diff options
| -rw-r--r-- | myrpki.rototill/Makefile | 7 | ||||
| -rw-r--r-- | myrpki.rototill/myrpki.py | 4 | ||||
| -rw-r--r-- | myrpki.rototill/myrpki.rnc | 126 | ||||
| -rw-r--r-- | myrpki.rototill/myrpki.rng | 322 |
4 files changed, 348 insertions, 111 deletions
diff --git a/myrpki.rototill/Makefile b/myrpki.rototill/Makefile index a8306e30..12c7e940 100644 --- a/myrpki.rototill/Makefile +++ b/myrpki.rototill/Makefile @@ -2,6 +2,9 @@ all: myrpki.rng +relaxng: myrpki.rng + xmllint --noout --relaxng myrpki.rng `find test -type f -name '*.xml'` + lint: myrpki.xml myrpki.rng xmllint --noout --relaxng myrpki.rng myrpki.xml @@ -29,5 +32,5 @@ backup: tar cvvzf test.$$(TZ='' date +%Y.%m.%d.%H.%M.%S).tgz screenlog.* test backup.*.sql rm backup.*.sql -test: all - python yamltest.py +test: myrpki.rng + MYRPKI_RNG=`pwd`/myrpki.rng python yamltest.py diff --git a/myrpki.rototill/myrpki.py b/myrpki.rototill/myrpki.py index c84a520b..ff0a7582 100644 --- a/myrpki.rototill/myrpki.py +++ b/myrpki.rototill/myrpki.py @@ -749,7 +749,7 @@ def etree_validate(e): print lxml.etree.tostring(e, pretty_print = True) raise -def etree_write(e, filename, verbose = True, validate = False): +def etree_write(e, filename, verbose = True, validate = True): """ Write out an etree to a file, safely. @@ -769,7 +769,7 @@ def etree_write(e, filename, verbose = True, validate = False): ElementTree(e).write(filename + ".tmp") os.rename(filename + ".tmp", filename) -def etree_read(filename, verbose = False, validate = False): +def etree_read(filename, verbose = True, validate = True): """ Read an etree from a file, verifying then stripping XML namespace cruft. diff --git a/myrpki.rototill/myrpki.rnc b/myrpki.rototill/myrpki.rnc index 29db7a67..feb3cf0f 100644 --- a/myrpki.rototill/myrpki.rnc +++ b/myrpki.rototill/myrpki.rnc @@ -7,6 +7,8 @@ default namespace = "http://www.hactrn.net/uris/rpki/myrpki/" +version = "2" + base64 = xsd:base64Binary { maxLength="512000" } object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9]*" } pubd_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]*" } @@ -15,54 +17,108 @@ asn_list = xsd:string { maxLength="512000" pattern="[\-,0-9]*" } ipv4_list = xsd:string { maxLength="512000" pattern="[\-,0-9/.]*" } ipv6_list = xsd:string { maxLength="512000" pattern="[\-,0-9/:a-fA-F]*" } -start = element myrpki { - attribute version { "2" }, +start |= myrpki_pdu +start |= identity_pdu +start |= parent_pdu +start |= repository_pdu + +myrpki_pdu = element myrpki { + attribute version { version }, attribute handle { object_handle }, - roa_request_elt*, - child_elt*, - parent_elt*, - repository_elt*, - bpki_ca_certificate_elt?, - bpki_crl_elt?, - bpki_bsc_certificate_elt?, - bpki_bsc_pkcs10_elt? + element roa_request { + attribute asn { xsd:positiveInteger }, + attribute v4 { ipv4_list }, + attribute v6 { ipv6_list } + }*, + element child { + attribute handle { object_handle }, + attribute valid_until { xsd:dateTime { pattern=".*Z" } }, + attribute asns { asn_list }?, + attribute v4 { ipv4_list }?, + attribute v6 { ipv6_list }?, + element bpki_certificate { base64 }? + }*, + element parent { + attribute handle { object_handle }, + attribute service_uri { uri }?, + attribute myhandle { object_handle }?, + attribute sia_base { uri }?, + element bpki_cms_certificate { base64 }?, + element bpki_https_certificate { base64 }? + }*, + element repository { + attribute handle { object_handle }, + attribute service_uri { uri }?, + element bpki_certificate { base64 }? + }*, + element bpki_ca_certificate { base64 }?, + element bpki_crl { base64 }?, + element bpki_bsc_certificate { base64 }?, + element bpki_bsc_pkcs10 { base64 }? } -roa_request_elt = element roa_request { - attribute asn { xsd:positiveInteger }, - attribute v4 { ipv4_list }, - attribute v6 { ipv6_list } +identity_pdu = element identity { + attribute version { version }, + attribute handle { object_handle }, + element bpki_ta { base64 } } -child_elt = element child { - attribute handle { object_handle }, +parent_pdu = element parent { + attribute version { version }, attribute valid_until { xsd:dateTime { pattern=".