1 files changed, 323 insertions, 0 deletions
diff --git a/schemas/relaxng/left-right.rnc b/schemas/relaxng/left-right.rnc
new file mode 100644
index 00000000..81c1e1e1
--- /dev/null
+++ b/schemas/relaxng/left-right.rnc
@@ -0,0 +1,323 @@
+# $Id$
+#
+# RelaxNG schema for RPKI left-right protocol.
+#
+# Copyright (C) 2012--2014  Dragon Research Labs ("DRL")
+# Portions copyright (C) 2009--2011  Internet Systems Consortium ("ISC")
+# Portions copyright (C) 2007--2008  American Registry for Internet Numbers ("ARIN")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notices and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND DRL, ISC, AND ARIN DISCLAIM ALL
+# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL DRL,
+# ISC, OR ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+# OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+default namespace = "http://www.hactrn.net/uris/rpki/left-right-spec/"
+
+# Top level PDU
+
+start = element msg {
+  attribute version { xsd:positiveInteger { maxInclusive="1" } },
+  ( (attribute type { "query" }, query_elt*) |
+    (attribute type { "reply" }, reply_elt*) )
+}
+
+# PDUs allowed in a query
+query_elt |= self_query
+query_elt |= bsc_query
+query_elt |= parent_query
+query_elt |= child_query
+query_elt |= repository_query
+query_elt |= list_roa_requests_query
+query_elt |= list_ghostbuster_requests_query
+query_elt |= list_ee_certificate_requests_query
+query_elt |= list_resources_query
+query_elt |= list_published_objects_query
+query_elt |= list_received_resources_query
+
+# PDUs allowed in a reply
+reply_elt |= self_reply
+reply_elt |= bsc_reply
+reply_elt |= parent_reply
+reply_elt |= child_reply
+reply_elt |= repository_reply
+reply_elt |= list_resources_reply
+reply_elt |= list_roa_requests_reply
+reply_elt |= list_ghostbuster_requests_reply
+reply_elt |= list_ee_certificate_requests_reply
+reply_elt |= list_published_objects_reply
+reply_elt |= list_received_resources_reply
+reply_elt |= report_error_reply
+
+# Tag attributes for bulk operations
+tag = attribute tag { xsd:token {maxLength="1024" } }?
+
+# Combinations of action and type attributes used in later definitions.
+# The same patterns repeat in most of the elements in this protocol.
+ctl_create  = attribute action { "create"  }, tag
+ctl_set     = attribute action { "set"     }, tag
+ctl_get     = attribute action { "get"     }, tag
+ctl_list    = attribute action { "list"    }, tag
+ctl_destroy = attribute action { "destroy" }, tag
+
+# Base64 encoded DER stuff
+base64 = xsd:base64Binary { maxLength="512000" }
+
+# Base definition for all fields that are really just SQL primary indices
+#sql_id = xsd:nonNegativeInteger
+
+# ...except that fields containing SQL primary indicies don't belong
+# in this protocol, so they're turninging into handles.
+# Length restriction is a MySQL implementation issue.
+# Handles are case-insensitive (because SQL is, among other reasons).
+object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9]+" }
+
+# URIs
+uri = xsd:anyURI { maxLength="4096" }
+
+# Name fields imported from up-down protocol
+up_down_name = xsd:token { maxLength="1024" }
+
+# Resource lists
+asn_list  = xsd:string { maxLength="512000" pattern="[\-,0-9]*" }
+ipv4_list = xsd:string { maxLength="512000" pattern="[\-,0-9/.]*" }
+ipv6_list = xsd:string { maxLength="512000" pattern="[\-,0-9/:a-fA-F]*" }
+
+# <self/> element
+
+self_bool = (attribute rekey { "yes" }?,
+             attribute reissue { "yes" }?,
+             attribute revoke { "yes" }?,
+             attribute run_now { "yes" }?,
+             attribute publish_world_now { "yes" }?,
+             attribute revoke_forgotten { "yes" }?,
+             attribute clear_replay_protection { "yes" }?)
+
+self_payload = (attribute use_hsm { "yes" | "no" }?,
+                attribute crl_interval { xsd:positiveInteger }?,
+                attribute regen_margin { xsd:positiveInteger }?,
+                element bpki_cert { base64 }?,
+                element bpki_glue { base64 }?)
+
+self_handle = attribute self_handle { object_handle }
+
+self_query |= element self { ctl_create,  self_handle, self_bool, self_payload }
+self_reply |= element self { ctl_create,  self_handle }
+self_query |= element self { ctl_set,     self_handle, self_bool, self_payload }
+self_reply |= element self { ctl_set,     self_handle }
+self_query |= element self { ctl_get,     self_handle }
+self_reply |= element self { ctl_get,     self_handle, self_payload }
+self_query |= element self { ctl_list }
+self_reply |= element self { ctl_list,    self_handle, self_payload }
+self_query |= element self { ctl_destroy, self_handle }
+self_reply |= element self { ctl_destroy, self_handle }
+
+# <bsc/> element.  Key parameters hardwired for now.
+
+bsc_bool = ((attribute generate_keypair { "yes" },
+             attribute key_type { "rsa" }?,
+             attribute hash_alg { "sha256" }?,
+             attribute key_length { "2048" }?)?)
+
+bsc_handle = attribute bsc_handle { object_handle }
+
+bsc_payload = (element signing_cert { base64 }?,
+               element signing_cert_crl { base64 }?)
+
+bsc_readonly = element pkcs10_request { base64 }?
+
+bsc_query |= element bsc { ctl_create,  self_handle, bsc_handle, bsc_bool, bsc_payload }
+bsc_reply |= element bsc { ctl_create,  self_handle, bsc_handle, bsc_readonly }
+bsc_query |= element bsc { ctl_set,     self_handle, bsc_handle, bsc_bool, bsc_payload }
+bsc_reply |= element bsc { ctl_set,     self_handle, bsc_handle, bsc_readonly }
+bsc_query |= element bsc { ctl_get,     self_handle, bsc_handle }
+bsc_reply |= element bsc { ctl_get,     self_handle, bsc_handle, bsc_payload, bsc_readonly }
+bsc_query |= element bsc { ctl_list,    self_handle }
+bsc_reply |= element bsc { ctl_list,    self_handle, bsc_handle, bsc_payload, bsc_readonly }
+bsc_query |= element bsc { ctl_destroy, self_handle, bsc_handle }
+bsc_reply |= element bsc { ctl_destroy, self_handle, bsc_handle }
+
+# <parent/> element
+
+parent_handle = attribute parent_handle { object_handle }
+
+parent_bool = (attribute rekey { "yes" }?,
+               attribute reissue { "yes" }?,
+               attribute revoke { "yes" }?,
+               attribute revoke_forgotten { "yes" }?,
+             attribute clear_replay_protection { "yes" }?)
+
+parent_payload = (attribute peer_contact_uri { uri }?,
+                  attribute sia_base { uri }?,
+                  bsc_handle?,
+                  repository_handle?,
+                  attribute sender_name { up_down_name }?,
+                  attribute recipient_name { up_down_name }?,
+                  element bpki_cms_cert { base64 }?,
+                  element bpki_cms_glue { base64 }?)
+
+parent_query |= element parent { ctl_create,  self_handle, parent_handle, parent_bool, parent_payload }
+parent_reply |= element parent { ctl_create,  self_handle, parent_handle }
+parent_query |= element parent { ctl_set,     self_handle, parent_handle, parent_bool, parent_payload }
+parent_reply |= element parent { ctl_set,     self_handle, parent_handle }
+parent_query |= element parent { ctl_get,     self_handle, parent_handle }
+parent_reply |= element parent { ctl_get,     self_handle, parent_handle, parent_payload }
+parent_query |= element parent { ctl_list,    self_handle }
+parent_reply |= element parent { ctl_list,    self_handle, parent_handle, parent_payload }
+parent_query |= element parent { ctl_destroy, self_handle, parent_handle }
+parent_reply |= element parent { ctl_destroy, self_handle, parent_handle }
+
+# <child/> element
+
+child_handle = attribute child_handle { object_handle }
+
+child_bool = (attribute reissue { "yes" }?,
+              attribute clear_replay_protection { "yes" }?)
+
+child_payload = (bsc_handle?,
+                 element bpki_cert { base64 }?,
+                 element bpki_glue { base64 }?)
+
+child_query |= element child { ctl_create,  self_handle, child_handle, child_bool, child_payload }
+child_reply |= element child { ctl_create,  self_handle, child_handle }
+child_query |= element child { ctl_set,     self_handle, child_handle, child_bool, child_payload }
+child_reply |= element child { ctl_set,     self_handle, child_handle }
+child_query |= element child { ctl_get,     self_handle, child_handle }
+child_reply |= element child { ctl_get,     self_handle, child_handle, child_payload }
+child_query |= element child { ctl_list,    self_handle }
+child_reply |= element child { ctl_list,    self_handle, child_handle, child_payload }
+child_query |= element child { ctl_destroy, self_handle, child_handle }
+child_reply |= element child { ctl_destroy, self_handle, child_handle }
+
+# <repository/> element
+
+repository_handle = attribute repository_handle { object_handle }
+
+repository_bool = attribute clear_replay_protection { "yes" }?
+
+repository_payload = (attribute peer_contact_uri { uri }?,
+                      bsc_handle?,
+                      element bpki_cert { base64 }?,
+                      element bpki_glue { base64 }?)
+
+repository_query |= element repository { ctl_create,  self_handle, repository_handle, repository_bool, repository_payload }
+repository_reply |= element repository { ctl_create,  self_handle, repository_handle }
+repository_query |= element repository { ctl_set,     self_handle, repository_handle, repository_bool, repository_payload }
+repository_reply |= element repository { ctl_set,     self_handle, repository_handle }
+repository_query |= element repository { ctl_get,     self_handle, repository_handle }
+repository_reply |= element repository { ctl_get,     self_handle, repository_handle, repository_payload }
+repository_query |= element repository { ctl_list,    self_handle }
+repository_reply |= element repository { ctl_list,    self_handle, repository_handle, repository_payload }
+repository_query |= element repository { ctl_destroy, self_handle, repository_handle }
+repository_reply |= element repository { ctl_destroy, self_handle, repository_handle }
+
+# <list_resources/> element
+
+list_resources_query = element list_resources {
+  tag, self_handle, child_handle
+}
+
+list_resources_reply = element list_resources {
+  tag, self_handle, child_handle,
+  attribute valid_until { xsd:dateTime { pattern=".*Z" } },
+  attribute asn { asn_list }?,
+  attribute ipv4 { ipv4_list }?,
+  attribute ipv6 { ipv6_list }?
+}
+
+# <list_roa_requests/> element
+
+list_roa_requests_query = element list_roa_requests {
+  tag, self_handle
+}
+
+list_roa_requests_reply = element list_roa_requests {
+  tag, self_handle,
+  attribute asn { xsd:nonNegativeInteger },
+  attribute ipv4 { ipv4_list }?,
+  attribute ipv6 { ipv6_list }?
+}
+
+# <list_ghostbuster_requests/> element
+
+list_ghostbuster_requests_query = element list_ghostbuster_requests {
+  tag, self_handle, parent_handle
+}
+
+list_ghostbuster_requests_reply = element list_ghostbuster_requests {
+  tag, self_handle, parent_handle,
+  xsd:string
+}
+
+# <list_ee_certificate_requests/> element
+
+list_ee_certificate_requests_query = element list_ee_certificate_requests {
+  tag, self_handle
+}
+
+list_ee_certificate_requests_reply = element list_ee_certificate_requests {
+  tag, self_handle,
+  attribute gski { xsd:token { minLength="27" maxLength="27" } },
+  attribute valid_until { xsd:dateTime { pattern=".*Z" } },
+  attribute asn  { asn_list }?,
+  attribute ipv4 { ipv4_list }?,
+  attribute ipv6 { ipv6_list }?,
+  attribute cn  { xsd:string { maxLength="64"     pattern="[\-0-9A-Za-z_ ]+" } }?,
+  attribute sn  { xsd:string { maxLength="64"     pattern="[0-9A-Fa-f]+"     } }?,
+  attribute eku { xsd:string { maxLength="512000" pattern="[.,0-9]+"         } }?,
+  element pkcs10 { base64 }
+}
+
+# <list_published_objects/> element
+
+list_published_objects_query = element list_published_objects {
+  tag, self_handle
+}
+
+list_published_objects_reply = element list_published_objects {
+  tag, self_handle,
+  attribute uri { uri },
+  attribute child_handle { object_handle }?,
+  base64
+}
+
+# <list_received_resources/> element
+
+list_received_resources_query = element list_received_resources {
+  tag, self_handle
+}
+
+list_received_resources_reply = element list_received_resources {
+  tag, self_handle, parent_handle,
+  attribute notBefore { xsd:dateTime { pattern=".*Z" } },
+  attribute notAfter { xsd:dateTime { pattern=".*Z" } },
+  attribute uri { uri },
+  attribute sia_uri { uri },
+  attribute aia_uri { uri },
+  attribute asn { asn_list }?,
+  attribute ipv4 { ipv4_list }?,
+  attribute ipv6 { ipv6_list }?
+}
+
+# <report_error/> element
+
+error = xsd:token { maxLength="1024" }
+
+report_error_reply = element report_error {
+  tag, self_handle?,
+  attribute error_code { error },
+  xsd:string { maxLength="512000" }?
+}
+
+# Local Variables:
+# indent-tabs-mode: nil
+# comment-start: "# "
+# comment-start-skip: "#[ \t]*"
+# End: