1 files changed, 90 insertions, 0 deletions
diff --git a/schemas/relaxng/publication-control.rnc b/schemas/relaxng/publication-control.rnc
new file mode 100644
index 00000000..bf605640
--- /dev/null
+++ b/schemas/relaxng/publication-control.rnc
@@ -0,0 +1,90 @@
+# $Id$
+#
+# RelaxNG schema for RPKI publication protocol.
+#
+# Copyright (C) 2012--2014  Dragon Research Labs ("DRL")
+# Portions copyright (C) 2009--2011  Internet Systems Consortium ("ISC")
+# Portions copyright (C) 2007--2008  American Registry for Internet Numbers ("ARIN")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notices and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND DRL, ISC, AND ARIN DISCLAIM ALL
+# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL DRL,
+# ISC, OR ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+# OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+default namespace = "http://www.hactrn.net/uris/rpki/publication-control/"
+
+# Top level PDU
+
+start = element msg {
+  attribute version { xsd:positiveInteger { maxInclusive="1" } },
+  ( (attribute type { "query" }, query_elt*) |
+    (attribute type { "reply" }, reply_elt*) )
+}
+
+# PDUs allowed in a query
+query_elt = client_query
+
+# PDUs allowed in a reply
+reply_elt = ( client_reply | report_error_reply )
+
+# Tag attributes for bulk operations
+tag = attribute tag { xsd:token {maxLength="1024" } }
+
+# Base64 encoded DER stuff
+#base64 = xsd:base64Binary { maxLength="512000" }
+#
+# Sadly, it turns out that CRLs can in fact get longer than this for an active CA.
+# Remove length limit for now, think about whether to put it back later.
+base64 = xsd:base64Binary
+
+# Publication URLs
+uri_t = xsd:anyURI { maxLength="4096" }
+uri = attribute uri { uri_t }
+
+# Handles on remote objects (replaces passing raw SQL IDs).  NB:
+# Unlike the up-down protocol, handles in this protocol allow "/" as a
+# hierarchy delimiter.
+object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]+" }
+
+# <client/> element
+
+client_handle = attribute client_handle { object_handle }
+
+client_bool = attribute clear_replay_protection { "yes" }?
+
+client_payload = (attribute base_uri { uri_t }?, element bpki_cert { base64 }?, element bpki_glue { base64 }?)
+
+client_query |= element client { attribute action { "create" },  tag?, client_handle, client_bool, client_payload }
+client_reply |= element client { attribute action { "create" },  tag?, client_handle }
+client_query |= element client { attribute action { "set" },     tag?, client_handle, client_bool, client_payload }
+client_reply |= element client { attribute action { "set" },     tag?, client_handle }
+client_query |= element client { attribute action { "get" },     tag?, client_handle }
+client_reply |= element client { attribute action { "get" },     tag?, client_handle, client_payload }
+client_query |= element client { attribute action { "list" },    tag? }
+client_reply |= element client { attribute action { "list" },    tag?, client_handle, client_payload }
+client_query |= element client { attribute action { "destroy" }, tag?, client_handle }
+client_reply |= element client { attribute action { "destroy" }, tag?, client_handle }
+
+# <report_error/> element
+
+error = xsd:token { maxLength="1024" }
+
+report_error_reply = element report_error {
+  tag?,
+  attribute error_code { error },
+  xsd:string { maxLength="512000" }?
+}
+
+# Local Variables:
+# indent-tabs-mode: nil
+# comment-start: "# "
+# comment-start-skip: "#[ \t]*"
+# End: