diff options
| author | Rob Austein <sra@hactrn.net> | 2014-04-05 22:42:12 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2014-04-05 22:42:12 +0000 |
| commit | fe0bf509f528dbdc50c7182f81057c6a4e15e4bd (patch) | |
| tree | 07c9a923d4a0ccdfea11c49cd284f6d5757c5eda /schemas/relaxng/publication-schema.rnc | |
| parent | aa28ef54c271fbe4d52860ff8cf13cab19e2207c (diff) | |
Source tree reorg, phase 1. Almost everything moved, no file contents changed.
svn path=/branches/tk685/; revision=5757
Diffstat (limited to 'schemas/relaxng/publication-schema.rnc')
| -rw-r--r-- | schemas/relaxng/publication-schema.rnc | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/schemas/relaxng/publication-schema.rnc b/schemas/relaxng/publication-schema.rnc new file mode 100644 index 00000000..4353ae80 --- /dev/null +++ b/schemas/relaxng/publication-schema.rnc @@ -0,0 +1,137 @@ +# $Id$ +# +# RelaxNG schema for RPKI publication protocol. +# +# Copyright (C) 2012--2014 Dragon Research Labs ("DRL") +# Portions copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +# Portions copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notices and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND DRL, ISC, AND ARIN DISCLAIM ALL +# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL, +# ISC, OR ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +# OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, +# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION +# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +default namespace = "http://www.hactrn.net/uris/rpki/publication-spec/" + +# Top level PDU + +start = element msg { + attribute version { xsd:positiveInteger { maxInclusive="1" } }, + ( (attribute type { "query" }, query_elt*) | + (attribute type { "reply" }, reply_elt*) ) +} + +# PDUs allowed in a query +query_elt = ( config_query | client_query | certificate_query | crl_query | + manifest_query | roa_query | ghostbuster_query ) + +# PDUs allowed in a reply +reply_elt = ( config_reply | client_reply | certificate_reply | crl_reply | + manifest_reply | roa_reply | ghostbuster_reply | report_error_reply ) + +# Tag attributes for bulk operations +tag = attribute tag { xsd:token {maxLength="1024" } } + +# Base64 encoded DER stuff +#base64 = xsd:base64Binary { maxLength="512000" } +# +# Sadly, it turns out that CRLs can in fact get longer than this for an active CA. +# Remove length limit for now, think about whether to put it back later. +base64 = xsd:base64Binary + +# Publication URLs +uri_t = xsd:anyURI { maxLength="4096" } +uri = attribute uri { uri_t } + +# Handles on remote objects (replaces passing raw SQL IDs). NB: +# Unlike the up-down protocol, handles in this protocol allow "/" as a +# hierarchy delimiter. +object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]+" } + +# <config/> element (use restricted to repository operator) +# config_handle attribute, create, list, and destroy commands omitted deliberately, see code for details + +config_payload = (element bpki_crl { base64 }?) + +config_query |= element config { attribute action { "set" }, tag?, config_payload } +config_reply |= element config { attribute action { "set" }, tag? } +config_query |= element config { attribute action { "get" }, tag? } +config_reply |= element config { attribute action { "get" }, tag?, config_payload } + +# <client/> element (use restricted to repository operator) + +client_handle = attribute client_handle { object_handle } + +client_bool = attribute clear_replay_protection { "yes" }? + +client_payload = (attribute base_uri { uri_t }?, element bpki_cert { base64 }?, element bpki_glue { base64 }?) + +client_query |= element client { attribute action { "create" }, tag?, client_handle, client_bool, client_payload } +client_reply |= element client { attribute action { "create" }, tag?, client_handle } +client_query |= element client { attribute action { "set" }, tag?, client_handle, client_bool, client_payload } +client_reply |= element client { attribute action { "set" }, tag?, client_handle } +client_query |= element client { attribute action { "get" }, tag?, client_handle } +client_reply |= element client { attribute action { "get" }, tag?, client_handle, client_payload } +client_query |= element client { attribute action { "list" }, tag? } +client_reply |= element client { attribute action { "list" }, tag?, client_handle, client_payload } +client_query |= element client { attribute action { "destroy" }, tag?, client_handle } +client_reply |= element client { attribute action { "destroy" }, tag?, client_handle } + +# <certificate/> element + +certificate_query |= element certificate { attribute action { "publish" }, tag?, uri, base64 } +certificate_reply |= element certificate { attribute action { "publish" }, tag?, uri } +certificate_query |= element certificate { attribute action { "withdraw" }, tag?, uri } +certificate_reply |= element certificate { attribute action { "withdraw" }, tag?, uri } + +# <crl/> element + +crl_query |= element crl { attribute action { "publish" }, tag?, uri, base64 } +crl_reply |= element crl { attribute action { "publish" }, tag?, uri } +crl_query |= element crl { attribute action { "withdraw" }, tag?, uri } +crl_reply |= element crl { attribute action { "withdraw" }, tag?, uri } + +# <manifest/> element + +manifest_query |= element manifest { attribute action { "publish" }, tag?, uri, base64 } +manifest_reply |= element manifest { attribute action { "publish" }, tag?, uri } +manifest_query |= element manifest { attribute action { "withdraw" }, tag?, uri } +manifest_reply |= element manifest { attribute action { "withdraw" }, tag?, uri } + +# <roa/> element + +roa_query |= element roa { attribute action { "publish" }, tag?, uri, base64 } +roa_reply |= element roa { attribute action { "publish" }, tag?, uri } +roa_query |= element roa { attribute action { "withdraw" }, tag?, uri } +roa_reply |= element roa { attribute action { "withdraw" }, tag?, uri } + +# <ghostbuster/> element + +ghostbuster_query |= element ghostbuster { attribute action { "publish" }, tag?, uri, base64 } +ghostbuster_reply |= element ghostbuster { attribute action { "publish" }, tag?, uri } +ghostbuster_query |= element ghostbuster { attribute action { "withdraw" }, tag?, uri } +ghostbuster_reply |= element ghostbuster { attribute action { "withdraw" }, tag?, uri } + +# <report_error/> element + +error = xsd:token { maxLength="1024" } + +report_error_reply = element report_error { + tag?, + attribute error_code { error }, + xsd:string { maxLength="512000" }? +} + +# Local Variables: +# indent-tabs-mode: nil +# comment-start: "# " +# comment-start-skip: "#[ \t]*" +# End: |