Apache2
md_acme.h
Go to the documentation of this file.
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2  * contributor license agreements. See the NOTICE file distributed with
3  * this work for additional information regarding copyright ownership.
4  * The ASF licenses this file to You under the Apache License, Version 2.0
5  * (the "License"); you may not use this file except in compliance with
6  * the License. You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef mod_md_md_acme_h
18 #define mod_md_md_acme_h
19 
20 struct apr_array_header_t;
21 struct apr_bucket_brigade;
22 struct md_http_response_t;
23 struct apr_hash_t;
24 struct md_http_t;
25 struct md_json_t;
26 struct md_pkey_t;
27 struct md_t;
28 struct md_acme_acct_t;
29 struct md_acmev2_acct_t;
30 struct md_store_t;
31 struct md_result_t;
32 
33 #define MD_PROTO_ACME "ACME"
34 
35 #define MD_AUTHZ_CHA_HTTP_01 "http-01"
36 #define MD_AUTHZ_CHA_SNI_01 "tls-sni-01"
37 
38 #define MD_ACME_VERSION_UNKNOWN 0x0
39 #define MD_ACME_VERSION_1 0x010000
40 #define MD_ACME_VERSION_2 0x020000
41 
42 #define MD_ACME_VERSION_MAJOR(i) (((i)&0xFF0000) >> 16)
43 
44 typedef enum {
45  MD_ACME_S_UNKNOWN, /* MD has not been analysed yet */
46  MD_ACME_S_REGISTERED, /* MD is registered at CA, but not more */
47  MD_ACME_S_TOS_ACCEPTED, /* Terms of Service were accepted by account holder */
48  MD_ACME_S_CHALLENGED, /* MD challenge information for all domains is known */
49  MD_ACME_S_VALIDATED, /* MD domains have been validated */
50  MD_ACME_S_CERTIFIED, /* MD has valid certificate */
51  MD_ACME_S_DENIED, /* MD domains (at least one) have been denied by CA */
52 } md_acme_state_t;
53 
54 typedef struct md_acme_t md_acme_t;
55 
56 typedef struct md_acme_req_t md_acme_req_t;
60 typedef apr_status_t md_acme_req_res_cb(md_acme_t *acme,
61  const struct md_http_response_t *res, void *baton);
62 
67 typedef apr_status_t md_acme_req_init_cb(md_acme_req_t *req, void *baton);
68 
73 typedef apr_status_t md_acme_req_json_cb(md_acme_t *acme, apr_pool_t *p,
74  const apr_table_t *headers,
75  struct md_json_t *jbody, void *baton);
76 
80 typedef apr_status_t md_acme_req_err_cb(md_acme_req_t *req,
81  const struct md_result_t *result, void *baton);
82 
83 
84 typedef apr_status_t md_acme_new_nonce_fn(md_acme_t *acme);
85 typedef apr_status_t md_acme_req_init_fn(md_acme_req_t *req, struct md_json_t *jpayload);
86 
87 typedef apr_status_t md_acme_post_fn(md_acme_t *acme,
88  md_acme_req_init_cb *on_init,
89  md_acme_req_json_cb *on_json,
90  md_acme_req_res_cb *on_res,
91  md_acme_req_err_cb *on_err,
92  void *baton);
93 
94 struct md_acme_t {
95  const char *url; /* directory url of the ACME service */
96  const char *sname; /* short name for the service, not necessarily unique */
97  apr_pool_t *p;
98  const char *user_agent;
99  const char *proxy_url;
100  const char *ca_file;
101 
102  const char *acct_id; /* local storage id account was loaded from or NULL */
103  struct md_acme_acct_t *acct; /* account at ACME server to use for requests */
104  struct md_pkey_t *acct_key; /* private RSA key belonging to account */
105 
106  int version; /* as detected from the server */
107  union {
108  struct { /* obsolete */
109  const char *new_authz;
110  const char *new_cert;
111  const char *new_reg;
112  const char *revoke_cert;
113 
114  } v1;
115  struct {
116  const char *new_account;
117  const char *new_order;
118  const char *key_change;
119  const char *revoke_cert;
120  const char *new_nonce;
121  } v2;
122  } api;
123  const char *ca_agreement;
124  const char *acct_name;
125  int eab_required;
126 
127  md_acme_new_nonce_fn *new_nonce_fn;
128  md_acme_req_init_fn *req_init_fn;
129  md_acme_post_fn *post_new_account_fn;
130 
131  struct md_http_t *http;
132 
133  const char *nonce;
134  int max_retries;
135  struct md_result_t *last; /* result of last request */
136 };
137 
141 apr_status_t md_acme_init(apr_pool_t *pool, const char *base_version, int init_ssl);
142 
153 apr_status_t md_acme_create(md_acme_t **pacme, apr_pool_t *p, const char *url,
154  const char *proxy_url, const char *ca_file);
155 
161 apr_status_t md_acme_setup(md_acme_t *acme, struct md_result_t *result);
162 
163 void md_acme_report_result(md_acme_t *acme, apr_status_t rv, struct md_result_t *result);
164 
165 /**************************************************************************************************/
166 /* account handling */
167 
171 void md_acme_clear_acct(md_acme_t *acme);
172 
173 apr_status_t md_acme_POST_new_account(md_acme_t *acme,
174  md_acme_req_init_cb *on_init,
175  md_acme_req_json_cb *on_json,
176  md_acme_req_res_cb *on_res,
177  md_acme_req_err_cb *on_err,
178  void *baton);
179 
184 const char *md_acme_acct_id_get(md_acme_t *acme);
185 const char *md_acme_acct_url_get(md_acme_t *acme);
186 
195 apr_status_t md_acme_use_acct(md_acme_t *acme, struct md_store_t *store,
196  apr_pool_t *p, const char *acct_id);
197 
207 apr_status_t md_acme_use_acct_for_md(md_acme_t *acme, struct md_store_t *store,
208  apr_pool_t *p, const char *acct_id,
209  const md_t *md);
210 
215 const char *md_acme_acct_id_get(md_acme_t *acme);
216 
220 apr_status_t md_acme_agree(md_acme_t *acme, apr_pool_t *p, const char *tos);
221 
234 apr_status_t md_acme_check_agreement(md_acme_t *acme, apr_pool_t *p,
235  const char *agreement, const char **prequired);
236 
237 apr_status_t md_acme_save_acct(md_acme_t *acme, apr_pool_t *p, struct md_store_t *store);
238 
242 apr_status_t md_acme_acct_deactivate(md_acme_t *acme, apr_pool_t *p);
243 
244 /**************************************************************************************************/
245 /* request handling */
246 
247 struct md_acme_req_t {
248  md_acme_t *acme; /* the ACME server to talk to */
249  apr_pool_t *p; /* pool for the request duration */
250 
251  const char *url; /* url to POST the request to */
252  const char *method; /* HTTP method to use */
253  struct md_json_t *prot_fields; /* JWS protected fields */
254  struct md_json_t *req_json; /* JSON to be POSTed in request body */
255 
256  apr_table_t *resp_hdrs; /* HTTP response headers */
257  struct md_json_t *resp_json; /* JSON response body received */
258 
259  apr_status_t rv; /* status of request */
260 
261  md_acme_req_init_cb *on_init; /* callback to initialize the request before submit */
