4 files changed, 243 insertions, 1 deletions

diff --git a/rpkid/Makefile.in b/rpkid/Makefile.in
index 90c6b7ac..d36a3163 100644
--- a/rpkid/Makefile.in
+++ b/rpkid/Makefile.in
@@ -55,7 +55,7 @@ build/stamp: .FORCE setup_autoconf.py
 clean::
 	rm -rf ${POW_SO} build dist
 
-RNGS = left-right-schema.rng up-down-schema.rng publication-schema.rng myrpki.rng
+RNGS = left-right-schema.rng up-down-schema.rng publication-schema.rng myrpki.rng router-certificate-schema.rng
 
 rpki/relaxng.py: ${abs_top_srcdir}/buildtools/make-relaxng.py ${RNGS}
 	${PYTHON} ${abs_top_srcdir}/buildtools/make-relaxng.py ${RNGS} >$@.tmp
@@ -73,6 +73,9 @@ publication-schema.rng: publication-schema.rnc
 myrpki.rng: myrpki.rnc
 	${TRANG} myrpki.rnc myrpki.rng
 
+router-certificate-schema.rng: router-certificate-schema.rnc
+	${TRANG} router-certificate-schema.rnc router-certificate-schema.rng
+
 rpki/sql_schemas.py: ${abs_top_srcdir}/buildtools/make-sql-schemas.py rpkid.sql pubd.sql
 	${PYTHON} ${abs_top_srcdir}/buildtools/make-sql-schemas.py >$@.tmp
 	mv $@.tmp $@
diff --git a/rpkid/router-certificate-schema.rnc b/rpkid/router-certificate-schema.rnc
new file mode 100644
index 00000000..a98143e1
--- /dev/null
+++ b/rpkid/router-certificate-schema.rnc
@@ -0,0 +1,57 @@
+# $Id$
+#
+# RelaxNG Schema for BGPSEC router certificate interchange format.
+#
+# At least for now, this is a trivial encapsulation of a PKCS #10
+# request, a set (usually containing exactly one member) of autonomous
+# system numbers, and a router-id.  Be warned that this could change
+# radically by the time we have any real operational understanding of
+# how these things will be used, this is just our current best guess
+# to let us move forward on initial coding.
+# 
+# libxml2 (including xmllint) only groks the XML syntax of RelaxNG, so
+# run the compact syntax through trang to get XML syntax.
+#
+# Copyright (C) 2014  Dragon Research Labs ("DRL")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND DRL DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL DRL BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+default namespace = "http://www.hactrn.net/uris/rpki/router-certificate/"
+
+version         = "1"
+
+base64		= xsd:base64Binary { maxLength="512000" }
+router_id       = xsd:unsignedInt  { minExclusive="0" }
+asn_list	= xsd:string       { maxLength="512000" pattern="[\-,0-9]*" }
+timestamp       = xsd:dateTime { pattern=".*Z" }
+
+# Core PDU used in this schema.
+
+router_certificate_request = element router_certificate_request {
+  attribute router_id   { router_id },
+  attribute asn         { asn_list },
+  attribute valid_until { timestamp }?,
+  base64
+}
+
+start |= router_certificate_request
+
+# Wrapper element to support multiple requests in a single document.
+
+start |= element router_certificate_requests {
+  router_certificate_request*
+}
+
+# Local Variables:
+# indent-tabs-mode: nil
+# End:
diff --git a/rpkid/router-certificate-schema.rng b/rpkid/router-certificate-schema.rng
new file mode 100644
index 00000000..17ea6f9c
--- /dev/null
+++ b/rpkid/router-certificate-schema.rng
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  $Id: router-certificate-schema.rnc 4430 2012-04-17 16:00:14Z sra $
+  
+  RelaxNG Schema for BGPSEC router certificate interchange format.
+  
+  At least for now, this is a trivial encapsulation of a PKCS #10
+  request, a set (usually containing exactly one member) of autonomous
+  system numbers, and a router-id.  Be warned that this could change
+  radically by the time we have any real operational understanding of
+  how these things will be used, this is just our current best guess
+  to let us move forward on initial coding.
+  
+  libxml2 (including xmllint) only groks the XML syntax of RelaxNG, so
+  run the compact syntax through trang to get XML syntax.
+  
+  Copyright (C) 2014  Dragon Research Labs ("DRL")
+  
+  Permission to use, copy, modify, and distribute this software for any
+  purpose with or without fee is hereby granted, provided that the above
+  copyright notice and this permission notice appear in all copies.
+  
+  THE SOFTWARE IS PROVIDED "AS IS" AND DRL DISCLAIMS ALL WARRANTIES WITH
+  REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+  AND FITNESS.  IN NO EVENT SHALL DRL BE LIABLE FOR ANY SPECIAL, DIRECT,
+  INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+  LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+  OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+  PERFORMANCE OF THIS SOFTWARE.
+-->
+<grammar ns="http://www.hactrn.net/uris/rpki/router-certificate/" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+  <define name="version">
+    <value>1</value>
+  </define>
+  <define name="base64">
+    <data type="base64Binary">
+      <param name="maxLength">512000</param>
+    </data>
+  </define>
+  <define name="router_id">
+    <data type="unsignedInt">
+      <param name="minExclusive">0</param>
+    </data>
+  </define>
+  <define name="asn_list">
+    <data type="string">
+      <param name="maxLength">512000</param>
+      <param name="pattern">[\-,0-9]*</param>
+    </data>
+  </define>
+  <define name="timestamp">
+    <data type="dateTime">
+      <param name="pattern">.*Z</param>
+    </data>
+  </define>
+  <!-- Core PDU used in this schema. -->
+  <define name="router_certificate_request">
+    <element name="router_certificate_request">
+      <attribute name="router_id">
+        <ref name="router_id"/>
+      </attribute>
+      <attribute name="asn">
+        <ref name="asn_list"/>
+      </attribute>
+      <optional>
+        <attribute name="valid_until">
+          <ref name="timestamp"/>
+        </attribute>
+      </optional>
+      <ref name="base64"/>
+    </element>
+  </define>
+  <start combine="choice">
+    <ref name="router_certificate_request"/>
+  </start>
+  <!-- Wrapper element to support multiple requests in a single document. -->
+  <start combine="choice">
+    <element name="router_certificate_requests">
+      <zeroOrMore>
+        <ref name="router_certificate_request"/>
+      </zeroOrMore>
+    </element>
+  </start>
+</grammar>
+<!--
+  Local Variables:
+  indent-tabs-mode: nil
+  End:
+-->
diff --git a/rpkid/rpki/relaxng.py b/rpkid/rpki/relaxng.py
index 962858c7..bf260d19 100644
--- a/rpkid/rpki/relaxng.py
+++ b/rpkid/rpki/relaxng.py
@@ -2258,3 +2258,96 @@ myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encodi
 -->
 '''))
 
