Apache2
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
md_crypt.h File Reference
#include <apr_file_io.h>
Include dependency graph for md_crypt.h:

Go to the source code of this file.

Data Structures

struct  md_pkey_rsa_spec_t
 
struct  md_pkey_spec_t
 
struct  md_sct
 

Macros

#define MD_DATA_SET_STR(d, s)   do { (d)->data = (s); (d)->len = strlen(s); } while(0)
 

Typedefs

typedef struct md_pkey_t md_pkey_t
 
typedef struct md_pkey_rsa_spec_t md_pkey_rsa_spec_t
 
typedef struct md_pkey_spec_t md_pkey_spec_t
 
typedef struct md_cert_t md_cert_t
 
typedef struct md_sct md_sct
 

Enumerations

enum  md_pkey_type_t { MD_PKEY_TYPE_DEFAULT, MD_PKEY_TYPE_RSA }
 
enum  md_cert_state_t { MD_CERT_UNKNOWN, MD_CERT_VALID, MD_CERT_EXPIRED }
 

Functions

apr_status_t md_rand_bytes (unsigned char *buf, apr_size_t len, apr_pool_t *p)
 
apr_time_t md_asn1_generalized_time_get (void *ASN1_GENERALIZEDTIME)
 
apr_status_t md_crypt_sha256_digest64 (const char **pdigest64, apr_pool_t *p, const struct md_data_t *data)
 
apr_status_t md_crypt_sha256_digest_hex (const char **pdigesthex, apr_pool_t *p, const struct md_data_t *data)
 
apr_status_t md_crypt_init (apr_pool_t *pool)
 
apr_status_t md_pkey_gen (md_pkey_t **ppkey, apr_pool_t *p, md_pkey_spec_t *spec)
 
void md_pkey_free (md_pkey_t *pkey)
 
const char * md_pkey_get_rsa_e64 (md_pkey_t *pkey, apr_pool_t *p)
 
const char * md_pkey_get_rsa_n64 (md_pkey_t *pkey, apr_pool_t *p)
 
apr_status_t md_pkey_fload (md_pkey_t **ppkey, apr_pool_t *p, const char *pass_phrase, apr_size_t pass_len, const char *fname)
 
apr_status_t md_pkey_fsave (md_pkey_t *pkey, apr_pool_t *p, const char *pass_phrase, apr_size_t pass_len, const char *fname, apr_fileperms_t perms)
 
apr_status_t md_crypt_sign64 (const char **psign64, md_pkey_t *pkey, apr_pool_t *p, const char *d, size_t dlen)
 
voidmd_pkey_get_EVP_PKEY (struct md_pkey_t *pkey)
 
struct md_json_tmd_pkey_spec_to_json (const md_pkey_spec_t *spec, apr_pool_t *p)
 
md_pkey_spec_tmd_pkey_spec_from_json (struct md_json_t *json, apr_pool_t *p)
 
int md_pkey_spec_eq (md_pkey_spec_t *spec1, md_pkey_spec_t *spec2)
 
md_cert_tmd_cert_make (apr_pool_t *p, void *x509)
 
md_cert_tmd_cert_wrap (apr_pool_t *p, void *x509)
 
voidmd_cert_get_X509 (const md_cert_t *cert)
 
apr_status_t md_cert_fload (md_cert_t **pcert, apr_pool_t *p, const char *fname)
 
apr_status_t md_cert_fsave (md_cert_t *cert, apr_pool_t *p, const char *fname, apr_fileperms_t perms)
 
apr_status_t md_cert_read_http (md_cert_t **pcert, apr_pool_t *pool, const struct md_http_response_t *res)
 
apr_status_t md_cert_chain_read_http (struct apr_array_header_t *chain, apr_pool_t *pool, const struct md_http_response_t *res)
 
md_cert_state_t md_cert_state_get (const md_cert_t *cert)
 
int md_cert_is_valid_now (const md_cert_t *cert)
 
int md_cert_has_expired (const md_cert_t *cert)
 
int md_cert_covers_domain (md_cert_t *cert, const char *domain_name)
 
int md_cert_covers_md (md_cert_t *cert, const struct md_t *md)
 
int md_cert_must_staple (const md_cert_t *cert)
 
apr_time_t md_cert_get_not_after (const md_cert_t *cert)
 
apr_time_t md_cert_get_not_before (const md_cert_t *cert)
 
apr_status_t md_cert_get_issuers_uri (const char **puri, const md_cert_t *cert, apr_pool_t *p)
 
