Module routinator::store [−][src]
Expand description
A store for correctly published RPKI objects.
To be more resistant against accidental or malicious errors in the data published by repositories, we retain a separate copy of all RPKI data that has been found to be covered by a valid manifest in what we call the store. The types in this module provide access to this store.
The store is initialized and configured via Store. During validation,
Run is used which can be acquired from the store via the
start method. It provides access to the trust anchor
certificates via the load_ta and
update_ta methods, and access to individual
repositories and publication points via repository
and pub_point, respectively. These are represented
by the Repository and StoredPoint types.
Error Handling
Pretty much all methods and functions provided by this module can return
an error. This is because the store uses files and that can go wrong in
all kinds of ways at any time. The concrete error reason is logged and our
generic Failed is returned. When this happens,
the store should be considered broken and not be used anymore.
Data Storage
The store uses the file system to store its data. It has its dedicated
directory within the RPKI repository directory, normally named stored
(this is because an earlier version used store already). Within this
directory are four sub-directories: rrdp and rsync contain the data
for each stored publication point; ta contains the downloaded trust
anchor certificates; and tmp is a directory for storing files as they
are constructed.
All publication points that do not support RRDP are stored under rsync.
Each has a file stored at a path and file name derived from the
signedObject URI of its manifest, starting with the authority part of the
URI and then just following along. The file contains status information,
the manifest, the CRL, and each object. It starts with a serialized
StoredManifest which is followed by a sequence of serialized
StoredObjects for all the objects as given on the manifest.
All publication points that are hosted in an RRDP repository are stored
under rrdp, independently of whether they have been retrieved via RRDP
or rsync. Directly under rrdp is a set of directories for all the
authorities (i.e., host names) of the RRDP servers seen. Within each of
these is a set of directories named after the SHA-256 hash of the
rpkiNotify URI of the RRDP repository. These directories in turn contain
the same files for each publication point as in the rsync case above. They
are similarly stored at a path and file name derived from the signedObject
URI of the manifest with the rsync scheme used as the first component
instead. (There is no good reason for that, it just happened.)
Trust anchor certficates are stored under ta using a three level
directory structure derived from the URI the certificate is retrieved
from. The first level is the scheme, https or rsync, the second
level is the authority (i.e., hostname), and the third is the SHA-256
hash of the full URI with an extension of .cer added.
Finally, the tmp directory is used to build the publication point files
in so they can be constructed without yet knowing whether the update is
actually complete and correct. File names here are named using eight
random hex-digits.
Structs
Access to a single repository during a validation run.
A single validation run on using the store.
A store for correctly published RPKI objects.
The content of a manifest placed in the store.
The content of an object placed in the store.
The stored information of a publication point.
Enums
An error happend while updating a publication point.