5 files changed, 0 insertions, 521 deletions
diff --git a/rpkid.with_tls/examples/asns.csv b/rpkid.with_tls/examples/asns.csv
deleted file mode 100644
index 9d742740..00000000
--- a/rpkid.with_tls/examples/asns.csv
+++ /dev/null
@@ -1,5 +0,0 @@
-# $Id$
-#
-# Syntax: <child_handle> <asn>
-#
-Alice	64533
diff --git a/rpkid.with_tls/examples/myrpki.conf b/rpkid.with_tls/examples/myrpki.conf
deleted file mode 100644
index f9331b10..00000000
--- a/rpkid.with_tls/examples/myrpki.conf
+++ /dev/null
@@ -1,458 +0,0 @@
-################################################################
-#
-# $Id: myrpki.conf 2722 2009-08-31 22:24:48Z sra $
-#
-# Config file for myrpki.py and RPKI daemons.
-#
-# NB: This config file is read both by Python code and also by the
-# OpenSSL command line tool (running under mypki), so syntax must
-# remain compatable with both parsers, and there's a big chunk of
-# OpenSSL voodoo towards the end of this file.
-#
-################################################################
-
-[myrpki]
-
-# Handle naming hosted resource-holding entity (<self/>) represented
-# by this myrpki instance.  Syntax is an identifier (ASCII letters,
-# digits, hyphen, underscore -- no whitespace, non-ASCII characters,
-# or other punctuation).  You need to set this.
-
-handle				= Me
-
-# Names of various files and directories.  Don't change these without
-# a good reason.
-
-roa_csv				= roas.csv
-prefix_csv			= prefixes.csv
-asn_csv				= asns.csv
-xml_filename			= myrpki.xml
-bpki_resources_directory	= bpki/resources
-bpki_servers_directory		= bpki/servers
-
-# Whether you want to run your own copy of rpkid (and irdbd).  You
-# want this on unless somebody else is hosting rpkid service for you.
-
-run_rpkid			= true
-
-# DNS hostname and server port numbers for rpkid and irdbd, if you're
-# running them.  rpkid's server host has to be a publicly reachable
-# name to be useful; irdbd's server host should always be localhost
-# unless you really know what you are doing.  Port numbers can be any
-# legal TCP port number that you're not using for something else.
-
-rpkid_server_host     		= rpkid.example.org
-rpkid_server_port     		= 4404
-irdbd_server_host		= localhost
-irdbd_server_port		= 4403
-
-# Whether you want to run your own copy of pubd.  In general, it's
-# best to use your parent's pubd if you can, to reduce the overall
-# number of publication sites that relying parties need to check, so
-# don't enable this unless you have a good reason.
-
-run_pubd			= false
-
-# DNS hostname and server port number for pubd, if you're running it.
-# Hostname has to be a publicly reachable name to be useful, port can
-# be any legal TCP port number that you're not using for something
-# else.
-
-pubd_server_host             	= pubd.example.org
-pubd_server_port             	= 4402
-
-# Contact information to include in offers of repository service.
-# This only matters when we're running pubd.  This should be a human
-# readable string, perhaps containing an email address or URL.
-
-pubd_contact_info		= repo-man@rpki.example.org
-
-# Whether you want to run your very own copy of rootd.  Don't enable
-# this unless you really know what you're doing.
-
-run_rootd			= false
-
-# Server port number for rootd, if you're running it.  This can be any
-# legal TCP port number that you're not using for something else.
-
-rootd_server_port		= 4401
-
-# Root of local directory tree where pubd (and rootd, sigh) should
-# write out published data.  You need to configure this, and the
-# configuration should match up with the directory where you point
-# rsyncd.  Neither pubd nor rsyncd much cares -where- you tell them to
-# put this stuff, the important thing is that the rsync:// URIs in
-# generated certificates match up with the published objects so that
-# relying parties can find and verify rpkid's published outputs.
-
-publication_base_directory     	= publication/
-
-# rsyncd module name corresponding to publication_base_directory.
-# This has to match the module you configured into rsyncd.conf.
-# Leave this alone unless you have some need to change it.