262  md_acme_req_json_cb *on_json; /* callback on successful JSON response */
263  md_acme_req_res_cb *on_res; /* callback on generic HTTP response */
264  md_acme_req_err_cb *on_err; /* callback on encountered error */
265  int max_retries; /* how often this might be retried */
266  void *baton; /* userdata for callbacks */
267  struct md_result_t *result; /* result of this request */
268 };
269 
270 apr_status_t md_acme_req_body_init(md_acme_req_t *req, struct md_json_t *payload);
271 
272 apr_status_t md_acme_GET(md_acme_t *acme, const char *url,
273  md_acme_req_init_cb *on_init,
274  md_acme_req_json_cb *on_json,
275  md_acme_req_res_cb *on_res,
276  md_acme_req_err_cb *on_err,
277  void *baton);
292 apr_status_t md_acme_POST(md_acme_t *acme, const char *url,
293  md_acme_req_init_cb *on_init,
294  md_acme_req_json_cb *on_json,
295  md_acme_req_res_cb *on_res,
296  md_acme_req_err_cb *on_err,
297  void *baton);
298 
302 apr_status_t md_acme_get_json(struct md_json_t **pjson, md_acme_t *acme,
303  const char *url, apr_pool_t *p);
304 
305 
306 apr_status_t md_acme_req_body_init(md_acme_req_t *req, struct md_json_t *jpayload);
307 
308 apr_status_t md_acme_protos_add(struct apr_hash_t *protos, apr_pool_t *p);
309 
315 int md_acme_problem_is_input_related(const char *problem);
316 
317 #endif /* md_acme_h */
pool
apr_bucket_brigade request_rec apr_pool_t * pool
Definition: mod_dav.h:557
headers
apr_table_t * headers
Definition: mod_proxy.h:1484
url
proxy_worker proxy_server_conf char * url
Definition: mod_proxy.h:657
apr_status_t
int apr_status_t
Definition: apr_errno.h:44
apr_hash_t
struct apr_hash_t apr_hash_t
Definition: apr_hash.h:52
apr_pool_t
struct apr_pool_t apr_pool_t
Definition: apr_pools.h:60
apr_table_t
struct apr_table_t apr_table_t
Definition: apr_tables.h:56
md_acme_get_json
apr_status_t md_acme_get_json(struct md_json_t **pjson, md_acme_t *acme, const char *url, apr_pool_t *p)
md_acme_agree
apr_status_t md_acme_agree(md_acme_t *acme, apr_pool_t *p, const char *tos)
md_acme_req_json_cb
apr_status_t md_acme_req_json_cb(md_acme_t *acme, apr_pool_t *p, const apr_table_t *headers, struct md_json_t *jbody, void *baton)
Definition: md_acme.h:73
md_acme_post_fn
apr_status_t md_acme_post_fn(md_acme_t *acme, md_acme_req_init_cb *on_init, md_acme_req_json_cb *on_json, md_acme_req_res_cb *on_res, md_acme_req_err_cb *on_err, void *baton)
Definition: md_acme.h:87
md_acme_clear_acct
void md_acme_clear_acct(md_acme_t *acme)
md_acme_use_acct_for_md
apr_status_t md_acme_use_acct_for_md(md_acme_t *acme, struct md_store_t *store, apr_pool_t *p, const char *acct_id, const md_t *md)
md_acme_req_init_cb
apr_status_t md_acme_req_init_cb(md_acme_req_t *req, void *baton)
Definition: md_acme.h:67
md_acme_req_init_fn
apr_status_t md_acme_req_init_fn(md_acme_req_t *req, struct md_json_t *jpayload)
Definition: md_acme.h:85
md_acme_state_t
md_acme_state_t
Definition: md_acme.h:44
MD_ACME_S_VALIDATED
@ MD_ACME_S_VALIDATED
Definition: md_acme.h:49
MD_ACME_S_CERTIFIED
@ MD_ACME_S_CERTIFIED
Definition: md_acme.h:50
MD_ACME_S_UNKNOWN
@ MD_ACME_S_UNKNOWN
Definition: md_acme.h:45
MD_ACME_S_REGISTERED
@ MD_ACME_S_REGISTERED
Definition: md_acme.h:46
