# $Id$
#
# RelaxNG (Compact Syntax) Schema for RPKI left-right protocol.
#
# libxml2 (including xmllint) only groks the XML syntax of RelaxNG, so
# run the compact syntax through trang to get XML syntax.
default namespace = "http://www.hactrn.net/uris/rpki/left-right-spec/"
# Top level PDU
start = element msg {
attribute version { xsd:positiveInteger { maxInclusive="1" } },
( self_elt | bsc_elt | parent_elt | child_elt | repository_elt | ro_elt |
list_resources_elt | report_error_elt )*
}
# Combinations of action and type attributes used in later definitions.
# The same patterns repeat in most of the elements in this protocol.
ctl_cq = attribute action { "create" }, attribute type { "query" }
ctl_sq = attribute action { "set" }, attribute type { "query" }
ctl_gq = attribute action { "get" }, attribute type { "query" }
ctl_lq = attribute action { "list" }, attribute type { "query" }
ctl_dq = attribute action { "destroy" }, attribute type { "query" }
ctl_cr = attribute action { "create" }, attribute type { "reply" }
ctl_sr = attribute action { "set" }, attribute type { "reply" }
ctl_gr = attribute action { "get" }, attribute type { "reply" }
ctl_lr = attribute action { "list" }, attribute type { "reply" }
ctl_dr = attribute action { "destroy" }, attribute type { "reply" }
# Base64 encoded DER stuff
base64 = xsd:base64Binary { maxLength="512000" }
# How we wrap trust anchor elements
cms_ta = element cms_ta { base64 }
https_ta = element https_ta { base64 }
# Base definition for all fields that are really just SQL primary indices
sql_id = xsd:token { maxLength="1024" }
# element
self_bool = (attribute rekey { "yes" }?,
attribute reissue { "yes" }?,
attribute revoke { "yes" }?,
attribute run_now { "yes" }?,
attribute publish_world_now { "yes" }?,
attribute clear_extension_preferences { "yes" }?)
self_payload = (attribute use_hsm { "yes" | "no" }?,
attribute crl_interval { xsd:token { maxLength="1024" } }?,
element extension_preference {
attribute name { xsd:token { maxLength="1024" } },
xsd:string { maxLength="512000" }
}*)
self_id = attribute self_id { sql_id }
self_elt |= element self { ctl_cq, self_bool, self_payload }
self_elt |= element self { ctl_cr, self_id }
self_elt |= element self { ctl_sq, self_id, self_bool, self_payload }
self_elt |= element self { ctl_sr, self_id }
self_elt |= element self { ctl_gq, self_id }
self_elt |= element self { ctl_gr, self_id, self_payload }
self_elt |= element self { ctl_lq }
self_elt |= element self { ctl_lr, self_id, self_payload }
self_elt |= element self { ctl_dq, self_id }
self_elt |= element self { ctl_dr, self_id }
# element. Key parameters hardwired for now.
bsc_bool = ((attribute generate_keypair { "yes" },
attribute key_type { "rsa" }?,
attribute hash_alg { "sha256" }?,
attribute key_length { "2048" }?)?,
attribute clear_signing_certs { "yes" }?)
bsc_id = attribute bsc_id { sql_id }
bsc_payload = (element signing_cert { base64 }*,
element public_key { base64 }?)
bsc_pkcs10 = element pkcs10_cert_request { base64 }?
bsc_elt |= element bsc { ctl_cq, self_id, bsc_bool, bsc_payload }
bsc_elt |= element bsc { ctl_cr, self_id, bsc_id, bsc_pkcs10 }
bsc_elt |= element bsc { ctl_sq, self_id, bsc_id, bsc_bool, bsc_payload }
bsc_elt |= element bsc { ctl_sr, self_id, bsc_id, bsc_pkcs10 }
bsc_elt |= element bsc { ctl_gq, self_id, bsc_id }
bsc_elt |= element bsc { ctl_gr, self_id, bsc_id, bsc_payload }
bsc_elt |= element bsc { ctl_lq, self_id }
bsc_elt |= element bsc { ctl_lr, self_id, bsc_id, bsc_payload }
bsc_elt |= element bsc { ctl_dq, self_id, bsc_id }
bsc_elt |= element bsc { ctl_dr, self_id, bsc_id }
# element
parent_id = attribute parent_id { sql_id }
parent_bool = (attribute rekey { "yes" }?,
attribute reissue { "yes" }?,
attribute revoke { "yes" }?)
parent_payload = (attribute peer_contact_uri { xsd:anyURI { maxLength="1024" } }?,
attribute sia_base { xsd:anyURI { maxLength="1024" } }?,
attribute bsc_id { xsd:token { maxLength="1024" } }?,
attribute repository_id { xsd:token { maxLength="1024" } }?,
cms_ta?,
https_ta?)
