Convert zookeeper to use new (IETF standards track I-D) out-of-band

configuration protocol instead of the crufty ancient "myrpki" version. Semantics largely unchanged, differences are primarily syntax and cleanup of historical baggage, but only the new protocol includes RRDP support, which we're gonna need. At some point we should write XSL transforms that map between the useful portions of the old protocol and the modern equivalent. svn path=/branches/tk705/; revision=6119
author: Rob Austein <sra@hactrn.net> 2015-10-15 23:51:51 +0000
committer: Rob Austein <sra@hactrn.net> 2015-10-15 23:51:51 +0000
commit: aedcb72ef383dd9c2a146903f9fbdac9915e9af0 (patch)
tree: 347be64c29bd5bd41c45c740b51a8261499282f8 /schemas/relaxng
parent: 8dacc2118b49b2fa0b4519960452b750940baf2f (diff)
2 files changed, 236 insertions, 0 deletions
diff --git a/schemas/relaxng/oob-setup.rnc b/schemas/relaxng/oob-setup.rnc
new file mode 100644
index 00000000..3bd7a652
--- /dev/null
+++ b/schemas/relaxng/oob-setup.rnc
@@ -0,0 +1,68 @@
+# $Id: rpki-setup.rnc 3429 2015-10-14 23:46:50Z sra $
+
+default namespace = "http://www.hactrn.net/uris/rpki/rpki-setup/"
+
+version = "1"
+
+base64  = xsd:base64Binary { maxLength="512000" }
+handle  = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]*" }
+uri     = xsd:anyURI { maxLength="4096" }
+any     = element * { attribute * { text }*, ( any | text )* }
+
+authorization_token = base64
+bpki_ta = base64
+
+start |= element child_request {
+  attribute version { version },
+  attribute child_handle { handle },
+  element child_bpki_ta { bpki_ta }
+}
+
+start |= element parent_response {
+  attribute version { version },
+  attribute service_uri { uri },
+  attribute child_handle { handle },
+  attribute parent_handle { handle },
+  element parent_bpki_ta { bpki_ta },
+  element offer { empty }?,
+  element referral {
+    attribute referrer { handle },
+    attribute contact_uri { uri }?,
+    authorization_token
+  }*
+}
+
+start |= element publisher_request {
+  attribute version { version },
+  attribute publisher_handle { handle },
+  element publisher_bpki_ta { bpki_ta },
+  element referral {
+    attribute referrer { handle },
+    authorization_token
+  }*
+}
+
+start |= element repository_response {
+  attribute version { version },
+  attribute service_uri { uri },
+  attribute publisher_handle { handle },
+  attribute sia_base { uri },
+  attribute rrdp_notification_uri { uri }?,
+  element repository_bpki_ta { bpki_ta }
+}
+
+start |= element authorization {
+  attribute version { version },
+  attribute authorized_sia_base { uri },
+  bpki_ta
+}
+
+start |= element error {
+  attribute version { version },
+  attribute reason {
+    "syntax-error" |
+    "authentication-failure" |
+    "refused"
+  },
+  any?