MD_ACME_S_CHALLENGED
@ MD_ACME_S_CHALLENGED
Definition: md_acme.h:48
MD_ACME_S_DENIED
@ MD_ACME_S_DENIED
Definition: md_acme.h:51
MD_ACME_S_TOS_ACCEPTED
@ MD_ACME_S_TOS_ACCEPTED
Definition: md_acme.h:47
md_acme_acct_id_get
const char * md_acme_acct_id_get(md_acme_t *acme)
md_acme_req_res_cb
apr_status_t md_acme_req_res_cb(md_acme_t *acme, const struct md_http_response_t *res, void *baton)
Definition: md_acme.h:60
md_acme_problem_is_input_related
int md_acme_problem_is_input_related(const char *problem)
md_acme_req_err_cb
apr_status_t md_acme_req_err_cb(md_acme_req_t *req, const struct md_result_t *result, void *baton)
Definition: md_acme.h:80
md_acme_acct_deactivate
apr_status_t md_acme_acct_deactivate(md_acme_t *acme, apr_pool_t *p)
md_acme_use_acct
apr_status_t md_acme_use_acct(md_acme_t *acme, struct md_store_t *store, apr_pool_t *p, const char *acct_id)
md_acme_protos_add
apr_status_t md_acme_protos_add(struct apr_hash_t *protos, apr_pool_t *p)
md_acme_POST_new_account
apr_status_t md_acme_POST_new_account(md_acme_t *acme, md_acme_req_init_cb *on_init, md_acme_req_json_cb *on_json, md_acme_req_res_cb *on_res, md_acme_req_err_cb *on_err, void *baton)
md_acme_req_body_init
apr_status_t md_acme_req_body_init(md_acme_req_t *req, struct md_json_t *payload)
md_acme_GET
apr_status_t md_acme_GET(md_acme_t *acme, const char *url, md_acme_req_init_cb *on_init, md_acme_req_json_cb *on_json, md_acme_req_res_cb *on_res, md_acme_req_err_cb *on_err, void *baton)
md_acme_check_agreement
apr_status_t md_acme_check_agreement(md_acme_t *acme, apr_pool_t *p, const char *agreement, const char **prequired)
md_acme_init
apr_status_t md_acme_init(apr_pool_t *pool, const char *base_version, int init_ssl)
md_acme_setup
apr_status_t md_acme_setup(md_acme_t *acme, struct md_result_t *result)
md_acme_POST
apr_status_t md_acme_POST(md_acme_t *acme, const char *url, md_acme_req_init_cb *on_init, md_acme_req_json_cb *on_json, md_acme_req_res_cb *on_res, md_acme_req_err_cb *on_err, void *baton)
md_acme_new_nonce_fn
apr_status_t md_acme_new_nonce_fn(md_acme_t *acme)
Definition: md_acme.h:84
md_acme_save_acct
apr_status_t md_acme_save_acct(md_acme_t *acme, apr_pool_t *p, struct md_store_t *store)
md_acme_create
apr_status_t md_acme_create(md_acme_t **pacme, apr_pool_t *p, const char *url, const char *proxy_url, const char *ca_file)
md_acme_acct_url_get
const char * md_acme_acct_url_get(md_acme_t *acme)
md_acme_report_result
void md_acme_report_result(md_acme_t *acme, apr_status_t rv, struct md_result_t *result)
md_pkey_t
struct md_pkey_t md_pkey_t
Definition: md_crypt.h:47
md_http_t
struct md_http_t md_http_t
Definition: md_http.h:25
md_json_t
struct md_json_t md_json_t
Definition: md_json.h:29
apr_array_header_t
Definition: apr_tables.h:62
apr_bucket_brigade
Definition: apr_buckets.h:263
md_acme_acct_t
Definition: md_acme_acct.h:38
md_acme_req_t
Definition: md_acme.h:247
md_acme_req_t::p
apr_pool_t * p
Definition: md_acme.h:249
md_acme_req_t::result
struct md_result_t * result
Definition: md_acme.h:267
md_acme_req_t::req_json
struct md_json_t * req_json
Definition: md_acme.h:254
md_acme_req_t::baton
void * baton
Definition: md_acme.h:266
md_acme_req_t::on_err