-
-publication_rsync_module	= rpki
-
-# Hostname and optional port number for rsync:// URIs.  In most cases
-# this should just be the same value as pubd_server_host.
-
-publication_rsync_server	= ${myrpki::pubd_server_host}
-
-# SQL configuration.  You can ignore this if you're not running any of
-# the daemons yourself.
-
-# If you're comfortable with having all of the databases use the same
-# MySQL username and password, set those values here.  It's ok to
-# leave the default username alone, but you should use a locally
-# generated password either here or in the individual settings below.
-
-shared_sql_username		= rpki
-shared_sql_password		= fnord
-
-# If you want different usernames and passwords for the separate SQL
-# databases, enter those settings here; the shared_sql_* settings are
-# only referenced here, so you can remove them entirely if you're
-# setting everything in this block.
-
-rpkid_sql_database		= rpkid
-rpkid_sql_username		= ${myrpki::shared_sql_username}
-rpkid_sql_password		= ${myrpki::shared_sql_password}
-
-irdbd_sql_database		= irdbd
-irdbd_sql_username		= ${myrpki::shared_sql_username}
-irdbd_sql_password		= ${myrpki::shared_sql_password}
-
-pubd_sql_database		= pubd
-pubd_sql_username		= ${myrpki::shared_sql_username}
-pubd_sql_password		= ${myrpki::shared_sql_password}
-
-# Name of OpenSSL binary.  You might need to change this if you have
-# no system copy installed, or if the system copy doesn't support CMS.
-# The copy of openssl built by this package should suffice.
-
-openssl				= openssl
-
-# End of [myrpki] section
-
-#################################################################
-#
-# In theory it should not be necessary to modify anything below this
-# point, at least not if you're within the boundaries of the
-# simplified configuration that the myrpki tool is intended to
-# support.  If you do have to modify anything below this point, please
-# report it.
-#
-#################################################################
-
-[rpkid]
-
-# MySQL database name, user name, and password for rpkid to use to
-# store its data.
-
-sql-database			= ${myrpki::rpkid_sql_database}
-sql-username			= ${myrpki::rpkid_sql_username}
-sql-password    		= ${myrpki::rpkid_sql_password}
-
-# Host and port on which rpkid should listen for HTTPS service
-# requests.
-
-server-host     		= ${myrpki::rpkid_server_host}
-server-port     		= ${myrpki::rpkid_server_port}
-
-# HTTPS service URL rpkid should use to contact irdbd.  If irdbd is
-# running on the same machine as rpkid, this can and probably should
-# be a loopback URL, since nobody but rpkid needs to talk to irdbd.
-
-irdb-url        		= https://${myrpki::irdbd_server_host}:${myrpki::irdbd_server_port}/
-
-# Where rpkid should look for BPKI certs and keys used in the
-# left-right protocol.  The following values match where myirbe.py
-# will have placed things.  Don't change these without a reason.
-
-bpki-ta         		= ${myrpki::bpki_servers_directory}/ca.cer
-rpkid-key       		= ${myrpki::bpki_servers_directory}/rpkid.key
-rpkid-cert      		= ${myrpki::bpki_servers_directory}/rpkid.cer
-irdb-cert       		= ${myrpki::bpki_servers_directory}/irdbd.cer
-irbe-cert       		= ${myrpki::bpki_servers_directory}/irbe.cer
-
-#################################################################
-
-[irdbd]
-
-# MySQL database name, user name, and password for irdbd to use to
-# store its data.
-
-sql-database			= ${myrpki::irdbd_sql_database}
-sql-username			= ${myrpki::irdbd_sql_username}
-sql-password    		= ${myrpki::irdbd_sql_password}
-
-# HTTP service URL irdbd should listen on.  This should match the
-# irdb-url parameter in the [rpkid] section; see comments there.
-
-https-url			= https://${myrpki::irdbd_server_host}:${myrpki::irdbd_server_port}/
-
-# Where irdbd should look for BPKI certs and keys used in the
-# left-right protocol.  The following values match where myirbe.py
-# will have placed things.  Don't change these without a reason.
-
-bpki-ta         		= ${myrpki::bpki_servers_directory}/ca.cer
-rpkid-cert      		= ${myrpki::bpki_servers_directory}/rpkid.cer
-irdbd-cert      		= ${myrpki::bpki_servers_directory}/irdbd.cer
-irdbd-key       		= ${myrpki::bpki_servers_directory}/irdbd.key
-
-#################################################################
-
-[pubd]
-
-# MySQL database name, user name, and password for pubd to use to
-# store (some of) its data.
-
-sql-database			= ${myrpki::pubd_sql_database}
-sql-username			= ${myrpki::pubd_sql_username}
-sql-password    		= ${myrpki::pubd_sql_password}
-
-# Root of directory tree where pubd should write out published data.
-# You need to configure this, and the configuration should match up
-# with the directory where you point rsyncd.  Neither pubd nor rsyncd
-# much cares -where- you tell them to put this stuff, the important
-# thing is that the rsync:// URIs in generated certificates match up
-# with the published objects so that relying parties can find and
-# verify rpkid's published outputs.
-
-publication-base        	= ${myrpki::publication_base_directory}
-
-# Host and port on which pubd should listen for HTTPS service
-# requests.
-
-server-host             	= ${myrpki::pubd_server_host}
-server-port             	= ${myrpki::pubd_server_port}
-
-# Where pubd should look for BPKI certs and keys used in the
-# left-right protocol.  The following values match where myirbe.py
-# will have placed things.  Don't change these without a reason.
-
-bpki-ta                 	= ${myrpki::bpki_servers_directory}/ca.cer
-pubd-cert               	= ${myrpki::bpki_servers_directory}/pubd.cer
-pubd-key                	= ${myrpki::bpki_servers_directory}/pubd.key
-irbe-cert               	= ${myrpki::bpki_servers_directory}/irbe.cer
-
-#################################################################
-
-[irbe_cli]
-
-# HTTPS service URL for rpkid
-
-rpkid-url                       = https://${myrpki::rpkid_server_host}:${myrpki::rpkid_server_port}/left-right/
-
-# BPKI certificates and keys for talking to rpkid
-
-rpkid-bpki-ta                   = ${myrpki::bpki_servers_directory}/ca.cer
-rpkid-irbe-key                  = ${myrpki::bpki_servers_directory}/irbe.key
-rpkid-irbe-cert                 = ${myrpki::bpki_servers_directory}/irbe.cer
-rpkid-cert                      = ${myrpki::bpki_servers_directory}/rpkid.cer
-
-# HTTPS service URL for pubd
-
-pubd-url                        = https://${myrpki::pubd_server_host}:${myrpki::pubd_server_port}/control/
-
-# BPKI certificates and keys for talking to pubd
-
-pubd-bpki-ta                    = ${myrpki::bpki_servers_directory}/ca.cer
-pubd-irbe-key                   = ${myrpki::bpki_servers_directory}/irbe.key
-pubd-irbe-cert                  = ${myrpki::bpki_servers_directory}/irbe.cer
-pubd-cert                       = ${myrpki::bpki_servers_directory}/pubd.cer
-
-#################################################################
-
-[rootd]
-
-# You don't need to run rootd unless you're IANA, are certifying
-# private address space, or are an RIR which refuses to accept IANA as
-# the root of the public address hierarchy.
-#
-# Ok, if that wasn't enough to scare you off: rootd is a kludge, and
-# needs to be rewritten, or, better, merged into rpkid.  It does a
-# number of things wrong, and requires far too many configuration
-# parameters.  You have been warned....
-
-# BPKI certificates and keys for rootd
-
-bpki-ta                 	= ${myrpki::bpki_servers_directory}/ca.cer
-rootd-bpki-crl          	= ${myrpki::bpki_servers_directory}/ca.crl
-rootd-bpki-cert         	= ${myrpki::bpki_servers_directory}/rootd.cer
-rootd-bpki-key          	= ${myrpki::bpki_servers_directory}/rootd.key
-child-bpki-cert         	= ${myrpki::bpki_servers_directory}/child.cer
-
-# Server port on which rootd should listen.
-
-server-port             	= ${myrpki::rootd_server_port}
-
-# Where rootd should write its output.  Yes, rootd should be using
-# pubd instead of publishing directly, but it doesn't.
