diff options
| -rw-r--r-- | Makefile.in | 6 | ||||
| -rw-r--r-- | ca/tests/Makefile.in | 25 | ||||
| -rw-r--r-- | ca/tests/rrdp-samples.xml | 111 | ||||
| -rw-r--r-- | rpki/relaxng.py | 218 | ||||
| -rw-r--r-- | schemas/relaxng/rrdp.rnc | 118 | ||||
| -rw-r--r-- | schemas/relaxng/rrdp.rng | 214 |
6 files changed, 685 insertions, 7 deletions
diff --git a/Makefile.in b/Makefile.in index 8908ae32..3e24b6b3 100644 --- a/Makefile.in +++ b/Makefile.in @@ -49,7 +49,8 @@ RNGS = schemas/relaxng/left-right-schema.rng \ schemas/relaxng/up-down-schema.rng \ schemas/relaxng/publication-schema.rng \ schemas/relaxng/myrpki.rng \ - schemas/relaxng/router-certificate-schema.rng + schemas/relaxng/router-certificate-schema.rng \ + schemas/relaxng/rrdp.rng SQLS = schemas/sql/rpkid.sql \ schemas/sql/pubd.sql @@ -202,6 +203,9 @@ schemas/relaxng/myrpki.rng: schemas/relaxng/myrpki.rnc schemas/relaxng/router-certificate-schema.rng: schemas/relaxng/router-certificate-schema.rnc ${TRANG} schemas/relaxng/router-certificate-schema.rnc schemas/relaxng/router-certificate-schema.rng +schemas/relaxng/rrdp.rng: schemas/relaxng/rrdp.rnc + ${TRANG} schemas/relaxng/rrdp.rnc schemas/relaxng/rrdp.rng + # Eg: PYLINT_FLAGS='--disable=W0311' lint: diff --git a/ca/tests/Makefile.in b/ca/tests/Makefile.in index 9796dd2b..4c17c961 100644 --- a/ca/tests/Makefile.in +++ b/ca/tests/Makefile.in @@ -6,9 +6,7 @@ abs_top_builddir = @abs_top_builddir@ all: protocol-samples clean: - rm -rf smoketest.dir left-right-protocol-samples publication-protocol-samples yamltest.dir rcynic.xml rcynic-data - -protocol-samples: left-right-protocol-samples/.stamp publication-protocol-samples/.stamp + rm -rf smoketest.dir left-right-protocol-samples publication-protocol-samples rrdp-samples yamltest.dir rcynic.xml rcynic-data left-right-protocol-samples/.stamp: left-right-protocol-samples.xml split-protocol-samples.xsl rm -rf left-right-protocol-samples @@ -16,17 +14,32 @@ left-right-protocol-samples/.stamp: left-right-protocol-samples.xml split-protoc xsltproc --param verbose 0 --stringparam dir left-right-protocol-samples split-protocol-samples.xsl left-right-protocol-samples.xml touch $@ +left-right-relaxng: left-right-protocol-samples/.stamp + xmllint --noout --relaxng ../../schemas/relaxng/left-right-schema.rng left-right-protocol-samples/*.xml + publication-protocol-samples/.stamp: publication-protocol-samples.xml split-protocol-samples.xsl rm -rf publication-protocol-samples mkdir publication-protocol-samples xsltproc --param verbose 0 --stringparam dir publication-protocol-samples split-protocol-samples.xsl publication-protocol-samples.xml touch $@ -relaxng: protocol-samples - xmllint --noout --relaxng ../../schemas/relaxng/left-right-schema.rng left-right-protocol-samples/*.xml - xmllint --noout --relaxng ../../schemas/relaxng/up-down-schema.rng up-down-protocol-samples/*.xml +publication-relaxng: publication-protocol-samples/.stamp xmllint --noout --relaxng ../../schemas/relaxng/publication-schema.rng publication-protocol-samples/*.xml +rrdp-samples/.stamp: rrdp-samples.xml split-protocol-samples.xsl + rm -rf rrdp-samples + mkdir rrdp-samples + xsltproc --param verbose 0 --stringparam dir rrdp-samples split-protocol-samples.xsl rrdp-samples.xml + touch $@ + +rrdp-relaxng: rrdp-samples/.stamp + xmllint --noout --relaxng ../../schemas/relaxng/rrdp.rng rrdp-samples/*.xml + +up-down-relaxng: + xmllint --noout --relaxng ../../schemas/relaxng/up-down-schema.rng up-down-protocol-samples/*.xml + +relaxng: up-down-relaxng left-right-relaxng publication-relaxng rrdp-relaxng + all-tests:: relaxng parse-test: protocol-samples diff --git a/ca/tests/rrdp-samples.xml b/ca/tests/rrdp-samples.xml new file mode 100644 index 00000000..847b0e6b --- /dev/null +++ b/ca/tests/rrdp-samples.xml @@ -0,0 +1,111 @@ +<!