apr_status_t md_cert_get_alt_names (apr_array_header_t **pnames, const md_cert_t *cert, apr_pool_t *p)
 
apr_status_t md_cert_to_base64url (const char **ps64, const md_cert_t *cert, apr_pool_t *p)
 
apr_status_t md_cert_from_base64url (md_cert_t **pcert, const char *s64, apr_pool_t *p)
 
apr_status_t md_cert_to_sha256_digest (struct md_data_t **pdigest, const md_cert_t *cert, apr_pool_t *p)
 
apr_status_t md_cert_to_sha256_fingerprint (const char **pfinger, const md_cert_t *cert, apr_pool_t *p)
 
const char * md_cert_get_serial_number (const md_cert_t *cert, apr_pool_t *p)
 
apr_status_t md_chain_fload (struct apr_array_header_t **pcerts, apr_pool_t *p, const char *fname)
 
apr_status_t md_chain_fsave (struct apr_array_header_t *certs, apr_pool_t *p, const char *fname, apr_fileperms_t perms)
 
apr_status_t md_chain_fappend (struct apr_array_header_t *certs, apr_pool_t *p, const char *fname)
 
apr_status_t md_cert_req_create (const char **pcsr_der_64, const char *name, apr_array_header_t *domains, int must_staple, md_pkey_t *pkey, apr_pool_t *p)
 
apr_status_t md_cert_self_sign (md_cert_t **pcert, const char *cn, struct apr_array_header_t *domains, md_pkey_t *pkey, apr_interval_time_t valid_for, apr_pool_t *p)
 
apr_status_t md_cert_make_tls_alpn_01 (md_cert_t **pcert, const char *domain, const char *acme_id, md_pkey_t *pkey, apr_interval_time_t valid_for, apr_pool_t *p)
 
apr_status_t md_cert_get_ct_scts (apr_array_header_t *scts, apr_pool_t *p, const md_cert_t *cert)
 
const char * md_nid_get_sname (int nid)
 
const char * md_nid_get_lname (int nid)
 

Macro Definition Documentation

#define MD_DATA_SET_STR (   d,
 
)    do { (d)->data = (s); (d)->len = strlen(s); } while(0)

Typedef Documentation

typedef struct md_cert_t md_cert_t
typedef struct md_pkey_t md_pkey_t
typedef struct md_sct md_sct

Enumeration Type Documentation

Enumerator
MD_CERT_UNKNOWN 
MD_CERT_VALID 
MD_CERT_EXPIRED 
Enumerator
MD_PKEY_TYPE_DEFAULT 
MD_PKEY_TYPE_RSA 

Function Documentation

apr_time_t md_asn1_generalized_time_get ( void ASN1_GENERALIZEDTIME)
apr_status_t md_cert_chain_read_http ( struct apr_array_header_t chain,
apr_pool_t pool,
const struct md_http_response_t res 
)

Read one or even a chain of certificates from a http response. Will return APR_ENOENT if content-type is not recognized (currently supports only "application/pem-certificate-chain" and "application/pkix-cert").

Parameters
chainmust be non-NULL, retrieved certificates will be added.
int md_cert_covers_domain ( md_cert_t cert,
const char *  domain_name 
)
int md_cert_covers_md ( md_cert_t cert,
const struct md_t md 
)
apr_status_t md_cert_fload ( md_cert_t **  pcert,
apr_pool_t p,
const char *  fname 
)
apr_status_t md_cert_from_base64url ( md_cert_t **  pcert,
const char *  s64,
apr_pool_t p 
)
apr_status_t md_cert_fsave ( md_cert_t cert,
apr_pool_t p,
const char *  fname,
apr_fileperms_t  perms 
)
apr_status_t md_cert_get_alt_names ( apr_array_header_t **  pnames,
const md_cert_t cert,
apr_pool_t p 
)
apr_status_t md_cert_get_ct_scts ( apr_array_header_t scts,
apr_pool_t p,
const md_cert_t cert 
)
apr_status_t md_cert_get_issuers_uri ( const char **  puri,
const md_cert_t cert,
apr_pool_t p 
)
apr_time_t md_cert_get_not_after ( const md_cert_t cert)
apr_time_t md_cert_get_not_before ( const md_cert_t cert)
const char* md_cert_get_serial_number ( const md_cert_t cert,
apr_pool_t p 
)
void* md_cert_get_X509 ( const md_cert_t cert)
int md_cert_has_expired ( const md_cert_t cert)
int md_cert_is_valid_now ( const md_cert_t cert)
md_cert_t* md_cert_make ( apr_pool_t p,
void x509 
)