-
-rpki-root-dir           	= ${myrpki::publication_base_directory}
-
-# rsync URI for directory containing rootd's outputs
-
-rpki-base-uri           	= rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/
-
-# rsync URI for rootd's root (self-signed) RPKI certificate
-
-rpki-root-cert-uri      	= rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/root.cer
-
-# Private key corresponding to rootd's root RPKI certificate
-
-rpki-root-key           	= ${myrpki::bpki_servers_directory}/ca.key
-
-# Filename (as opposed to rsync URI) of rootd's root RPKI certificate
-
-rpki-root-cert          	= ${myrpki::publication_base_directory}/root.cer
-
-# Where rootd should stash a copy of the PKCS #10 request it gets from
-# its one (and only) child
-
-rpki-subject-pkcs10     	= rootd.subject.pkcs10
-
-# Lifetime of the one and only certificate rootd issues
-
-rpki-subject-lifetime   	= 30d
-
-# Filename (relative to rootd-base-uri and rpki-root-dir) of the CRL
-# for rootd's root RPKI certificate
-
-rpki-root-crl           	= root.crl
-
-# Filename (relative to rootd-base-uri and rpki-root-dir) of the
-# manifest for rootd's root RPKI certificate
-
-rpki-root-manifest      	= root.mnf
-
-# Up-down protocol class name for RPKI certificate rootd issues to its
-# one (and only) child
-
-rpki-class-name         	= ${myrpki::handle}
-
-# Filename (relative to rootd-base-uri and rpki-root-dir) of the one
-# (and only) RPKI certificate rootd issues
-
-rpki-subject-cert       	= ${myrpki::handle}.cer
-
-# The last four paramters in this section are really parameters for
-# myirbe.py to use when constructing rootd's root RPKI certificate,
-# via an indirection hack in the OpenSSL voodoo portion of this file.
-# Don't ask why some of these are duplicated from other paramters in
-# this section, you don't want to know (really, you don't).
-
-# ASNs to include in rootd's root RPKI certificate, in openssl.conf format
-
-root_cert_asns			= AS:0-4294967295
-
-# IP addresses to include in rootd's root RPKI certificate, in
-# openssl.conf format
-
-root_cert_addrs			= IPv4:0.0.0.0/0,IPv6:0::/0
-
-# Whatever you put in rpki-base-uri, earlier in this section
-
-root_cert_sia			= rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/
-
-# root_cert_sia + rpki-root-manifest
-
-root_cert_manifest		= rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/root.mnf
-
-#################################################################
-
-# Constants for OpenSSL voodoo portion of this file, to make them
-# easier to find.
-
-[constants]
-
-# Digest algorithm.  Don't change this.
-
-digest				= sha256
-
-# RSA key length.   Don't change this.
-
-key_length			= 2048
-
-# Lifetime of BPKI certificates (and rootd RPKI root certificate).
-# Don't change this unless you know what you're doing.
-
-cert_days			= 365
-
-# Lifetime of BPKI CRLs.  Don't change this unless you know what
-# you're doing.
-
-crl_days			= 365
-
-#################################################################
-
-# The rest of this file is OpenSSL configuration voodoo.  Don't touch
-# anything below here even if you -do- know what you're doing.  Even
-# by OpenSSL standards, some of this is weird, and interacts in
-# non-obvious ways with code in myrpki.py and myirbe.py.  If you touch
-# this stuff and something breaks, don't say you weren't warned.
-
-[req]
-default_bits			= ${constants::key_length}
-default_md			= ${constants::digest}
-distinguished_name		= req_dn
-prompt				= no
-encrypt_key			= no
-
-[req_dn]
-CN                      	= Dummy name for certificate request
-
-[ca_x509_ext_ee]
-subjectKeyIdentifier		= hash
-authorityKeyIdentifier		= keyid:always
-
-[ca_x509_ext_xcert0]
-basicConstraints		= critical,CA:true,pathlen:0
-subjectKeyIdentifier		= hash
-authorityKeyIdentifier		= keyid:always
-
-[ca_x509_ext_xcert1]
-basicConstraints		= critical,CA:true,pathlen:1
-subjectKeyIdentifier		= hash
-authorityKeyIdentifier		= keyid:always
-
-[ca_x509_ext_ca]
-basicConstraints		= critical,CA:true
-subjectKeyIdentifier		= hash
-authorityKeyIdentifier		= keyid:always
-
-[ca]
-default_ca			= ca
-dir				= ${ENV::BPKI_DIRECTORY}
-new_certs_dir			= $dir
-database			= $dir/index
-certificate			= $dir/ca.cer
-private_key			= $dir/ca.key
-default_days			= ${constants::cert_days}
-default_crl_days		= ${constants::crl_days}
-default_md			= ${constants::digest}
-policy				= ca_dn_policy
-unique_subject			= no
-serial				= $dir/serial
-crlnumber			= $dir/crl_number
-
-[ca_dn_policy]
-countryName			= optional
-stateOrProvinceName		= optional
-localityName			= optional
-organizationName		= optional
-organizationalUnitName		= optional
-commonName			= supplied
-emailAddress			= optional
-givenName			= optional
-surname				= optional
-
-[rootd_x509_extensions]
-basicConstraints        	= critical,CA:true
-subjectKeyIdentifier    	= hash
-keyUsage                	= critical,keyCertSign,cRLSign
-subjectInfoAccess       	= 1.3.6.1.5.5.7.48.5;URI:${rootd::root_cert_sia},1.3.6.1.5.5.7.48.10;URI:${rootd::root_cert_manifest}
-sbgp-autonomousSysNum   	= critical,${rootd::root_cert_asns}
-sbgp-ipAddrBlock        	= critical,${rootd::root_cert_addrs}
-certificatePolicies     	= critical,1.3.6.1.5.5.7.14.2
diff --git a/rpkid.with_tls/examples/prefixes.csv b/rpkid.with_tls/examples/prefixes.csv
deleted file mode 100644
index ece18d32..00000000
--- a/rpkid.with_tls/examples/prefixes.csv
+++ /dev/null
@@ -1,8 +0,0 @@
-# $Id$
-#
-# Syntax: <child_handle> <prefix>/<length>
-#     or: <child_handle> <min>-<max>
-#
-Alice	192.0.2.0/27
-Bob	192.0.2.44-192.0.2.100
-Bob	10.0.0.0/8
diff --git a/rpkid.with_tls/examples/roas.csv b/rpkid.with_tls/examples/roas.csv
deleted file mode 100644
index e4ec3074..00000000
--- a/rpkid.with_tls/examples/roas.csv
+++ /dev/null
@@ -1,5 +0,0 @@
-# $Id$
-#
-# Syntax: <prefix>/<length>-<maxlength> <asn> <group>
-#
-10.3.0.44/32	666	Mom
diff --git a/rpkid.with_tls/examples/rsyncd.conf b/rpkid.with_tls/examples/rsyncd.conf
deleted file mode 100644
index fabb5aa2..00000000
--- a/rpkid.with_tls/examples/rsyncd.conf
+++ /dev/null
@@ -1,45 +0,0 @@
-# $Id$
-#
-# Sample rsyncd.conf file for use with pubd.  You may need to
-# customize this for the conventions on your system.  See the rsync
-# and rsyncd.conf manual pages for a complete explanation of how to
-# configure rsyncd, this is just a simple configuration to get you
-# started.
-#
-# There are two parameters in the following which you should set to
-# appropriate values for your system:
-#
-# "myname" is the rsync module name to configure, as in
-# "rsync://rpki.example.org/rpki/"; see the publication_rsync_module
-# parameter in myrpki.conf
-#
-# "/some/where/publication" is the absolute pathname of the directory
-# where you told pubd to place its outputs; see the
-# publication_base_directory parameter in myrpki.conf.
-#
-# You may need to adjust other parameters for your system environment.
-#
-# Copyright (C) 2009-2010  Internet Systems Consortium ("ISC")
-#
-# Permission to use, copy, modify, and distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-
-pid file	= /var/run/rsyncd.pid
-uid		= nobody
-gid		= nobody
-
-[rpki]
-    use chroot		= no
-    read only		= yes
-    transfer logging	= yes
-    path		= /some/where/publication
-    comment		= RPKI Testbed