt(data_elt): bsc = self.bsc() if bsc is None: raise rpki.exceptions.BSCNotFound, "Could not find BSC %s" % self.bsc_id - q_msg = rpki.up_down.cms_msg.unwrap(query, self.peer_biz_cert) + q_msg = rpki.up_down.cms_msg.unwrap(query, (self.gctx.bpki_ta, self.self().bpki_cert, self.bpki_cert)) q_msg.payload.gctx = self.gctx if enforce_strict_up_down_xml_sender and q_msg.sender != str(self.child_id): raise rpki.exceptions.BadSender, "Unexpected XML sender %s" % q_msg.sender @@ -726,14 +746,16 @@ class repository_elt(data_elt): element_name = "repository" attributes = ("action", "type", "tag", "self_id", "repository_id", "bsc_id", "peer_contact_uri") - elements = ("peer_biz_cert", "peer_biz_glue") + elements = ("bpki_cms_cert", "bpki_cms_glue", "bpki_https_cert", "bpki_https_glue") - sql_template = rpki.sql.template("repository", "repository_id", "self_id", "bsc_id", - ("peer_biz_cert", rpki.x509.X509), "peer_contact_uri", - ("peer_biz_glue", rpki.x509.X509)) + sql_template = rpki.sql.template("repository", "repository_id", "self_id", "bsc_id", "peer_contact_uri", + ("bpki_cms_cert", rpki.x509.X509), ("bpki_cms_glue", rpki.x509.X509), + ("bpki_https_cert", rpki.x509.X509), ("bpki_https_glue", rpki.x509.X509)) - peer_biz_cert = None - peer_biz_glue = None + bpki_cms_cert = None + bpki_cms_glue = None + bpki_https_cert = None + bpki_https_glue = None def parents(self): """Fetch all parent objects that link to this repository object.""" @@ -741,16 +763,20 @@ class repository_elt(data_elt): def startElement(self, stack, name, attrs): """Handle <repository/> element.""" - if name not in ("peer_biz_cert", "peer_biz_glue"): + if name not in ("bpki_cms_cert", "bpki_cms_glue", "bpki_https_cert", "bpki_https_glue"): assert name == "repository", "Unexpected name %s, stack %s" % (name, stack) self.read_attrs(attrs) def endElement(self, stack, name, text): """Handle <repository/> element.""" - if name == "peer_biz_cert": - self.peer_biz_cert = rpki.x509.X509(Base64 = text) - elif name == "peer_biz_glue": - self.peer_biz_glue = rpki.x509.X509(Base64 = text) + if name == "bpki_cms_cert": + self.bpki_cms_cert = rpki.x509.X509(Base64 = text) + elif name == "bpki_cms_glue": + self.bpki_cms_glue = rpki.x509.X509(Base64 = text) + elif name == "bpki_https_cert": + self.bpki_https_cert = rpki.x509.X509(Base64 = text) + elif name == "bpki_https_glue": + self.bpki_https_glue = rpki.x509.X509(Base64 = text) else: assert name == "repository", "Unexpected name %s, stack %s" % (name, stack) stack.pop() @@ -758,10 +784,14 @@ class repository_elt(data_elt): def toXML(self): """Generate <repository/> element.""" elt = self.make_elt() - if self.peer_biz_cert: - self.make_b64elt(elt, "peer_biz_cert", self.peer_biz_cert.get_DER()) - if self.peer_biz_glue: - self.make_b64elt(elt, "peer_biz_glue", self.peer_biz_glue.get_DER()) + if self.bpki_cms_cert: + self.make_b64elt(elt, "bpki_cms_cert", self.bpki_cms_cert.get_DER()) + if self.bpki_cms_glue: + self.make_b64elt(elt, "bpki_cms_glue", self.bpki_cms_glue.get_DER()) + if self.bpki_https_cert: + self.make_b64elt(elt, "bpki_https_cert", self.bpki_https_cert.get_DER()) + if self.bpki_https_glue: + self.make_b64elt(elt, "bpki_https_glue", self.bpki_https_glue.get_DER()) return elt @staticmethod diff --git a/rpkid/rpki/relaxng.py b/rpkid/rpki/relaxng.py index c201cbbc..6dab0e87 100644 --- a/rpkid/rpki/relaxng.py +++ b/rpkid/rpki/relaxng.py @@ -6,7 +6,7 @@ import lxml.etree ## Parsed RelaxNG left_right schema left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encoding="UTF-8"?> <!-- - $Id: left-right-schema.rng 1701 2008-04-24 05:44:46Z sra $ + $Id: left-right-schema.rnc 1701 2008-04-24 05:44:46Z sra $ RelaxNG (Compact Syntax) Schema for RPKI left-right protocol. @@ -146,17 +146,6 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc <param name="maxLength">512000</param> </data> </define> - <!