diff options
24 files changed, 191 insertions, 175 deletions
diff --git a/docs/left-right-xml b/docs/left-right-xml index f6dc7fa8..6d60dbb8 100644 --- a/docs/left-right-xml +++ b/docs/left-right-xml @@ -262,7 +262,7 @@ repository_id="120" sender_name="tweedledee" recipient_name="tweedledum"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -280,8 +280,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -299,7 +299,7 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </parent> </msg> @@ -316,7 +316,7 @@ rekey="yes" reissue="yes" revoke="yes"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -334,8 +334,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -353,7 +353,7 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </parent> </msg> @@ -371,7 +371,7 @@ sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -389,8 +389,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -408,7 +408,7 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </parent> </msg> @@ -422,7 +422,7 @@ sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -440,8 +440,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -459,7 +459,7 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </parent> </msg> @@ -476,7 +476,7 @@ <msg version="1" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> <child action="create" type="query" self_id="42" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -494,7 +494,7 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> + </peer_biz_cert> </child> </msg> @@ -506,7 +506,7 @@ <child action="set" type="query" self_id="42" child_id="3" bsc_id="17" reissue="yes"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -524,7 +524,7 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> + </peer_biz_cert> </child> </msg> @@ -539,7 +539,7 @@ <msg version="1" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> <child action="get" type="reply" self_id="42" child_id="3" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -557,7 +557,7 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> + </peer_biz_cert> </child> </msg> @@ -568,7 +568,7 @@ <msg version="1" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> <child action="list" type="reply" self_id="42" child_id="3" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -586,7 +586,7 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> + </peer_biz_cert> </child> </msg> @@ -604,7 +604,7 @@ <repository action="create" type="query" self_id="42" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -622,8 +622,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -641,7 +641,7 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </repository> </msg> @@ -653,7 +653,7 @@ <repository action="set" type="query" self_id="42" repository_id="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -671,8 +671,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -690,7 +690,7 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </repository> </msg> @@ -706,7 +706,7 @@ <repository action="get" type="reply" self_id="42" repository_id="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -724,8 +724,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -743,7 +743,7 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </repository> </msg> @@ -755,7 +755,7 @@ <repository action="list" type="reply" self_id="42" repository_id="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -773,8 +773,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -792,7 +792,7 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </repository> </msg> diff --git a/docs/rpki-db-schema.pdf b/docs/rpki-db-schema.pdf Binary files differindex ba0c446d..bb9aadef 100644 --- a/docs/rpki-db-schema.pdf +++ b/docs/rpki-db-schema.pdf diff --git a/docs/rpki-db-schema.sql b/docs/rpki-db-schema.sql index 15e4c874..8e345b19 100644 --- a/docs/rpki-db-schema.sql +++ b/docs/rpki-db-schema.sql @@ -60,8 +60,8 @@ DROP TABLE IF EXISTS repository; CREATE TABLE repository ( repository_id SERIAL NOT NULL, peer_contact_uri TEXT, - cms_ta LONGBLOB, - https_ta LONGBLOB, + peer_biz_cert LONGBLOB, + peer_biz_glue LONGBLOB, bsc_id BIGINT unsigned NOT NULL, self_id BIGINT unsigned NOT NULL, PRIMARY KEY (repository_id), @@ -73,8 +73,8 @@ DROP TABLE IF EXISTS parent; CREATE TABLE parent ( parent_id SERIAL NOT NULL, - cms_ta LONGBLOB, - https_ta LONGBLOB, + peer_biz_cert LONGBLOB, + peer_biz_glue LONGBLOB, peer_contact_uri TEXT, sia_base TEXT, sender_name TEXT, @@ -127,7 +127,8 @@ DROP TABLE IF EXISTS child; CREATE TABLE child ( child_id SERIAL NOT NULL, - cms_ta LONGBLOB, + peer_biz_cert LONGBLOB, + peer_biz_glue LONGBLOB, self_id BIGINT unsigned NOT NULL, bsc_id BIGINT unsigned NOT NULL, PRIMARY KEY (child_id), diff --git a/rpkid/irbe-cli.py b/rpkid/irbe-cli.py index f52435e5..033ea1d3 100755 --- a/rpkid/irbe-cli.py +++ b/rpkid/irbe-cli.py @@ -48,13 +48,13 @@ class cmd_mixin(object): self.action = arg self.type = "query" - def client_query_cms_ta(self, arg): - """Special handler for --cms_ta option.""" - self.cms_ta = rpki.x509.X509(Auto_file=arg) + def client_query_peer_biz_cert(self, arg): + """Special handler for --peer_biz_cert option.""" + self.peer_biz_cert = rpki.x509.X509(Auto_file=arg) def client_query_https_ta(self, arg): - """Special handler for --https_ta option.""" - self.https_ta = rpki.x509.X509(Auto_file=arg) + """Special handler for --peer_biz_glue option.""" + self.peer_biz_glue = rpki.x509.X509(Auto_file=arg) def client_reply_decode(self): pass diff --git a/rpkid/irbe-setup.py b/rpkid/irbe-setup.py index cba4f791..b3ae8bc1 100644 --- a/rpkid/irbe-setup.py +++ b/rpkid/irbe-setup.py @@ -103,7 +103,7 @@ repository_id = pdu.repository_id print "Create a parent context" ta = rpki.x509.X509(Auto_file = "biz-certs/Elena-Root.cer") pdu = call_rpkid(rpki.left_right.parent_elt.make_pdu( - action = "create", self_id = self_id, bsc_id = bsc_id, repository_id = repository_id, cms_ta = ta, https_ta = ta, + action = "create", self_id = self_id, bsc_id = bsc_id, repository_id = repository_id, peer_biz_cert = ta, peer_contact_uri = "https://localhost:44333/", sia_base = "rsync://wombat.invalid/")) parent_id = pdu.parent_id @@ -117,7 +117,7 @@ registrants = cur.fetchall() for registrant_id, subject_name in registrants: print "Attempting to bind", registrant_id, subject_name - pdu = call_rpkid(rpki.left_right.child_elt.make_pdu(action = "create", self_id = self_id, bsc_id = bsc_id, cms_ta = cer)) + pdu = call_rpkid(rpki.left_right.child_elt.make_pdu(action = "create", self_id = self_id, bsc_id = bsc_id, peer_biz_cert = cer)) print "Attempting to bind", registrant_id, subject_name, pdu.child_id cur.execute("""UPDATE registrant SET rpki_self_id = %d, rpki_child_id = %d diff --git a/rpkid/left-right-protocol-samples/pdu.021.xml b/rpkid/left-right-protocol-samples/pdu.021.xml index 41bc67af..5159f7cb 100644 --- a/rpkid/left-right-protocol-samples/pdu.021.xml +++ b/rpkid/left-right-protocol-samples/pdu.021.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <parent action="create" type="query" self_id="42" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120" sender_name="tweedledee" recipient_name="tweedledum"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </parent> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.023.xml b/rpkid/left-right-protocol-samples/pdu.023.xml index 1f3633c0..100b2c74 100644 --- a/rpkid/left-right-protocol-samples/pdu.023.xml +++ b/rpkid/left-right-protocol-samples/pdu.023.