11 files changed, 30 insertions, 57 deletions

diff --git a/rpkid/Makefile b/rpkid/Makefile
index 5af1437f..1801995c 100644
--- a/rpkid/Makefile
+++ b/rpkid/Makefile
@@ -23,11 +23,14 @@ relaxng: left-right-protocol-samples/.stamp left-right-schema.rng up-down-schema
 	xmllint --noout --relaxng left-right-schema.rng left-right-protocol-samples/*.xml
 	xmllint --noout --relaxng    up-down-schema.rng    up-down-protocol-samples/*.xml
 
+parse-test: all
+	python xml-parse-test.py
+
 # all:: resource-cert-samples-regen
 
 all-tests:: relaxng
 
-all-tests:: all ; python xml-parse-test.py
+all-tests:: parse-test
 
 resource-cert-samples-regen: resource-cert-samples/.stamp
 	cd resource-cert-samples && make
diff --git a/rpkid/irbe-cli.py b/rpkid/irbe-cli.py
index 9031afe1..f52435e5 100755
--- a/rpkid/irbe-cli.py
+++ b/rpkid/irbe-cli.py
@@ -83,10 +83,10 @@ class bsc_elt(cmd_mixin, rpki.left_right.bsc_elt):
 
   def client_reply_decode(self):
     global pem_out
-    if pem_out is not None and self.pkcs10_cert_request is not None:
+    if pem_out is not None and self.pkcs10_request is not None:
       if isinstance(pem_out, str):
         pem_out = open(pem_out, "w")
-      pem_out.write(self.pkcs10_cert_request.get_PEM())
+      pem_out.write(self.pkcs10_request.get_PEM())
 
 class parent_elt(cmd_mixin, rpki.left_right.parent_elt):
   pass
diff --git a/rpkid/irbe-setup.py b/rpkid/irbe-setup.py
index 0011bb09..cba4f791 100644
--- a/rpkid/irbe-setup.py
+++ b/rpkid/irbe-setup.py
@@ -86,7 +86,7 @@ i,o = os.popen2(("openssl", "x509", "-req",
                  "-CA", "biz-certs/Bob-CA.cer",
                  "-CAkey", "biz-certs/Bob-CA.key",
                  "-CAserial", "biz-certs/Bob-CA.srl"))
-i.write(pdu.pkcs10_cert_request.get_PEM())
+i.write(pdu.pkcs10_request.get_PEM())
 i.close()
 cer = rpki.x509.X509(PEM = o.read())
 o.close()
diff --git a/rpkid/left-right-protocol-samples/pdu.012.xml b/rpkid/left-right-protocol-samples/pdu.012.xml
index cca6c8c7..30ca6328 100644
--- a/rpkid/left-right-protocol-samples/pdu.012.xml
+++ b/rpkid/left-right-protocol-samples/pdu.012.xml
@@ -2,6 +2,6 @@
 <!--Automatically generated, do not edit.-->
 <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1">
   <bsc action="create" type="reply" self_id="42" bsc_id="17">
-    <pkcs10_cert_request>cmVxdWVzdAo=</pkcs10_cert_request>
+    <pkcs10_request>cmVxdWVzdAo=</pkcs10_request>
   </bsc>
 </msg>
diff --git a/rpkid/left-right-protocol-samples/pdu.016.xml b/rpkid/left-right-protocol-samples/pdu.016.xml
index bfa6009a..2abf3bac 100644
--- a/rpkid/left-right-protocol-samples/pdu.016.xml
+++ b/rpkid/left-right-protocol-samples/pdu.016.xml
@@ -40,14 +40,5 @@
                 5tNbASf9blRIQcQ9uy+S8mOlHQWfOhe6nN++LhVxYlOzdDKFboTmCwYZwNJHhnRl
                 okQ8do5ItBt92MoJgI26PoOiE3xXVyuYb1b7vw==
             </signing_cert>
-    <public_key>
-                MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA64aCougbqPB/PjR9ipPd
-                5c/QGlKh8QsCvh4ka3VjRp+zCUEiOI6W7hKUGVoNlqwFjZo2CsqX8qoW0e/SsQp9
-                RMH80jgYjfxVPvK3S+sMoXredH+PhOqttf1rCEXbvqP4t9FWUdKJz558oHbOMXir
-                P7MFUrWk96F/id+BFG01aKy9RE68DlkcPZAJjpcQ0kEYCIyAQckqgVrIaH2XQiEt
-                B5asHrvGH0N5fmUWDeBfHTGVI3dbc6nLU9RYlVo/RCo0C38fi44/PIdnJCZG4+m2
-                ZXG+QbhNWVr4BsSIpF0oiQDelrebDrK4TYJ4skfwLHdlmJbtaeG7zwukDQkNCIIX
-                RwIDAQAB
-            </public_key>
   </bsc>
 </msg>
diff --git a/rpkid/left-right-protocol-samples/pdu.018.xml b/rpkid/left-right-protocol-samples/pdu.018.xml
index bfa6009a..2abf3bac 100644
--- a/rpkid/left-right-protocol-samples/pdu.018.xml
+++ b/rpkid/left-right-protocol-samples/pdu.018.xml
@@ -40,14 +40,5 @@
                 5tNbASf9blRIQcQ9uy+S8mOlHQWfOhe6nN++LhVxYlOzdDKFboTmCwYZwNJHhnRl
                 okQ8do5ItBt92MoJgI26PoOiE3xXVyuYb1b7vw==
             </signing_cert>
-    <public_key>
-                MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA64aCougbqPB/PjR9ipPd
-                5c/QGlKh8QsCvh4ka3VjRp+zCUEiOI6W7hKUGVoNlqwFjZo2CsqX8qoW0e/SsQp9
-                RMH80jgYjfxVPvK3S+sMoXredH+PhOqttf1rCEXbvqP4t9FWUdKJz558oHbOMXir
-                P7MFUrWk96F/id+BFG01aKy9RE68DlkcPZAJjpcQ0kEYCIyAQckqgVrIaH2XQiEt
-                B5asHrvGH0N5fmUWDeBfHTGVI3dbc6nLU9RYlVo/RCo0C38fi44/PIdnJCZG4+m2
-                ZXG+QbhNWVr4BsSIpF0oiQDelrebDrK4TYJ4skfwLHdlmJbtaeG7zwukDQkNCIIX
-                RwIDAQAB
-            </public_key>
   </bsc>
 </msg>
diff --git a/rpkid/left-right-schema.rnc b/rpkid/left-right-schema.rnc
index 44ae964f..83be22bd 100644
--- a/rpkid/left-right-schema.rnc
+++ b/rpkid/left-right-schema.rnc
@@ -81,19 +81,18 @@ bsc_bool = ((attribute generate_keypair { "yes" },
 
