// $URL$
// $Id$
//
// {arrowhead,arrowtail} shapes indicate database object relationships:
//   1-  none
//   m-  crow
//
// Color code:
//   Blue:  visible in left-right protocol
//   Green: created on the fly

digraph rpki_engine_objects {
	rotate=90;	size="11,8.5";	splines=true;	ratio=fill;
	node		[ shape=record ];

	// Objects visible in left-to-right protocol
	node		[ color=blue ];
	self		[ label="Self|{Preferences}" ];
	parent		[ label="Parent|{URI|TA|SIA Base}" ];
	repo		[ label="Repository|{URI|TA}" ];
	child		[ label="Child|{TA}" ];
	biz_sign	[ label="Business\nSigning Context|{Keypair|CertChain}" ];
	route_origin	[ label="Route\nOrigin|{AS Number}" ];

	// Objects which left-right protocol sees as part of other
	// objects but which SQL needs to be separate for
	// normalization.

	addr_set	[ label="Address\nPrefix", color=purple ];

	// Objects created on the fly by the RPKI engine
	node		[ color=green ];
	ca		[ label="CA|{Last CRL #|Next CRL Date|Last Issued Serial #|Last Manifest #|Next Manifest Date|SIA URI}" ];
	ca_detail	[ label="CA Detail|{CA Private Key Handle|CA Public Key|Latest CA Certificate|Manifest EE Private Key Handle|Manifest EE Public Key|Latest Manifest EE Certificate|Latest Manifest|Latest CRL}" ];

	// Some question whether these objects need to be in database
	// per se or are just properties hanging on some other object
	// like ca or ca_detail.  For manifests, we need last serial,
	// same as for CRL.
	roa		[ label="ROA|{EE Certificate|ROA}" ];

	// This one is a table of everything we have ever issued to
	// this child, not to be confused with what's -currently-
	// issued to this child.  Some question whether this hangs off
	// ca or ca_detail, but we -think- hanging off of ca_detail is
	// correct because certificates are issued by a particular
	// keypair.

	child_cert	[ label="Child CA Certificate" ];

	// One-many mappings
	edge [ color=blue, arrowtail=none, arrowhead=crow ];
	self -> biz_sign;
	biz_sign -> child;
	biz_sign -> parent;
	biz_sign -> repo;
	self -> child;
	self -> parent;
	repo -> parent;
	self -> route_origin;

	route_origin -> addr_set [ color=purple, arrowtail=none, arrowhead=crow ];

	// This is many-many because each child is an entity, each CA
	// can have multiple children, and each child can hold certs
	// from multiple CAs (thanks, RobL).
	//
	ca -> child	[ color=green, arrowtail=crow, arrowhead=crow ];

	// One-many mappings
	edge [ color=green, arrowtail=none, arrowhead=crow ];
	ca -> ca_detail;
	child -> child_cert;
	parent -> ca;
	ca_detail -> child_cert;
	ca_detail -> roa;

	// One-one mapping -- separate object to highlight dynamic nature
	edge [ color=green, arrowtail=none, arrowhead=none, style=solid ];
	route_origin -> roa;

}

// Local Variables:
// compile-command: "dot -Tps2 repository-engine-objects.dot | ps2pdf - repository-engine-objects.pdf"
// End: