1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
# $Id$
#
# RelaxNG Schema for RPKI publication protocol.
#
# libxml2 (including xmllint) only groks the XML syntax of RelaxNG, so
# run the compact syntax through trang to get XML syntax.
default namespace = "http://www.hactrn.net/uris/rpki/publication-spec/"
# Top level PDU
start = element msg {
attribute version { xsd:positiveInteger { maxInclusive="1" } },
( (attribute type { "query" }, query_elt*) |
(attribute type { "reply" }, reply_elt*) )
}
# PDUs allowed in a query
query_elt = ( config_query | client_query | certificate_query | crl_query | manifest_query | roa_query )
# PDUs allowed in a reply
reply_elt = ( config_reply | client_reply | certificate_reply | crl_reply | manifest_reply | roa_reply | report_error_reply )
# Tag attributes for bulk operations
tag = attribute tag { xsd:token {maxLength="1024" } }
# Base64 encoded DER stuff
base64 = xsd:base64Binary { maxLength="512000" }
# Publication URLs
uri_t = xsd:anyURI { maxLength="4096" }
uri = attribute uri { uri_t }
# Handles on remote objects (replaces passing raw SQL IDs). NB:
# Unlike the up-down protocol, handles in this protocol allow "/" as a
# hierarchy delimiter.
object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]*" }
# <config/> element (use restricted to repository operator)
# config_handle attribute, create, list, and destroy commands omitted deliberately, see code for details
config_payload = (element bpki_crl { base64 }?)
config_query |= element config { attribute action { "set" }, tag?, config_payload }
config_reply |= element config { attribute action { "set" }, tag? }
config_query |= element config { attribute action { "get" }, tag? }
config_reply |= element config { attribute action { "get" }, tag?, config_payload }
# <client/> element (use restricted to repository operator)
client_handle = attribute client_handle { object_handle }
client_payload = (attribute base_uri { uri_t }?, element bpki_cert { base64 }?, element bpki_glue { base64 }?)
client_query |= element client { attribute action { "create" }, tag?, client_handle, client_payload }
client_reply |= element client { attribute action { "create" }, tag?, client_handle }
client_query |= element client { attribute action { "set" }, tag?, client_handle, client_payload }
client_reply |= element client { attribute action { "set" }, tag?, client_handle }
client_query |= element client { attribute action { "get" }, tag?, client_handle }
client_reply |= element client { attribute action { "get" }, tag?, client_handle, client_payload }
client_query |= element client { attribute action { "list" }, tag? }
client_reply |= element client { attribute action { "list" }, tag?, client_handle, client_payload }
client_query |= element client { attribute action { "destroy" }, tag?, client_handle }
client_reply |= element client { attribute action { "destroy" }, tag?, client_handle }
# <certificate/> element
certificate_query |= element certificate { attribute action { "publish" }, tag?, uri, base64 }
certificate_reply |= element certificate { attribute action { "publish" }, tag?, uri }
certificate_query |= element certificate { attribute action { "withdraw" }, tag?, uri }
certificate_reply |= element certificate { attribute action { "withdraw" }, tag?, uri }
# <crl/> element
crl_query |= element crl { attribute action { "publish" }, tag?, uri, base64 }
crl_reply |= element crl { attribute action { "publish" }, tag?, uri }
crl_query |= element crl { attribute action { "withdraw" }, tag?, uri }
crl_reply |= element crl { attribute action { "withdraw" }, tag?, uri }
# <manifest/> element
manifest_query |= element manifest { attribute action { "publish" }, tag?, uri, base64 }
manifest_reply |= element manifest { attribute action { "publish" }, tag?, uri }
manifest_query |= element manifest { attribute action { "withdraw" }, tag?, uri }
manifest_reply |= element manifest { attribute action { "withdraw" }, tag?, uri }
# <roa/> element
roa_query |= element roa { attribute action { "publish" }, tag?, uri, base64 }
roa_reply |= element roa { attribute action { "publish" }, tag?, uri }
roa_query |= element roa { attribute action { "withdraw" }, tag?, uri }
roa_reply |= element roa { attribute action { "withdraw" }, tag?, uri }
# <report_error/> element
error = xsd:token { maxLength="1024" }
report_error_reply = element report_error {
tag?,
attribute error_code { error },
xsd:string { maxLength="512000" }?
}
# Local Variables:
# indent-tabs-mode: nil
# End:
|
