Apache2
md_acme.h
Go to the documentation of this file.
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2  * contributor license agreements. See the NOTICE file distributed with
3  * this work for additional information regarding copyright ownership.
4  * The ASF licenses this file to You under the Apache License, Version 2.0
5  * (the "License"); you may not use this file except in compliance with
6  * the License. You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef mod_md_md_acme_h
18 #define mod_md_md_acme_h
19 
20 struct apr_array_header_t;
21 struct apr_bucket_brigade;
22 struct md_http_response_t;
23 struct apr_hash_t;
24 struct md_http_t;
25 struct md_json_t;
26 struct md_pkey_t;
27 struct md_t;
28 struct md_acme_acct_t;
29 struct md_acmev2_acct_t;
30 struct md_store_t;
31 struct md_result_t;
32 
33 #define MD_PROTO_ACME "ACME"
34 
35 #define MD_AUTHZ_CHA_HTTP_01 "http-01"
36 #define MD_AUTHZ_CHA_SNI_01 "tls-sni-01"
37 
38 #define MD_ACME_VERSION_UNKNOWN 0x0
39 #define MD_ACME_VERSION_1 0x010000
40 #define MD_ACME_VERSION_2 0x020000
41 
42 #define MD_ACME_VERSION_MAJOR(i) (((i)&0xFF0000) >> 16)
43 
44 typedef enum {
45  MD_ACME_S_UNKNOWN, /* MD has not been analysed yet */
46  MD_ACME_S_REGISTERED, /* MD is registered at CA, but not more */
47  MD_ACME_S_TOS_ACCEPTED, /* Terms of Service were accepted by account holder */
48  MD_ACME_S_CHALLENGED, /* MD challenge information for all domains is known */
49  MD_ACME_S_VALIDATED, /* MD domains have been validated */
50  MD_ACME_S_CERTIFIED, /* MD has valid certificate */
51  MD_ACME_S_DENIED, /* MD domains (at least one) have been denied by CA */
53 
54 typedef struct md_acme_t md_acme_t;
55 
61  const struct md_http_response_t *res, void *baton);
62 
68 
74  const apr_table_t *headers,
75  struct md_json_t *jbody, void *baton);
76 
81  const struct md_result_t *result, void *baton);
82 
83 
85 typedef apr_status_t md_acme_req_init_fn(md_acme_req_t *req, struct md_json_t *jpayload);
86 
92  void *baton);
93 
94 struct md_acme_t {
95  const char *url; /* directory url of the ACME service */
96  const char *sname; /* short name for the service, not necessarily unique */
98  const char *user_agent;
99  const char *proxy_url;
100  const char *ca_file;
101 
102  const char *acct_id; /* local storage id account was loaded from or NULL */
103  struct md_acme_acct_t *acct; /* account at ACME server to use for requests */
104  struct md_pkey_t *acct_key; /* private RSA key belonging to account */
105 
106  int version; /* as detected from the server */
107  union {
108  struct { /* obsolete */
109  const char *new_authz;
110  const char *new_cert;
111  const char *new_reg;
112  const char *revoke_cert;
113 
114  } v1;
115  struct {
116  const char *new_account;
117  const char *new_order;
118  const char *key_change;
119  const char *revoke_cert;
120  const char *new_nonce;
121  } v2;
122  } api;
123  const char *ca_agreement;
124  const char *acct_name;
125 
129 
130  struct md_http_t *http;
131 
132  const char *nonce;
134  struct md_result_t *last; /* result of last request */
135 };
136 
140 apr_status_t md_acme_init(apr_pool_t *pool, const char *base_version, int init_ssl);
141 
152 apr_status_t md_acme_create(md_acme_t **pacme, apr_pool_t *p, const char *url,
153  const char *proxy_url, const char *ca_file);
154 
160 apr_status_t md_acme_setup(md_acme_t *acme, struct md_result_t *result);
161 
162 void md_acme_report_result(md_acme_t *acme, apr_status_t rv, struct md_result_t *result);
163 
164 /**************************************************************************************************/
165 /* account handling */
166 
170 void md_acme_clear_acct(md_acme_t *acme);
171 
173  md_acme_req_init_cb *on_init,
174  md_acme_req_json_cb *on_json,
175  md_acme_req_res_cb *on_res,
176  md_acme_req_err_cb *on_err,
177  void *baton);
178 
183 const char *md_acme_acct_id_get(md_acme_t *acme);
184 const char *md_acme_acct_url_get(md_acme_t *acme);
185 
