From 5bbb714c50846c71ca9204959a781a4d9efa81eb Mon Sep 17 00:00:00 2001
From: Martin Hoffmann <martin@nlnetlabs.nl>
Date: Wed, 26 Apr 2023 10:50:15 +0200
Subject: [PATCH 1/2] Refer to (standalone) EE certs as router certs.

---
 src/engine.rs             | 14 +++++++-------
 src/http/metrics.rs       |  2 +-
 src/http/status.rs        |  6 +++++-
 src/metrics.rs            |  6 +++---
 src/output.rs             |  4 ++--
 src/payload/info.rs       |  4 +++-
 src/payload/validation.rs |  5 +++--
 7 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/src/engine.rs b/src/engine.rs
index b00d3479..9793e03e 100644
--- a/src/engine.rs
+++ b/src/engine.rs
@@ -1262,7 +1262,7 @@ impl<'a, P: ProcessRun> PubPoint<'a, P> {
             self.process_ca_cer(uri, cert, manifest, ca_task)
         }
         else {
-            self.process_ee_cer(uri, cert, manifest)
+            self.process_router_cert(uri, cert, manifest)
         }
     }
 
@@ -1335,8 +1335,8 @@ impl<'a, P: ProcessRun> PubPoint<'a, P> {
         Ok(())
     }
 
-    /// Processes an EE certificate.
-    fn process_ee_cer(
+    /// Processes a router certificate.
+    fn process_router_cert(
         &mut self, uri: &uri::Rsync, cert: Cert,
         manifest: &mut ValidPointManifest,
     ) -> Result<(), Failed> {
@@ -1352,8 +1352,8 @@ impl<'a, P: ProcessRun> PubPoint<'a, P> {
             manifest.metrics.invalid_certs += 1;
             return Ok(())
         }
-        manifest.metrics.valid_ee_certs += 1;
-        self.processor.process_ee_cert(uri, cert, self.cert)?;
+        manifest.metrics.valid_router_certs += 1;
+        self.processor.process_router_cert(uri, cert, self.cert)?;
         Ok(())
     }
 
@@ -1932,11 +1932,11 @@ pub trait ProcessPubPoint: Sized + Send + Sync {
         &mut self, uri: &uri::Rsync, cert: &CaCert,
     ) -> Result<Option<Self>, Failed>;
 
-    /// Process the content of a validated EE certificate.
+    /// Process the content of a validated router certificate.
     ///
     /// The method is given both the URI and the certificate. If it
     /// returns an error, the entire processing run will be aborted.
-    fn process_ee_cert(
+    fn process_router_cert(
         &mut self, uri: &uri::Rsync, cert: Cert, ca_cert: &CaCert,
     ) -> Result<(), Failed> {
         let _ = (uri, cert, ca_cert);
diff --git a/src/http/metrics.rs b/src/http/metrics.rs
index cbd0a699..1ca2010e 100644
--- a/src/http/metrics.rs
+++ b/src/http/metrics.rs
@@ -241,7 +241,7 @@ fn object_metrics<'a>(
         target.multi(metric).label(group.label(), name)
             .label("type", "router_cert")
             .label("state", "valid")
-            .value(metrics.valid_ee_certs);
+            .value(metrics.valid_router_certs);
         target.multi(metric).label(group.label(), name)
             .label("type", "cert")
             .label("state", "invalid")
diff --git a/src/http/status.rs b/src/http/status.rs
index 4d7e7eb8..478e1111 100644
--- a/src/http/status.rs
+++ b/src/http/status.rs
@@ -587,7 +587,11 @@ fn json_publication_metrics(
     target.member_raw("staleCRLs", metrics.stale_crls);
     target.member_raw("strayCRLs", metrics.stray_crls);
     target.member_raw("validCACerts", metrics.valid_ca_certs);
-    target.member_raw("validEECerts", metrics.valid_ee_certs);
+
+    // XXX This is deprecated and should probably be removed at some point.
+    target.member_raw("validEECerts", metrics.valid_router_certs);
+
+    target.member_raw("validRouterCerts", metrics.valid_router_certs);
     target.member_raw("invalidCerts", metrics.invalid_certs);
     target.member_raw("validROAs", metrics.valid_roas);
     target.member_raw("invalidROAs", metrics.invalid_roas);
diff --git a/src/metrics.rs b/src/metrics.rs
index db56dc8d..ffbcaccd 100644
--- a/src/metrics.rs
+++ b/src/metrics.rs
@@ -292,8 +292,8 @@ pub struct PublicationMetrics {
     /// The number of valid CA certificates.
     pub valid_ca_certs: u32,
 
