# $Id$
#
# RelaxNG Schema for RPKI left-right protocol.
#
# libxml2 (including xmllint) only groks the XML syntax of RelaxNG, so
# run the compact syntax through trang to get XML syntax.

default namespace = "http://www.hactrn.net/uris/rpki/left-right-spec/"

# Top level PDU

start = element msg {
  attribute version { xsd:positiveInteger { maxInclusive="1" } },
  ( (attribute type { "query" }, query_elt*) |
    (attribute type { "reply" }, reply_elt*) )
}

# PDUs allowed in a query
query_elt |= self_query
query_elt |= bsc_query
query_elt |= parent_query
query_elt |= child_query
query_elt |= repository_query
query_elt |= route_origin_query
query_elt |= list_resources_query

# PDUs allowed in a reply
reply_elt |= self_reply
reply_elt |= bsc_reply
reply_elt |= parent_reply
reply_elt |= child_reply
reply_elt |= repository_reply
reply_elt |= route_origin_reply
reply_elt |= list_resources_reply
reply_elt |= report_error_reply

# Tag attributes for bulk operations
tag = attribute tag { xsd:token {maxLength="1024" } }?

# Combinations of action and type attributes used in later definitions.
# The same patterns repeat in most of the elements in this protocol.
ctl_create  = attribute action { "create"  }, tag
ctl_set     = attribute action { "set"     }, tag
ctl_get     = attribute action { "get"     }, tag
ctl_list    = attribute action { "list"    }, tag
ctl_destroy = attribute action { "destroy" }, tag

# Base64 encoded DER stuff
base64 = xsd:base64Binary { maxLength="512000" }

# Base definition for all fields that are really just SQL primary indices
sql_id = xsd:nonNegativeInteger

# URIs
uri = xsd:anyURI { maxLength="4096" }

# Name fields imported from up-down protocol
up_down_name = xsd:token { maxLength="1024" }

# Resource lists
asn_list  = xsd:string { maxLength="512000" pattern="[\-,0-9]*" }
ipv4_list = xsd:string { maxLength="512000" pattern="[\-,0-9/.]*" }
ipv6_list = xsd:string { maxLength="512000" pattern="[\-,0-9/:a-fA-F]*" }

# <self/> element

self_bool = (attribute rekey { "yes" }?,
             attribute reissue { "yes" }?,
             attribute revoke { "yes" }?,
             attribute run_now { "yes" }?,
             attribute publish_world_now { "yes" }?)

self_payload = (attribute use_hsm { "yes" | "no" }?,
                attribute crl_interval { xsd:positiveInteger }?,
                attribute regen_margin { xsd:positiveInteger }?,
                element bpki_cert { base64 }?,
                element bpki_glue { base64 }?)

self_id = attribute self_id { sql_id }

self_query |= element self { ctl_create,  self_bool, self_payload }
self_reply |= element self { ctl_create,  self_id }
self_query |= element self { ctl_set,     self_id, self_bool, self_payload }
self_reply |= element self { ctl_set,     self_id }
self_query |= element self { ctl_get,     self_id }
self_reply |= element self { ctl_get,     self_id, self_payload }
self_query |= element self { ctl_list }
self_reply |= element self { ctl_list,    self_id, self_payload }
self_query |= element self { ctl_destroy, self_id }
self_reply |= element self { ctl_destroy, self_id }

# <bsc/> element.  Key parameters hardwired for now.

bsc_bool = ((attribute generate_keypair { "yes" },
             attribute key_type { "rsa" }?,
             attribute hash_alg { "sha256" }?,
             attribute key_length { "2048" }?)?)

bsc_id = attribute bsc_id { sql_id }

bsc_payload = (element signing_cert { base64 }?,
               element signing_cert_crl { base64 }?)

bsc_pkcs10 = element pkcs10_request { base64 }?

bsc_query |= element bsc { ctl_create,  self_id, bsc_bool, bsc_payload }
bsc_reply |= element bsc { ctl_create,  self_id, bsc_id, bsc_pkcs10 }
bsc_query |= element bsc { ctl_set,     self_id, bsc_id, bsc_bool, bsc_payload }
bsc_reply |= element bsc { ctl_set,     self_id, bsc_id, bsc_pkcs10 }
bsc_query |= element bsc { ctl_get,     self_id, bsc_id }
bsc_reply |= element bsc { ctl_get,     self_id, bsc_id, bsc_payload, bsc_pkcs10 }
bsc_query |= element bsc { ctl_list,    self_id }
bsc_reply |= element bsc { ctl_list,    self_id, bsc_id, bsc_payload, bsc_pkcs10 }
bsc_query |= element bsc { ctl_destroy, self_id, bsc_id }
bsc_reply |= element bsc { ctl_destroy, self_id, bsc_id }

# <parent/> element

parent_id = attribute parent_id { sql_id }

parent_bool = (attribute rekey { "yes" }?,
               attribute reissue { "yes" }?,
               attribute revoke { "yes" }?)