-- -*- SGML -*- + - $Id$ + - + - This is a collection of sample RRDP PDU samples to use as test + - cases for the RRDP RelaxNG schema. + - + - Need to figure out whose copyright should be on these examples. + - BSD in any case so makes little practical difference, just need to + - be sure we give proper credit. Might be RIPE, might be IETF + - Trust, might be us for derivative work. Slap ours on for the + - moment, fix when we figure this out. + - + - Copyright (C) 2014 Dragon Research Labs ("DRL") + - + - Permission to use, copy, modify, and distribute this software for any + - purpose with or without fee is hereby granted, provided that the above + - copyright notice and this permission notice appear in all copies. + - + - THE SOFTWARE IS PROVIDED "AS IS" AND DRL DISCLAIMS ALL WARRANTIES WITH + - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + - AND FITNESS. IN NO EVENT SHALL DRL BE LIABLE FOR ANY SPECIAL, DIRECT, + - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + - PERFORMANCE OF THIS SOFTWARE. + --> + +<completely_gratuitous_wrapper_element_to_let_me_run_this_through_xmllint> + + <!-- Notification file: lists current snapshots and deltas --> + + <msg type="notification" version="1" xmlns="http://www.ripe.net/rpki/rrdp"> + <notification session_id="d9f6dc91-0394-40b9-9663-66aef4bb623a" current_version="203"> + <snapshot version="202"> + <snapshot-segment uri="http://host.example/d9f6dc91-0394-40b9-9663-66aeb623a/snapshot/202/1.xml" hash="279b79fd8389e20585f26735ee70e0e4d4b8af23bb2e2e611c70e92d2433e"/> + <snapshot-segment uri="http://host.example/d9f6dc91-0394-40b9-9663-66aeb623a/snapshot/202/2.xml" hash="a2d56ec180f2dde2a46bf92e0565932e25829b852a0b47d5de6e41394c290"/> + <snapshot-segment uri="http://host.example/d9f6dc91-0394-40b9-9663-66aeb623a/snapshot/202/3.xml" hash="b2d56ec180f2dde2a46bf92e0565932e2582952a0b43107d5de6e41394c29a"/> + <snapshot-segment uri="http://host.example/d9f6dc91-0394-40b9-9663-66aeb623a/snapshot/202/4.xml" hash="c2d56ec180f2dde2a46bf92e0565932e25829b2a0b43107d5de6e41394c29f"/> + <snapshot-segment uri="http://host.example/d9f6dc91-0394-40b9-9663-66aeb623a/snapshot/202/5.xml" hash="d2d56ec180f2dde2a46bf92e0565932e229b852a0b43107d5de6e41394c29b"/> + <snapshot-segment uri="http://host.example/d9f6dc91-0394-40b9-9663-66aeb623a/snapshot/202/6.xml" hash="e2d56ec180f2dde2a46bf92e0565932e258b852a0b43107d5de6e41394c292"/> + <snapshot-segment uri="http://host.example/d9f6dc91-0394-40b9-9663-66aeb623a/snapshot/202/7.xml" hash="f2d56ec180f2dde2a46bf92e0565932e2582952a0b43107d5de6e41394c29c"/> + <snapshot-segment uri="http://host.example/d9f6dc91-0394-40b9-9663-66aeb623a/snapshot/202/8.xml" hash="02d56ec180f2dde2a46bf92e0565932e25829b8a0b43107d5de6e41394c294"/> + <snapshot-segment uri="http://host.example/d9f6dc91-0394-40b9-9663-66aeb623a/snapshot/202/9.xml" hash="c2d56ec180f2dde2a46bf92e0565932e25829b852b43107d5de6e41394c29d"/> + <snapshot-segment uri="http://host.example/d9f6dc91-0394-40b9-9663-66aeb623a/snapshot/202/10.xml" hash="22d56ec180f2dde2a46bf92e0565932e25829b852a0b43107d5de41394c296"/> + <snapshot-segment uri="http://host.example/d9f6dc91-0394-40b9-9663-66aeb623a/snapshot/202/11.xml" hash="b2d56ec180f2dde2a46bf92e0565932e25829b852a0b43107d5de6e394c29e"/> + <snapshot-segment uri="http://host.example/d9f6dc91-0394-40b9-9663-66aeb623a/snapshot/202/12.xml" hash="42d56ec180f2dde2a46bf92e0565932e25829b852a0b4315de6e41394c298"/> + </snapshot> + <deltas> + <delta-segment from="156" to="183" uri="http://host.example/d9f6c91-0394-40b9-9663-66aeb623a/deltas/156/183.xml" hash="a2d56ec180f2dde2a46bf90565932e25829b852a0b43107d5de6e41394c291"/> + <delta-segment from="183" to="184" uri="http://host.example/d9f6c91-0394-40b9-9663-66aeb623a/deltas/183/184/1.xml" hash="a2d56ec180f2dde2a46b2e0565932e25829b852a0b43107d5de6e41394c292"/> + <delta-segment from="183" to="184" uri="http://host.example/d9f6c91-0394-40b9-9663-66aeb623a/deltas/183/184/2.xml" hash="a2d56ec180f2dde2a46b2e0565932e25829b852a0b43107d5de6e41394c292"/> + <delta-segment from="183" to="184" uri="http://host.example/d9f6c91-0394-40b9-9663-66aeb623a/deltas/183/184/3.xml" hash="a2d56ec180f2dde2a46b2e0565932e25829b852a0b43107d5de6e41394c292"/> + <delta-segment from="184" to="197" uri="http://host.example/d9f6c91-0394-40b9-9663-66aeb623a/deltas/184/197.xml" hash="a2d56ec180f2dde2a46b2e0565932e25829b852a0b43107d5de6e41394c292"/> + <delta-segment from="197" to="203" uri="http://host.example/d9f6c91-0394-40b9-9663-66aeb623a/deltas/197/203.xml" hash="a2d56ec180f2dde2a4f92e0565932e25829b852a0b43107d5de6e41394c293"/> + </deltas> + </notification> + </msg> + + <!-- Snapshot segment: think DNS AXFR --> + + <msg xmlns="http://www.ripe.net/rpki/rrdp" type="snapshot" version="1"> + <snapshot session_id="d9f6dc91-0394-40b9-9663-66aef4bb623a" repository_version="1" index="2"> + <publish uri="http://host.example/foo/bar/cer1.cer"> + MIIE+jCCA+KgAwIBAgIBDTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQD + jRBODAxN0U2NkE5RTkxNzJFNDYxMkQ4Q0Y0QzgzRjIzOERFMkEzMB4XE + h8zeHoFVu6ghRPy5dbOA4akX/KG6b8XIx0iwPYdLiDbdWFbtTdPcXBau + </publish> + <publish uri="http://host.example/foo/bar/cer2.cer"> + MIIE+jCCA+KgAwIBAgIBDTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQD + h8zeHoFVu6ghRPy5dbOA4akX/KG6b8XIx0iwPYdLiDbdWFbtTdPcXBau + jRBODAxN0U2NkE5RTkxNzJFNDYxMkQ4Q0Y0QzgzRjIzOERFMkEzMB4XD + </publish> + <publish uri="http://host.example/foo/bar/cer3.cer"> + MIIE+jCCA+KgAwIBAgIBDTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQD + h8zeHoFVu6ghRPy5dbOA4akX/KG6b8XIx0iwPYdLiDbdWFbtTdPcXBau + jRBODAxN0U2NkE5RTkxNzJFNDYxMkQ4Q0Y0QzgzRjIzOERFMkEzMB4XD + </publish> + </snapshot> + </msg> + + <!-- Delta segment: think DNS IXFR --> + + <msg type="deltas" version="1" xmlns="http://www.ripe.net/rpki/rrdp"> + <deltas session_id="d9f6dc91-0394-40b9-9663-66aef4bb623a" from="0" to="3" index="4"> + <delta version="1"> + <publish uri="http://host.example/foo/bar/cer1.cer"> + MIIE+jCCA+KgAwIBAgIBDTANBgkqhkiG9w0BAQsFADAzMTEw + jRBODAxN0U2NkE5RTkxNzJFNDYxMkQ4Q0Y0QzgzRjIzOERFM + h8zeHoFVu6ghRPy5dbOA4akX/KG6b8XIx0iwPYdLiDbdWFbt + </publish> + </delta> + <delta version="2"> + <withdraw uri="http://host.example/foo/bar/cer1.cer"/> + <publish uri="http://host.example/foo/bar/cer2.cer"> + MIIE+jCCA+KgAwIBAgIBDTANBgkqhkiG9w0BAQsFADAzMTEw + h8zeHoFVu6ghRPy5dbOA4akX/KG6b8XIx0iwPYdLiDbdWFbt + jRBODAxN0U2NkE5RTkxNzJFNDYxMkQ4Q0Y0QzgzRjIzOERFM + </publish> + <publish uri="http://host.example/foo/bar/cer3.cer"> + MIIE+jCCA+KgAwIBAgIBDTANBgkqhkiG9w0BAQsFADAzMTEw + h8zeHoFVu6ghRPy5dbOA4akX/KG6b8XIx0iwPYdLiDbdWFbt + jRBODAxN0U2NkE5RTkxNzJFNDYxMkQ4Q0Y0QzgzRjIzOERFM + </publish> + </delta> + <delta version="3"> + <withdraw uri="http://host.example/foo/bar/cer2.cer"/> + </delta> + </deltas> + </msg> + +</completely_gratuitous_wrapper_element_to_let_me_run_this_through_xmllint> diff --git a/rpki/relaxng.py b/rpki/relaxng.py index 594b0a09..9e0c197d 100644 --- a/rpki/relaxng.py +++ b/rpki/relaxng.py @@ -2158,6 +2158,224 @@ router_certificate = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version= --> ''')) +## @var rrdp +## Parsed RelaxNG rrdp schema +rrdp = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> +<!