path: root/scripts/regeng-api

;;; -*- Lisp -*-
;;; $Id$
;;;
;;; Scratch pad for working out API design for RPKI engine.
;;;
;;; This file is psuedocode, I just wanted to take advantage of
;;; emacs's built-in support for languages with reasonable syntax.
;;;
;;; Terminology:
;;;
;;; - IRBE: Internet Registry Back End
;;;
;;; - RE: RPKI Engine



;;; Protocol operations between RE and signing engine.  This assumes
;;; the model in which the signing engine stores nothing but keypairs
;;; and takes orders from the RE on what to sign; this still needs to
;;; be checked by competent paranoids.

;; Create a keypair.  :length is the number of bits for the key
;; (default 2048?).

(create-keypair :cust-id 42
		:length 2048)
=> (public-key key-id)

;; Destroy a keypair.

(destroy-keypair :cust-id 42
		 :key-id key-id)
=> ()

;; List existing keypairs

(list-keypairs :cust-id 42)
=> ((key-id public-key)
    (key-id public-key)
    ...)

;; Sign something.  how-to-sign tells us both what signature method to
;; use (ie, what kind of object we're signing) and also the signature
;; algorithm to use (where there are multiple choices, which perhaps
;; there should not be?).

(sign-thing :cust-id		42
	    :what-to-sign	cert-without-signature
	    :how-to-sign	:cert-rsa/sha256
	    :key-id		key-id)
=> (signed-thing)



;;; Protocol operations between IRBE and RE.
;;;
;;; This is really two separate protocols over channels that might or
;;; not be the same.  Both are client/server protocols, but for some
;;; the rpki engine and for others the irbe is the client.
;;;
;;; This set of operations are initiated by the IRBE.

(create-cust-id)
=> (customer-id)

(destroy-cust-id :cust-id 42)
=> ()

(list-cust-ids)
=> (customer-id ...)

(get-preference :cust-id 42
		:preference-name :favorite-color)
=> ("obsidian")

(set-preference :cust-id 42
		:name  :favorite-color
		:value "obsidian")
=> ()

(get-biz-private-key :cust-id 42)
=> (private-key)

(set-biz-private-key :cust-id 42
		     :new-key new-private-key)
=> ()

(add-friend-biz-cert :cust-id 42
		     :cert cert)
=> ()

(del-friend-biz-cert :cust-id 42
		     :cert cert)
=> ()

(list-friend-biz-certs :cust-id 42)
=> (cert ...)

;;; Need to add biz signing cert chain get/set/list



;;; Protocol operations between IRBE and RE.
;;;
;;; This is really two separate protocols over channels that might or
;;; not be the same.  Both are client/server protocols, but for some
;;; the rpki engine and for others the irbe is the client.
;;;
;;; This set of operations are initiated by the IRBE.

(list-resources :cust-id 42)
=> ((:ipv4-address "10.0.0.44/32" "10.3.0.44/32")
    (:ipv6-address "fe80:dead:beef::/24")
    ...)



;;; Stuff below this line is not even close to baked yet

;; These two may take a bit more thought.  What's a ca-handle?

(create-ca-context :cust-id 42
		   :distinguished-name dn)
=> (ca-handle)

(destroy-ca-context :cust-id 42
		    :ca-handle handle)
=> ()

;; Ask signing engine to generate a cert request with specified
;; attributes and indicated (subject) keyset.  Key handle is in case
;; we have to ask signing engine to create a keypair for this.

(generate-cert-request :cust-id 42
		       :subject-name subject-name
		       :attributes '(blah blah blah)
		       :public-key public-key
		       :public-key-handle handle)

;; Ask signing engine to sign a CRL.  Need to indicate the CA that's
;; generating the CRL

(generate-crl :cust-id 42
	      :ca-handle ca-handle)

;; Ask signing engine to sign a cert request using specified cert
;; request and attributes and indicated (issuer) keyset.

(sign-cert-request)

(add-right-to-route)
(del-right-to-route)
(list-rights-to-route)

(generate-roa)

(publish-cert)
(publish-crl)
(publish-roa)

;; Trigger poll of this cust id's external parent, no-op if parent is
;; not external.  What does reg engine do with responses, save them as
;; part of its internal state then go back to sleep?

(poll-external-parent)

;; Trigger this cust id to do its "nightly" cycle.  Most likely needs
;; to be broken down further.

(run-nightly-batch)