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <parent action="set" type="query" self_id="42" parent_id="666" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120" rekey="yes" reissue="yes" revoke="yes"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </parent> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.026.xml b/rpkid/left-right-protocol-samples/pdu.026.xml index 8cddc8d8..7e45a2e2 100644 --- a/rpkid/left-right-protocol-samples/pdu.026.xml +++ b/rpkid/left-right-protocol-samples/pdu.026.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <parent action="get" type="reply" self_id="42" parent_id="666" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </parent> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.028.xml b/rpkid/left-right-protocol-samples/pdu.028.xml index 1e8f5c95..217dd456 100644 --- a/rpkid/left-right-protocol-samples/pdu.028.xml +++ b/rpkid/left-right-protocol-samples/pdu.028.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <parent action="list" type="reply" self_id="42" parent_id="666" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </parent> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.031.xml b/rpkid/left-right-protocol-samples/pdu.031.xml index 4871b271..1c7c8502 100644 --- a/rpkid/left-right-protocol-samples/pdu.031.xml +++ b/rpkid/left-right-protocol-samples/pdu.031.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <child action="create" type="query" self_id="42" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,6 +20,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> + </peer_biz_cert> </child> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.033.xml b/rpkid/left-right-protocol-samples/pdu.033.xml index 37bac784..9acfd9ae 100644 --- a/rpkid/left-right-protocol-samples/pdu.033.xml +++ b/rpkid/left-right-protocol-samples/pdu.033.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <child action="set" type="query" self_id="42" child_id="3" bsc_id="17" reissue="yes"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,6 +20,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> + </peer_biz_cert> </child> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.036.xml b/rpkid/left-right-protocol-samples/pdu.036.xml index 4c2576e1..333b70dd 100644 --- a/rpkid/left-right-protocol-samples/pdu.036.xml +++ b/rpkid/left-right-protocol-samples/pdu.036.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <child action="get" type="reply" self_id="42" child_id="3" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,6 +20,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> + </peer_biz_cert> </child> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.038.xml b/rpkid/left-right-protocol-samples/pdu.038.xml index 42d203a4..9c8244ee 100644 --- a/rpkid/left-right-protocol-samples/pdu.038.xml +++ b/rpkid/left-right-protocol-samples/pdu.038.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <child action="list" type="reply" self_id="42" child_id="3" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,6 +20,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> + </peer_biz_cert> </child> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.041.xml b/rpkid/left-right-protocol-samples/pdu.041.xml index 40cccf4d..5f489e64 100644 --- a/rpkid/left-right-protocol-samples/pdu.041.xml +++ b/rpkid/left-right-protocol-samples/pdu.041.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <repository action="create" type="query" self_id="42" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </repository> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.043.xml b/rpkid/left-right-protocol-samples/pdu.043.xml index e8f391a5..86c2fdc3 100644 --- a/rpkid/left-right-protocol-samples/pdu.043.xml +++ b/rpkid/left-right-protocol-samples/pdu.043.