/* * $Id$ * * Copyright (c) 2011 Surfnet * Copyright (c) 2011 .SE (The Internet Infrastructure Foundation). * Copyright (c) 2011 OpenDNSSEC AB (svb) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ // This proto file is used to define the key state data that needs // to be persisted for the enforcer package ods.keystate; import "xmlext.proto"; import "orm.proto"; message KeyStateExport { optional EnforcerZone zone = 1 [(xml).path="Zone"]; } message EnforcerZone { option(orm.index).name = "EnforcerZone_name_index"; option(orm.index).spec = "name"; required string name = 1 [(xml).path="@name"]; required string policy = 2 [(xml).path="@policy"]; repeated KeyData keys = 3 [(xml).path="Key"]; required bool signconf_needs_writing = 4; required string signconf_path = 5 [(xml).path="SignConfPath"]; optional uint32 next_change = 6; // don't write determine when importing optional uint32 ttl_end_ds = 7 [(xml).path="ttlEndDs"]; // after this date no old ttl is rumoured optional uint32 ttl_end_dk = 8 [(xml).path="ttlEndDk"]; // after this date no old ttl is rumoured optional uint32 ttl_end_rs = 9 [(xml).path="ttlEndRs"]; // after this date no old ttl is rumoured optional bool roll_ksk_now = 10 [default = false, (xml).path="rollKskNow"]; // ignored if ManualRollover not in Policy optional bool roll_zsk_now = 11 [default = false, (xml).path="rollZskNow"]; // ignored if ManualRollover not in Policy optional bool roll_csk_now = 12 [default = false, (xml).path="rollCskNow"]; // ignored if ManualRollover not in Policy optional Adapters adapters = 13 [(xml).path="Adapters"]; repeated KeyDependency dependencies = 14; optional uint32 next_ksk_roll = 15 [default = 0, (xml).path="nextKskRoll"]; // not used for logic optional uint32 next_zsk_roll = 16 [default = 0, (xml).path="nextZskRoll"]; // not used for logic optional uint32 next_csk_roll = 17 [default = 0, (xml).path="nextCskRoll"]; // not used for logic } message KeyDependency { required string from_key = 1; required string to_key = 2; required uint32 rrtype = 3; } message KeyData { required string locator = 1 [(xml).path="Locator"]; required uint32 algorithm = 2 [(xml).path="Algorithm"]; required uint32 inception = 3 [(xml).path="Inception"]; // Should be UTC Zulu time ? required KeyState ds = 4 [(xml).path="DS"]; required KeyState rrsig = 5 [(xml).path="RRSIG"]; required KeyState dnskey = 6 [(xml).path="DNSKEY"]; required keyrole role = 7 [(xml).path="Role"]; // optional bool ds_seen = 8 [default = false, (xml).path="DSSeen"]; // parent says DS has been seen // optional bool submit_to_parent = 9 [default = false, (xml).path="DSSubmit"]; // submit DS to parent optional bool introducing = 10 [default=true, (xml).path="Introducing"]; optional bool revoke = 11 [default = false, (xml).path="Revoke", (orm.column).name="shouldrevoke"]; optional bool standby = 12 [default = false, (xml).path="Standby"]; optional bool active_zsk = 13 [default = false, (xml).path="ActiveZSK"]; optional bool publish = 14 [default = false, (xml).path="Publish"]; required KeyState rrsigdnskey = 15 [(xml).path="RRSIGDNSKEY"]; optional bool active_ksk = 16 [default = false, (xml).path="ActiveKSK"]; optional dsatparent ds_at_parent = 17 [default = unsubmitted, (xml).path="DSAtParent"]; optional uint32 keytag = 18 [(xml).path="Keytag"]; //PB can't do uint16 } message KeyState { optional rrstate state = 1 [default = hidden, (xml).path="State"]; optional uint32 last_change = 2 [(xml).path="LastChange"]; // Encode as UTC Zulu time ? optional bool minimize = 3 [default = false, (xml).path="Minimize"]; optional uint32 ttl = 4 [(xml).path="ttl"]; } enum keyrole { KSK = 1; ZSK = 2; CSK = 3; } enum rrstate { hidden = 0; rumoured = 1; omnipresent = 2; unretentive = 3; NA = 4; } enum dsatparent { unsubmitted = 0; submit = 1; submitted = 2; seen = 3; retract = 4; retracted = 5; } message ZoneListDocument { // root element in zonelist.xml config file required ZoneList zonelist = 1 [(xml).path="ZoneList"]; } message ZoneList { repeated ZoneData zones = 1 [(xml).path="Zone"]; // Define this dummy variable so we can export empty lists optional bool export_empty = 2; } message ZoneData { // Name of zone required string name = 1 [(xml).path="@name"]; // What policy applies to this zone? // (matches symbolic name of policy in in kasp.xml) optional string policy = 2 [(xml).path="Policy", default="default"]; // What file containts the signer configuration for this zone? required string signer_configuration = 3 [(xml).path="SignerConfiguration"]; required Adapters adapters = 4 [(xml).path="Adapters"]; } message Adapters { required Adapter input = 1 [(xml).path="Input"]; required Adapter output = 2 [(xml).path="Output"]; } message Adapter { optional string adapter = 1 [(xml).path="Adapter"]; optional string type = 2 [(xml).path="Adapter/@type", default="File"]; // For backwards compatibility optional string file = 3 [(xml).path="File"]; }