Create a holder of the certificate that will free its memory when the pool is destroyed.

apr_status_t md_cert_make_tls_alpn_01 ( md_cert_t **  pcert,
const char *  domain,
const char *  acme_id,
md_pkey_t pkey,
apr_interval_time_t  valid_for,
apr_pool_t p 
)

Create a certificate for answering "tls-alpn-01" ACME challenges (see https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01).

int md_cert_must_staple ( const md_cert_t cert)
apr_status_t md_cert_read_http ( md_cert_t **  pcert,
apr_pool_t pool,
const struct md_http_response_t res 
)

Read a x509 certificate from a http response. Will return APR_ENOENT if content-type is not recognized (currently only "application/pkix-cert" is supported).

apr_status_t md_cert_req_create ( const char **  pcsr_der_64,
const char *  name,
apr_array_header_t domains,
int  must_staple,
md_pkey_t pkey,
apr_pool_t p 
)
apr_status_t md_cert_self_sign ( md_cert_t **  pcert,
const char *  cn,
struct apr_array_header_t domains,
md_pkey_t pkey,
apr_interval_time_t  valid_for,
apr_pool_t p 
)

Create a self-signed cerftificate with the given cn, key and list of alternate domain names.

md_cert_state_t md_cert_state_get ( const md_cert_t cert)
apr_status_t md_cert_to_base64url ( const char **  ps64,
const md_cert_t cert,
apr_pool_t p 
)
apr_status_t md_cert_to_sha256_digest ( struct md_data_t **  pdigest,
const md_cert_t cert,
apr_pool_t p 
)
apr_status_t md_cert_to_sha256_fingerprint ( const char **  pfinger,
const md_cert_t cert,
apr_pool_t p 
)
md_cert_t* md_cert_wrap ( apr_pool_t p,
void x509 
)

Wrap a x509 certificate into our own structure, without taking ownership of its memory. The caller remains responsible.

apr_status_t md_chain_fappend ( struct apr_array_header_t certs,
apr_pool_t p,
const char *  fname 
)
apr_status_t md_chain_fload ( struct apr_array_header_t **  pcerts,
apr_pool_t p,
const char *  fname 
)
apr_status_t md_chain_fsave ( struct apr_array_header_t certs,
apr_pool_t p,
const char *  fname,
apr_fileperms_t  perms 
)
apr_status_t md_crypt_init ( apr_pool_t pool)
apr_status_t md_crypt_sha256_digest64 ( const char **  pdigest64,
apr_pool_t p,
const struct md_data_t data 
)
apr_status_t md_crypt_sha256_digest_hex ( const char **  pdigesthex,
apr_pool_t p,
const struct md_data_t data 
)
apr_status_t md_crypt_sign64 ( const char **  psign64,
md_pkey_t pkey,
apr_pool_t p,
const char *  d,
size_t  dlen 
)
const char* md_nid_get_lname ( int  nid)
const char* md_nid_get_sname ( int  nid)
apr_status_t md_pkey_fload ( md_pkey_t **  ppkey,
apr_pool_t p,
const char *  pass_phrase,
apr_size_t  pass_len,
const char *  fname 
)
void md_pkey_free ( md_pkey_t pkey)
apr_status_t md_pkey_fsave ( md_pkey_t pkey,
apr_pool_t p,
const char *  pass_phrase,
apr_size_t  pass_len,
const char *  fname,
apr_fileperms_t  perms 
)
apr_status_t md_pkey_gen ( md_pkey_t **  ppkey,
apr_pool_t p,
md_pkey_spec_t spec 
)
void* md_pkey_get_EVP_PKEY ( struct md_pkey_t pkey)
const char* md_pkey_get_rsa_e64 ( md_pkey_t pkey,
apr_pool_t p 
)
const char* md_pkey_get_rsa_n64 ( md_pkey_t pkey,
apr_pool_t p 
)
int md_pkey_spec_eq ( md_pkey_spec_t spec1,
md_pkey_spec_t spec2 
)
md_pkey_spec_t* md_pkey_spec_from_json ( struct md_json_t json,
apr_pool_t p 
)
struct md_json_t* md_pkey_spec_to_json ( const md_pkey_spec_t spec,
apr_pool_t p 
)
apr_status_t md_rand_bytes ( unsigned char *  buf,
apr_size_t  len,
apr_pool_t p 
)