190 apr_status_t md_acme_use_acct(md_acme_t *acme, struct md_store_t *store,
191  apr_pool_t *p, const char *acct_id);
192 
197 const char *md_acme_acct_id_get(md_acme_t *acme);
198 
202 apr_status_t md_acme_agree(md_acme_t *acme, apr_pool_t *p, const char *tos);
203 
217  const char *agreement, const char **prequired);
218 
220 
225 
226 /**************************************************************************************************/
227 /* request handling */
228 
230  md_acme_t *acme; /* the ACME server to talk to */
231  apr_pool_t *p; /* pool for the request duration */
232 
233  const char *url; /* url to POST the request to */
234  const char *method; /* HTTP method to use */
235  apr_table_t *prot_hdrs; /* JWS headers needing protection (nonce) */
236  struct md_json_t *req_json; /* JSON to be POSTed in request body */
237 
238  apr_table_t *resp_hdrs; /* HTTP response headers */
239  struct md_json_t *resp_json; /* JSON response body received */
240 
241  apr_status_t rv; /* status of request */
242 
243  md_acme_req_init_cb *on_init; /* callback to initialize the request before submit */
244  md_acme_req_json_cb *on_json; /* callback on successful JSON response */
245  md_acme_req_res_cb *on_res; /* callback on generic HTTP response */
246  md_acme_req_err_cb *on_err; /* callback on encountered error */
247  int max_retries; /* how often this might be retried */
248  void *baton; /* userdata for callbacks */
249  struct md_result_t *result; /* result of this request */
250 };
251 
253 
254 apr_status_t md_acme_GET(md_acme_t *acme, const char *url,
255  md_acme_req_init_cb *on_init,
256  md_acme_req_json_cb *on_json,
257  md_acme_req_res_cb *on_res,
258  md_acme_req_err_cb *on_err,
259  void *baton);
274 apr_status_t md_acme_POST(md_acme_t *acme, const char *url,
275  md_acme_req_init_cb *on_init,
276  md_acme_req_json_cb *on_json,
277  md_acme_req_res_cb *on_res,
278  md_acme_req_err_cb *on_err,
279  void *baton);
280 
284 apr_status_t md_acme_get_json(struct md_json_t **pjson, md_acme_t *acme,
285  const char *url, apr_pool_t *p);
286 
287 
289 
291 
298 
299 #endif /* md_acme_h */
Definition: md_acme.h:51
md_acme_post_fn * post_new_account_fn
Definition: md_acme.h:128
Definition: md_acme_acct.h:38
apr_status_t md_acme_protos_add(struct apr_hash_t *protos, apr_pool_t *p)
apr_status_t md_acme_agree(md_acme_t *acme, apr_pool_t *p, const char *tos)
Definition: md.h:76
Definition: md_store.h:307
struct md_json_t md_json_t
Definition: md_json.h:29
md_acme_req_res_cb * on_res
Definition: md_acme.h:245
apr_status_t md_acme_req_init_cb(md_acme_req_t *req, void *baton)
Definition: md_acme.h:67
const char * ca_file
Definition: md_acme.h:100
Definition: apr_tables.h:62
Definition: md_acme.h:46
const char * nonce
Definition: md_acme.h:132
md_acme_req_json_cb * on_json
Definition: md_acme.h:244
Definition: md_acme.h:50
const char * key_change
Definition: md_acme.h:118
const char * new_order
Definition: md_acme.h:117
apr_table_t * resp_hdrs
Definition: md_acme.h:238
md_acme_req_err_cb * on_err
Definition: md_acme.h:246
apr_status_t md_acme_get_json(struct md_json_t **pjson, md_acme_t *acme, const char *url, apr_pool_t *p)
struct md_acme_t::@6::@7 v1
apr_bucket_brigade request_rec apr_pool_t * pool
Definition: mod_dav.h:555
struct md_pkey_t * acct_key
Definition: md_acme.h:104
apr_status_t md_acme_req_json_cb(md_acme_t *acme, apr_pool_t *p, const apr_table_t *headers, struct md_json_t *jbody, void *baton)
Definition: md_acme.h:73
apr_status_t md_acme_acct_deactivate(md_acme_t *acme, apr_pool_t *p)
apr_status_t md_acme_new_nonce_fn(md_acme_t *acme)
Definition: md_acme.h:84
apr_pool_t * p
Definition: md_acme.h:231
struct md_http_t * http
Definition: md_acme.h:130
apr_status_t md_acme_save_acct(md_acme_t *acme, apr_pool_t *p, struct md_store_t *store)
void md_acme_clear_acct(md_acme_t *acme)
Definition: md_acme.h:48
apr_status_t rv
Definition: md_acme.h:241
apr_status_t md_acme_init(apr_pool_t *pool, const char *base_version, int init_ssl)
const char * acct_id
Definition: md_acme.h:102
const char * revoke_cert
Definition: md_acme.h:112
Definition: apr_buckets.h:258
apr_status_t md_acme_req_body_init(md_acme_req_t *req, struct md_json_t *payload)
apr_status_t md_acme_POST(md_acme_t *acme, const char *url, md_acme_req_init_cb *on_init, md_acme_req_json_cb *on_json, md_acme_req_res_cb *on_res, md_acme_req_err_cb *on_err, void *baton)
const char * sname
Definition: md_acme.h:96
apr_status_t md_acme_create(md_acme_t **pacme, apr_pool_t *p, const char *url, const char *proxy_url, const char *ca_file)
md_acme_new_nonce_fn * new_nonce_fn
Definition: md_acme.h:126
apr_status_t md_acme_req_res_cb(md_acme_t *acme, const struct md_http_response_t *res, void *baton)
Definition: md_acme.h:60
int version
Definition: md_acme.h:106
int md_acme_problem_is_input_related(const char *problem)
const char * new_cert
Definition: md_acme.h:110
const char * url
Definition: md_acme.h:95
Definition: md_acme.h:229
struct md_acme_acct_t * acct
Definition: md_acme.h:103
int max_retries
Definition: md_acme.h:247
Definition: md_acme.h:45
struct md_result_t * last
Definition: md_acme.h:134
apr_pool_t * p
Definition: md_acme.h:97
union md_acme_t::@6 api
apr_status_t md_acme_POST_new_account(md_acme_t *acme, md_acme_req_init_cb *on_init, md_acme_req_json_cb *on_json, md_acme_req_res_cb *on_res, md_acme_req_err_cb *on_err, void *baton)
const char * ca_agreement
Definition: md_acme.h:123
const char * user_agent
Definition: md_acme.h:98
apr_table_t * prot_hdrs
Definition: md_acme.h:235
void * baton
Definition: md_acme.h:248
struct md_http_t md_http_t
Definition: md_http.h:25
Definition: md_acme.h:94
struct md_result_t * result
Definition: md_acme.h:249
const char * problem
Definition: md_result.h:33
apr_status_t md_acme_req_err_cb(md_acme_req_t *req, const struct md_result_t *result, void *baton)
Definition: md_acme.h:80
const char * proxy_url
Definition: md_acme.h:99
const char * md_acme_acct_id_get(md_acme_t *acme)
struct apr_hash_t apr_hash_t
Definition: apr_hash.h:52
apr_status_t md_acme_req_init_fn(md_acme_req_t *req, struct md_json_t *jpayload)
Definition: md_acme.h:85
void md_acme_report_result(md_acme_t *acme, apr_status_t rv, struct md_result_t *result)
Definition: md_result.h:29
apr_pool_t * p
md_acme_req_init_cb * on_init
Definition: md_acme.h:243
const char * url
Definition: md_acme.h:233
md_acme_t * acme
Definition: md_acme.h:230
const char * acct_name
Definition: md_acme.h:124
const char * method
Definition: md_acme.h:234
Definition: md_acme.h:47
int max_retries
Definition: md_acme.h:133
const char * md_acme_acct_url_get(md_acme_t *acme)
apr_status_t md_acme_check_agreement(md_acme_t *acme, apr_pool_t *p, const char *agreement, const char **prequired)
apr_status_t md_acme_GET(md_acme_t *acme, const char *url, md_acme_req_init_cb *on_init, md_acme_req_json_cb *on_json, md_acme_req_res_cb *on_res, md_acme_req_err_cb *on_err, void *baton)
const char * new_reg
Definition: md_acme.h:111
struct apr_table_t apr_table_t
Definition: apr_tables.h:56
apr_status_t md_acme_post_fn(md_acme_t *acme, md_acme_req_init_cb *on_init, md_acme_req_json_cb *on_json, md_acme_req_res_cb *on_res, md_acme_req_err_cb *on_err, void *baton)
Definition: md_acme.h:87
struct apr_pool_t apr_pool_t
Definition: apr_pools.h:60
md_acme_state_t
Definition: md_acme.h:44
int apr_status_t
Definition: apr_errno.h:44
Definition: md_acme.h:49
apr_status_t md_acme_setup(md_acme_t *acme, struct md_result_t *result)
const char * new_authz
Definition: md_acme.h:109
const char * new_nonce
Definition: md_acme.h:120
struct md_json_t * resp_json
Definition: md_acme.h:239
struct md_pkey_t md_pkey_t
Definition: md_crypt.h:49
const char * new_account
Definition: md_acme.h:116
md_acme_req_init_fn * req_init_fn
Definition: md_acme.h:127
struct md_json_t * req_json
Definition: md_acme.h:236
struct md_acme_t::@6::@8 v2
Definition: md_http.h:77
apr_status_t md_acme_use_acct(md_acme_t *acme, struct md_store_t *store, apr_pool_t *p, const char *acct_id)