+}
diff --git a/schemas/relaxng/oob-setup.rng b/schemas/relaxng/oob-setup.rng
new file mode 100644
index 00000000..00278047
--- /dev/null
+++ b/schemas/relaxng/oob-setup.rng
@@ -0,0 +1,168 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- $Id: rpki-setup.rnc 3429 2015-10-14 23:46:50Z sra $ -->
+<grammar ns="http://www.hactrn.net/uris/rpki/rpki-setup/" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+  <define name="version">
+    <value>1</value>
+  </define>
+  <define name="base64">
+    <data type="base64Binary">
+      <param name="maxLength">512000</param>
+    </data>
+  </define>
+  <define name="handle">
+    <data type="string">
+      <param name="maxLength">255</param>
+      <param name="pattern">[\-_A-Za-z0-9/]*</param>
+    </data>
+  </define>
+  <define name="uri">
+    <data type="anyURI">
+      <param name="maxLength">4096</param>
+    </data>
+  </define>
+  <define name="any">
+    <element>
+      <anyName/>
+      <zeroOrMore>
+        <attribute>
+          <anyName/>
+        </attribute>
+      </zeroOrMore>
+      <zeroOrMore>
+        <choice>
+          <ref name="any"/>
+          <text/>
+        </choice>
+      </zeroOrMore>
+    </element>
+  </define>
+  <define name="authorization_token">
+    <ref name="base64"/>
+  </define>
+  <define name="bpki_ta">
+    <ref name="base64"/>
+  </define>
+  <start combine="choice">
+    <element name="child_request">
+      <attribute name="version">
+        <ref name="version"/>
+      </attribute>
+      <attribute name="child_handle">
+        <ref name="handle"/>
+      </attribute>
+      <element name="child_bpki_ta">
+        <ref name="bpki_ta"/>
+      </element>
+    </element>
+  </start>
+  <start combine="choice">
+    <element name="parent_response">
+      <attribute name="version">
+        <ref name="version"/>
+      </attribute>
+      <attribute name="service_uri">
+        <ref name="uri"/>
+      </attribute>
+      <attribute name="child_handle">
+        <ref name="handle"/>
+      </attribute>
+      <attribute name="parent_handle">
+        <ref name="handle"/>
+      </attribute>
+      <element name="parent_bpki_ta">
+        <ref name="bpki_ta"/>
+      </element>
+      <optional>
+        <element name="offer">
+          <empty/>
+        </element>
+      </optional>
+      <zeroOrMore>
+        <element name="referral">
+          <attribute name="referrer">
+            <ref name="handle"/>
+          </attribute>
+          <optional>
+            <attribute name="contact_uri">
+              <ref name="uri"/>
+            </attribute>
+          </optional>
+          <ref name="authorization_token"/>
+        </element>
+      </zeroOrMore>
+    </element>
+  </start>
+  <start combine="choice">
+    <element name="publisher_request">
+      <attribute name="version">
+        <ref name="version"/>
+      </attribute>
+      <attribute name="publisher_handle">
+        <ref name="handle"/>
+      </attribute>
+      <element name="publisher_bpki_ta">
+        <ref name="bpki_ta"/>
+      </element>
+      <zeroOrMore>
+        <element name="referral">
+          <attribute name="referrer">
+            <ref name="handle"/>
+          </attribute>
+          <ref name="authorization_token"/>
+        </element>
+      </zeroOrMore>
+    </element>
+  </start>
+  <start combine="choice">
+    <element name="repository_response">
+      <attribute name="version">
+        <ref name="version"/>
+      </attribute>
+      <attribute name="service_uri">
+        <ref name="uri"/>
+      </attribute>
+      <attribute name="publisher_handle">
+        <ref name="handle"/>
+      </attribute>
+      <attribute name="sia_base">
+        <ref name="uri"/>
+      </attribute>
+      <optional>
+        <attribute name="rrdp_notification_uri">
+          <ref name="uri"/>
+        </attribute>
+      </optional>
+      <element name="repository_bpki_ta">
+        <ref name="bpki_ta"/>
+      </element>
+    </element>
+  </start>
+  <start combine="choice">
+    <element name="authorization">
+      <attribute name="version">
+        <ref name="version"/>
+      </attribute>
+      <attribute name="authorized_sia_base">
+        <ref name="uri"/>
+      </attribute>
+      <ref name="bpki_ta"/>
+    </element>
+  </start>
+  <start combine="choice">
+    <element name="error">
+      <attribute name="version">
+        <ref name="version"/>
+      </attribute>
+      <attribute name="reason">
+        <choice>
+          <value>syntax-error</value>
+          <value>authentication-failure</value>
+          <value>refused</value>
+        </choice>
+      </attribute>
+      <optional>
+        <ref name="any"/>
+      </optional>
+    </element>
+  </start>
+</grammar>
author	Rob Austein <sra@hactrn.net>	2015-10-15 23:51:51 +0000
committer	Rob Austein <sra@hactrn.net>	2015-10-15 23:51:51 +0000
commit	aedcb72ef383dd9c2a146903f9fbdac9915e9af0 (patch)
tree	347be64c29bd5bd41c45c740b51a8261499282f8 /schemas/relaxng
parent	8dacc2118b49b2fa0b4519960452b750940baf2f (diff)