parent_payload = (attribute peer_contact_uri { uri }?,
                  attribute sia_base { uri }?,
                  bsc_id?,
                  repository_id?,
                  attribute sender_name { up_down_name }?,
                  attribute recipient_name { up_down_name }?,
                  element bpki_cms_cert { base64 }?,
                  element bpki_cms_glue { base64 }?,
                  element bpki_https_cert { base64 }?,
                  element bpki_https_glue { base64 }?)

parent_query |= element parent { ctl_create,  self_id, parent_bool, parent_payload }
parent_reply |= element parent { ctl_create,  self_id, parent_id }
parent_query |= element parent { ctl_set,     self_id, parent_id, parent_bool, parent_payload }
parent_reply |= element parent { ctl_set,     self_id, parent_id }
parent_query |= element parent { ctl_get,     self_id, parent_id }
parent_reply |= element parent { ctl_get,     self_id, parent_id, parent_payload }
parent_query |= element parent { ctl_list,    self_id }
parent_reply |= element parent { ctl_list,    self_id, parent_id, parent_payload }
parent_query |= element parent { ctl_destroy, self_id, parent_id }
parent_reply |= element parent { ctl_destroy, self_id, parent_id }

# <child/> element

child_id = attribute child_id { sql_id }

child_bool = attribute reissue { "yes" }?

child_payload = (bsc_id?,
                 element bpki_cert { base64 }?,
                 element bpki_glue { base64 }?)

child_query |= element child { ctl_create,  self_id, child_bool, child_payload }
child_reply |= element child { ctl_create,  self_id, child_id }
child_query |= element child { ctl_set,     self_id, child_id, child_bool, child_payload }
child_reply |= element child { ctl_set,     self_id, child_id }
child_query |= element child { ctl_get,     self_id, child_id }
child_reply |= element child { ctl_get,     self_id, child_id, child_payload }
child_query |= element child { ctl_list,    self_id }
child_reply |= element child { ctl_list,    self_id, child_id, child_payload }
child_query |= element child { ctl_destroy, self_id, child_id }
child_reply |= element child { ctl_destroy, self_id, child_id }

# <repository/> element

repository_id = attribute repository_id { sql_id }

repository_payload = (attribute peer_contact_uri { uri }?,
                      bsc_id?,
                      element bpki_cms_cert { base64 }?,
                      element bpki_cms_glue { base64 }?,
                      element bpki_https_cert { base64 }?,
                      element bpki_https_glue { base64 }?)

repository_query |= element repository { ctl_create,  self_id, repository_payload }
repository_reply |= element repository { ctl_create,  self_id, repository_id }
repository_query |= element repository { ctl_set,     self_id, repository_id, repository_payload }
repository_reply |= element repository { ctl_set,     self_id, repository_id }
repository_query |= element repository { ctl_get,     self_id, repository_id }
repository_reply |= element repository { ctl_get,     self_id, repository_id, repository_payload }
repository_query |= element repository { ctl_list,    self_id }
repository_reply |= element repository { ctl_list,    self_id, repository_id, repository_payload }
repository_query |= element repository { ctl_destroy, self_id, repository_id }
repository_reply |= element repository { ctl_destroy, self_id, repository_id }

# <route_origin/> element

route_origin_id = attribute route_origin_id { sql_id }

route_origin_bool = attribute suppress_publication { "yes" }?

route_origin_payload = (attribute as_number { xsd:positiveInteger }?,
                        attribute ipv4 { ipv4_list }?,
                        attribute ipv6 { ipv6_list }?)

route_origin_query |= element route_origin { ctl_create,  self_id, route_origin_bool, route_origin_payload }
route_origin_reply |= element route_origin { ctl_create,  self_id, route_origin_id }
route_origin_query |= element route_origin { ctl_set,     self_id, route_origin_id, route_origin_bool, route_origin_payload }
route_origin_reply |= element route_origin { ctl_set,     self_id, route_origin_id }
route_origin_query |= element route_origin { ctl_get,     self_id, route_origin_id }
route_origin_reply |= element route_origin { ctl_get,     self_id, route_origin_id, route_origin_payload }
route_origin_query |= element route_origin { ctl_list,    self_id }
route_origin_reply |= element route_origin { ctl_list,    self_id, route_origin_id, route_origin_payload }
route_origin_query |= element route_origin { ctl_destroy, self_id, route_origin_id }
route_origin_reply |= element route_origin { ctl_destroy, self_id, route_origin_id }

# <list_resources/> element

list_resources_query = element list_resources {
  tag, self_id, child_id
}

list_resources_reply = element list_resources {
  tag, self_id, child_id,
  attribute valid_until { xsd:dateTime { pattern=".*Z" } },
  attribute subject_name { xsd:token { maxLength="1024" } }?,
  attribute asn { asn_list }?,
  attribute ipv4 { ipv4_list }?,
  attribute ipv6 { ipv6_list }?
}

# <report_error/> element

error = xsd:token { maxLength="1024" }

report_error_reply = element report_error {
  tag, self_id,
  attribute error_code { error },
  xsd:string { maxLength="512000" }?
}

# Local Variables:
# indent-tabs-mode: nil
# End: