diff options
Diffstat (limited to 'rpkid.with_tls/publication-schema.rnc')
| -rw-r--r-- | rpkid.with_tls/publication-schema.rnc | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/rpkid.with_tls/publication-schema.rnc b/rpkid.with_tls/publication-schema.rnc new file mode 100644 index 00000000..5df646d1 --- /dev/null +++ b/rpkid.with_tls/publication-schema.rnc @@ -0,0 +1,138 @@ +# $Id$ +# +# RelaxNG Schema for RPKI publication protocol. +# +# libxml2 (including xmllint) only groks the XML syntax of RelaxNG, so +# run the compact syntax through trang to get XML syntax. +# +# Copyright (C) 2009-2010 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. +# +# Portions copyright (C) 2007-2008 American Registry for Internet Numbers ("ARIN") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +default namespace = "http://www.hactrn.net/uris/rpki/publication-spec/" + +# Top level PDU + +start = element msg { + attribute version { xsd:positiveInteger { maxInclusive="1" } }, + ( (attribute type { "query" }, query_elt*) | + (attribute type { "reply" }, reply_elt*) ) +} + +# PDUs allowed in a query +query_elt = ( config_query | client_query | certificate_query | crl_query | manifest_query | roa_query ) + +# PDUs allowed in a reply +reply_elt = ( config_reply | client_reply | certificate_reply | crl_reply | manifest_reply | roa_reply | report_error_reply ) + +# Tag attributes for bulk operations +tag = attribute tag { xsd:token {maxLength="1024" } } + +# Base64 encoded DER stuff +#base64 = xsd:base64Binary { maxLength="512000" } +# +# Sadly, it turns out that CRLs can in fact get longer than this for an active CA. +# Remove length limit for now, think about whether to put it back later. +base64 = xsd:base64Binary + +# Publication URLs +uri_t = xsd:anyURI { maxLength="4096" } +uri = attribute uri { uri_t } + +# Handles on remote objects (replaces passing raw SQL IDs). NB: +# Unlike the up-down protocol, handles in this protocol allow "/" as a +# hierarchy delimiter. +object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]*" } + +# <config/> element (use restricted to repository operator) +# config_handle attribute, create, list, and destroy commands omitted deliberately, see code for details + +config_payload = (element bpki_crl { base64 }?) + +config_query |= element config { attribute action { "set" }, tag?, config_payload } +config_reply |= element config { attribute action { "set" }, tag? } +config_query |= element config { attribute action { "get" }, tag? } +config_reply |= element config { attribute action { "get" }, tag?, config_payload } + +# <client/> element (use restricted to repository operator) + +client_handle = attribute client_handle { object_handle } + +client_payload = (attribute base_uri { uri_t }?, element bpki_cert { base64 }?, element bpki_glue { base64 }?) + +client_query |= element client { attribute action { "create" }, tag?, client_handle, client_payload } +client_reply |= element client { attribute action { "create" }, tag?, client_handle } +client_query |= element client { attribute action { "set" }, tag?, client_handle, client_payload } +client_reply |= element client { attribute action { "set" }, tag?, client_handle } +client_query |= element client { attribute action { "get" }, tag?, client_handle } +client_reply |= element client { attribute action { "get" }, tag?, client_handle, client_payload } +client_query |= element client { attribute action { "list" }, tag? } +client_reply |= element client { attribute action { "list" }, tag?, client_handle, client_payload } +client_query |= element client { attribute action { "destroy" }, tag?, client_handle } +client_reply |= element client { attribute action { "destroy" }, tag?, client_handle } + +# <certificate/> element + +certificate_query |= element certificate { attribute action { "publish" }, tag?, uri, base64 } +certificate_reply |= element certificate { attribute action { "publish" }, tag?, uri } +certificate_query |= element certificate { attribute action { "withdraw" }, tag?, uri } +certificate_reply |= element certificate { attribute action { "withdraw" }, tag?, uri } + +# <crl/> element + +crl_query |= element crl { attribute action { "publish" }, tag?, uri, base64 } +crl_reply |= element crl { attribute action { "publish" }, tag?, uri } +crl_query |= element crl { attribute action { "withdraw" }, tag?, uri } +crl_reply |= element crl { attribute action { "withdraw" }, tag?, uri } + +# <manifest/> element + +manifest_query |= element manifest { attribute action { "publish" }, tag?, uri, base64 } +manifest_reply |= element manifest { attribute action { "publish" }, tag?, uri } +manifest_query |= element manifest { attribute action { "withdraw" }, tag?, uri } +manifest_reply |= element manifest { attribute action { "withdraw" }, tag?, uri } + +# <roa/> element + +roa_query |= element roa { attribute action { "publish" }, tag?, uri, base64 } +roa_reply |= element roa { attribute action { "publish" }, tag?, uri } +roa_query |= element roa { attribute action { "withdraw" }, tag?, uri } +roa_reply |= element roa { attribute action { "withdraw" }, tag?, uri } + +# <report_error/> element + +error = xsd:token { maxLength="1024" } + +report_error_reply = element report_error { + tag?, + attribute error_code { error }, + xsd:string { maxLength="512000" }? +} + +# Local Variables: +# indent-tabs-mode: nil +# End: |