8 files changed, 0 insertions, 495 deletions
diff --git a/myrpki/examples/asns.csv b/myrpki/examples/asns.csv
deleted file mode 100644
index 804cf839..00000000
--- a/myrpki/examples/asns.csv
+++ /dev/null
@@ -1,8 +0,0 @@
-# $Id$
-#
-# Syntax: <child_handle> <asn>
-#
-# NB: Comment lines are not allowed in these files, this one is only
-# present to explain the example
-#
-Alice	64533
diff --git a/myrpki/examples/children.csv b/myrpki/examples/children.csv
deleted file mode 100644
index da29e8b5..00000000
--- a/myrpki/examples/children.csv
+++ /dev/null
@@ -1,9 +0,0 @@
-# $Id$
-#
-# Syntax: <child_handle> <validitydate> <bpki_cert_filename>
-#
-# NB: Comment lines are not allowed in these files, this one is only
-# present to explain the example
-#
-Alice	2009-07-27T08:24:53Z	Alice.ta.cer
-Bob	2009-07-27T08:24:53Z	Bob.ta.cer
diff --git a/myrpki/examples/myrpki.conf b/myrpki/examples/myrpki.conf
deleted file mode 100644
index 0eded59b..00000000
--- a/myrpki/examples/myrpki.conf
+++ /dev/null
@@ -1,411 +0,0 @@
-# $Id: myrpki.conf 2722 2009-08-31 22:24:48Z sra $
-#
-# Config file for myrpki.py, myirbe.py, and RPKI daemons when used
-# with myrpki.py etc.  Notes:
-#
-# - There's some duplication of settings between some of the sections,
-#   because each of the several daemons and control programs was
-#   written as a free-standing program.  Lumping all of the config for
-#   all of them into a single config file is just a convenience for
-#   simple configurations; in complex cases you might not have any two
-#   of them running on the same machine.
-#
-# - This config file is also read by the OpenSSL command line tool
-#   running under mypki.py, so syntax must remain compatable with both
-#   OpenSSL and Python config file parsers, and there's a big chunk of
-#   OpenSSL voodoo towards the end of this file.
-
-################################################################
-
-[myrpki]
-
-# Handle naming hosted resource-holding entity (<self/>) represented
-# by this myrpki instance.  Syntax is an identifier (ASCII letters,
-# digits, hyphen, underscore -- no whitespace, non-ASCII characters,
-# or other punctuation).  You need to set this.
-
-handle				= Me
-
-# BPKI trust anchor for the repository in which this <self/> will be
-# publishing its outputs.  You need to set this.
-
-repository_bpki_certificate	= repository-ta.cer
-
-# Name by which repository will know this <self/>.  This may be a
-# structured handle, eg, "Grandma/Mom/Me" or might be a simple handle,
-# depending on how the repository is set up.  Syntax is same as
-# "handle", with the addition of "/" characters as an allowed
-# delimiter.  You need to set this.
-
-repository_handle		= Me
-
-# Names of various input and output files.  Don't change these without
-# a good reason.
-
-roa_csv				= roas.csv
-children_csv			= children.csv
-parents_csv			= parents.csv
-prefix_csv			= prefixes.csv
-asn_csv				= asns.csv
-xml_filename			= myrpki.xml
-bpki_directory			= bpki.myrpki
-
-#################################################################
-
-[myirbe]
-
-# Base of service URL for pubd.  myirbe.py uses this value to
-# configure <repository/> objects in rpkid.  If you are running your
-# own copy of pubd (see "want_pubd"), myirbe.py also uses this to
-# contact your copy of pubd in order to configure it.
-#
-# You need to configure this.
-
-pubd_base			= https://pubd.example.org:4402/
-
-# Base of service URL for rpkid.  myirbe.py uses this to contact your
-# rpkid so it can configure it.
-#
-# You need to configure this.
-
-rpkid_base			= https://rpkid.example.org:4404
-
-# Whether you want myirbe.py to attempt to configure your own copy of
-# pubd.  In general, it's best to use your parent's pubd if you can,
-# to reduce the overall number of publication sites that relying
-# parties need to check, so don't enable this unless you have a good
-# reason.  See the [pubd] section if you do enable this.
-#
-# Enabling this when you are -not- running your own copy of pubd will
-# cause myirbe.py to fail when it attempts to perform runtime
-# configuration of your nonexistant pubd.
-
-want_pubd			= false
-
-# Whether you want myirbe.py to generate BPKI certs for running your
-# very own copy of rootd.  Don't enable this unless you really know
-# what you're doing.  See [rootd] section below for further comments.
-
-want_rootd			= false
-
-# Where to put BPKI stuff for the IRBE operator (entity that operates
-# rpkid etc).  Don't change this without a reason.
-
-bpki_directory			= bpki.myirbe
-
-#################################################################
-
-[rpkid]
-
-# MySQL database name, user name, and password for rpkid to use to
-# store its data.  You need  to configure these.
-
-sql-database			= rpki
-sql-username			= rpki
-sql-password    		= fnord
-
-# Host and port on which rpkid should listen for HTTPS service
-# requests.  These should match rpkid_base in the [myirbe] section.
-# You need to configure these.
-
-server-host     		= rpkid.example.org
-server-port     		= 4404
-
-# HTTPS service URL rpkid should use to contact irdbd.  If irdbd is
-# running on the same machine as rpkid, this can and probably should
-# be a loopback URL, since nobody but rpkid needs to talk to irdbd.
-
-irdb-url        		= https://localhost:4403/
-
-# Where rpkid should look for BPKI certs and keys used in the
-# left-right protocol.  The following values match where myirbe.py
-# will have placed things.  Don't change these without a reason.
-
-bpki-ta         		= bpki.myirbe/ca.cer
-rpkid-key       		= bpki.myirbe/rpkid.key
-rpkid-cert      		= bpki.myirbe/rpkid.cer
-irdb-cert       		= bpki.myirbe/irdbd.cer
-irbe-cert       		= bpki.myirbe/irbe.cer
-
-#################################################################
-
-[irdbd]
-
-# MySQL database name, user name, and password for irdbd to use to
-# store its data.  You need to configure these.
-
-sql-database    		= irdb
-sql-username    		= irdb
-sql-password    		= fnord
-
-# HTTP service URL irdbd should listen on.  This should match the
-# irdb-url parameter in the [rpkid] section; see comments there.
-
-https-url			= https://localhost:4403/
-
-# Where irdbd should look for BPKI certs and keys used in the
-# left-right protocol.  The following values match where myirbe.py
-# will have placed things.  Don't change these without a reason.
-
-bpki-ta         		= bpki.myirbe/ca.cer
-rpkid-cert      		= bpki.myirbe/rpkid.cer
-irdbd-cert      		= bpki.myirbe/irdbd.cer
-irdbd-key       		= bpki.myirbe/irdbd.key
-
-#################################################################
-
-[pubd]
-
-# MySQL database name, user name, and password for pubd to use to
-# store (some of) its data.  You need to configure these.
-
-sql-database            	= pubd
-sql-username            	= pubd
-sql-password            	= fnord
-
-# Root of directory tree where pubd should write out published data.
-# You need to configure this, and the configuration should match up
-# with the directory where you point rsyncd.  Neither pubd nor rsyncd
-# much cares -where- you tell them to put this stuff, the important
-# thing is that the rsync:// URIs in generated certificates match up
-# with the published objects so that relying parties can find and
-# verify rpkid's published outputs.
-
-publication-base        	= publication/
-
-# Host and port on which pubd should listen for HTTPS service
-# requests.  These should match pubd_base in the [myirbe] section.
-# You need to configure these.
-
-server-host             	= pubd.example.org
-server-port             	= 4402
-
-# Where pubd should look for BPKI certs and keys used in the
-# left-right protocol.  The following values match where myirbe.py
-# will have placed things.  Don't change these without a reason.
-
-bpki-ta                 	= bpki.myirbe/ca.cer
-pubd-cert               	= bpki.myirbe/pubd.cer
-pubd-key                	= bpki.myirbe/pubd.key
-irbe-cert               	= bpki.myirbe/irbe.cer
-
-#################################################################
-
-[irbe_cli]
-
-# HTTPS service URL for rpkid
-
-rpkid-url                       = https://rpkid.example.org:4404/left-right/
-
-# BPKI certificates and keys for talking to rpkid
-
-rpkid-bpki-ta                   = bpki.myirbe/ca.cer
-rpkid-irbe-key                  = bpki.myirbe/irbe.key
-rpkid-irbe-cert                 = bpki.myirbe/irbe.cer
-rpkid-cert                      = bpki.myirbe/rpkid.cer
-
-# HTTPS service URL for pubd
-
-pubd-url                        = https://localhost:4402/control/
-
-# BPKI certificates and keys for talking to pubd
-
-pubd-bpki-ta                    = bpki.myirbe/ca.cer
-pubd-irbe-key                   = bpki.myirbe/irbe.key
-pubd-irbe-cert                  = bpki.myirbe/irbe.cer
-pubd-cert                       = bpki.myirbe/pubd.cer
-
-#################################################################
-
-# You don't need to run rootd unless you're IANA, are certifying
-# private address space, or are an RIR which refuses to accept IANA as
-# the root of the public address hierarchy.
-#
-# Ok, if that wasn't enough to scare you off: rootd is a kludge, and
-# needs to be rewritten, or, better, merged into rpkid.  It does a
-# number of things wrong, and requires far too many configuration
-# parameters.  You have been warned....
-
-[rootd]
-
-# BPKI certificates and keys for rootd
-
-bpki-ta                 	= bpki.myirbe/ca.cer
-rootd-bpki-crl          	= bpki.myirbe/ca.crl
-rootd-bpki-cert         	= bpki.myirbe/rootd.cer
-rootd-bpki-key          	= bpki.myirbe/rootd.key
-child-bpki-cert         	= bpki.myirbe/child.cer
-
-# Server port on which rootd should listen.
-
-server-port             	= 4401
-
-# Where rootd should write its output.  Yes, rootd should be using
-# pubd instead of publishing directly, but it doesn't.
-
-rpki-root-dir           	= publication/
-
-# rsync URI for directory containing rootd's outputs
-
-rpki-base-uri           	= rsync://rpki.example.org/Me/
-
-# rsync URI for rootd's root (self-signed) RPKI certificate
-
-rpki-root-cert-uri      	= rsync://rpki.example.org/Me/root.cer
-
-# Private key corresponding to rootd's root RPKI certificate
-
-rpki-root-key           	= bpki.myirbe/ca.key
-
-# Filename (as opposed to rsync URI) of rootd's root RPKI certificate
-
-rpki-root-cert          	= publication/root.cer
-
-# Where rootd should stash a copy of the PKCS #10 request it gets from
-# its one (and only) child
-
-rpki-subject-pkcs10     	= rootd.subject.pkcs10
-
-# Lifetime of the one and only certificate rootd issues
-
-rpki-subject-lifetime   	= 30d
-
-# Filename (relative to rootd-base-uri and rpki-root-dir) of the CRL
-# for rootd's root RPKI certificate
-
-rpki-root-crl           	= root.crl
-
-# Filename (relative to rootd-base-uri and rpki-root-dir) of the
-# manifest for rootd's root RPKI certificate
-
-rpki-root-manifest      	= root.mnf
-
-# Up-down protocol class name for RPKI certificate rootd issues to its
-# one (and only) child
-
-rpki-class-name         	= Me
-
-# Filename (relative to rootd-base-uri and rpki-root-dir) of the one
-# (and only) RPKI certificate rootd issues
-
-rpki-subject-cert       	= Me.cer
-
-# The last four paramters in this section are really parameters for
-# myirbe.py to use when constructing rootd's root RPKI certificate,
-# via an indirection hack in the OpenSSL voodoo portion of this file.