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <repository action="set" type="query" self_id="42" repository_id="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </repository> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.046.xml b/rpkid/left-right-protocol-samples/pdu.046.xml index ad7e42a4..3900f7ff 100644 --- a/rpkid/left-right-protocol-samples/pdu.046.xml +++ b/rpkid/left-right-protocol-samples/pdu.046.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <repository action="get" type="reply" self_id="42" repository_id="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </repository> </msg> diff --git a/rpkid/left-right-protocol-samples/pdu.048.xml b/rpkid/left-right-protocol-samples/pdu.048.xml index ff92dc33..156ec518 100644 --- a/rpkid/left-right-protocol-samples/pdu.048.xml +++ b/rpkid/left-right-protocol-samples/pdu.048.xml @@ -2,7 +2,7 @@ <!--Automatically generated, do not edit.--> <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1"> <repository action="list" type="reply" self_id="42" repository_id="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17"> - <cms_ta> + <peer_biz_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -20,8 +20,8 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </cms_ta> - <https_ta> + </peer_biz_cert> + <peer_biz_glue> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS @@ -39,6 +39,6 @@ sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== - </https_ta> + </peer_biz_glue> </repository> </msg> diff --git a/rpkid/left-right-schema.rnc b/rpkid/left-right-schema.rnc index 83be22bd..a815e587 100644 --- a/rpkid/left-right-schema.rnc +++ b/rpkid/left-right-schema.rnc @@ -35,9 +35,9 @@ ctl_dr = attribute action { "destroy" }, attribute type { "reply" }, tag # Base64 encoded DER stuff base64 = xsd:base64Binary { maxLength="512000" } -# How we wrap trust anchor elements -cms_ta = element cms_ta { base64 } -https_ta = element https_ta { base64 } +# How we wrap peer business cert elements +peer_biz_cert = element peer_biz_cert { base64 } +peer_biz_glue = element peer_biz_glue { base64 } # Base definition for all fields that are really just SQL primary indices sql_id = xsd:token { maxLength="1024" } @@ -52,11 +52,11 @@ self_bool = (attribute rekey { "yes" }?, attribute clear_extension_preferences { "yes" }?) self_payload = (attribute use_hsm { "yes" | "no" }?, - attribute crl_interval { xsd:token { maxLength="1024" } }?, - element extension_preference { - attribute name { xsd:token { maxLength="1024" } }, - xsd:string { maxLength="512000" } - }*) + attribute crl_interval { xsd:token { maxLength="1024" } }?, + element extension_preference { + attribute name { xsd:token { maxLength="1024" } }, + xsd:string { maxLength="512000" } + }*) self_id = attribute self_id { sql_id } @@ -110,8 +110,8 @@ parent_payload = (attribute peer_contact_uri { xsd:anyURI { maxLength="1024" } } attribute repository_id { xsd:token { maxLength="1024" } }?, attribute sender_name { xsd:token { maxLength="1024" } }?, attribute recipient_name { xsd:token { maxLength="1024" } }?, - cms_ta?, - https_ta?) + peer_biz_cert?, + peer_biz_glue?) parent_elt |= element parent { ctl_cq, self_id, parent_bool, parent_payload } parent_elt |= element parent { ctl_cr, self_id, parent_id } @@ -131,7 +131,8 @@ child_id = attribute child_id { sql_id } child_bool = attribute reissue { "yes" }? child_payload = (attribute bsc_id { xsd:token { maxLength="1024" } }?, - cms_ta?) + peer_biz_cert?, + peer_biz_glue?) child_elt |= element child { ctl_cq, self_id, child_bool, child_payload } child_elt |= element child { ctl_cr, self_id, child_id } @@ -150,8 +151,8 @@ repository_id = attribute repository_id { sql_id } repository_payload = (attribute peer_contact_uri { xsd:anyURI { maxLength="1024" } }?, attribute bsc_id { xsd:token { maxLength="1024" } }?, - cms_ta?, - https_ta?) + peer_biz_cert?, + peer_biz_glue?) repository_elt |= element repository { ctl_cq, self_id, repository_payload } repository_elt |= element repository { ctl_cr, self_id, repository_id } diff --git a/rpkid/left-right-schema.rng b/rpkid/left-right-schema.rng index 11b570eb..cfc36b70 100644 --- a/rpkid/left-right-schema.rng +++ b/rpkid/left-right-schema.rng @@ -140,14 +140,14 @@ <param name="maxLength">512000</param> </data> </define> - <!-- How we wrap trust anchor elements --> - <define name="cms_ta"> - <element name="cms_ta"> + <!-- How we wrap peer business cert elements --> + <define name="peer_biz_cert"> + <element name="peer_biz_cert"> <ref name="base64"/> </element> </define> - <define name="https_ta"> - <element name="https_ta"> + <define name="peer_biz_glue"> + <element name="peer_biz_glue"> <ref name="base64"/> </element> </define> @@ -480,10 +480,10 @@ </attribute> </optional> <optional> - <ref name="cms_ta"/> + <ref name="peer_biz_cert"/> </optional> <optional> - <ref name="https_ta"/> + <ref name="peer_biz_glue"/> </optional> </define> <define name="parent_elt" combine="choice"> @@ -582,7 +582,10 @@ </attribute> </optional> <optional> - <ref name="cms_ta"/> + <ref name="peer_biz_cert"/> + </optional> + <optional> + <ref name="peer_biz_glue"/> </optional> </define> <define name="child_elt" combine="choice"> @@ -681,10 +684,10 @@ </attribute> </optional> <optional> - <ref name="cms_ta"/> + <ref name="peer_biz_cert"/> </optional> <optional> - <ref name="https_ta"/> + <ref name="peer_biz_glue"/> </optional> </define> <define name="repository_elt" combine="choice"> diff --git a/rpkid/rpki/__init__.py b/rpkid/rpki/__init__.py index 91465330..3e0c653b 100644 --- a/rpkid/rpki/__init__.py +++ b/rpkid/rpki/__init__.py @@ -464,10 +464,10 @@ ## parent --action= --type= --tag= --self_id= --parent_id= ## --bsc_id= --repository_id= --peer_contact_uri= ## --sia_base= --sender_name= --recipient_name= -## --cms_ta= --https_ta= --rekey --reissue --revoke +## --peer_biz_cert= --peer_biz_glue= --rekey --reissue --revoke ## ## repository --action= --type= --tag= --self_id= --repository_id= -## --bsc_id= --peer_contact_uri= --cms_ta= --https_ta= +## --bsc_id= --peer_contact_uri= --peer_biz_cert= --peer_biz_glue= ## ## self --action= --type= --tag= --self_id= --crl_interval= ## --extension_preference= --rekey --reissue --revoke @@ -475,7 +475,7 @@ ## --clear_extension_preferences ## ## child --action= --type= --tag= --self_id= --child_id= -## --bsc_id= --cms_ta= --reissue +## --bsc_id= --peer_biz_cert= --peer_biz_glue= --reissue ## ## route_origin --action= --type= --tag= --self_id= --route_origin_id= ## --as_number= --ipv4= --ipv6= --suppress_publication diff --git a/rpkid/rpki/gctx.py b/rpkid/rpki/gctx.py index 5fa41606..203e8519 100644 --- a/rpkid/rpki/gctx.py +++ b/rpkid/rpki/gctx.py @@ -172,11 +172,14 @@ class global_context(object): store = POW.X509Store() - kids = [c.cms_ta for c in rpki.left_right.child_elt.sql_fetch_all(self)] + children = rpki.left_right.child_elt.sql_fetch_all(self) - for x in kids + self.https_ta_irbe: - if x is not None: - rpki.log.debug("HTTPS dynamic trust anchor %s" % x.getSubject()) - store.addTrust(x.get_POW()) + certs = [c.peer_biz_cert for c in children if c.peer_biz_cert is not None] + \ + [c.peer_biz_glue for c in children if c.peer_biz_glue is not None] + \ + self.https_ta_irbe + + for x in certs: + rpki.log.debug("HTTPS dynamic trust anchor %s" % x.getSubject()) + store.addTrust(x.get_POW()) return store diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py index 7be7b903..041415e0 100644 --- a/rpkid/rpki/left_right.py +++ b/rpkid/rpki/left_right.py @@ -515,15 +515,15 @@ class parent_elt(data_elt): element_name = "parent" attributes = ("action", "type", "tag", "self_id", "parent_id", "bsc_id", "repository_id", "peer_contact_uri", "sia_base", "sender_name", "recipient_name") - elements = ("cms_ta", "https_ta") + elements = ("peer_biz_cert", "peer_biz_glue") booleans = ("rekey", "reissue", "revoke") sql_template = rpki.sql.template("parent", "parent_id", "self_id", "bsc_id", "repository_id", - ("cms_ta", rpki.x509.X509), ("https_ta", rpki.x509.X509), + ("peer_biz_cert", rpki.x509.X509), ("peer_biz_glue", rpki.x509.X509), "peer_contact_uri", "sia_base", "sender_name", "recipient_name") - cms_ta = None - https_ta = None + peer_biz_cert = None + peer_biz_glue = None def repository(self): """Fetch repository object to which this parent object links.""" @@ -553,16 +553,16 @@ class parent_elt(data_elt): def startElement(self, stack, name, attrs): """Handle <parent/> element.""" - if name not in ("cms_ta", "https_ta"): + if name not in ("peer_biz_cert", "peer_biz_glue"): assert name == "parent", "Unexpected name %s, stack %s" % (name, stack) self.read_attrs(attrs) def endElement(self, stack, name, text): """Handle <parent/> element.""" - if name == "cms_ta": - self.cms_ta = rpki.x509.X509(Base64 = text) - elif name == "https_ta": - self.https_ta = rpki.x509.X509(Base64 = text) + if name == "peer_biz_cert": + self.peer_biz_cert = rpki.x509.X509(Base64 = text) + elif name == "peer_biz_glue": + self.peer_biz_glue = rpki.x509.X509(Base64 = text) else: assert name == "parent", "Unexpected name %s, stack %s" % (name, stack) stack.pop() @@ -570,10 +570,10 @@ class parent_elt(data_elt): def toXML(self): """Generate <parent/> element.""" elt = self.make_elt() - if self.cms_ta and not self.cms_ta.empty(): - self.make_b64elt(elt, "cms_ta", self.cms_ta.get_DER()) - if self.https_ta and not self.https_ta.empty(): - self.make_b64elt(elt, "https_ta", self.https_ta.get_DER()) + if self.peer_biz_cert and not self.peer_biz_cert.empty(): + self.make_b64elt(elt, "peer_biz_cert", self.peer_biz_cert.get_DER()) + if self.peer_biz_glue and not self.peer_biz_glue.empty(): + self.make_b64elt(elt, "peer_biz_glue", self.peer_biz_glue.get_DER()) return elt def query_up_down(self, q_pdu): @@ -608,13 +608,13 @@ class parent_elt(data_elt): raise q_cms = rpki.cms.xml_sign(q_elt, bsc.private_key_id, bsc.signing_cert, encoding = "UTF-8") - r_cms = rpki.https.client(server_ta = rpki.x509.X509_chain(self.https_ta), + r_cms = rpki.https.client(server_ta = rpki.x509.X509_chain(self.peer_biz_cert), client_key = bsc.private_key_id, client_certs = bsc.signing_cert, msg = q_cms, url = self.peer_contact_uri) - r_elt = rpki.cms.xml_verify(r_cms, self.cms_ta) + r_elt = rpki.cms.xml_verify(r_cms, self.peer_biz_cert) rpki.relaxng.up_down.assertValid(r_elt) r_msg = rpki.up_down.sax_handler.saxify(r_elt) r_msg.payload.check_response() @@ -626,12 +626,13 @@ class child_elt(data_elt): element_name = "child" attributes = ("action", "type", "tag", "self_id", "child_id", "bsc_id") - elements = ("cms_ta",) + elements = ("peer_biz_cert", "peer_biz_glue") booleans = ("reissue", ) - sql_template = rpki.sql.template("child", "child_id", "self_id", "bsc_id", ("cms_ta", rpki.x509.X509)) + sql_template = rpki.sql.template("child", "child_id", "self_id", "bsc_id", ("peer_biz_cert", rpki.x509.X509)) - cms_ta = None + peer_biz_cert = None + peer_biz_glue = None def child_certs(self, ca_detail = None, ski = None, unique = False): """Fetch all child_cert objects that link to this child object.""" @@ -657,14 +658,16 @@ class child_elt(data_elt): def startElement(self, stack, name, attrs): """Handle <child/> element.""" - if name != "cms_ta": + if name not in ("peer_biz_cert", "peer_biz_glue"): assert name == "child", "Unexpected name %s, stack %s" % (name, stack) self.read_attrs(attrs) def endElement(self, stack, name, text): """Handle <child/> element.""" - if name == "cms_ta": - self.cms_ta = rpki.x509.X509(Base64 = text) + if name == "peer_biz_cert": + self.peer_biz_cert = rpki.x509.X509(Base64 = text) + elif name == "peer_biz_glue": + self.peer_biz_glue = rpki.x509.X509(Base64 = text) else: assert name == "child", "Unexpected name %s, stack %s" % (name, stack) stack.pop() @@ -672,8 +675,10 @@ class child_elt(data_elt): def toXML(self): """Generate <child/> element.""" elt = self.make_elt() - if self.cms_ta: - self.make_b64elt(elt, "cms_ta", self.cms_ta.get_DER()) + if self.peer_biz_cert and not self.peer_biz_cert.empty(): + self.make_b64elt(elt, "peer_biz_cert", self.peer_biz_cert.get_DER()) + if self.peer_biz_glue and not self.peer_biz_glue.empty(): + self.make_b64elt(elt, "peer_biz_glue", self.peer_biz_glue.get_DER()) return elt def serve_up_down(self, query): @@ -684,7 +689,7 @@ class child_elt(data_elt): bsc = self.bsc() if bsc is None: raise rpki.exceptions.BSCNotFound, "Could not find BSC %s" % self.bsc_id - q_elt = rpki.cms.xml_verify(query, self.cms_ta) + q_elt = rpki.cms.xml_verify(query, self.peer_biz_cert) rpki.relaxng.up_down.assertValid(q_elt) q_msg = rpki.up_down.sax_handler.saxify(q_elt) q_msg.payload.gctx = self.gctx @@ -714,14 +719,14 @@ class repository_elt(data_elt): element_name = "repository" attributes = ("action", "type", "tag", "self_id", "repository_id", "bsc_id", "peer_contact_uri") - elements = ("cms_ta", "https_ta") + elements = ("peer_biz_cert", "peer_biz_glue") sql_template = rpki.sql.template("repository", "repository_id", "self_id", "bsc_id", - ("cms_ta", rpki.x509.X509), "peer_contact_uri", - ("https_ta", rpki.x509.X509)) + ("peer_biz_cert", rpki.x509.X509), "peer_contact_uri", + ("peer_biz_glue", rpki.x509.X509)) - cms_ta = None - https_ta = None + peer_biz_cert = None + peer_biz_glue = None def parents(self): """Fetch all parent objects that link to this repository object.""" @@ -729,16 +734,16 @@ class repository_elt(data_elt): def startElement(self, stack, name, attrs): """Handle <repository/> element.""" - if name not in ("cms_ta", "https_ta"): + if name not in ("peer_biz_cert", "peer_biz_glue"): assert name == "repository", "Unexpected name %s, stack %s" % (name, stack) self.read_attrs(attrs) def endElement(self, stack, name, text): """Handle <repository/> element.""" - if name == "cms_ta": - self.cms_ta = rpki.x509.X509(Base64 = text) - elif name == "https_ta": - self.https_ta = rpki.x509.X509(Base64 = text) + if name == "peer_biz_cert": + self.peer_biz_cert = rpki.x509.X509(Base64 = text) + elif name == "peer_biz_glue": + self.peer_biz_glue = rpki.x509.X509(Base64 = text) else: assert name == "repository", "Unexpected name %s, stack %s" % (name, stack) stack.pop() @@ -746,10 +751,10 @@ class repository_elt(data_elt): def toXML(self): """Generate <repository/> element.""" elt = self.make_elt() - if self.cms_ta: - self.make_b64elt(elt, "cms_ta", self.cms_ta.get_DER()) - if self.https_ta: - self.make_b64elt(elt, "https_ta", self.https_ta.get_DER()) + if self.peer_biz_cert: + self.make_b64elt(elt, "peer_biz_cert", self.peer_biz_cert.get_DER()) + if self.peer_biz_glue: + self.make_b64elt(elt, "peer_biz_glue", self.peer_biz_glue.get_DER()) return elt @staticmethod diff --git a/rpkid/rpki/relaxng.py b/rpkid/rpki/relaxng.py index d7d9a124..314003b8 100644 --- a/rpkid/rpki/relaxng.py +++ b/rpkid/rpki/relaxng.py @@ -6,7 +6,7 @@ import lxml.etree ## Parsed RelaxNG left_right schema left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encoding="UTF-8"?