-    /// The number of valid EE certificates.
-    pub valid_ee_certs: u32,
+    /// The number of valid router certificates.
+    pub valid_router_certs: u32,
 
     /// The number of invalid certificates.
     pub invalid_certs: u32,
@@ -352,7 +352,7 @@ impl<'a> ops::AddAssign<&'a Self> for PublicationMetrics {
         self.stray_crls += other.stray_crls;
 
         self.valid_ca_certs += other.valid_ca_certs;
-        self.valid_ee_certs += other.valid_ee_certs;
+        self.valid_router_certs += other.valid_router_certs;
         self.invalid_certs += other.invalid_certs;
         self.valid_roas += other.valid_roas;
         self.invalid_roas += other.invalid_roas;
diff --git a/src/output.rs b/src/output.rs
index 8fa7c96a..40202561 100644
--- a/src/output.rs
+++ b/src/output.rs
@@ -1157,7 +1157,7 @@ impl Summary {
             ))?;
             line(format_args!(
                 "    router certs: {:7} verified;",
-                tal.publication.valid_ee_certs,
+                tal.publication.valid_router_certs,
             ))?;
             line(format_args!(
                 "     router keys: {:7} verified, {:7} final.",
@@ -1182,7 +1182,7 @@ impl Summary {
         ))?;
         line(format_args!(
             "    router certs: {:7} verified;",
-            metrics.publication.valid_ee_certs,
+            metrics.publication.valid_router_certs,
         ))?;
         line(format_args!(
             "     router keys: {:7} verified, {:7} final.",
diff --git a/src/payload/info.rs b/src/payload/info.rs
index b7f611d3..9189af1b 100644
--- a/src/payload/info.rs
+++ b/src/payload/info.rs
@@ -159,7 +159,9 @@ impl PublishInfo {
         }
     }
 
-    pub fn ee_cert(cert: &Cert, uri: &uri::Rsync, ca_cert: &CaCert) -> Self {
+    pub fn router_cert(
+        cert: &Cert, uri: &uri::Rsync, ca_cert: &CaCert
+    ) -> Self {
         PublishInfo {
             tal: ca_cert.cert().tal().clone(),
             uri: Some(uri.clone()),
diff --git a/src/payload/validation.rs b/src/payload/validation.rs
index 597f427d..3d0911f2 100644
--- a/src/payload/validation.rs
+++ b/src/payload/validation.rs
@@ -189,7 +189,7 @@ impl<'a> ProcessPubPoint for PubPointProcessor<'a> {
         ))
     }
 
-    fn process_ee_cert(
+    fn process_router_cert(
         &mut self, uri: &uri::Rsync, cert: Cert, ca_cert: &CaCert,
     ) -> Result<(), Failed> {
         if !self.report.enable_bgpsec {
@@ -233,7 +233,8 @@ impl<'a> ProcessPubPoint for PubPointProcessor<'a> {
         };
         self.pub_point.update_refresh(cert.validity().not_after());
         self.pub_point.add_router_key(
-            asns, id, key, Arc::new(PublishInfo::ee_cert(&cert, uri, ca_cert))
+            asns, id, key,
+            Arc::new(PublishInfo::router_cert(&cert, uri, ca_cert)),
         );
         Ok(())
     }

From ee979f0446859f70d9d0d6ff5143f7cbf965ed29 Mon Sep 17 00:00:00 2001
From: Martin Hoffmann <martin@nlnetlabs.nl>
Date: Fri, 28 Apr 2023 11:05:33 +0200
Subject: [PATCH 2/2] Call them router certificates in the Prometheus page of
 the manual, too.

---
 doc/manual/source/prometheus-metrics.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/manual/source/prometheus-metrics.rst b/doc/manual/source/prometheus-metrics.rst
index 48a74af5..44a35511 100644
--- a/doc/manual/source/prometheus-metrics.rst
+++ b/doc/manual/source/prometheus-metrics.rst
@@ -69,7 +69,7 @@ file of the RRDP repository, or the base URI of the rsync repository.
         manifest’s own CRL is considered a *stray*.
       * ``ca_cert`` - The number of Certificate Authority (CA) certificates with 
         the state *valid*.
-      * ``router_cert`` - The number of End Entity (EE) certificates found to be
+      * ``router_cert`` - The number of router certificates found to be
         present and *valid*. This only refers to such certificates included as 
         stand-alone files which are BGPsec router certificates.
       * ``roa`` - The number of :term:`Route Origin Attestations <Route Origin