-- + $Id$ + + RelaxNG schema for RPKI Repository Delta Protocol (RRDP). + + Copyright (C) 2014 Dragon Research Labs ("DRL") + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND DRL DISCLAIMS ALL WARRANTIES WITH + REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS. IN NO EVENT SHALL DRL BE LIABLE FOR ANY SPECIAL, DIRECT, + INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + PERFORMANCE OF THIS SOFTWARE. +--> +<grammar ns="http://www.ripe.net/rpki/rrdp" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> + <!-- + I find the use of "version" for both the protocol version and the database version + unncessarily confusing, so I'd prefer "serial" for the latter. For the moment, + I'm keeping the attribute names as in Tim's document and just using "serial" for + the data type. + + The xsd:string types here are me being lazy in the initial version. + We should also think about length limits for all of these types. + --> + <define name="version"> + <data type="positiveInteger"> + <param name="maxInclusive">1</param> + </data> + </define> + <define name="serial"> + <data type="nonNegativeInteger"/> + </define> + <define name="uri"> + <data type="anyURI"/> + </define> + <define name="uuid"> + <data type="string"/> + </define> + <define name="sha256"> + <data type="string"/> + </define> + <define name="base64"> + <data type="base64Binary"/> + </define> + <define name="index"> + <data type="positiveInteger"/> + </define> + <!-- + Notification file: lists current snapshots and deltas + + We want to get rid of the multiple segment thing from Tim's original + specification. I think this means that the multiple + <snapshot-segment/> elements collapse down to a single snapshot, the + attributes of which probably float up to the <snapshot/> element. + Or maybe we just require exactly one snapshot-segment element; it's + a bit verbose, but leaves an easy way to change our minds later, + and it's XML so who's going to notice one more element? + + Specify as in the -01 draft for the moment, simplify later. + --> + <start combine="choice"> + <element name="msg"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="type"> + <value>notification</value> + </attribute> + <element name="notification"> + <attribute name="session_id"> + <ref name="uuid"/> + </attribute> + <attribute name="current_version"> + <ref name="serial"/> + </attribute> + <element name="snapshot"> + <attribute name="version"> + <ref name="serial"/> + </attribute> + <oneOrMore> + <element name="snapshot-segment"> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + <attribute name="hash"> + <ref name="sha256"/> + </attribute> + </element> + </oneOrMore> + </element> + <optional> + <element name="deltas"> + <oneOrMore> + <element name="delta-segment"> + <attribute name="from"> + <ref name="serial"/> + </attribute> + <attribute name="to"> + <ref name="serial"/> + </attribute> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + <attribute name="hash"> + <ref name="sha256"/> + </attribute> + </element> + </oneOrMore> + </element> + </optional> + </element> + </element> + </start> + <!-- + If we're getting rid of multiple snapshot segments, I think the + index attributes go away. + + -01 is a bit vague on <publish/> and <withdraw/> elements: + Zero-or-more? One-or-more? Does "exact copy" include using the + publication protocol's XML namespace instead of RRDP's? Tag + attribute allowed? Wing it for now. + --> + <!