> <!-- - $Id: left-right-schema.rng 1637 2008-04-08 23:41:30Z sra $ + $Id: left-right-schema.rnc 1637 2008-04-08 23:41:30Z sra $ RelaxNG (Compact Syntax) Schema for RPKI left-right protocol. @@ -146,14 +146,14 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc <param name="maxLength">512000</param> </data> </define> - <!-- How we wrap trust anchor elements --> - <define name="cms_ta"> - <element name="cms_ta"> + <!-- How we wrap peer business cert elements --> + <define name="peer_biz_cert"> + <element name="peer_biz_cert"> <ref name="base64"/> </element> </define> - <define name="https_ta"> - <element name="https_ta"> + <define name="peer_biz_glue"> + <element name="peer_biz_glue"> <ref name="base64"/> </element> </define> @@ -486,10 +486,10 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc </attribute> </optional> <optional> - <ref name="cms_ta"/> + <ref name="peer_biz_cert"/> </optional> <optional> - <ref name="https_ta"/> + <ref name="peer_biz_glue"/> </optional> </define> <define name="parent_elt" combine="choice"> @@ -588,7 +588,10 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc </attribute> </optional> <optional> - <ref name="cms_ta"/> + <ref name="peer_biz_cert"/> + </optional> + <optional> + <ref name="peer_biz_glue"/> </optional> </define> <define name="child_elt" combine="choice"> @@ -687,10 +690,10 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc </attribute> </optional> <optional> - <ref name="cms_ta"/> + <ref name="peer_biz_cert"/> </optional> <optional> - <ref name="https_ta"/> + <ref name="peer_biz_glue"/> </optional> </define> <define name="repository_elt" combine="choice"> diff --git a/rpkid/testbed.py b/rpkid/testbed.py index ce047285..647b4b0f 100644 --- a/rpkid/testbed.py +++ b/rpkid/testbed.py @@ -585,19 +585,19 @@ class allocation(object): if self.parent is None: self.parent_id = self.call_rpkid(rpki.left_right.parent_elt.make_pdu( action = "create", self_id = self.self_id, bsc_id = self.bsc_id, repository_id = self.repository_id, sia_base = self.sia_base, - cms_ta = rootd_ta, https_ta = rootd_ta, sender_name = self.name, recipient_name = "Walrus", + peer_biz_cert = rootd_ta, peer_biz_glue = rootd_ta, sender_name = self.name, recipient_name = "Walrus", peer_contact_uri = "https://localhost:%s/" % rootd_port)).parent_id else: self.parent_id = self.call_rpkid(rpki.left_right.parent_elt.make_pdu( action = "create", self_id = self.self_id, bsc_id = self.bsc_id, repository_id = self.repository_id, sia_base = self.sia_base, - cms_ta = self.parent.rpkid_ta, https_ta = self.parent.rpkid_ta, sender_name = self.name, recipient_name = self.parent.name, + peer_biz_cert = self.parent.rpkid_ta, peer_biz_glue = self.parent.rpkid_ta, sender_name = self.name, recipient_name = self.parent.name, peer_contact_uri = "https://localhost:%s/up-down/%s" % (self.parent.rpki_port, self.child_id))).parent_id rpki.log.info("Creating rpkid child objects for %s" % self.name) db = MySQLdb.connect(user = "irdb", db = self.irdb_db_name, passwd = irdb_db_pass) cur = db.cursor() for kid in self.kids: - kid.child_id = self.call_rpkid(rpki.left_right.child_elt.make_pdu(action = "create", self_id = self.self_id, bsc_id = self.bsc_id, cms_ta = kid.rpkid_ta)).child_id + kid.child_id = self.call_rpkid(rpki.left_right.child_elt.make_pdu(action = "create", self_id = self.self_id, bsc_id = self.bsc_id, peer_biz_cert = kid.rpkid_ta)).child_id cur.execute("UPDATE registrant SET rpki_self_id = %s, rpki_child_id = %s WHERE IRBE_mapped_id = %s", (self.self_id, kid.child_id, kid.name)) db.close() |