-- How we wrap peer business cert elements --> - <define name="peer_biz_cert"> - <element name="peer_biz_cert"> - <ref name="base64"/> - </element> - </define> - <define name="peer_biz_glue"> - <element name="peer_biz_glue"> - <ref name="base64"/> - </element> - </define> <!-- Base definition for all fields that are really just SQL primary indices --> <define name="sql_id"> <data type="token"> @@ -215,6 +204,16 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc <data type="positiveInteger"/> </attribute> </optional> + <optional> + <element name="bpki_cert"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_glue"> + <ref name="base64"/> + </element> + </optional> <zeroOrMore> <element name="extension_preference"> <attribute name="name"> @@ -227,16 +226,6 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc </data> </element> </zeroOrMore> - <optional> - <element name="biz_cert"> - <ref name="base64"/> - </element> - </optional> - <optional> - <element name="biz_glue"> - <ref name="base64"/> - </element> - </optional> </define> <define name="self_id"> <attribute name="self_id"> @@ -499,10 +488,24 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc </attribute> </optional> <optional> - <ref name="peer_biz_cert"/> + <element name="bpki_cms_cert"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_cms_glue"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_https_cert"> + <ref name="base64"/> + </element> </optional> <optional> - <ref name="peer_biz_glue"/> + <element name="bpki_https_glue"> + <ref name="base64"/> + </element> </optional> </define> <define name="parent_elt" combine="choice"> @@ -601,10 +604,14 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc </attribute> </optional> <optional> - <ref name="peer_biz_cert"/> + <element name="bpki_cert"> + <ref name="base64"/> + </element> </optional> <optional> - <ref name="peer_biz_glue"/> + <element name="bpki_glue"> + <ref name="base64"/> + </element> </optional> </define> <define name="child_elt" combine="choice"> @@ -703,10 +710,24 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc </attribute> </optional> <optional> - <ref name="peer_biz_cert"/> + <element name="bpki_cms_cert"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_cms_glue"> + <ref name="base64"/> + </element> </optional> <optional> - <ref name="peer_biz_glue"/> + <element name="bpki_https_cert"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_https_glue"> + <ref name="base64"/> + </element> </optional> </define> <define name="repository_elt" combine="choice"> diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py index 71ff4d53..f43d882a 100644 --- a/rpkid/rpki/x509.py +++ b/rpkid/rpki/x509.py @@ -588,13 +588,13 @@ class CMS_object(DER_object): for x in ta: if self.debug_cms_certs: - rpki.log.debug("CMS trusted cert %s" % x.getSubject()) + rpki.log.debug("CMS trusted cert issuer %s subject %s" % (x.getIssuer(), x.getSubject())) store.addTrust(x.get_POW()) if self.debug_cms_certs: try: for x in cms.certs(): - rpki.log.debug("Received CMS cert %s" % x.getSubject()) + rpki.log.debug("Received CMS cert issuer %s subject %s" % (x.getIssuer(), x.getSubject())) except: pass diff --git a/rpkid/testbed.py b/rpkid/testbed.py index 3cd2a4b1..dda8a6c4 100644 --- a/rpkid/testbed.py +++ b/rpkid/testbed.py @@ -118,6 +118,7 @@ def main(): rpki.log.init(testbed_name) rpki.log.info("Starting") + rpki.log.set_trace(True) signal.signal(signal.SIGALRM, wakeup) @@ -141,8 +142,6 @@ def main(): rpki.log.info("Constructing biz keys and certs for rootd") setup_biz_cert_chain(rootd_name, ee = ("RPKI",)) - global rootd_ta - rootd_ta = rpki.x509.X509(PEM_file = rootd_name + "-TA.cer") for a in db: a.setup_biz_certs() @@ -592,18 +591,18 @@ class allocation(object): that one is the magic self-signed micro engine. """ - rpki.log.info("Creating rpkid self object for %s" % self.name) self_ca = rpki.x509.X509(Auto_file = self.name + "-SELF-1.cer") + rpki.log.info("Creating