-- Snapshot segment: think DNS AXFR. --> + <start combine="choice"> + <element name="msg"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="type"> + <value>snapshot</value> + </attribute> + <element name="snapshot"> + <attribute name="session_id"> + <ref name="uuid"/> + </attribute> + <attribute name="repository_version"> + <ref name="serial"/> + </attribute> + <attribute name="index"> + <ref name="index"/> + </attribute> + <zeroOrMore> + <element name="publish"> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + <ref name="base64"/> + </element> + </zeroOrMore> + </element> + </element> + </start> + <!-- Delta segment: think DNS IXFR. --> + <!-- -01 doesn't say whether <delta/> is zero-or-more or one-or-more. --> + <start combine="choice"> + <element name="msg"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="type"> + <value>deltas</value> + </attribute> + <element name="deltas"> + <attribute name="session_id"> + <ref name="uuid"/> + </attribute> + <attribute name="from"> + <ref name="serial"/> + </attribute> + <attribute name="to"> + <ref name="serial"/> + </attribute> + <attribute name="index"> + <ref name="index"/> + </attribute> + <zeroOrMore> + <element name="delta"> + <attribute name="version"> + <ref name="serial"/> + </attribute> + <zeroOrMore> + <choice> + <element name="publish"> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + <ref name="base64"/> + </element> + <element name="withdraw"> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + </element> + </choice> + </zeroOrMore> + </element> + </zeroOrMore> + </element> + </element> + </start> +</grammar> +<!-- + Local Variables: + indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" + End: +--> +''')) + ## @var up_down ## Parsed RelaxNG up_down schema up_down = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> diff --git a/schemas/relaxng/rrdp.rnc b/schemas/relaxng/rrdp.rnc new file mode 100644 index 00000000..44b94034 --- /dev/null +++ b/schemas/relaxng/rrdp.rnc @@ -0,0 +1,118 @@ +# $Id$ +# +# RelaxNG schema for RPKI Repository Delta Protocol (RRDP). +# +# Copyright (C) 2014 Dragon Research Labs ("DRL") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND DRL DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL DRL BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +default namespace = "http://www.ripe.net/rpki/rrdp" + +# I find the use of "version" for both the protocol version and the database version +# unncessarily confusing, so I'd prefer "serial" for the latter. For the moment, +# I'm keeping the attribute names as in Tim's document and just using "serial" for +# the data type. +# +# The xsd:string types here are me being lazy in the initial version. +# We should also think about length limits for all of these types. + +version = xsd:positiveInteger { maxInclusive="1" } +serial = xsd:nonNegativeInteger +uri = xsd:anyURI +uuid = xsd:string +sha256 = xsd:string +base64 = xsd:base64Binary +index = xsd:positiveInteger + +# Notification file: lists current snapshots and deltas +# +# We want to get rid of the multiple segment thing from Tim's original +# specification. I think this means that the multiple +# <snapshot-segment/> elements collapse down to a single snapshot, the +# attributes of which probably float up to the <snapshot/> element. +# Or maybe we just require exactly one snapshot-segment element; it's +# a bit verbose, but leaves an easy way to change our minds later, +# and it's XML so who's going to notice one more element? +# +# Specify as in