*Z" } }, - attribute asns { asn_list }?, - attribute v4 { ipv4_list }?, - attribute v6 { ipv6_list }?, - element bpki_certificate { base64 }? + attribute service_uri { uri }?, + attribute child_handle { object_handle }, + attribute parent_handle { object_handle }, + element bpki_resource_ta { base64 }?, + element bpki_server_ta { base64 }?, + element bpki_child_ta { base64 }?, + element repository { + ((attribute type { "offer" }) | + (attribute type { "hint" }, + attribute proposed_sia_base { uri }, + element contact_info { xsd:string })) + }? } -parent_elt = element parent { - attribute handle { object_handle }, - attribute service_uri { uri }?, - attribute myhandle { object_handle }?, - attribute sia_base { uri }?, - element bpki_cms_certificate { base64 }?, - element bpki_https_certificate { base64 }? +repository_pdu |= element repository { + attribute version { version }, + attribute type { "confirmed" }, + attribute parent_handle { object_handle }, + attribute client_handle { pubd_handle }, + attribute service_uri { uri }, + attribute sia_base { uri }, + attribute repository_handle { object_handle }, + element bpki_server_ta { base64 }?, + element bpki_client_ta { base64 }?, + element contact_info { xsd:string }? } -repository_elt = element repository { - attribute handle { object_handle }, - attribute service_uri { uri }?, - element bpki_certificate { base64 }? +repository_pdu |= element repository { + attribute version { version }, + attribute type { "request" }, + attribute handle { pubd_handle }, + attribute parent_handle { object_handle }, + element contact_info { xsd:string }?, + element bpki_ta { base64 }? } -bpki_ca_certificate_elt = element bpki_ca_certificate { base64 } -bpki_crl_elt = element bpki_crl { base64 } +repository_pdu |= element repository { + attribute version { version }, + attribute type { "offer" }, + attribute handle { pubd_handle }, + attribute parent_handle { object_handle }, + element bpki_ta { base64 }? +} -bpki_bsc_certificate_elt = element bpki_bsc_certificate { base64 } -bpki_bsc_pkcs10_elt = element bpki_bsc_pkcs10 { base64 } +repository_pdu |= element repository { + attribute version { version }, + attribute type { "hint" }, + attribute handle { pubd_handle }, + attribute parent_handle { object_handle }, + attribute proposed_sia_base { uri }, + element contact_info { xsd:string }?, + element bpki_ta { base64 }? +} # Local Variables: # indent-tabs-mode: nil diff --git a/myrpki.rototill/myrpki.rng b/myrpki.rototill/myrpki.rng index 1fa2cd86..2202f4d2 100644 --- a/myrpki.rototill/myrpki.rng +++ b/myrpki.rototill/myrpki.rng @@ -8,6 +8,9 @@ run the compact syntax through trang to get XML syntax. --> <grammar ns="http://www.hactrn.net/uris/rpki/myrpki/" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> + <define name="version"> + <value>2</value> + </define> <define name="base64"> <data type="base64Binary"> <param name="maxLength">512000</param> @@ -48,57 +51,159 @@ <param name="pattern">[\-,0-9/:a-fA-F]*</param> </data> </define> - <start> + <start combine="choice"> + <ref name="myrpki_pdu"/> + </start> + <start combine="choice"> + <ref name="identity_pdu"/> + </start> + <start combine="choice"> + <ref name="parent_pdu"/> + </start> + <start combine="choice"> + <ref name="repository_pdu"/> + </start> + <define name="myrpki_pdu"> <element name="myrpki"> <attribute name="version"> - <value>2</value> + <ref name="version"/> </attribute> <attribute name="handle"> <ref name="object_handle"/> </attribute> <zeroOrMore> - <ref name="roa_request_elt"/> + <element name="roa_request"> + <attribute name="asn"> + <data type="positiveInteger"/> + </attribute> + <attribute name="v4"> + <ref name="ipv4_list"/> + </attribute> + <attribute name="v6"> + <ref name="ipv6_list"/> + </attribute> + </element> </zeroOrMore> <zeroOrMore> - <ref name="child_elt"/> + <element name="child"> + <attribute name="handle"> + <ref name="object_handle"/> + </attribute> + <attribute name="valid_until"> + <data type="dateTime"> + <param name="pattern">.