md_acme_req_err_cb * on_err
Definition: md_acme.h:264
md_acme_req_t::on_res
md_acme_req_res_cb * on_res
Definition: md_acme.h:263
md_acme_req_t::on_json
md_acme_req_json_cb * on_json
Definition: md_acme.h:262
md_acme_req_t::method
const char * method
Definition: md_acme.h:252
md_acme_req_t::resp_json
struct md_json_t * resp_json
Definition: md_acme.h:257
md_acme_req_t::max_retries
int max_retries
Definition: md_acme.h:265
md_acme_req_t::prot_fields
struct md_json_t * prot_fields
Definition: md_acme.h:253
md_acme_req_t::url
const char * url
Definition: md_acme.h:251
md_acme_req_t::acme
md_acme_t * acme
Definition: md_acme.h:248
md_acme_req_t::resp_hdrs
apr_table_t * resp_hdrs
Definition: md_acme.h:256
md_acme_req_t::on_init
md_acme_req_init_cb * on_init
Definition: md_acme.h:261
md_acme_req_t::rv
apr_status_t rv
Definition: md_acme.h:259
md_acme_t
Definition: md_acme.h:94
md_acme_t::last
struct md_result_t * last
Definition: md_acme.h:135
md_acme_t::revoke_cert
const char * revoke_cert
Definition: md_acme.h:112
md_acme_t::new_account
const char * new_account
Definition: md_acme.h:116
md_acme_t::version
int version
Definition: md_acme.h:106
md_acme_t::v1
struct md_acme_t::@4::@5 v1
md_acme_t::max_retries
int max_retries
Definition: md_acme.h:134
md_acme_t::post_new_account_fn
md_acme_post_fn * post_new_account_fn
Definition: md_acme.h:129
md_acme_t::new_reg
const char * new_reg
Definition: md_acme.h:111
md_acme_t::p
apr_pool_t * p
Definition: md_acme.h:97
md_acme_t::proxy_url
const char * proxy_url
Definition: md_acme.h:99
md_acme_t::ca_agreement
const char * ca_agreement
Definition: md_acme.h:123
md_acme_t::new_authz
const char * new_authz
Definition: md_acme.h:109
md_acme_t::user_agent
const char * user_agent
Definition: md_acme.h:98
md_acme_t::eab_required
int eab_required
Definition: md_acme.h:125
md_acme_t::http
struct md_http_t * http
Definition: md_acme.h:131
md_acme_t::new_nonce
const char * new_nonce
Definition: md_acme.h:120
md_acme_t::new_cert
const char * new_cert
Definition: md_acme.h:110
md_acme_t::req_init_fn
md_acme_req_init_fn * req_init_fn
Definition: md_acme.h:128
md_acme_t::acct
struct md_acme_acct_t * acct
Definition: md_acme.h:103
md_acme_t::nonce
const char * nonce
Definition: md_acme.h:133
md_acme_t::v2
struct md_acme_t::@4::@6 v2
md_acme_t::key_change
const char * key_change
Definition: md_acme.h:118
md_acme_t::new_order
const char * new_order
Definition: md_acme.h:117
md_acme_t::url
const char * url
Definition: md_acme.h:95
md_acme_t::acct_key
struct md_pkey_t * acct_key
Definition: md_acme.h:104
md_acme_t::sname
const char * sname
Definition: md_acme.h:96
md_acme_t::api
union md_acme_t::@4 api
md_acme_t::acct_name
const char * acct_name
Definition: md_acme.h:124
md_acme_t::ca_file
const char * ca_file
Definition: md_acme.h:100
md_acme_t::new_nonce_fn
md_acme_new_nonce_fn * new_nonce_fn
Definition: md_acme.h:127
md_acme_t::acct_id
const char * acct_id
Definition: md_acme.h:102
md_http_response_t
Definition: md_http.h:78
md_result_t
Definition: md_result.h:29
md_result_t::problem
const char * problem
Definition: md_result.h:33
md_store_t
Definition: md_store.h:325
md_t
Definition: md.h:76
p
apr_pool_t * p