the -01 draft for the moment, simplify later. + +start |= element msg { + attribute version { version }, + attribute type { "notification" }, + element notification { + attribute session_id { uuid }, + attribute current_version { serial }, + element snapshot { + attribute version { serial }, + element snapshot-segment { + attribute uri { uri }, + attribute hash { sha256 } + }+ + }, + element deltas { + element delta-segment { + attribute from { serial }, + attribute to { serial }, + attribute uri { uri }, + attribute hash { sha256 } + }+ + }? + } +} + +# If we're getting rid of multiple snapshot segments, I think the +# index attributes go away. +# +# -01 is a bit vague on <publish/> and <withdraw/> elements: +# Zero-or-more? One-or-more? Does "exact copy" include using the +# publication protocol's XML namespace instead of RRDP's? Tag +# attribute allowed? Wing it for now. + +# Snapshot segment: think DNS AXFR. + +start |= element msg { + attribute version { version }, + attribute type { "snapshot" }, + element snapshot { + attribute session_id { uuid }, + attribute repository_version { serial }, + attribute index { index }, + element publish { attribute uri { uri }, base64 }* + } +} + +# Delta segment: think DNS IXFR. + +# -01 doesn't say whether <delta/> is zero-or-more or one-or-more. + +start |= element msg { + attribute version { version }, + attribute type { "deltas" }, + element deltas { + attribute session_id { uuid }, + attribute from { serial }, + attribute to { serial }, + attribute index { index }, + element delta { + attribute version { serial }, + ( element publish { attribute uri { uri }, base64 } | + element withdraw { attribute uri { uri } } )* + }* + } +} + +# Local Variables: +# indent-tabs-mode: nil +# comment-start: "# " +# comment-start-skip: "#[ \t]*" +# End: diff --git a/schemas/relaxng/rrdp.rng b/schemas/relaxng/rrdp.rng new file mode 100644 index 00000000..7323f1c3 --- /dev/null +++ b/schemas/relaxng/rrdp.rng @@ -0,0 +1,214 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + $Id$ + + RelaxNG schema for RPKI Repository Delta Protocol (RRDP). + + Copyright (C) 2014 Dragon Research Labs ("DRL") + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND DRL DISCLAIMS ALL WARRANTIES WITH + REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS. IN NO EVENT SHALL DRL BE LIABLE FOR ANY SPECIAL, DIRECT, + INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + PERFORMANCE OF THIS SOFTWARE. +--> +<grammar ns="http://www.ripe.net/rpki/rrdp" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> + <!-- + I find the use of "version" for both the protocol version and the database version + unncessarily confusing, so I'd prefer "serial" for the latter. For the moment, + I'm keeping the attribute names as in Tim's document and just using "serial" for + the data type. + + The xsd:string types here are me being lazy in the initial version. + We should also think about length limits for all of these types. + --> + <define name="version"> + <data type="positiveInteger"> + <param name="maxInclusive">1</param> + </data> + </define> + <define name="serial"> + <data type="nonNegativeInteger"/> + </define> + <define name="uri"> + <data type="anyURI"/> + </define> + <define name="uuid"> + <data type="string"/> + </define> + <define name="sha256"> + <data type="string"/> + </define> + <define name="base64"> + <data type="base64Binary"/> + </define> + <define name="index"> + <data type="positiveInteger"/> + </define> + <!