rpkid self object for %s" % self.name) self.self_id = self.call_rpkid(rpki.left_right.self_elt.make_pdu( - action = "create", crl_interval = self.crl_interval, regen_margin = self.regen_margin, biz_cert = self_ca)).self_id + action = "create", crl_interval = self.crl_interval, regen_margin = self.regen_margin, bpki_cert = self_ca)).self_id rpki.log.info("Creating rpkid BSC object for %s" % self.name) pdu = self.call_rpkid(rpki.left_right.bsc_elt.make_pdu(action = "create", self_id = self.self_id, generate_keypair = True)) self.bsc_id = pdu.bsc_id rpki.log.info("Issuing BSC EE cert for %s" % self.name) - cmd = (prog_openssl, "x509", "-req", "-extfile", self.name + "-RPKI.cnf", "-extensions", "req_x509_ext", "-days", "30", - "-CA", self.name + "-SELF-1.cer", "-CAkey", self.name + "-SELF-1.key", "-CAcreateserial") + cmd = (prog_openssl, "x509", "-req", "-sha256", "-extfile", self.name + "-RPKI.conf", "-extensions", "req_x509_ext", "-days", "30", + "-CA", self.name + "-SELF-1.cer", "-CAkey", self.name + "-SELF-1.key", "-CAcreateserial", "-text") signer = subprocess.Popen(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE) signed = signer.communicate(input = pdu.pkcs10_request.get_PEM()) if not signed[0]: @@ -614,29 +613,33 @@ class allocation(object): rpki.log.info("Installing BSC EE cert for %s" % self.name) self.call_rpkid(rpki.left_right.bsc_elt.make_pdu(action = "set", self_id = self.self_id, bsc_id = self.bsc_id, signing_cert = (bsc_ee,))) + # Once we have a real repository protocol we'll have to do cross-certification here rpki.log.info("Creating rpkid repository object for %s" % self.name) self.repository_id = self.call_rpkid(rpki.left_right.repository_elt.make_pdu(action = "create", self_id = self.self_id, bsc_id = self.bsc_id)).repository_id rpki.log.info("Creating rpkid parent object for %s" % self.name) if self.is_root(): + rootd_cert = cross_certify(self.name + "-SELF-1", rootd_name + "-TA") self.parent_id = self.call_rpkid(rpki.left_right.parent_elt.make_pdu( action = "create", self_id = self.self_id, bsc_id = self.bsc_id, repository_id = self.repository_id, sia_base = self.sia_base, - peer_biz_cert = rootd_ta, sender_name = self.name, recipient_name = "Walrus", + bpki_cms_cert = rootd_cert, bpki_https_cert = rootd_cert, sender_name = self.name, recipient_name = "Walrus", peer_contact_uri = "https://localhost:%s/" % rootd_port)).parent_id else: + parent_cms_cert = cross_certify(self.name + "-SELF-1", self.parent.name + "-SELF-1") + parent_https_cert = cross_certify(self.name + "-SELF-1", self.parent.name + "-TA") self.parent_id = self.call_rpkid(rpki.left_right.parent_elt.make_pdu( action = "create", self_id = self.self_id, bsc_id = self.bsc_id, repository_id = self.repository_id, sia_base = self.sia_base, - peer_biz_cert = self.parent.rpkid_ta, sender_name = self.name, recipient_name = self.parent.name, + bpki_cms_cert = parent_cms_cert, bpki_https_cert = parent_https_cert, sender_name = self.name, recipient_name = self.parent.name, peer_contact_uri = "https://localhost:%s/up-down/%s" % (self.parent.rpki_port, self.child_id))).parent_id rpki.log.info("Creating rpkid child objects for %s" % self.name) db = MySQLdb.connect(user = "irdb", db = self.irdb_db_name, passwd = irdb_db_pass) cur = db.cursor() for kid in self.kids: - peer_biz_cert = cross_certify(self.name + "-SELF-1", kid.name + "-SELF-1") + bpki_cert = cross_certify(self.name + "-SELF-1", kid.name + "-SELF-1") rpki.log.info("Creating rpkid child object for %s as child of %s" % (kid.name, self.name)) kid.child_id = self.call_rpkid(rpki.left_right.child_elt.make_pdu( - action = "create", self_id = self.self_id, bsc_id = self.bsc_id, peer_biz_cert = peer_biz_cert)).child_id + action = "create", self_id = self.self_id, bsc_id = self.bsc_id, bpki_cert = bpki_cert)).child_id cur.execute("UPDATE registrant SET rpki_self_id = %s, rpki_child_id = %s WHERE IRBE_mapped_id = %s", (self.self_id, kid.child_id, kid.name)) db.close() @@ -690,7 +693,7 @@ def setup_biz_cert_chain(name, ee = (), ca = ()): "kind" : kind, "ca" : "false" if kind in ee else "true", "openssl" : prog_openssl } - f = open("%(name)s-%(kind)s.cnf" % d, "w") + f = open("%(name)s-%(kind)s.conf" % d, "w") f.write(biz_cert_fmt_1 % d) f.close() if not os.path.exists("%(name)s-%(kind)s.key" % d): @@ -705,22 +708,23 @@ def setup_biz_cert_chain(name, ee = (), ca = ()): def cross_certify(certifier, certificant): """Cross-certify and return the resulting certificate.""" - rpki.log.info("Cross certifying %s into %s's BPKI" % (certificant, certifier)) certfile = certifier + "-" + certificant + ".cer" - signer = subprocess.Popen((prog_openssl, "x509", "-req", + rpki.log.trace() + rpki.log.info("Cross certifying %s into %s's BPKI (%s)" % (certificant, certifier, certfile)) + signer = subprocess.Popen((prog_openssl, "x509", "-req", "-sha256", "-text", + "-extensions", "req_x509_ext", "-CAcreateserial", "-in", certificant + ".req", "-out", certfile, - "-extfile", certifier + ".cnf", - "-extensions", "req_x509_ext", + "-extfile", certifier + ".conf", "-CA", certifier + ".cer", - "-CAkey", certifier + ".key", - "-CAcreateserial"), + "-CAkey", certifier + ".key"), stdout = subprocess.PIPE, stderr = subprocess.PIPE) errors = signer.communicate()[1] if signer.returncode != 0: - rpki.log.error("Cross certification error: " + errors) - raise RuntimeError, "Couldn't cross-certify %s into %s's BPKI" % (certificant, certifier) + msg = "Couldn't cross-certify %s into %s's BPKI: %s" % (certificant, certifier, errors) + rpki.log.error(msg) + raise RuntimeError, msg return rpki.x509.X509(Auto_file = certfile) def setup_rootd(rpkid_name, rpkid_tag): @@ -811,15 +815,15 @@ biz_cert_fmt_2 = '''\ ''' biz_cert_fmt_3 = '''\ -%(openssl)s req -new -key %(name)s-%(kind)s.key -out %(name)s-%(kind)s.req -config %(name)s-%(kind)s.cnf && +%(openssl)s req -new -sha256 -key %(name)s-%(kind)s.key -out %(name)s-%(kind)s.req -config %(name)s-%(kind)s.conf && ''' biz_cert_fmt_4 = '''\ -%(openssl)s x509 -req -in %(name)s-TA.req -out %(name)s-TA.cer -extfile %(name)s-TA.cnf -extensions req_x509_ext -signkey %(name)s-TA.key -days 60 \ +%(openssl)s x509 -req -sha256 -in %(name)s-TA.req -out %(name)s-TA.cer -extfile %(name)s-TA.conf -extensions req_x509_ext -signkey %(name)s-TA.key -days 60 -text \ ''' biz_cert_fmt_5 = ''' && \ -%(openssl)s x509 -req -in %(name)s-%(kind)s.req -out %(name)s-%(kind)s.cer -extfile %(name)s-%(kind)s.cnf -extensions req_x509_ext -days 30 \ +%(openssl)s x509 -req -sha256 -in %(name)s-%(kind)s.req -out %(name)s-%(kind)s.cer -extfile %(name)s-%(kind)s.conf -extensions req_x509_ext -days 30 -text \ -CA %(name)s-TA.cer -CAkey %(name)s-TA.key -CAcreateserial \ ''' @@ -941,10 +945,11 @@ rootd_fmt_2 = '''\ ''' rootd_fmt_3 = '''\ -%(openssl)s req -new -key %(rootd_name)s.key -out %(rootd_name)s.req -config %(rootd_name)s.conf -text && -%(openssl)s x509 -req -in %(rootd_name)s.req -out %(rootd_name)s.cer -outform DER -extfile %(rootd_name)s.conf -extensions req_x509_ext -signkey %(rootd_name)s.key && -%(openssl)s x509 -req -in %(rpkid_name)s-%(rpkid_tag)s.req -out %(rootd_name)s-%(rpkid_name)s.cer -extfile %(rootd_name)s.conf -extensions req_x509_ext \ - -CA %(rootd_name)s-TA.cer -CAkey %(rootd_name)s-TA.key -CAcreateserial +%(openssl)s req -new -sha256 -key %(rootd_name)s.key -out %(rootd_name)s.req -config %(rootd_name)s.conf -text && +%(openssl)s x509 -req -sha256 -in %(rootd_name)s.req -out %(rootd_name)s.cer -outform DER -extfile %(rootd_name)s.conf -extensions req_x509_ext \ + -signkey %(rootd_name)s.key && +%(openssl)s x509 -req -sha256 -in %(rpkid_name)s-%(rpkid_tag)s.req -out %(rootd_name)s-%(rpkid_name)s.cer -extfile %(rootd_name)s.conf -extensions req_x509_ext -text \ + -CA %(rootd_name)s-TA.cer -CAkey %(rootd_name)s-TA.key -CAcreateserial ''' rcynic_fmt_1 = '''\ |