parent_elt |= element parent { ctl_cq, self_id, parent_bool, parent_payload }
parent_elt |= element parent { ctl_cr, self_id, parent_id }
parent_elt |= element parent { ctl_sq, self_id, parent_id, parent_bool, parent_payload }
parent_elt |= element parent { ctl_sr, self_id, parent_id }
parent_elt |= element parent { ctl_gq, self_id, parent_id }
parent_elt |= element parent { ctl_gr, self_id, parent_id, parent_payload }
parent_elt |= element parent { ctl_lq, self_id }
parent_elt |= element parent { ctl_lr, self_id, parent_id, parent_payload }
parent_elt |= element parent { ctl_dq, self_id, parent_id }
parent_elt |= element parent { ctl_dr, self_id, parent_id }
# element
child_id = attribute child_id { sql_id }
child_bool = attribute reissue { "yes" }?
child_payload = (attribute bsc_id { xsd:token { maxLength="1024" } }?,
cms_ta?)
child_elt |= element child { ctl_cq, self_id, child_bool, child_payload }
child_elt |= element child { ctl_cr, self_id, child_id }
child_elt |= element child { ctl_sq, self_id, child_id, child_bool, child_payload }
child_elt |= element child { ctl_sr, self_id, child_id }
child_elt |= element child { ctl_gq, self_id, child_id }
child_elt |= element child { ctl_gr, self_id, child_id, child_payload }
child_elt |= element child { ctl_lq, self_id }
child_elt |= element child { ctl_lr, self_id, child_id, child_payload }
child_elt |= element child { ctl_dq, self_id, child_id }
child_elt |= element child { ctl_dr, self_id, child_id }
# element
repository_id = attribute repository_id { sql_id }
repository_payload = (attribute peer_contact_uri { xsd:anyURI { maxLength="1024" } }?,
attribute bsc_id { xsd:token { maxLength="1024" } }?,
cms_ta?,
https_ta?)
repository_elt |= element repository { ctl_cq, self_id, repository_payload }
repository_elt |= element repository { ctl_cr, self_id, repository_id }
repository_elt |= element repository { ctl_sq, self_id, repository_id, repository_payload }
repository_elt |= element repository { ctl_sr, self_id, repository_id }
repository_elt |= element repository { ctl_gq, self_id, repository_id }
repository_elt |= element repository { ctl_gr, self_id, repository_id, repository_payload }
repository_elt |= element repository { ctl_lq, self_id }
repository_elt |= element repository { ctl_lr, self_id, repository_id, repository_payload }
repository_elt |= element repository { ctl_dq, self_id, repository_id }
repository_elt |= element repository { ctl_dr, self_id, repository_id }
# element
ro_id = attribute route_origin_id { sql_id }
ro_bool = attribute suppress_publication { "yes" }?
ro_payload = (attribute as_number { xsd:token { maxLength="1024" } }?,
attribute ipv4 { xsd:token { maxLength="1024" } }?,
attribute ipv6 { xsd:token { maxLength="1024" } }?)
ro_elt |= element route_origin { ctl_cq, self_id, ro_bool, ro_payload }
ro_elt |= element route_origin { ctl_cr, self_id, ro_id }
ro_elt |= element route_origin { ctl_sq, self_id, ro_id, ro_bool, ro_payload }
ro_elt |= element route_origin { ctl_sr, self_id, ro_id }
ro_elt |= element route_origin { ctl_gq, self_id, ro_id }
ro_elt |= element route_origin { ctl_gr, self_id, ro_id, ro_payload }
ro_elt |= element route_origin { ctl_lq, self_id }
ro_elt |= element route_origin { ctl_lr, self_id, ro_id, ro_payload }
ro_elt |= element route_origin { ctl_dq, self_id, ro_id }
ro_elt |= element route_origin { ctl_dr, self_id, ro_id }
# element
list_resources_elt = element list_resources {
( attribute type { "query" }, self_id, child_id ) |
( attribute type { "reply" }, self_id, child_id,
attribute valid_until { xsd:token { maxLength="1024" } },
attribute subject_name { xsd:token { maxLength="1024" } }?,
attribute as { xsd:token { maxLength="1024" } }?,
attribute ipv4 { xsd:token { maxLength="1024" } }?,
attribute ipv6 { xsd:token { maxLength="1024" } }?
)
}
# element
report_error_elt = element report_error {
self_id,
attribute error_code { xsd:token { maxLength="1024" } },
xsd:string { maxLength="512000" }?
}