diff options
Diffstat (limited to 'schemas/relaxng')
| -rw-r--r-- | schemas/relaxng/left-right.rnc (renamed from schemas/relaxng/left-right-schema.rnc) | 182 | ||||
| -rw-r--r-- | schemas/relaxng/left-right.rng (renamed from schemas/relaxng/left-right-schema.rng) | 241 | ||||
| -rw-r--r-- | schemas/relaxng/myrpki.rng | 2 | ||||
| -rw-r--r-- | schemas/relaxng/oob-setup.rnc | 68 | ||||
| -rw-r--r-- | schemas/relaxng/oob-setup.rng | 168 | ||||
| -rw-r--r-- | schemas/relaxng/publication-control.rnc (renamed from schemas/relaxng/publication-schema.rnc) | 55 | ||||
| -rw-r--r-- | schemas/relaxng/publication-control.rng | 280 | ||||
| -rw-r--r-- | schemas/relaxng/publication-schema.rng | 577 | ||||
| -rw-r--r-- | schemas/relaxng/publication.rnc | 111 | ||||
| -rw-r--r-- | schemas/relaxng/publication.rng | 201 | ||||
| -rw-r--r-- | schemas/relaxng/router-certificate.rnc (renamed from schemas/relaxng/router-certificate-schema.rnc) | 0 | ||||
| -rw-r--r-- | schemas/relaxng/router-certificate.rng (renamed from schemas/relaxng/router-certificate-schema.rng) | 2 | ||||
| -rw-r--r-- | schemas/relaxng/rrdp.rnc | 81 | ||||
| -rw-r--r-- | schemas/relaxng/rrdp.rng | 150 | ||||
| -rw-r--r-- | schemas/relaxng/up-down.rnc (renamed from schemas/relaxng/up-down-schema.rnc) | 0 | ||||
| -rw-r--r-- | schemas/relaxng/up-down.rng (renamed from schemas/relaxng/up-down-schema.rng) | 2 |
16 files changed, 1295 insertions, 825 deletions
diff --git a/schemas/relaxng/left-right-schema.rnc b/schemas/relaxng/left-right.rnc index 201f8ff0..c2592c0f 100644 --- a/schemas/relaxng/left-right-schema.rnc +++ b/schemas/relaxng/left-right.rnc @@ -32,7 +32,7 @@ start = element msg { } # PDUs allowed in a query -query_elt |= self_query +query_elt |= tenant_query query_elt |= bsc_query query_elt |= parent_query query_elt |= child_query @@ -45,7 +45,7 @@ query_elt |= list_published_objects_query query_elt |= list_received_resources_query # PDUs allowed in a reply -reply_elt |= self_reply +reply_elt |= tenant_reply reply_elt |= bsc_reply reply_elt |= parent_reply reply_elt |= child_reply @@ -92,34 +92,34 @@ asn_list = xsd:string { maxLength="512000" pattern="[\-,0-9]*" } ipv4_list = xsd:string { maxLength="512000" pattern="[\-,0-9/.]*" } ipv6_list = xsd:string { maxLength="512000" pattern="[\-,0-9/:a-fA-F]*" } -# <self/> element - -self_bool = (attribute rekey { "yes" }?, - attribute reissue { "yes" }?, - attribute revoke { "yes" }?, - attribute run_now { "yes" }?, - attribute publish_world_now { "yes" }?, - attribute revoke_forgotten { "yes" }?, - attribute clear_replay_protection { "yes" }?) - -self_payload = (attribute use_hsm { "yes" | "no" }?, - attribute crl_interval { xsd:positiveInteger }?, - attribute regen_margin { xsd:positiveInteger }?, - element bpki_cert { base64 }?, - element bpki_glue { base64 }?) - -self_handle = attribute self_handle { object_handle } - -self_query |= element self { ctl_create, self_handle, self_bool, self_payload } -self_reply |= element self { ctl_create, self_handle } -self_query |= element self { ctl_set, self_handle, self_bool, self_payload } -self_reply |= element self { ctl_set, self_handle } -self_query |= element self { ctl_get, self_handle } -self_reply |= element self { ctl_get, self_handle, self_payload } -self_query |= element self { ctl_list } -self_reply |= element self { ctl_list, self_handle, self_payload } -self_query |= element self { ctl_destroy, self_handle } -self_reply |= element self { ctl_destroy, self_handle } +# <tenant/> element + +tenant_bool = (attribute rekey { "yes" }?, + attribute reissue { "yes" }?, + attribute revoke { "yes" }?, + attribute run_now { "yes" }?, + attribute publish_world_now { "yes" }?, + attribute revoke_forgotten { "yes" }?, + attribute clear_replay_protection { "yes" }?) + +tenant_payload = (attribute use_hsm { "yes" | "no" }?, + attribute crl_interval { xsd:positiveInteger }?, + attribute regen_margin { xsd:positiveInteger }?, + element bpki_cert { base64 }?, + element bpki_glue { base64 }?) + +tenant_handle = attribute tenant_handle { object_handle } + +tenant_query |= element tenant { ctl_create, tenant_handle, tenant_bool, tenant_payload } +tenant_reply |= element tenant { ctl_create, tenant_handle } +tenant_query |= element tenant { ctl_set, tenant_handle, tenant_bool, tenant_payload } +tenant_reply |= element tenant { ctl_set, tenant_handle } +tenant_query |= element tenant { ctl_get, tenant_handle } +tenant_reply |= element tenant { ctl_get, tenant_handle, tenant_payload } +tenant_query |= element tenant { ctl_list } +tenant_reply |= element tenant { ctl_list, tenant_handle, tenant_payload } +tenant_query |= element tenant { ctl_destroy, tenant_handle } +tenant_reply |= element tenant { ctl_destroy, tenant_handle } # <bsc/> element. Key parameters hardwired for now. @@ -135,16 +135,16 @@ bsc_payload = (element signing_cert { base64 }?, bsc_readonly = element pkcs10_request { base64 }? -bsc_query |= element bsc { ctl_create, self_handle, bsc_handle, bsc_bool, bsc_payload } -bsc_reply |= element bsc { ctl_create, self_handle, bsc_handle, bsc_readonly } -bsc_query |= element bsc { ctl_set, self_handle, bsc_handle, bsc_bool, bsc_payload } -bsc_reply |= element bsc { ctl_set, self_handle, bsc_handle, bsc_readonly } -bsc_query |= element bsc { ctl_get, self_handle, bsc_handle } -bsc_reply |= element bsc { ctl_get, self_handle, bsc_handle, bsc_payload, bsc_readonly } -bsc_query |= element bsc { ctl_list, self_handle } -bsc_reply |= element bsc { ctl_list, self_handle, bsc_handle, bsc_payload, bsc_readonly } -bsc_query |= element bsc { ctl_destroy, self_handle, bsc_handle } -bsc_reply |= element bsc { ctl_destroy, self_handle, bsc_handle } +bsc_query |= element bsc { ctl_create, tenant_handle, bsc_handle, bsc_bool, bsc_payload } +bsc_reply |= element bsc { ctl_create, tenant_handle, bsc_handle, bsc_readonly } +bsc_query |= element bsc { ctl_set, tenant_handle, bsc_handle, bsc_bool, bsc_payload } +bsc_reply |= element bsc { ctl_set, tenant_handle, bsc_handle, bsc_readonly } +bsc_query |= element bsc { ctl_get, tenant_handle, bsc_handle } +bsc_reply |= element bsc { ctl_get, tenant_handle, bsc_handle, bsc_payload, bsc_readonly } +bsc_query |= element bsc { ctl_list, tenant_handle } +bsc_reply |= element bsc { ctl_list, tenant_handle, bsc_handle, bsc_payload, bsc_readonly } +bsc_query |= element bsc { ctl_destroy, tenant_handle, bsc_handle } +bsc_reply |= element bsc { ctl_destroy, tenant_handle, bsc_handle } # <parent/> element @@ -154,7 +154,7 @@ parent_bool = (attribute rekey { "yes" }?, attribute reissue { "yes" }?, attribute revoke { "yes" }?, attribute revoke_forgotten { "yes" }?, - attribute clear_replay_protection { "yes" }?) + attribute clear_replay_protection { "yes" }?) parent_payload = (attribute peer_contact_uri { uri }?, attribute sia_base { uri }?, @@ -162,19 +162,24 @@ parent_payload = (attribute peer_contact_uri { uri }?, repository_handle?, attribute sender_name { up_down_name }?, attribute recipient_name { up_down_name }?, - element bpki_cms_cert { base64 }?, - element bpki_cms_glue { base64 }?) - -parent_query |= element parent { ctl_create, self_handle, parent_handle, parent_bool, parent_payload } -parent_reply |= element parent { ctl_create, self_handle, parent_handle } -parent_query |= element parent { ctl_set, self_handle, parent_handle, parent_bool, parent_payload } -parent_reply |= element parent { ctl_set, self_handle, parent_handle } -parent_query |= element parent { ctl_get, self_handle, parent_handle } -parent_reply |= element parent { ctl_get, self_handle, parent_handle, parent_payload } -parent_query |= element parent { ctl_list, self_handle } -parent_reply |= element parent { ctl_list, self_handle, parent_handle, parent_payload } -parent_query |= element parent { ctl_destroy, self_handle, parent_handle } -parent_reply |= element parent { ctl_destroy, self_handle, parent_handle } + attribute root_asn_resources { asn_list }?, + attribute root_ipv4_resources { ipv4_list }?, + attribute root_ipv6_resources { ipv6_list }?, + element bpki_cert { base64 }?, + element bpki_glue { base64 }?) + +parent_readonly = element rpki_root_cert { base64 }? + +parent_query |= element parent { ctl_create, tenant_handle, parent_handle, parent_bool, parent_payload } +parent_reply |= element parent { ctl_create, tenant_handle, parent_handle, parent_readonly } +parent_query |= element parent { ctl_set, tenant_handle, parent_handle, parent_bool, parent_payload } +parent_reply |= element parent { ctl_set, tenant_handle, parent_handle, parent_readonly } +parent_query |= element parent { ctl_get, tenant_handle, parent_handle } +parent_reply |= element parent { ctl_get, tenant_handle, parent_handle, parent_payload, parent_readonly } +parent_query |= element parent { ctl_list, tenant_handle } +parent_reply |= element parent { ctl_list, tenant_handle, parent_handle, parent_payload, parent_readonly } +parent_query |= element parent { ctl_destroy, tenant_handle, parent_handle } +parent_reply |= element parent { ctl_destroy, tenant_handle, parent_handle } # <child/> element @@ -187,16 +192,16 @@ child_payload = (bsc_handle?, element bpki_cert { base64 }?, element bpki_glue { base64 }?) -child_query |= element child { ctl_create, self_handle, child_handle, child_bool, child_payload } -child_reply |= element child { ctl_create, self_handle, child_handle } -child_query |= element child { ctl_set, self_handle, child_handle, child_bool, child_payload } -child_reply |= element child { ctl_set, self_handle, child_handle } -child_query |= element child { ctl_get, self_handle, child_handle } -child_reply |= element child { ctl_get, self_handle, child_handle, child_payload } -child_query |= element child { ctl_list, self_handle } -child_reply |= element child { ctl_list, self_handle, child_handle, child_payload } -child_query |= element child { ctl_destroy, self_handle, child_handle } -child_reply |= element child { ctl_destroy, self_handle, child_handle } +child_query |= element child { ctl_create, tenant_handle, child_handle, child_bool, child_payload } +child_reply |= element child { ctl_create, tenant_handle, child_handle } +child_query |= element child { ctl_set, tenant_handle, child_handle, child_bool, child_payload } +child_reply |= element child { ctl_set, tenant_handle, child_handle } +child_query |= element child { ctl_get, tenant_handle, child_handle } +child_reply |= element child { ctl_get, tenant_handle, child_handle, child_payload } +child_query |= element child { ctl_list, tenant_handle } +child_reply |= element child { ctl_list, tenant_handle, child_handle, child_payload } +child_query |= element child { ctl_destroy, tenant_handle, child_handle } +child_reply |= element child { ctl_destroy, tenant_handle, child_handle } # <repository/> element @@ -206,28 +211,29 @@ repository_bool = attribute clear_replay_protection { "yes" }? repository_payload = (attribute peer_contact_uri { uri }?, bsc_handle?, + attribute rrdp_notification_uri { uri }?, element bpki_cert { base64 }?, element bpki_glue { base64 }?) -repository_query |= element repository { ctl_create, self_handle, repository_handle, repository_bool, repository_payload } -repository_reply |= element repository { ctl_create, self_handle, repository_handle } -repository_query |= element repository { ctl_set, self_handle, repository_handle, repository_bool, repository_payload } -repository_reply |= element repository { ctl_set, self_handle, repository_handle } -repository_query |= element repository { ctl_get, self_handle, repository_handle } -repository_reply |= element repository { ctl_get, self_handle, repository_handle, repository_payload } -repository_query |= element repository { ctl_list, self_handle } -repository_reply |= element repository { ctl_list, self_handle, repository_handle, repository_payload } -repository_query |= element repository { ctl_destroy, self_handle, repository_handle } -repository_reply |= element repository { ctl_destroy, self_handle, repository_handle } +repository_query |= element repository { ctl_create, tenant_handle, repository_handle, repository_bool, repository_payload } +repository_reply |= element repository { ctl_create, tenant_handle, repository_handle } +repository_query |= element repository { ctl_set, tenant_handle, repository_handle, repository_bool, repository_payload } +repository_reply |= element repository { ctl_set, tenant_handle, repository_handle } +repository_query |= element repository { ctl_get, tenant_handle, repository_handle } +repository_reply |= element repository { ctl_get, tenant_handle, repository_handle, repository_payload } +repository_query |= element repository { ctl_list, tenant_handle } +repository_reply |= element repository { ctl_list, tenant_handle, repository_handle, repository_payload } +repository_query |= element repository { ctl_destroy, tenant_handle, repository_handle } +repository_reply |= element repository { ctl_destroy, tenant_handle, repository_handle } # <list_resources/> element list_resources_query = element list_resources { - tag, self_handle, child_handle + tag, tenant_handle, child_handle } list_resources_reply = element list_resources { - tag, self_handle, child_handle, + tag, tenant_handle, child_handle, attribute valid_until { xsd:dateTime { pattern=".*Z" } }, attribute asn { asn_list }?, attribute ipv4 { ipv4_list }?, @@ -237,11 +243,11 @@ list_resources_reply = element list_resources { # <list_roa_requests/> element list_roa_requests_query = element list_roa_requests { - tag, self_handle + tag, tenant_handle } list_roa_requests_reply = element list_roa_requests { - tag, self_handle, + tag, tenant_handle, attribute asn { xsd:nonNegativeInteger }, attribute ipv4 { ipv4_list }?, attribute ipv6 { ipv6_list }? @@ -250,28 +256,28 @@ list_roa_requests_reply = element list_roa_requests { # <list_ghostbuster_requests/> element list_ghostbuster_requests_query = element list_ghostbuster_requests { - tag, self_handle, parent_handle + tag, tenant_handle, parent_handle } list_ghostbuster_requests_reply = element list_ghostbuster_requests { - tag, self_handle, parent_handle, + tag, tenant_handle, parent_handle, xsd:string } # <list_ee_certificate_requests/> element list_ee_certificate_requests_query = element list_ee_certificate_requests { - tag, self_handle + tag, tenant_handle } list_ee_certificate_requests_reply = element list_ee_certificate_requests { - tag, self_handle, + tag, tenant_handle, attribute gski { xsd:token { minLength="27" maxLength="27" } }, attribute valid_until { xsd:dateTime { pattern=".*Z" } }, attribute asn { asn_list }?, attribute ipv4 { ipv4_list }?, attribute ipv6 { ipv6_list }?, - attribute cn { xsd:string { maxLength="64" pattern="[\-0-9A-Za-z_ ]+" } }?, + attribute cn { xsd:string { maxLength="64" pattern="[\-0-9A-Za-z_ ]+" } }, attribute sn { xsd:string { maxLength="64" pattern="[0-9A-Fa-f]+" } }?, attribute eku { xsd:string { maxLength="512000" pattern="[.,0-9]+" } }?, element pkcs10 { base64 } @@ -280,11 +286,11 @@ list_ee_certificate_requests_reply = element list_ee_certificate_requests { # <list_published_objects/> element list_published_objects_query = element list_published_objects { - tag, self_handle + tag, tenant_handle } list_published_objects_reply = element list_published_objects { - tag, self_handle, + tag, tenant_handle, attribute uri { uri }, attribute child_handle { object_handle }?, base64 @@ -293,11 +299,11 @@ list_published_objects_reply = element list_published_objects { # <list_received_resources/> element list_received_resources_query = element list_received_resources { - tag, self_handle + tag, tenant_handle } list_received_resources_reply = element list_received_resources { - tag, self_handle, parent_handle, + tag, tenant_handle, parent_handle, attribute notBefore { xsd:dateTime { pattern=".*Z" } }, attribute notAfter { xsd:dateTime { pattern=".*Z" } }, attribute uri { uri }, @@ -313,7 +319,7 @@ list_received_resources_reply = element list_received_resources { error = xsd:token { maxLength="1024" } report_error_reply = element report_error { - tag, self_handle?, + tag, tenant_handle?, attribute error_code { error }, xsd:string { maxLength="512000" }? } diff --git a/schemas/relaxng/left-right-schema.rng b/schemas/relaxng/left-right.rng index c5596a2f..cd8c1896 100644 --- a/schemas/relaxng/left-right-schema.rng +++ b/schemas/relaxng/left-right.rng @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- - $Id: left-right-schema.rnc 5902 2014-07-18 16:37:04Z sra $ + $Id$ RelaxNG schema for RPKI left-right protocol. @@ -55,7 +55,7 @@ </start> <!-- PDUs allowed in a query --> <define name="query_elt" combine="choice"> - <ref name="self_query"/> + <ref name="tenant_query"/> </define> <define name="query_elt" combine="choice"> <ref name="bsc_query"/> @@ -89,7 +89,7 @@ </define> <!-- PDUs allowed in a reply --> <define name="reply_elt" combine="choice"> - <ref name="self_reply"/> + <ref name="tenant_reply"/> </define> <define name="reply_elt" combine="choice"> <ref name="bsc_reply"/> @@ -221,8 +221,8 @@ <param name="pattern">[\-,0-9/:a-fA-F]*</param> </data> </define> - <!-- <self/> element --> - <define name="self_bool"> + <!-- <tenant/> element --> + <define name="tenant_bool"> <optional> <attribute name="rekey"> <value>yes</value> @@ -259,7 +259,7 @@ </attribute> </optional> </define> - <define name="self_payload"> + <define name="tenant_payload"> <optional> <attribute name="use_hsm"> <choice> @@ -289,74 +289,74 @@ </element> </optional> </define> - <define name="self_handle"> - <attribute name="self_handle"> + <define name="tenant_handle"> + <attribute name="tenant_handle"> <ref name="object_handle"/> </attribute> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_create"/> - <ref name="self_handle"/> - <ref name="self_bool"/> - <ref name="self_payload"/> + <ref name="tenant_handle"/> + <ref name="tenant_bool"/> + <ref name="tenant_payload"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_set"/> - <ref name="self_handle"/> - <ref name="self_bool"/> - <ref name="self_payload"/> + <ref name="tenant_handle"/> + <ref name="tenant_bool"/> + <ref name="tenant_payload"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_get"/> - <ref name="self_handle"/> - <ref name="self_payload"/> + <ref name="tenant_handle"/> + <ref name="tenant_payload"/> </element> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_list"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_list"/> - <ref name="self_handle"/> - <ref name="self_payload"/> + <ref name="tenant_handle"/> + <ref name="tenant_payload"/> </element> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <!-- <bsc/> element. Key parameters hardwired for now. --> @@ -409,7 +409,7 @@ <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_bool"/> <ref name="bsc_payload"/> @@ -418,7 +418,7 @@ <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_readonly"/> </element> @@ -426,7 +426,7 @@ <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_bool"/> <ref name="bsc_payload"/> @@ -435,7 +435,7 @@ <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_readonly"/> </element> @@ -443,14 +443,14 @@ <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> </element> </define> <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_payload"/> <ref name="bsc_readonly"/> @@ -459,13 +459,13 @@ <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_payload"/> <ref name="bsc_readonly"/> @@ -474,14 +474,14 @@ <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> </element> </define> <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> </element> </define> @@ -546,12 +546,34 @@ </attribute> </optional> <optional> - <element name="bpki_cms_cert"> + <attribute name="root_asn_resources"> + <ref name="asn_list"/> + </attribute> + </optional> + <optional> + <attribute name="root_ipv4_resources"> + <ref name="ipv4_list"/> + </attribute> + </optional> + <optional> + <attribute name="root_ipv6_resources"> + <ref name="ipv6_list"/> + </attribute> + </optional> + <optional> + <element name="bpki_cert"> <ref name="base64"/> </element> </optional> <optional> - <element name="bpki_cms_glue"> + <element name="bpki_glue"> + <ref name="base64"/> + </element> + </optional> + </define> + <define name="parent_readonly"> + <optional> + <element name="rpki_root_cert"> <ref name="base64"/> </element> </optional> @@ -559,7 +581,7 @@ <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <ref name="parent_bool"/> <ref name="parent_payload"/> @@ -568,14 +590,15 @@ <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> + <ref name="parent_readonly"/> </element> </define> <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <ref name="parent_bool"/> <ref name="parent_payload"/> @@ -584,50 +607,53 @@ <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> + <ref name="parent_readonly"/> </element> </define> <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <ref name="parent_payload"/> + <ref name="parent_readonly"/> </element> </define> <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <ref name="parent_payload"/> + <ref name="parent_readonly"/> </element> </define> <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> @@ -667,7 +693,7 @@ <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <ref name="child_bool"/> <ref name="child_payload"/> @@ -676,14 +702,14 @@ <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <ref name="child_bool"/> <ref name="child_payload"/> @@ -692,21 +718,21 @@ <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <ref name="child_payload"/> </element> @@ -714,13 +740,13 @@ <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <ref name="child_payload"/> </element> @@ -728,14 +754,14 @@ <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> @@ -762,6 +788,11 @@ <ref name="bsc_handle"/> </optional> <optional> + <attribute name="rrdp_notification_uri"> + <ref name="uri"/> + </attribute> + </optional> + <optional> <element name="bpki_cert"> <ref name="base64"/> </element> @@ -775,7 +806,7 @@ <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> <ref name="repository_bool"/> <ref name="repository_payload"/> @@ -784,14 +815,14 @@ <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> <ref name="repository_bool"/> <ref name="repository_payload"/> @@ -800,21 +831,21 @@ <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> <ref name="repository_payload"/> </element> @@ -822,13 +853,13 @@ <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> <ref name="repository_payload"/> </element> @@ -836,14 +867,14 @@ <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> @@ -851,14 +882,14 @@ <define name="list_resources_query"> <element name="list_resources"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="list_resources_reply"> <element name="list_resources"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <attribute name="valid_until"> <data type="dateTime"> @@ -886,13 +917,13 @@ <define name="list_roa_requests_query"> <element name="list_roa_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="list_roa_requests_reply"> <element name="list_roa_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <attribute name="asn"> <data type="nonNegativeInteger"/> </attribute> @@ -912,14 +943,14 @@ <define name="list_ghostbuster_requests_query"> <element name="list_ghostbuster_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> <define name="list_ghostbuster_requests_reply"> <element name="list_ghostbuster_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <data type="string"/> </element> @@ -928,13 +959,13 @@ <define name="list_ee_certificate_requests_query"> <element name="list_ee_certificate_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="list_ee_certificate_requests_reply"> <element name="list_ee_certificate_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <attribute name="gski"> <data type="token"> <param name="minLength">27</param> @@ -961,14 +992,12 @@ <ref name="ipv6_list"/> </attribute> </optional> - <optional> - <attribute name="cn"> - <data type="string"> - <param name="maxLength">64</param> - <param name="pattern">[\-0-9A-Za-z_ ]+</param> - </data> - </attribute> - </optional> + <attribute name="cn"> + <data type="string"> + <param name="maxLength">64</param> + <param name="pattern">[\-0-9A-Za-z_ ]+</param> + </data> + </attribute> <optional> <attribute name="sn"> <data type="string"> @@ -994,13 +1023,13 @@ <define name="list_published_objects_query"> <element name="list_published_objects"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="list_published_objects_reply"> <element name="list_published_objects"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <attribute name="uri"> <ref name="uri"/> </attribute> @@ -1016,13 +1045,13 @@ <define name="list_received_resources_query"> <element name="list_received_resources"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="list_received_resources_reply"> <element name="list_received_resources"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <attribute name="notBefore"> <data type="dateTime"> @@ -1070,7 +1099,7 @@ <element name="report_error"> <ref name="tag"/> <optional> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </optional> <attribute name="error_code"> <ref name="error"/> diff --git a/schemas/relaxng/myrpki.rng b/schemas/relaxng/myrpki.rng index 8c7473eb..3beafe8f 100644 --- a/schemas/relaxng/myrpki.rng +++ b/schemas/relaxng/myrpki.rng @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- - $Id: myrpki.rnc 5757 2014-04-05 22:42:12Z sra $ + $Id: myrpki.rnc 5876 2014-06-26 19:00:12Z sra $ RelaxNG schema for MyRPKI XML messages. diff --git a/schemas/relaxng/oob-setup.rnc b/schemas/relaxng/oob-setup.rnc new file mode 100644 index 00000000..3bd7a652 --- /dev/null +++ b/schemas/relaxng/oob-setup.rnc @@ -0,0 +1,68 @@ +# $Id: rpki-setup.rnc 3429 2015-10-14 23:46:50Z sra $ + +default namespace = "http://www.hactrn.net/uris/rpki/rpki-setup/" + +version = "1" + +base64 = xsd:base64Binary { maxLength="512000" } +handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]*" } +uri = xsd:anyURI { maxLength="4096" } +any = element * { attribute * { text }*, ( any | text )* } + +authorization_token = base64 +bpki_ta = base64 + +start |= element child_request { + attribute version { version }, + attribute child_handle { handle }, + element child_bpki_ta { bpki_ta } +} + +start |= element parent_response { + attribute version { version }, + attribute service_uri { uri }, + attribute child_handle { handle }, + attribute parent_handle { handle }, + element parent_bpki_ta { bpki_ta }, + element offer { empty }?, + element referral { + attribute referrer { handle }, + attribute contact_uri { uri }?, + authorization_token + }* +} + +start |= element publisher_request { + attribute version { version }, + attribute publisher_handle { handle }, + element publisher_bpki_ta { bpki_ta }, + element referral { + attribute referrer { handle }, + authorization_token + }* +} + +start |= element repository_response { + attribute version { version }, + attribute service_uri { uri }, + attribute publisher_handle { handle }, + attribute sia_base { uri }, + attribute rrdp_notification_uri { uri }?, + element repository_bpki_ta { bpki_ta } +} + +start |= element authorization { + attribute version { version }, + attribute authorized_sia_base { uri }, + bpki_ta +} + +start |= element error { + attribute version { version }, + attribute reason { + "syntax-error" | + "authentication-failure" | + "refused" + }, + any? +} diff --git a/schemas/relaxng/oob-setup.rng b/schemas/relaxng/oob-setup.rng new file mode 100644 index 00000000..00278047 --- /dev/null +++ b/schemas/relaxng/oob-setup.rng @@ -0,0 +1,168 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- $Id: rpki-setup.rnc 3429 2015-10-14 23:46:50Z sra $ --> +<grammar ns="http://www.hactrn.net/uris/rpki/rpki-setup/" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> + <define name="version"> + <value>1</value> + </define> + <define name="base64"> + <data type="base64Binary"> + <param name="maxLength">512000</param> + </data> + </define> + <define name="handle"> + <data type="string"> + <param name="maxLength">255</param> + <param name="pattern">[\-_A-Za-z0-9/]*</param> + </data> + </define> + <define name="uri"> + <data type="anyURI"> + <param name="maxLength">4096</param> + </data> + </define> + <define name="any"> + <element> + <anyName/> + <zeroOrMore> + <attribute> + <anyName/> + </attribute> + </zeroOrMore> + <zeroOrMore> + <choice> + <ref name="any"/> + <text/> + </choice> + </zeroOrMore> + </element> + </define> + <define name="authorization_token"> + <ref name="base64"/> + </define> + <define name="bpki_ta"> + <ref name="base64"/> + </define> + <start combine="choice"> + <element name="child_request"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="child_handle"> + <ref name="handle"/> + </attribute> + <element name="child_bpki_ta"> + <ref name="bpki_ta"/> + </element> + </element> + </start> + <start combine="choice"> + <element name="parent_response"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="service_uri"> + <ref name="uri"/> + </attribute> + <attribute name="child_handle"> + <ref name="handle"/> + </attribute> + <attribute name="parent_handle"> + <ref name="handle"/> + </attribute> + <element name="parent_bpki_ta"> + <ref name="bpki_ta"/> + </element> + <optional> + <element name="offer"> + <empty/> + </element> + </optional> + <zeroOrMore> + <element name="referral"> + <attribute name="referrer"> + <ref name="handle"/> + </attribute> + <optional> + <attribute name="contact_uri"> + <ref name="uri"/> + </attribute> + </optional> + <ref name="authorization_token"/> + </element> + </zeroOrMore> + </element> + </start> + <start combine="choice"> + <element name="publisher_request"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="publisher_handle"> + <ref name="handle"/> + </attribute> + <element name="publisher_bpki_ta"> + <ref name="bpki_ta"/> + </element> + <zeroOrMore> + <element name="referral"> + <attribute name="referrer"> + <ref name="handle"/> + </attribute> + <ref name="authorization_token"/> + </element> + </zeroOrMore> + </element> + </start> + <start combine="choice"> + <element name="repository_response"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="service_uri"> + <ref name="uri"/> + </attribute> + <attribute name="publisher_handle"> + <ref name="handle"/> + </attribute> + <attribute name="sia_base"> + <ref name="uri"/> + </attribute> + <optional> + <attribute name="rrdp_notification_uri"> + <ref name="uri"/> + </attribute> + </optional> + <element name="repository_bpki_ta"> + <ref name="bpki_ta"/> + </element> + </element> + </start> + <start combine="choice"> + <element name="authorization"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="authorized_sia_base"> + <ref name="uri"/> + </attribute> + <ref name="bpki_ta"/> + </element> + </start> + <start combine="choice"> + <element name="error"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="reason"> + <choice> + <value>syntax-error</value> + <value>authentication-failure</value> + <value>refused</value> + </choice> + </attribute> + <optional> + <ref name="any"/> + </optional> + </element> + </start> +</grammar> diff --git a/schemas/relaxng/publication-schema.rnc b/schemas/relaxng/publication-control.rnc index fdf38c9e..ac59c617 100644 --- a/schemas/relaxng/publication-schema.rnc +++ b/schemas/relaxng/publication-control.rnc @@ -19,7 +19,7 @@ # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -default namespace = "http://www.hactrn.net/uris/rpki/publication-spec/" +default namespace = "http://www.hactrn.net/uris/rpki/publication-control/" version = "1" @@ -32,12 +32,10 @@ start = element msg { } # PDUs allowed in a query -query_elt = ( config_query | client_query | certificate_query | crl_query | - manifest_query | roa_query | ghostbuster_query ) +query_elt = client_query # PDUs allowed in a reply -reply_elt = ( config_reply | client_reply | certificate_reply | crl_reply | - manifest_reply | roa_reply | ghostbuster_reply | report_error_reply ) +reply_elt = ( client_reply | report_error_reply ) # Tag attributes for bulk operations tag = attribute tag { xsd:token {maxLength="1024" } } @@ -58,17 +56,7 @@ uri = attribute uri { uri_t } # hierarchy delimiter. object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]+" } -# <config/> element (use restricted to repository operator) -# config_handle attribute, create, list, and destroy commands omitted deliberately, see code for details - -config_payload = (element bpki_crl { base64 }?) - -config_query |= element config { attribute action { "set" }, tag?, config_payload } -config_reply |= element config { attribute action { "set" }, tag? } -config_query |= element config { attribute action { "get" }, tag? } -config_reply |= element config { attribute action { "get" }, tag?, config_payload } - -# <client/> element (use restricted to repository operator) +# <client/> element client_handle = attribute client_handle { object_handle } @@ -87,41 +75,6 @@ client_reply |= element client { attribute action { "list" }, tag?, client_ha client_query |= element client { attribute action { "destroy" }, tag?, client_handle } client_reply |= element client { attribute action { "destroy" }, tag?, client_handle } -# <certificate/> element - -certificate_query |= element certificate { attribute action { "publish" }, tag?, uri, base64 } -certificate_reply |= element certificate { attribute action { "publish" }, tag?, uri } -certificate_query |= element certificate { attribute action { "withdraw" }, tag?, uri } -certificate_reply |= element certificate { attribute action { "withdraw" }, tag?, uri } - -# <crl/> element - -crl_query |= element crl { attribute action { "publish" }, tag?, uri, base64 } -crl_reply |= element crl { attribute action { "publish" }, tag?, uri } -crl_query |= element crl { attribute action { "withdraw" }, tag?, uri } -crl_reply |= element crl { attribute action { "withdraw" }, tag?, uri } - -# <manifest/> element - -manifest_query |= element manifest { attribute action { "publish" }, tag?, uri, base64 } -manifest_reply |= element manifest { attribute action { "publish" }, tag?, uri } -manifest_query |= element manifest { attribute action { "withdraw" }, tag?, uri } -manifest_reply |= element manifest { attribute action { "withdraw" }, tag?, uri } - -# <roa/> element - -roa_query |= element roa { attribute action { "publish" }, tag?, uri, base64 } -roa_reply |= element roa { attribute action { "publish" }, tag?, uri } -roa_query |= element roa { attribute action { "withdraw" }, tag?, uri } -roa_reply |= element roa { attribute action { "withdraw" }, tag?, uri } - -# <ghostbuster/> element - -ghostbuster_query |= element ghostbuster { attribute action { "publish" }, tag?, uri, base64 } -ghostbuster_reply |= element ghostbuster { attribute action { "publish" }, tag?, uri } -ghostbuster_query |= element ghostbuster { attribute action { "withdraw" }, tag?, uri } -ghostbuster_reply |= element ghostbuster { attribute action { "withdraw" }, tag?, uri } - # <report_error/> element error = xsd:token { maxLength="1024" } diff --git a/schemas/relaxng/publication-control.rng b/schemas/relaxng/publication-control.rng new file mode 100644 index 00000000..606deb53 --- /dev/null +++ b/schemas/relaxng/publication-control.rng @@ -0,0 +1,280 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + $Id: publication-control.rnc 5903 2014-07-18 17:08:13Z sra $ + + RelaxNG schema for RPKI publication protocol. + + Copyright (C) 2012- -2014 Dragon Research Labs ("DRL") + Portions copyright (C) 2009- -2011 Internet Systems Consortium ("ISC") + Portions copyright (C) 2007- -2008 American Registry for Internet Numbers ("ARIN") + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notices and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND DRL, ISC, AND ARIN DISCLAIM ALL + WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL, + ISC, OR ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +--> +<grammar ns="http://www.hactrn.net/uris/rpki/publication-control/" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> + <define name="version"> + <value>1</value> + </define> + <!-- Top level PDU --> + <start> + <element name="msg"> + <attribute name="version"> + <data type="positiveInteger"> + <param name="maxInclusive">1</param> + </data> + </attribute> + <choice> + <group> + <attribute name="type"> + <value>query</value> + </attribute> + <zeroOrMore> + <ref name="query_elt"/> + </zeroOrMore> + </group> + <group> + <attribute name="type"> + <value>reply</value> + </attribute> + <zeroOrMore> + <ref name="reply_elt"/> + </zeroOrMore> + </group> + </choice> + </element> + </start> + <!-- PDUs allowed in a query --> + <define name="query_elt"> + <ref name="client_query"/> + </define> + <!-- PDUs allowed in a reply --> + <define name="reply_elt"> + <choice> + <ref name="client_reply"/> + <ref name="report_error_reply"/> + </choice> + </define> + <!-- Tag attributes for bulk operations --> + <define name="tag"> + <attribute name="tag"> + <data type="token"> + <param name="maxLength">1024</param> + </data> + </attribute> + </define> + <!-- + Base64 encoded DER stuff + base64 = xsd:base64Binary { maxLength="512000" } + + Sadly, it turns out that CRLs can in fact get longer than this for an active CA. + Remove length limit for now, think about whether to put it back later. + --> + <define name="base64"> + <data type="base64Binary"/> + </define> + <!-- Publication URLs --> + <define name="uri_t"> + <data type="anyURI"> + <param name="maxLength">4096</param> + </data> + </define> + <define name="uri"> + <attribute name="uri"> + <ref name="uri_t"/> + </attribute> + </define> + <!-- + Handles on remote objects (replaces passing raw SQL IDs). NB: + Unlike the up-down protocol, handles in this protocol allow "/" as a + hierarchy delimiter. + --> + <define name="object_handle"> + <data type="string"> + <param name="maxLength">255</param> + <param name="pattern">[\-_A-Za-z0-9/]+</param> + </data> + </define> + <!-- <client/> element --> + <define name="client_handle"> + <attribute name="client_handle"> + <ref name="object_handle"/> + </attribute> + </define> + <define name="client_bool"> + <optional> + <attribute name="clear_replay_protection"> + <value>yes</value> + </attribute> + </optional> + </define> + <define name="client_payload"> + <optional> + <attribute name="base_uri"> + <ref name="uri_t"/> + </attribute> + </optional> + <optional> + <element name="bpki_cert"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_glue"> + <ref name="base64"/> + </element> + </optional> + </define> + <define name="client_query" combine="choice"> + <element name="client"> + <attribute name="action"> + <value>create</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + <ref name="client_handle"/> + <ref name="client_bool"/> + <ref name="client_payload"/> + </element> + </define> + <define name="client_reply" combine="choice"> + <element name="client"> + <attribute name="action"> + <value>create</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + <ref name="client_handle"/> + </element> + </define> + <define name="client_query" combine="choice"> + <element name="client"> + <attribute name="action"> + <value>set</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + <ref name="client_handle"/> + <ref name="client_bool"/> + <ref name="client_payload"/> + </element> + </define> + <define name="client_reply" combine="choice"> + <element name="client"> + <attribute name="action"> + <value>set</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + <ref name="client_handle"/> + </element> + </define> + <define name="client_query" combine="choice"> + <element name="client"> + <attribute name="action"> + <value>get</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + <ref name="client_handle"/> + </element> + </define> + <define name="client_reply" combine="choice"> + <element name="client"> + <attribute name="action"> + <value>get</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + <ref name="client_handle"/> + <ref name="client_payload"/> + </element> + </define> + <define name="client_query" combine="choice"> + <element name="client"> + <attribute name="action"> + <value>list</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + </element> + </define> + <define name="client_reply" combine="choice"> + <element name="client"> + <attribute name="action"> + <value>list</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + <ref name="client_handle"/> + <ref name="client_payload"/> + </element> + </define> + <define name="client_query" combine="choice"> + <element name="client"> + <attribute name="action"> + <value>destroy</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + <ref name="client_handle"/> + </element> + </define> + <define name="client_reply" combine="choice"> + <element name="client"> + <attribute name="action"> + <value>destroy</value> + </attribute> + <optional> + <ref name="tag"/> + </optional> + <ref name="client_handle"/> + </element> + </define> + <!-- <report_error/> element --> + <define name="error"> + <data type="token"> + <param name="maxLength">1024</param> + </data> + </define> + <define name="report_error_reply"> + <element name="report_error"> + <optional> + <ref name="tag"/> + </optional> + <attribute name="error_code"> + <ref name="error"/> + </attribute> + <optional> + <data type="string"> + <param name="maxLength">512000</param> + </data> + </optional> + </element> + </define> +</grammar> +<!-- + Local Variables: + indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" + End: +--> diff --git a/schemas/relaxng/publication-schema.rng b/schemas/relaxng/publication-schema.rng deleted file mode 100644 index 482fa477..00000000 --- a/schemas/relaxng/publication-schema.rng +++ /dev/null @@ -1,577 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - $Id: publication-schema.rnc 5902 2014-07-18 16:37:04Z sra $ - - RelaxNG schema for RPKI publication protocol. - - Copyright (C) 2012- -2014 Dragon Research Labs ("DRL") - Portions copyright (C) 2009- -2011 Internet Systems Consortium ("ISC") - Portions copyright (C) 2007- -2008 American Registry for Internet Numbers ("ARIN") - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notices and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND DRL, ISC, AND ARIN DISCLAIM ALL - WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED - WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL, - ISC, OR ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR - CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS - OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ---> -<grammar ns="http://www.hactrn.net/uris/rpki/publication-spec/" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> - <define name="version"> - <value>1</value> - </define> - <!-- Top level PDU --> - <start> - <element name="msg"> - <attribute name="version"> - <data type="positiveInteger"> - <param name="maxInclusive">1</param> - </data> - </attribute> - <choice> - <group> - <attribute name="type"> - <value>query</value> - </attribute> - <zeroOrMore> - <ref name="query_elt"/> - </zeroOrMore> - </group> - <group> - <attribute name="type"> - <value>reply</value> - </attribute> - <zeroOrMore> - <ref name="reply_elt"/> - </zeroOrMore> - </group> - </choice> - </element> - </start> - <!-- PDUs allowed in a query --> - <define name="query_elt"> - <choice> - <ref name="config_query"/> - <ref name="client_query"/> - <ref name="certificate_query"/> - <ref name="crl_query"/> - <ref name="manifest_query"/> - <ref name="roa_query"/> - <ref name="ghostbuster_query"/> - </choice> - </define> - <!-- PDUs allowed in a reply --> - <define name="reply_elt"> - <choice> - <ref name="config_reply"/> - <ref name="client_reply"/> - <ref name="certificate_reply"/> - <ref name="crl_reply"/> - <ref name="manifest_reply"/> - <ref name="roa_reply"/> - <ref name="ghostbuster_reply"/> - <ref name="report_error_reply"/> - </choice> - </define> - <!-- Tag attributes for bulk operations --> - <define name="tag"> - <attribute name="tag"> - <data type="token"> - <param name="maxLength">1024</param> - </data> - </attribute> - </define> - <!-- - Base64 encoded DER stuff - base64 = xsd:base64Binary { maxLength="512000" } - - Sadly, it turns out that CRLs can in fact get longer than this for an active CA. - Remove length limit for now, think about whether to put it back later. - --> - <define name="base64"> - <data type="base64Binary"/> - </define> - <!-- Publication URLs --> - <define name="uri_t"> - <data type="anyURI"> - <param name="maxLength">4096</param> - </data> - </define> - <define name="uri"> - <attribute name="uri"> - <ref name="uri_t"/> - </attribute> - </define> - <!-- - Handles on remote objects (replaces passing raw SQL IDs). NB: - Unlike the up-down protocol, handles in this protocol allow "/" as a - hierarchy delimiter. - --> - <define name="object_handle"> - <data type="string"> - <param name="maxLength">255</param> - <param name="pattern">[\-_A-Za-z0-9/]+</param> - </data> - </define> - <!-- - <config/> element (use restricted to repository operator) - config_handle attribute, create, list, and destroy commands omitted deliberately, see code for details - --> - <define name="config_payload"> - <optional> - <element name="bpki_crl"> - <ref name="base64"/> - </element> - </optional> - </define> - <define name="config_query" combine="choice"> - <element name="config"> - <attribute name="action"> - <value>set</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="config_payload"/> - </element> - </define> - <define name="config_reply" combine="choice"> - <element name="config"> - <attribute name="action"> - <value>set</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - </element> - </define> - <define name="config_query" combine="choice"> - <element name="config"> - <attribute name="action"> - <value>get</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - </element> - </define> - <define name="config_reply" combine="choice"> - <element name="config"> - <attribute name="action"> - <value>get</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="config_payload"/> - </element> - </define> - <!-- <client/> element (use restricted to repository operator) --> - <define name="client_handle"> - <attribute name="client_handle"> - <ref name="object_handle"/> - </attribute> - </define> - <define name="client_bool"> - <optional> - <attribute name="clear_replay_protection"> - <value>yes</value> - </attribute> - </optional> - </define> - <define name="client_payload"> - <optional> - <attribute name="base_uri"> - <ref name="uri_t"/> - </attribute> - </optional> - <optional> - <element name="bpki_cert"> - <ref name="base64"/> - </element> - </optional> - <optional> - <element name="bpki_glue"> - <ref name="base64"/> - </element> - </optional> - </define> - <define name="client_query" combine="choice"> - <element name="client"> - <attribute name="action"> - <value>create</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="client_handle"/> - <ref name="client_bool"/> - <ref name="client_payload"/> - </element> - </define> - <define name="client_reply" combine="choice"> - <element name="client"> - <attribute name="action"> - <value>create</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="client_handle"/> - </element> - </define> - <define name="client_query" combine="choice"> - <element name="client"> - <attribute name="action"> - <value>set</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="client_handle"/> - <ref name="client_bool"/> - <ref name="client_payload"/> - </element> - </define> - <define name="client_reply" combine="choice"> - <element name="client"> - <attribute name="action"> - <value>set</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="client_handle"/> - </element> - </define> - <define name="client_query" combine="choice"> - <element name="client"> - <attribute name="action"> - <value>get</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="client_handle"/> - </element> - </define> - <define name="client_reply" combine="choice"> - <element name="client"> - <attribute name="action"> - <value>get</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="client_handle"/> - <ref name="client_payload"/> - </element> - </define> - <define name="client_query" combine="choice"> - <element name="client"> - <attribute name="action"> - <value>list</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - </element> - </define> - <define name="client_reply" combine="choice"> - <element name="client"> - <attribute name="action"> - <value>list</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="client_handle"/> - <ref name="client_payload"/> - </element> - </define> - <define name="client_query" combine="choice"> - <element name="client"> - <attribute name="action"> - <value>destroy</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="client_handle"/> - </element> - </define> - <define name="client_reply" combine="choice"> - <element name="client"> - <attribute name="action"> - <value>destroy</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="client_handle"/> - </element> - </define> - <!-- <certificate/> element --> - <define name="certificate_query" combine="choice"> - <element name="certificate"> - <attribute name="action"> - <value>publish</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - <ref name="base64"/> - </element> - </define> - <define name="certificate_reply" combine="choice"> - <element name="certificate"> - <attribute name="action"> - <value>publish</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <define name="certificate_query" combine="choice"> - <element name="certificate"> - <attribute name="action"> - <value>withdraw</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <define name="certificate_reply" combine="choice"> - <element name="certificate"> - <attribute name="action"> - <value>withdraw</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <!-- <crl/> element --> - <define name="crl_query" combine="choice"> - <element name="crl"> - <attribute name="action"> - <value>publish</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - <ref name="base64"/> - </element> - </define> - <define name="crl_reply" combine="choice"> - <element name="crl"> - <attribute name="action"> - <value>publish</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <define name="crl_query" combine="choice"> - <element name="crl"> - <attribute name="action"> - <value>withdraw</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <define name="crl_reply" combine="choice"> - <element name="crl"> - <attribute name="action"> - <value>withdraw</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <!-- <manifest/> element --> - <define name="manifest_query" combine="choice"> - <element name="manifest"> - <attribute name="action"> - <value>publish</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - <ref name="base64"/> - </element> - </define> - <define name="manifest_reply" combine="choice"> - <element name="manifest"> - <attribute name="action"> - <value>publish</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <define name="manifest_query" combine="choice"> - <element name="manifest"> - <attribute name="action"> - <value>withdraw</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <define name="manifest_reply" combine="choice"> - <element name="manifest"> - <attribute name="action"> - <value>withdraw</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <!-- <roa/> element --> - <define name="roa_query" combine="choice"> - <element name="roa"> - <attribute name="action"> - <value>publish</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - <ref name="base64"/> - </element> - </define> - <define name="roa_reply" combine="choice"> - <element name="roa"> - <attribute name="action"> - <value>publish</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <define name="roa_query" combine="choice"> - <element name="roa"> - <attribute name="action"> - <value>withdraw</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <define name="roa_reply" combine="choice"> - <element name="roa"> - <attribute name="action"> - <value>withdraw</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <!-- <ghostbuster/> element --> - <define name="ghostbuster_query" combine="choice"> - <element name="ghostbuster"> - <attribute name="action"> - <value>publish</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - <ref name="base64"/> - </element> - </define> - <define name="ghostbuster_reply" combine="choice"> - <element name="ghostbuster"> - <attribute name="action"> - <value>publish</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <define name="ghostbuster_query" combine="choice"> - <element name="ghostbuster"> - <attribute name="action"> - <value>withdraw</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <define name="ghostbuster_reply" combine="choice"> - <element name="ghostbuster"> - <attribute name="action"> - <value>withdraw</value> - </attribute> - <optional> - <ref name="tag"/> - </optional> - <ref name="uri"/> - </element> - </define> - <!-- <report_error/> element --> - <define name="error"> - <data type="token"> - <param name="maxLength">1024</param> - </data> - </define> - <define name="report_error_reply"> - <element name="report_error"> - <optional> - <ref name="tag"/> - </optional> - <attribute name="error_code"> - <ref name="error"/> - </attribute> - <optional> - <data type="string"> - <param name="maxLength">512000</param> - </data> - </optional> - </element> - </define> -</grammar> -<!-- - Local Variables: - indent-tabs-mode: nil - comment-start: "# " - comment-start-skip: "#[ \t]*" - End: ---> diff --git a/schemas/relaxng/publication.rnc b/schemas/relaxng/publication.rnc new file mode 100644 index 00000000..f3d1f94e --- /dev/null +++ b/schemas/relaxng/publication.rnc @@ -0,0 +1,111 @@ +# $Id$ +# +# RelaxNG schema for RPKI publication protocol, from current I-D. +# +# Copyright (c) 2014 IETF Trust and the persons identified as authors +# of the code. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# * Neither the name of Internet Society, IETF or IETF Trust, nor the +# names of specific contributors, may be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +default namespace = + "http://www.hactrn.net/uris/rpki/publication-spec/" + +# This is version 3 of the protocol. + +version = "3" + +# Top level PDU is either a query or a reply. + +start |= element msg { + attribute version { version }, + attribute type { "query" }, + query_elt* +} + +start |= element msg { + attribute version { version }, + attribute type { "reply" }, + reply_elt* +} + +# PDUs allowed in queries and replies. + +query_elt = publish_query | withdraw_query | list_query +reply_elt = publish_reply | withdraw_reply | list_reply | report_error_reply + +# Tag attributes for bulk operations. + +tag = attribute tag { xsd:token { maxLength="1024" } } + +# Base64 encoded DER stuff. + +base64 = xsd:base64Binary + +# Publication URIs. + +uri = attribute uri { xsd:anyURI { maxLength="4096" } } + +# Digest of objects being withdrawn + +hash = attribute hash { xsd:string { pattern = "[0-9a-fA-F]+" } } + +# Error codes. + +error = xsd:token { maxLength="1024" } + +# <publish/> element + +publish_query = element publish { tag?, uri, hash?, base64 } +publish_reply = element publish { tag?, uri } + +# <withdraw/> element + +withdraw_query = element withdraw { tag?, uri, hash } +withdraw_reply = element withdraw { tag?, uri } + +# <list/> element + +list_query = element list { tag? } +list_reply = element list { tag?, uri, hash } + +# <report_error/> element + +report_error_reply = element report_error { + tag?, + attribute error_code { error }, + xsd:string { maxLength="512000" }? +} + +# Local Variables: +# indent-tabs-mode: nil +# comment-start: "# " +# comment-start-skip: "#[ \t]*" +# End: diff --git a/schemas/relaxng/publication.rng b/schemas/relaxng/publication.rng new file mode 100644 index 00000000..5e72407e --- /dev/null +++ b/schemas/relaxng/publication.rng @@ -0,0 +1,201 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + $Id: publication.rnc 5896 2014-07-15 19:34:32Z sra $ + + RelaxNG schema for RPKI publication protocol, from current I-D. + + Copyright (c) 2014 IETF Trust and the persons identified as authors + of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + * Neither the name of Internet Society, IETF or IETF Trust, nor the + names of specific contributors, may be used to endorse or promote + products derived from this software without specific prior written + permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +--> +<grammar ns="http://www.hactrn.net/uris/rpki/publication-spec/" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> + <!-- This is version 3 of the protocol. --> + <define name="version"> + <value>3</value> + </define> + <!-- Top level PDU is either a query or a reply. --> + <start combine="choice"> + <element name="msg"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="type"> + <value>query</value> + </attribute> + <zeroOrMore> + <ref name="query_elt"/> + </zeroOrMore> + </element> + </start> + <start combine="choice"> + <element name="msg"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="type"> + <value>reply</value> + </attribute> + <zeroOrMore> + <ref name="reply_elt"/> + </zeroOrMore> + </element> + </start> + <!-- PDUs allowed in queries and replies. --> + <define name="query_elt"> + <choice> + <ref name="publish_query"/> + <ref name="withdraw_query"/> + <ref name="list_query"/> + </choice> + </define> + <define name="reply_elt"> + <choice> + <ref name="publish_reply"/> + <ref name="withdraw_reply"/> + <ref name="list_reply"/> + <ref name="report_error_reply"/> + </choice> + </define> + <!-- Tag attributes for bulk operations. --> + <define name="tag"> + <attribute name="tag"> + <data type="token"> + <param name="maxLength">1024</param> + </data> + </attribute> + </define> + <!-- Base64 encoded DER stuff. --> + <define name="base64"> + <data type="base64Binary"/> + </define> + <!-- Publication URIs. --> + <define name="uri"> + <attribute name="uri"> + <data type="anyURI"> + <param name="maxLength">4096</param> + </data> + </attribute> + </define> + <!-- Digest of objects being withdrawn --> + <define name="hash"> + <attribute name="hash"> + <data type="string"> + <param name="pattern">[0-9a-fA-F]+</param> + </data> + </attribute> + </define> + <!