-# Don't ask why some of these are duplicated from other paramters in
-# this section, you don't want to know (really, you don't).
-
-# ASNs to include in rootd's root RPKI certificate, in openssl.conf format
-
-root_cert_asns			= AS:0-4294967295
-
-# IP addresses to include in rootd's root RPKI certificate, in
-# openssl.conf format
-
-root_cert_addrs			= IPv4:0.0.0.0/0,IPv6:0::/0
-
-# Whatever you put in rpki-base-uri, earlier in this section
-
-root_cert_sia			= rsync://rpki.example.org/Me/
-
-# root_cert_sia + rpki-root-manifest
-
-root_cert_manifest		= rsync://rpki.example.org/Me/root.mnf
-
-#################################################################
-
-# Constants for OpenSSL voodoo portion of this file, to make them
-# easier to find.
-
-[constants]
-
-# Digest algorithm.  Don't change this.
-
-digest				= sha256
-
-# RSA key length.   Don't change this.
-
-key_length			= 2048
-
-# Lifetime of BPKI certificates (and rootd RPKI root certificate).
-# Don't change this unless you know what you're doing.
-
-cert_days			= 365
-
-# Lifetime of BPKI CRLs.  Don't change this unless you know what
-# you're doing.
-
-crl_days			= 365
-
-#################################################################
-
-# The rest of this file is OpenSSL configuration voodoo.  Don't touch
-# anything below here even if you -do- know what you're doing.  Even
-# by OpenSSL standards, some of this is weird, and interacts in
-# non-obvious ways with code in myrpki.py and myirbe.py.  If you touch
-# this stuff and something breaks, don't say you weren't warned.
-
-[req]
-default_bits			= ${constants::key_length}
-default_md			= ${constants::digest}
-distinguished_name		= req_dn
-prompt				= no
-encrypt_key			= no
-
-[req_dn]
-CN                      	= Dummy name for certificate request
-
-[ca_x509_ext_ee]
-subjectKeyIdentifier		= hash
-authorityKeyIdentifier		= keyid:always
-
-[ca_x509_ext_xcert0]
-basicConstraints		= critical,CA:true,pathlen:0
-subjectKeyIdentifier		= hash
-authorityKeyIdentifier		= keyid:always
-
-[ca_x509_ext_xcert1]
-basicConstraints		= critical,CA:true,pathlen:1
-subjectKeyIdentifier		= hash
-authorityKeyIdentifier		= keyid:always
-
-[ca_x509_ext_ca]
-basicConstraints		= critical,CA:true
-subjectKeyIdentifier		= hash
-authorityKeyIdentifier		= keyid:always
-
-[ca]
-default_ca			= ca
-dir				= ${ENV::BPKI_DIRECTORY}
-new_certs_dir			= $dir
-database			= $dir/index
-certificate			= $dir/ca.cer
-private_key			= $dir/ca.key
-default_days			= ${constants::cert_days}
-default_crl_days		= ${constants::crl_days}
-default_md			= ${constants::digest}
-policy				= ca_dn_policy
-unique_subject			= no
-serial				= $dir/serial
-crlnumber			= $dir/crl_number
-
-[ca_dn_policy]
-countryName			= optional
-stateOrProvinceName		= optional
-localityName			= optional
-organizationName		= optional
-organizationalUnitName		= optional
-commonName			= supplied
-emailAddress			= optional
-givenName			= optional
-surname				= optional
-
-[rootd_x509_extensions]
-basicConstraints        	= critical,CA:true
-subjectKeyIdentifier    	= hash
-keyUsage                	= critical,keyCertSign,cRLSign
-subjectInfoAccess       	= 1.3.6.1.5.5.7.48.5;URI:${rootd::root_cert_sia},1.3.6.1.5.5.7.48.10;URI:${rootd::root_cert_manifest}
-sbgp-autonomousSysNum   	= critical,${rootd::root_cert_asns}
-sbgp-ipAddrBlock        	= critical,${rootd::root_cert_addrs}
-certificatePolicies     	= critical,1.3.6.1.5.5.7.14.2
diff --git a/myrpki/examples/parents.csv b/myrpki/examples/parents.csv
deleted file mode 100644
index f92eddeb..00000000
--- a/myrpki/examples/parents.csv
+++ /dev/null
@@ -1,8 +0,0 @@
-# $Id$
-#
-# Syntax: <parent_handle> <service_uri> <cms_bpki_cert_filename> <https_bpki_cert_filename> <myhandle>	<sia_base>
-#
-# NB: Comment lines are not allowed in these files, this one is only
-# present to explain the example
-#
-Mom	https://localhost:4414/up-down/Mom/Becca	Mom.ta.cer	Mom.rpkid.cer	Becca	rsync://rpki.example.org/Me/
diff --git a/myrpki/examples/prefixes.csv b/myrpki/examples/prefixes.csv
deleted file mode 100644
index 160f9339..00000000
--- a/myrpki/examples/prefixes.csv
+++ /dev/null
@@ -1,11 +0,0 @@
-# $Id$
-#
-# Syntax: <child_handle> <prefix>/<length>
-#     or: <child_handle> <min>-<max>
-#
-# NB: Comment lines are not allowed in these files, this one is only
-# present to explain the example
-#
-Alice	192.0.2.0/27
-Bob	192.0.2.44-192.0.2.100
-Bob	10.0.0.0/8
diff --git a/myrpki/examples/pubclients.csv b/myrpki/examples/pubclients.csv
deleted file mode 100644
index 6336a1a6..00000000
--- a/myrpki/examples/pubclients.csv
+++ /dev/null
@@ -1,10 +0,0 @@
-# $Id$
-#
-# Syntax: <client_handle> <bpki_cert_filename> <sia_base>
-#
-# NB: Comment lines are not allowed in these files, this one is only
-# present to explain the example
-#
-Me	bpki.myrpki/ca.cer	rsync://rpki.example.org/Me/
-Me/Alice	pubd-client-certs/Alice.cer	rsync://rpki.example.org/Me/Alice/
-Me/Bob	pubd-client-certs/Bob.cer	rsync://rpki.example.org/Me/Bob/
diff --git a/myrpki/examples/roas.csv b/myrpki/examples/roas.csv
deleted file mode 100644
index 4343ada0..00000000
--- a/myrpki/examples/roas.csv
+++ /dev/null
@@ -1,8 +0,0 @@
-# $Id$
-#
-# Syntax: <prefix>/<length>-<maxlength> <asn> <group>
-#
-# NB: Comment lines are not allowed in these files, this one is only
-# present to explain the example
-#
-10.3.0.44/32	666	Mom
diff --git a/myrpki/examples/rsyncd.conf b/myrpki/examples/rsyncd.conf
deleted file mode 100644
index d0a9cd97..00000000
--- a/myrpki/examples/rsyncd.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-# $Id$
-#
-# Sample rsyncd.conf file for use with pubd.  You may need to
-# customize this for the conventions on your system.  See the rsync
-# and rsyncd.conf manual pages for a complete explanation of how to
-# configure rsyncd, this is just a simple configuration to get you
-# started.
-#
-# There are two parameters in the following which you should set to
-# appropriate values for your system:
-#
-# "myname" is the rsync module name to configure, as in
-# "rsync://rpki.example.org/myname/"
-#
-# "/some/where/publication" is the absolute pathname of the directory
-# where you told pubd to place its outputs (see the publication_base
-# parameter in the [pubd] section of myrpki.conf)
-#
-# You may need to adjust other parameters for your system environment.
-
-pid file	= /var/run/rsyncd.pid
-uid		= nobody
-gid		= nobody
-
-[myname]
-    use chroot		= no
-    read only		= yes
-    transfer logging	= yes
-    path		= /some/where/publication
-    comment		= RPKI Testbed