 bsc_id = attribute bsc_id { sql_id }
 
-bsc_payload = (element signing_cert { base64 }*,
-               element public_key { base64 }?)
+bsc_payload = (element signing_cert { base64 }*)
 
-bsc_pkcs10 = element pkcs10_cert_request { base64 }?
+bsc_pkcs10 = element pkcs10_request { base64 }?
 
 bsc_elt |= element bsc { ctl_cq, self_id, bsc_bool, bsc_payload }
 bsc_elt |= element bsc { ctl_cr, self_id, bsc_id, bsc_pkcs10 }
 bsc_elt |= element bsc { ctl_sq, self_id, bsc_id, bsc_bool, bsc_payload }
 bsc_elt |= element bsc { ctl_sr, self_id, bsc_id, bsc_pkcs10 }
 bsc_elt |= element bsc { ctl_gq, self_id, bsc_id }
-bsc_elt |= element bsc { ctl_gr, self_id, bsc_id, bsc_payload }
+bsc_elt |= element bsc { ctl_gr, self_id, bsc_id, bsc_payload, bsc_pkcs10 }
 bsc_elt |= element bsc { ctl_lq, self_id }
-bsc_elt |= element bsc { ctl_lr, self_id, bsc_id, bsc_payload }
+bsc_elt |= element bsc { ctl_lr, self_id, bsc_id, bsc_payload, bsc_pkcs10 }
 bsc_elt |= element bsc { ctl_dq, self_id, bsc_id }
 bsc_elt |= element bsc { ctl_dr, self_id, bsc_id }
 
diff --git a/rpkid/left-right-schema.rng b/rpkid/left-right-schema.rng
index e0917fa9..11b570eb 100644
--- a/rpkid/left-right-schema.rng
+++ b/rpkid/left-right-schema.rng
@@ -327,15 +327,10 @@
         <ref name="base64"/>
       </element>
     </zeroOrMore>
-    <optional>
-      <element name="public_key">
-        <ref name="base64"/>
-      </element>
-    </optional>
   </define>
   <define name="bsc_pkcs10">
     <optional>
-      <element name="pkcs10_cert_request">
+      <element name="pkcs10_request">
         <ref name="base64"/>
       </element>
     </optional>
@@ -386,6 +381,7 @@
       <ref name="self_id"/>
       <ref name="bsc_id"/>
       <ref name="bsc_payload"/>
+      <ref name="bsc_pkcs10"/>
     </element>
   </define>
   <define name="bsc_elt" combine="choice">
@@ -400,6 +396,7 @@
       <ref name="self_id"/>
       <ref name="bsc_id"/>
       <ref name="bsc_payload"/>
+      <ref name="bsc_pkcs10"/>
     </element>
   </define>
   <define name="bsc_elt" combine="choice">
diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py
index ae5a9e17..7be7b903 100644
--- a/rpkid/rpki/left_right.py
+++ b/rpkid/rpki/left_right.py
@@ -426,12 +426,11 @@ class bsc_elt(data_elt):
   booleans = ("generate_keypair", "clear_signing_certs")
 
   sql_template = rpki.sql.template("bsc", "bsc_id", "self_id", "hash_alg",
-                                   ("public_key", rpki.x509.RSApublic),
-                                   ("private_key_id", rpki.x509.RSA))
+                                   ("private_key_id", rpki.x509.RSA),
+                                   ("pkcs10_request", rpki.x509.PKCS10))
 