+## @var router_certificate
+## Parsed RelaxNG router_certificate schema
+router_certificate = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  $Id: router-certificate-schema.rnc 4430 2012-04-17 16:00:14Z sra $
+  
+  RelaxNG Schema for BGPSEC router certificate interchange format.
+  
+  At least for now, this is a trivial encapsulation of a PKCS #10
+  request, a set (usually containing exactly one member) of autonomous
+  system numbers, and a router-id.  Be warned that this could change
+  radically by the time we have any real operational understanding of
+  how these things will be used, this is just our current best guess
+  to let us move forward on initial coding.
+  
+  libxml2 (including xmllint) only groks the XML syntax of RelaxNG, so
+  run the compact syntax through trang to get XML syntax.
+  
+  Copyright (C) 2014  Dragon Research Labs ("DRL")
+  
+  Permission to use, copy, modify, and distribute this software for any
+  purpose with or without fee is hereby granted, provided that the above
+  copyright notice and this permission notice appear in all copies.
+  
+  THE SOFTWARE IS PROVIDED "AS IS" AND DRL DISCLAIMS ALL WARRANTIES WITH
+  REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+  AND FITNESS.  IN NO EVENT SHALL DRL BE LIABLE FOR ANY SPECIAL, DIRECT,
+  INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+  LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+  OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+  PERFORMANCE OF THIS SOFTWARE.
+-->
+<grammar ns="http://www.hactrn.net/uris/rpki/router-certificate/" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+  <define name="version">
+    <value>1</value>
+  </define>
+  <define name="base64">
+    <data type="base64Binary">
+      <param name="maxLength">512000</param>
+    </data>
+  </define>
+  <define name="router_id">
+    <data type="unsignedInt">
+      <param name="minExclusive">0</param>
+    </data>
+  </define>
+  <define name="asn_list">
+    <data type="string">
+      <param name="maxLength">512000</param>
+      <param name="pattern">[\-,0-9]*</param>
+    </data>
+  </define>
+  <define name="timestamp">
+    <data type="dateTime">
+      <param name="pattern">.*Z</param>
+    </data>
+  </define>
+  <!-- Core PDU used in this schema. -->
+  <define name="router_certificate_request">
+    <element name="router_certificate_request">
+      <attribute name="router_id">
+        <ref name="router_id"/>
+      </attribute>
+      <attribute name="asn">
+        <ref name="asn_list"/>
+      </attribute>
+      <optional>
+        <attribute name="valid_until">
+          <ref name="timestamp"/>
+        </attribute>
+      </optional>
+      <ref name="base64"/>
+    </element>
+  </define>
+  <start combine="choice">
+    <ref name="router_certificate_request"/>
+  </start>
+  <!-- Wrapper element to support multiple requests in a single document. -->
+  <start combine="choice">
+    <element name="router_certificate_requests">
+      <zeroOrMore>
+        <ref name="router_certificate_request"/>
+      </zeroOrMore>
+    </element>
+  </start>
+</grammar>
+<!--
+  Local Variables:
+  indent-tabs-mode: nil
+  End:
+-->
+'''))
+