*Z</param> + </data> + </attribute> + <optional> + <attribute name="asns"> + <ref name="asn_list"/> + </attribute> + </optional> + <optional> + <attribute name="v4"> + <ref name="ipv4_list"/> + </attribute> + </optional> + <optional> + <attribute name="v6"> + <ref name="ipv6_list"/> + </attribute> + </optional> + <optional> + <element name="bpki_certificate"> + <ref name="base64"/> + </element> + </optional> + </element> </zeroOrMore> <zeroOrMore> - <ref name="parent_elt"/> + <element name="parent"> + <attribute name="handle"> + <ref name="object_handle"/> + </attribute> + <optional> + <attribute name="service_uri"> + <ref name="uri"/> + </attribute> + </optional> + <optional> + <attribute name="myhandle"> + <ref name="object_handle"/> + </attribute> + </optional> + <optional> + <attribute name="sia_base"> + <ref name="uri"/> + </attribute> + </optional> + <optional> + <element name="bpki_cms_certificate"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_https_certificate"> + <ref name="base64"/> + </element> + </optional> + </element> </zeroOrMore> <zeroOrMore> - <ref name="repository_elt"/> + <element name="repository"> + <attribute name="handle"> + <ref name="object_handle"/> + </attribute> + <optional> + <attribute name="service_uri"> + <ref name="uri"/> + </attribute> + </optional> + <optional> + <element name="bpki_certificate"> + <ref name="base64"/> + </element> + </optional> + </element> </zeroOrMore> <optional> - <ref name="bpki_ca_certificate_elt"/> + <element name="bpki_ca_certificate"> + <ref name="base64"/> + </element> </optional> <optional> - <ref name="bpki_crl_elt"/> + <element name="bpki_crl"> + <ref name="base64"/> + </element> </optional> <optional> - <ref name="bpki_bsc_certificate_elt"/> + <element name="bpki_bsc_certificate"> + <ref name="base64"/> + </element> </optional> <optional> - <ref name="bpki_bsc_pkcs10_elt"/> + <element name="bpki_bsc_pkcs10"> + <ref name="base64"/> + </element> </optional> </element> - </start> - <define name="roa_request_elt"> - <element name="roa_request"> - <attribute name="asn"> - <data type="positiveInteger"/> - </attribute> - <attribute name="v4"> - <ref name="ipv4_list"/> + </define> + <define name="identity_pdu"> + <element name="identity"> + <attribute name="version"> + <ref name="version"/> </attribute> - <attribute name="v6"> - <ref name="ipv6_list"/> + <attribute name="handle"> + <ref name="object_handle"/> </attribute> + <element name="bpki_ta"> + <ref name="base64"/> + </element> </element> </define> - <define name="child_elt"> - <element name="child"> - <attribute name="handle"> - <ref name="object_handle"/> + <define name="parent_pdu"> + <element name="parent"> + <attribute name="version"> + <ref name="version"/> </attribute> <attribute name="valid_until"> <data type="dateTime"> @@ -106,96 +211,169 @@ </data> </attribute> <optional> - <attribute name="asns"> - <ref name="asn_list"/> + <attribute name="service_uri"> + <ref name="uri"/> </attribute> </optional> + <attribute name="child_handle"> + <ref name="object_handle"/> + </attribute> + <attribute name="parent_handle"> + <ref name="object_handle"/> + </attribute> <optional> - <attribute name="v4"> - <ref name="ipv4_list"/> - </attribute> + <element name="bpki_resource_ta"> + <ref name="base64"/> + </element> </optional> <optional> - <attribute name="v6"> - <ref name="ipv6_list"/> - </attribute> + <element name="bpki_server_ta"> + <ref name="base64"/> + </element> </optional> <optional> - <element name="bpki_certificate"> + <element name="bpki_child_ta"> <ref