-- + Notification file: lists current snapshots and deltas + + We want to get rid of the multiple segment thing from Tim's original + specification. I think this means that the multiple + <snapshot-segment/> elements collapse down to a single snapshot, the + attributes of which probably float up to the <snapshot/> element. + Or maybe we just require exactly one snapshot-segment element; it's + a bit verbose, but leaves an easy way to change our minds later, + and it's XML so who's going to notice one more element? + + Specify as in the -01 draft for the moment, simplify later. + --> + <start combine="choice"> + <element name="msg"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="type"> + <value>notification</value> + </attribute> + <element name="notification"> + <attribute name="session_id"> + <ref name="uuid"/> + </attribute> + <attribute name="current_version"> + <ref name="serial"/> + </attribute> + <element name="snapshot"> + <attribute name="version"> + <ref name="serial"/> + </attribute> + <oneOrMore> + <element name="snapshot-segment"> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + <attribute name="hash"> + <ref name="sha256"/> + </attribute> + </element> + </oneOrMore> + </element> + <optional> + <element name="deltas"> + <oneOrMore> + <element name="delta-segment"> + <attribute name="from"> + <ref name="serial"/> + </attribute> + <attribute name="to"> + <ref name="serial"/> + </attribute> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + <attribute name="hash"> + <ref name="sha256"/> + </attribute> + </element> + </oneOrMore> + </element> + </optional> + </element> + </element> + </start> + <!-- + If we're getting rid of multiple snapshot segments, I think the + index attributes go away. + + -01 is a bit vague on <publish/> and <withdraw/> elements: + Zero-or-more? One-or-more? Does "exact copy" include using the + publication protocol's XML namespace instead of RRDP's? Tag + attribute allowed? Wing it for now. + --> + <!-- Snapshot segment: think DNS AXFR. --> + <start combine="choice"> + <element name="msg"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="type"> + <value>snapshot</value> + </attribute> + <element name="snapshot"> + <attribute name="session_id"> + <ref name="uuid"/> + </attribute> + <attribute name="repository_version"> + <ref name="serial"/> + </attribute> + <attribute name="index"> + <ref name="index"/> + </attribute> + <zeroOrMore> + <element name="publish"> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + <ref name="base64"/> + </element> + </zeroOrMore> + </element> + </element> + </start> + <!-- Delta segment: think DNS IXFR. --> + <!-- -01 doesn't say whether <delta/> is zero-or-more or one-or-more. --> + <start combine="choice"> + <element name="msg"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="type"> + <value>deltas</value> + </attribute> + <element name="deltas"> + <attribute name="session_id"> + <ref name="uuid"/> + </attribute> + <attribute name="from"> + <ref name="serial"/> + </attribute> + <attribute name="to"> + <ref name="serial"/> + </attribute> + <attribute name="index"> + <ref name="index"/> + </attribute> + <zeroOrMore> + <element name="delta"> + <attribute name="version"> + <ref name="serial"/> + </attribute> + <zeroOrMore> + <choice> + <element name="publish"> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + <ref name="base64"/> + </element> + <element name="withdraw"> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + </element> + </choice> + </zeroOrMore> + </element> + </zeroOrMore> + </element> + </element> + </start> +</grammar> +<!-- + Local Variables: + indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" + End: +--> |