-  pkcs10_cert_request = None
-  public_key = None
   private_key_id = None
+  pkcs10_request = None
 
   def __init__(self):
     """Initialize bsc_elt.""" 
@@ -482,12 +481,12 @@ class bsc_elt(data_elt):
       keypair = rpki.x509.RSA()
       keypair.generate()
       self.private_key_id = keypair
-      self.public_key = keypair.get_RSApublic()
-      r_pdu.pkcs10_cert_request = rpki.x509.PKCS10.create(keypair)
+      self.pkcs10_request = rpki.x509.PKCS10.create(keypair)
+      r_pdu.pkcs10_request = self.pkcs10_request
 
   def startElement(self, stack, name, attrs):
     """Handle <bsc/> element."""
-    if not name in ("signing_cert", "public_key", "pkcs10_cert_request"):
+    if not name in ("signing_cert", "pkcs10_request"):
       assert name == "bsc", "Unexpected name %s, stack %s" % (name, stack)
       self.read_attrs(attrs)
 
@@ -495,10 +494,8 @@ class bsc_elt(data_elt):
     """Handle <bsc/> element."""
     if name == "signing_cert":
       self.signing_cert.append(rpki.x509.X509(Base64 = text))
-    elif name == "public_key":
-      self.public_key = rpki.x509.RSApublic(Base64 = text)
-    elif name == "pkcs10_cert_request":
-      self.pkcs10_cert_request = rpki.x509.PKCS10(Base64 = text)
+    elif name == "pkcs10_request":
+      self.pkcs10_request = rpki.x509.PKCS10(Base64 = text)
     else:
       assert name == "bsc", "Unexpected name %s, stack %s" % (name, stack)
       stack.pop()
@@ -508,10 +505,8 @@ class bsc_elt(data_elt):
     elt = self.make_elt()
     for cert in self.signing_cert:
       self.make_b64elt(elt, "signing_cert", cert.get_DER())
-    if self.pkcs10_cert_request is not None:
-      self.make_b64elt(elt, "pkcs10_cert_request", self.pkcs10_cert_request.get_DER())
-    if self.public_key is not None:
-      self.make_b64elt(elt, "public_key", self.public_key.get_DER())
+    if self.pkcs10_request is not None:
+      self.make_b64elt(elt, "pkcs10_request", self.pkcs10_request.get_DER())
     return elt
 
 class parent_elt(data_elt):
diff --git a/rpkid/rpki/relaxng.py b/rpkid/rpki/relaxng.py
index 23c5bbdc..984947dc 100644
--- a/rpkid/rpki/relaxng.py
+++ b/rpkid/rpki/relaxng.py
@@ -6,7 +6,7 @@ import lxml.etree
 ## Parsed RelaxNG left_right schema
 left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encoding="UTF-8"?>
 <!--
-  $Id: left-right-schema.rng 1531 2008-02-27 19:02:11Z sra $
+  $Id: left-right-schema.rnc 1531 2008-02-27 19:02:11Z sra $
   
   RelaxNG (Compact Syntax) Schema for RPKI left-right protocol.
   
@@ -333,15 +333,10 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc
         <ref name="base64"/>
       </element>
     </zeroOrMore>
-    <optional>
-      <element name="public_key">
-        <ref name="base64"/>
-      </element>
-    </optional>
   </define>
   <define name="bsc_pkcs10">
     <optional>
-      <element name="pkcs10_cert_request">
+      <element name="pkcs10_request">
         <ref name="base64"/>
       </element>
     </optional>
@@ -392,6 +387,7 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc
       <ref name="self_id"/>
       <ref name="bsc_id"/>
       <ref name="bsc_payload"/>
+      <ref name="bsc_pkcs10"/>
     </element>
   </define>
   <define name="bsc_elt" combine="choice">
@@ -406,6 +402,7 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc
       <ref name="self_id"/>
       <ref name="bsc_id"/>
       <ref name="bsc_payload"/>
+      <ref name="bsc_pkcs10"/>
     </element>
   </define>
   <define name="bsc_elt" combine="choice">
diff --git a/rpkid/testbed.py b/rpkid/testbed.py
index a6843a08..ce047285 100644
--- a/rpkid/testbed.py
+++ b/rpkid/testbed.py
@@ -572,7 +572,7 @@ class allocation(object):
     rpki.log.info("Issuing BSC EE cert for %s" % self.name)
     cmd = (prog_openssl, "x509", "-req", "-CA", self.name + "-RPKI-CA.cer", "-CAkey", self.name + "-RPKI-CA.key", "-CAserial", self.name + "-RPKI-CA.srl")
     signer = subprocess.Popen(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE)
-    bsc_ee = rpki.x509.X509(PEM = signer.communicate(input = pdu.pkcs10_cert_request.get_PEM())[0])
+    bsc_ee = rpki.x509.X509(PEM = signer.communicate(input = pdu.pkcs10_request.get_PEM())[0])
 
     rpki.log.info("Installing BSC EE cert for %s" % self.name)
     self.call_rpkid(rpki.left_right.bsc_elt.make_pdu(action = "set", self_id = self.self_id, bsc_id = self.bsc_id,