name="base64"/> </element> </optional> + <optional> + <element name="repository"> + <choice> + <attribute name="type"> + <value>offer</value> + </attribute> + <group> + <attribute name="type"> + <value>hint</value> + </attribute> + <attribute name="proposed_sia_base"> + <ref name="uri"/> + </attribute> + <element name="contact_info"> + <data type="string"/> + </element> + </group> + </choice> + </element> + </optional> </element> </define> - <define name="parent_elt"> - <element name="parent"> - <attribute name="handle"> + <define name="repository_pdu" combine="choice"> + <element name="repository"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="type"> + <value>confirmed</value> + </attribute> + <attribute name="parent_handle"> + <ref name="object_handle"/> + </attribute> + <attribute name="client_handle"> + <ref name="pubd_handle"/> + </attribute> + <attribute name="service_uri"> + <ref name="uri"/> + </attribute> + <attribute name="sia_base"> + <ref name="uri"/> + </attribute> + <attribute name="repository_handle"> <ref name="object_handle"/> </attribute> <optional> - <attribute name="service_uri"> - <ref name="uri"/> - </attribute> + <element name="bpki_server_ta"> + <ref name="base64"/> + </element> </optional> <optional> - <attribute name="myhandle"> - <ref name="object_handle"/> - </attribute> + <element name="bpki_client_ta"> + <ref name="base64"/> + </element> </optional> <optional> - <attribute name="sia_base"> - <ref name="uri"/> - </attribute> + <element name="contact_info"> + <data type="string"/> + </element> + </optional> + </element> + </define> + <define name="repository_pdu" combine="choice"> + <element name="repository"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="type"> + <value>request</value> + </attribute> + <attribute name="handle"> + <ref name="pubd_handle"/> + </attribute> + <attribute name="parent_handle"> + <ref name="object_handle"/> + </attribute> + <optional> + <element name="contact_info"> + <data type="string"/> + </element> </optional> <optional> - <element name="bpki_cms_certificate"> + <element name="bpki_ta"> <ref name="base64"/> </element> </optional> + </element> + </define> + <define name="repository_pdu" combine="choice"> + <element name="repository"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="type"> + <value>offer</value> + </attribute> + <attribute name="handle"> + <ref name="pubd_handle"/> + </attribute> + <attribute name="parent_handle"> + <ref name="object_handle"/> + </attribute> <optional> - <element name="bpki_https_certificate"> + <element name="bpki_ta"> <ref name="base64"/> </element> </optional> </element> </define> - <define name="repository_elt"> + <define name="repository_pdu" combine="choice"> <element name="repository"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="type"> + <value>hint</value> + </attribute> <attribute name="handle"> + <ref name="pubd_handle"/> + </attribute> + <attribute name="parent_handle"> <ref name="object_handle"/> </attribute> + <attribute name="proposed_sia_base"> + <ref name="uri"/> + </attribute> <optional> - <attribute name="service_uri"> - <ref name="uri"/> - </attribute> + <element name="contact_info"> + <data type="string"/> + </element> </optional> <optional> - <element name="bpki_certificate"> + <element name="bpki_ta"> <ref name="base64"/> </element> </optional> </element> </define> - <define name="bpki_ca_certificate_elt"> - <element name="bpki_ca_certificate"> - <ref name="base64"/> - </element> - </define> - <define name="bpki_crl_elt"> - <element name="bpki_crl"> - <ref name="base64"/> - </element> - </define> - <define name="bpki_bsc_certificate_elt"> - <element name="bpki_bsc_certificate"> - <ref name="base64"/> - </element> - </define> - <define name="bpki_bsc_pkcs10_elt"> - <element name="bpki_bsc_pkcs10"> - <ref name="base64"/> - </element> - </define> </grammar> <!-- Local Variables: |