-- Error codes. --> + <define name="error"> + <data type="token"> + <param name="maxLength">1024</param> + </data> + </define> + <!-- <publish/> element --> + <define name="publish_query"> + <element name="publish"> + <optional> + <ref name="tag"/> + </optional> + <ref name="uri"/> + <optional> + <ref name="hash"/> + </optional> + <ref name="base64"/> + </element> + </define> + <define name="publish_reply"> + <element name="publish"> + <optional> + <ref name="tag"/> + </optional> + <ref name="uri"/> + </element> + </define> + <!-- <withdraw/> element --> + <define name="withdraw_query"> + <element name="withdraw"> + <optional> + <ref name="tag"/> + </optional> + <ref name="uri"/> + <ref name="hash"/> + </element> + </define> + <define name="withdraw_reply"> + <element name="withdraw"> + <optional> + <ref name="tag"/> + </optional> + <ref name="uri"/> + </element> + </define> + <!-- <list/> element --> + <define name="list_query"> + <element name="list"> + <optional> + <ref name="tag"/> + </optional> + </element> + </define> + <define name="list_reply"> + <element name="list"> + <optional> + <ref name="tag"/> + </optional> + <ref name="uri"/> + <ref name="hash"/> + </element> + </define> + <!-- <report_error/> element --> + <define name="report_error_reply"> + <element name="report_error"> + <optional> + <ref name="tag"/> + </optional> + <attribute name="error_code"> + <ref name="error"/> + </attribute> + <optional> + <data type="string"> + <param name="maxLength">512000</param> + </data> + </optional> + </element> + </define> +</grammar> +<!-- + Local Variables: + indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" + End: +--> diff --git a/schemas/relaxng/router-certificate-schema.rnc b/schemas/relaxng/router-certificate.rnc index 8cc325ce..8cc325ce 100644 --- a/schemas/relaxng/router-certificate-schema.rnc +++ b/schemas/relaxng/router-certificate.rnc diff --git a/schemas/relaxng/router-certificate-schema.rng b/schemas/relaxng/router-certificate.rng index 90b50107..9352ed76 100644 --- a/schemas/relaxng/router-certificate-schema.rng +++ b/schemas/relaxng/router-certificate.rng @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- - $Id: router-certificate-schema.rnc 5757 2014-04-05 22:42:12Z sra $ + $Id: router-certificate.rnc 5881 2014-07-03 16:55:02Z sra $ RelaxNG schema for BGPSEC router certificate interchange format. diff --git a/schemas/relaxng/rrdp.rnc b/schemas/relaxng/rrdp.rnc new file mode 100644 index 00000000..7809abdd --- /dev/null +++ b/schemas/relaxng/rrdp.rnc @@ -0,0 +1,81 @@ +# $Id$ +# +# RelaxNG schema for RPKI Repository Delta Protocol (RRDP). +# +# Copyright (C) 2014 Dragon Research Labs ("DRL") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND DRL DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL DRL BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +default namespace = "http://www.ripe.net/rpki/rrdp" + +version = xsd:positiveInteger { maxInclusive="1" } +serial = xsd:nonNegativeInteger +uri = xsd:anyURI +uuid = xsd:string { pattern = "[\-0-9a-fA-F]+" } +hash = xsd:string { pattern = "[0-9a-fA-F]+" } +base64 = xsd:base64Binary + +# Notification file: lists current snapshots and deltas + +start |= element notification { + attribute version { version }, + attribute session_id { uuid }, + attribute serial { serial }, + element snapshot { + attribute uri { uri }, + attribute hash { hash } + }, + element delta { + attribute serial { serial }, + attribute uri { uri }, + attribute hash { hash } + }* +} + +# Snapshot segment: think DNS AXFR. + +start |= element snapshot { + attribute version { version }, + attribute session_id { uuid }, + attribute serial { serial }, + element publish { + attribute uri { uri }, + base64 + }* +} + +# Delta segment: think DNS IXFR. + +start |= element delta { + attribute version { version }, + attribute session_id { uuid }, + attribute serial { serial }, + delta_element+ +} + +delta_element |= element publish { + attribute uri { uri }, + attribute hash { hash }?, + base64 +} + +delta_element |= element withdraw { + attribute uri { uri }, + attribute hash { hash } +} + +# Local Variables: +# indent-tabs-mode: nil +# comment-start: "# " +# comment-start-skip: "#[ \t]*" +# End: diff --git a/schemas/relaxng/rrdp.rng b/schemas/relaxng/rrdp.rng new file mode 100644 index 00000000..7d2fde9c --- /dev/null +++ b/schemas/relaxng/rrdp.rng @@ -0,0 +1,150 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + $Id: rrdp.rnc 6010 2014-11-08 18:01:58Z sra $ + + RelaxNG schema for RPKI Repository Delta Protocol (RRDP). + + Copyright (C) 2014 Dragon Research Labs ("DRL") + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND DRL DISCLAIMS ALL WARRANTIES WITH + REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS. IN NO EVENT SHALL DRL BE LIABLE FOR ANY SPECIAL, DIRECT, + INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + PERFORMANCE OF THIS SOFTWARE. +--> +<grammar ns="http://www.ripe.net/rpki/rrdp" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> + <define name="version"> + <data type="positiveInteger"> + <param name="maxInclusive">1</param> + </data> + </define> + <define name="serial"> + <data type="nonNegativeInteger"/> + </define> + <define name="uri"> + <data type="anyURI"/> + </define> + <define name="uuid"> + <data type="string"> + <param name="pattern">[\-0-9a-fA-F]+</param> + </data> + </define> + <define name="hash"> + <data type="string"> + <param name="pattern">[0-9a-fA-F]+</param> + </data> + </define> + <define name="base64"> + <data type="base64Binary"/> + </define> + <!-- Notification file: lists current snapshots and deltas --> + <start combine="choice"> + <element name="notification"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="session_id"> + <ref name="uuid"/> + </attribute> + <attribute name="serial"> + <ref name="serial"/> + </attribute> + <element name="snapshot"> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + <attribute name="hash"> + <ref name="hash"/> + </attribute> + </element> + <zeroOrMore> + <element name="delta"> + <attribute name="serial"> + <ref name="serial"/> + </attribute> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + <attribute name="hash"> + <ref name="hash"/> + </attribute> + </element> + </zeroOrMore> + </element> + </start> + <!-- Snapshot segment: think DNS AXFR. --> + <start combine="choice"> + <element name="snapshot"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="session_id"> + <ref name="uuid"/> + </attribute> + <attribute name="serial"> + <ref name="serial"/> + </attribute> + <zeroOrMore> + <element name="publish"> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + <ref name="base64"/> + </element> + </zeroOrMore> + </element> + </start> + <!-- Delta segment: think DNS IXFR. --> + <start combine="choice"> + <element name="delta"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="session_id"> + <ref name="uuid"/> + </attribute> + <attribute name="serial"> + <ref name="serial"/> + </attribute> + <oneOrMore> + <ref name="delta_element"/> + </oneOrMore> + </element> + </start> + <define name="delta_element" combine="choice"> + <element name="publish"> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + <optional> + <attribute name="hash"> + <ref name="hash"/> + </attribute> + </optional> + <ref name="base64"/> + </element> + </define> + <define name="delta_element" combine="choice"> + <element name="withdraw"> + <attribute name="uri"> + <ref name="uri"/> + </attribute> + <attribute name="hash"> + <ref name="hash"/> + </attribute> + </element> + </define> +</grammar> +<!-- + Local Variables: + indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" + End: +--> diff --git a/schemas/relaxng/up-down-schema.rnc b/schemas/relaxng/up-down.rnc index a603b8fe..a603b8fe 100644 --- a/schemas/relaxng/up-down-schema.rnc +++ b/schemas/relaxng/up-down.rnc diff --git a/schemas/relaxng/up-down-schema.rng b/schemas/relaxng/up-down.rng index 89235b7e..a0fc0514 100644 --- a/schemas/relaxng/up-down-schema.rng +++ b/schemas/relaxng/up-down.rng @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- - $Id: up-down-schema.rnc 5757 2014-04-05 22:42:12Z sra $ + $Id: up-down.rnc 5881 2014-07-03 16:55:02Z sra $ RelaxNG schema for the up-down protocol, extracted from RFC 6492. |