Apache2
md_reg.h File Reference
#include "md_store.h"
Include dependency graph for md_reg.h:

Go to the source code of this file.

Data Structures

struct  md_proto_driver_t
 
struct  md_proto_t
 

Macros

#define MD_UPD_DOMAINS   0x00001
 
#define MD_UPD_CA_URL   0x00002
 
#define MD_UPD_CA_PROTO   0x00004
 
#define MD_UPD_CA_ACCOUNT   0x00008
 
#define MD_UPD_CONTACTS   0x00010
 
#define MD_UPD_AGREEMENT   0x00020
 
#define MD_UPD_DRIVE_MODE   0x00080
 
#define MD_UPD_RENEW_WINDOW   0x00100
 
#define MD_UPD_CA_CHALLENGES   0x00200
 
#define MD_UPD_PKEY_SPEC   0x00400
 
#define MD_UPD_REQUIRE_HTTPS   0x00800
 
#define MD_UPD_TRANSITIVE   0x01000
 
#define MD_UPD_MUST_STAPLE   0x02000
 
#define MD_UPD_PROTO   0x04000
 
#define MD_UPD_WARN_WINDOW   0x08000
 
#define MD_UPD_STAPLING   0x10000
 
#define MD_UPD_ALL   0x7FFFFFFF
 

Typedefs

typedef struct md_reg_t md_reg_t
 
typedef int md_reg_do_cb(void *baton, md_reg_t *reg, md_t *md)
 
typedef struct md_proto_t md_proto_t
 
typedef struct md_proto_driver_t md_proto_driver_t
 
typedef apr_status_t md_proto_init_cb(md_proto_driver_t *driver, struct md_result_t *result)
 
typedef apr_status_t md_proto_renew_cb(md_proto_driver_t *driver, struct md_result_t *result)
 
typedef apr_status_t md_proto_init_preload_cb(md_proto_driver_t *driver, struct md_result_t *result)
 
typedef apr_status_t md_proto_preload_cb(md_proto_driver_t *driver, md_store_group_t group, struct md_result_t *result)
 
typedef apr_status_t md_proto_complete_md_cb(md_t *md, apr_pool_t *p)
 

Functions

apr_status_t md_reg_create (md_reg_t **preg, apr_pool_t *pm, md_store_t *store, const char *proxy_url, const char *ca_file, apr_time_t min_delay, int retry_failover, int use_store_locks, apr_time_t lock_wait_timeout)
 
md_store_tmd_reg_store_get (md_reg_t *reg)
 
apr_status_t md_reg_set_props (md_reg_t *reg, apr_pool_t *p, int can_http, int can_https)
 
apr_status_t md_reg_add (md_reg_t *reg, md_t *md, apr_pool_t *p)
 
md_tmd_reg_find (md_reg_t *reg, const char *domain, apr_pool_t *p)
 
md_tmd_reg_find_overlap (md_reg_t *reg, const md_t *md, const char **pdomain, apr_pool_t *p)
 
md_tmd_reg_get (md_reg_t *reg, const char *name, apr_pool_t *p)
 
int md_reg_do (md_reg_do_cb *cb, void *baton, md_reg_t *reg, apr_pool_t *p)
 
apr_status_t md_reg_update (md_reg_t *reg, apr_pool_t *p, const char *name, const md_t *md, int fields, int check_consistency)
 
apr_status_t md_reg_get_pubcert (const md_pubcert_t **ppubcert, md_reg_t *reg, const md_t *md, int i, apr_pool_t *p)
 
apr_status_t md_reg_get_cred_files (const char **pkeyfile, const char **pcertfile, md_reg_t *reg, md_store_group_t group, const md_t *md, struct md_pkey_spec_t *spec, apr_pool_t *p)
 
apr_status_t md_reg_sync_start (md_reg_t *reg, apr_array_header_t *master_mds, apr_pool_t *p)
 
apr_status_t md_reg_sync_finish (md_reg_t *reg, md_t *md, apr_pool_t *p, apr_pool_t *ptemp)
 
apr_status_t md_reg_remove (md_reg_t *reg, apr_pool_t *p, const char *name, int archive)
 
apr_status_t md_reg_delete_acct (md_reg_t *reg, apr_pool_t *p, const char *acct_id)
 
apr_status_t md_reg_cleanup_challenges (md_reg_t *reg, apr_pool_t *p, apr_pool_t *ptemp, apr_array_header_t *mds)
 
apr_status_t md_reg_freeze_domains (md_reg_t *reg, apr_array_header_t *mds)
 
int md_reg_should_renew (md_reg_t *reg, const md_t *md, apr_pool_t *p)
 
apr_time_t md_reg_renew_at (md_reg_t *reg, const md_t *md, apr_pool_t *p)
 
apr_time_t md_reg_valid_until (md_reg_t *reg, const md_t *md, apr_pool_t *p)
 
int md_reg_should_warn (md_reg_t *reg, const md_t *md, apr_pool_t *p)
 
apr_status_t md_reg_test_init (md_reg_t *reg, const md_t *md, struct apr_table_t *env, struct md_result_t *result, apr_pool_t *p)
 
apr_status_t md_reg_renew (md_reg_t *reg, const md_t *md, struct apr_table_t *env, int reset, int attempt, struct md_result_t *result, apr_pool_t *p)
 
apr_status_t md_reg_load_staging (md_reg_t *reg, const md_t *md, struct apr_table_t *env, struct md_result_t *result, apr_pool_t *p)
 
apr_status_t md_reg_load_stagings (md_reg_t *reg, apr_array_header_t *mds, apr_table_t *env, apr_pool_t *p)
 
void md_reg_set_renew_window_default (md_reg_t *reg, md_timeslice_t *renew_window)
 
void md_reg_set_warn_window_default (md_reg_t *reg, md_timeslice_t *warn_window)
 
struct md_job_tmd_reg_job_make (md_reg_t *reg, const char *mdomain, apr_pool_t *p)
 
apr_status_t md_reg_lock_global (md_reg_t *reg, apr_pool_t *p)
 
void md_reg_unlock_global (md_reg_t *reg, apr_pool_t *p)
 

Macro Definition Documentation

◆ MD_UPD_AGREEMENT

#define MD_UPD_AGREEMENT   0x00020

◆ MD_UPD_ALL

#define MD_UPD_ALL   0x7FFFFFFF

◆ MD_UPD_CA_ACCOUNT

#define MD_UPD_CA_ACCOUNT   0x00008

◆ MD_UPD_CA_CHALLENGES

#define MD_UPD_CA_CHALLENGES   0x00200

◆ MD_UPD_CA_PROTO

#define MD_UPD_CA_PROTO   0x00004

◆ MD_UPD_CA_URL

#define MD_UPD_CA_URL   0x00002

◆ MD_UPD_CONTACTS

#define MD_UPD_CONTACTS   0x00010

◆ MD_UPD_DOMAINS

#define MD_UPD_DOMAINS   0x00001

Bitmask for fields that are updated.

◆ MD_UPD_DRIVE_MODE

#define MD_UPD_DRIVE_MODE   0x00080

◆ MD_UPD_MUST_STAPLE

#define MD_UPD_MUST_STAPLE   0x02000

◆ MD_UPD_PKEY_SPEC

#define MD_UPD_PKEY_SPEC   0x00400

◆ MD_UPD_PROTO

#define MD_UPD_PROTO   0x04000

◆ MD_UPD_RENEW_WINDOW

#define MD_UPD_RENEW_WINDOW   0x00100

◆ MD_UPD_REQUIRE_HTTPS

#define MD_UPD_REQUIRE_HTTPS   0x00800

◆ MD_UPD_STAPLING

#define MD_UPD_STAPLING   0x10000

◆ MD_UPD_TRANSITIVE

#define MD_UPD_TRANSITIVE   0x01000

◆ MD_UPD_WARN_WINDOW

#define MD_UPD_WARN_WINDOW   0x08000

Typedef Documentation

◆ md_proto_complete_md_cb

typedef apr_status_t md_proto_complete_md_cb(md_t *md, apr_pool_t *p)

◆ md_proto_driver_t

◆ md_proto_init_cb

typedef apr_status_t md_proto_init_cb(md_proto_driver_t *driver, struct md_result_t *result)

◆ md_proto_init_preload_cb

typedef apr_status_t md_proto_init_preload_cb(md_proto_driver_t *driver, struct md_result_t *result)

◆ md_proto_preload_cb

typedef apr_status_t md_proto_preload_cb(md_proto_driver_t *driver, md_store_group_t group, struct md_result_t *result)

◆ md_proto_renew_cb

typedef apr_status_t md_proto_renew_cb(md_proto_driver_t *driver, struct md_result_t *result)

◆ md_proto_t

typedef struct md_proto_t md_proto_t

◆ md_reg_do_cb

typedef int md_reg_do_cb(void *baton, md_reg_t *reg, md_t *md)

Callback invoked for every md in the registry. If 0 is returned, iteration stops.

◆ md_reg_t

typedef struct md_reg_t md_reg_t

A registry for managed domains with a md_store_t as persistence.

Function Documentation

◆ md_reg_add()

apr_status_t md_reg_add ( md_reg_t reg,
md_t md,
apr_pool_t p 
)

Add a new md to the registry. This will check the name for uniqueness and that domain names do not overlap with already existing mds.

◆ md_reg_cleanup_challenges()

apr_status_t md_reg_cleanup_challenges ( md_reg_t reg,
apr_pool_t p,
apr_pool_t ptemp,
apr_array_header_t mds 
)

Cleanup any challenges that are no longer in use.

Parameters
regthe registry
ppool for permanent storage
ptemppool for temporary storage
mdsthe list of configured MDs

◆ md_reg_create()

apr_status_t md_reg_create ( md_reg_t **  preg,
apr_pool_t pm,
md_store_t store,
const char *  proxy_url,
const char *  ca_file,
apr_time_t  min_delay,
int  retry_failover,
int  use_store_locks,
apr_time_t  lock_wait_timeout 
)

Create the MD registry, using the pool and store.

Parameters
pregon APR_SUCCESS, the create md_reg_t
pmmemory pool to use for creation
storethe store to base on
proxy_urloptional URL of a proxy to use for requests
ca_fileoptioinal CA trust anchor file to use
min_delayminimum delay between renewal attempts for a domain
retry_failovernumer of failed renewals attempt to fail over to alternate ACME ca

◆ md_reg_delete_acct()

apr_status_t md_reg_delete_acct ( md_reg_t reg,
apr_pool_t p,
const char *  acct_id 
)

Delete the account from the local store.

◆ md_reg_do()

int md_reg_do ( md_reg_do_cb cb,
void *  baton,
md_reg_t reg,
apr_pool_t p 
)

Invoke callback for all mds in this registry. Order is not guaranteed. If the callback returns 0, iteration stops. Returns 0 if iteration was aborted.

◆ md_reg_find()

md_t* md_reg_find ( md_reg_t reg,
const char *  domain,
apr_pool_t p 
)

Find the md, if any, that contains the given domain name. NULL if none found.

◆ md_reg_find_overlap()

md_t* md_reg_find_overlap ( md_reg_t reg,
const md_t md,
const char **  pdomain,
apr_pool_t p 
)

Find one md, which domain names overlap with the given md and that has a different name. There may be more than one existing md that overlaps. It is not defined which one will be returned.

◆ md_reg_freeze_domains()

apr_status_t md_reg_freeze_domains ( md_reg_t reg,
apr_array_header_t mds 
)

Mark all information from group MD_SG_DOMAINS as readonly, deny future modifications (MD_SG_STAGING and MD_SG_CHALLENGES remain writeable). For the given MDs, cache the public information (MDs themselves and their pubcerts or lack of).

◆ md_reg_get()

md_t* md_reg_get ( md_reg_t reg,
const char *  name,
apr_pool_t p 
)

Get the md with the given unique name. NULL if it does not exist. Will update the md->state.

◆ md_reg_get_cred_files()

apr_status_t md_reg_get_cred_files ( const char **  pkeyfile,
const char **  pcertfile,
md_reg_t reg,
md_store_group_t  group,
const md_t md,
struct md_pkey_spec_t spec,
apr_pool_t p 
)

Get the filenames of private key and pubcert of the MD - if they exist.

Returns
APR_ENOENT if one or both do not exist.

◆ md_reg_get_pubcert()

apr_status_t md_reg_get_pubcert ( const md_pubcert_t **  ppubcert,
md_reg_t reg,
const md_t md,
int  i,
apr_pool_t p 
)

Get the chain of public certificates of the managed domain md, starting with the cert of the domain and going up the issuers. Returns APR_ENOENT when not available.

◆ md_reg_job_make()

struct md_job_t* md_reg_job_make ( md_reg_t reg,
const char *  mdomain,
apr_pool_t p 
)

◆ md_reg_load_staging()

apr_status_t md_reg_load_staging ( md_reg_t reg,
const md_t md,
struct apr_table_t env,
struct md_result_t result,
apr_pool_t p 
)

Load a new set of credentials for the managed domain from STAGING - if it exists. This will archive any existing credential data and make the staged set the new one in DOMAINS. If staging is incomplete or missing, the load will fail and all credentials remain as they are.

Returns
APR_SUCCESS on loading new data, APR_ENOENT when nothing is staged, error otherwise.

◆ md_reg_load_stagings()

apr_status_t md_reg_load_stagings ( md_reg_t reg,
apr_array_header_t mds,
apr_table_t env,
apr_pool_t p 
)

Check given MDomains for new data in staging areas and, if it exists, load the new credentials. On encountering errors, leave the credentails as they are.

◆ md_reg_lock_global()

apr_status_t md_reg_lock_global ( md_reg_t reg,
apr_pool_t p 
)

Acquire a cooperative, global lock on registry modifications. Will do nothing if locking is not configured.

This will only prevent other children/processes/cluster nodes from doing the same and does not protect individual store functions from being called without it.

Parameters
regthe registy
pmemory pool to use
max_waitmaximum time to wait in order to acquire
Returns
APR_SUCCESS when lock was obtained

◆ md_reg_remove()

apr_status_t md_reg_remove ( md_reg_t reg,
apr_pool_t p,
const char *  name,
int  archive 
)

◆ md_reg_renew()

apr_status_t md_reg_renew ( md_reg_t reg,
const md_t md,
struct apr_table_t env,
int  reset,
int  attempt,
struct md_result_t result,
apr_pool_t p 
)

Obtain new credentials for the given managed domain in STAGING.

Parameters
regthe registry instance
mdthe mdomain to renew
envglobal environment of settings
reset!= 0 if any previous, partial information should be wiped
attemptthe number of attempts made this far (for this md)
resultfor reporting results of the renewal
pthe memory pool to use
Returns
APR_SUCCESS if new credentials have been staged successfully

◆ md_reg_renew_at()

apr_time_t md_reg_renew_at ( md_reg_t reg,
const md_t md,
apr_pool_t p 
)

Return the timestamp when the certificate should be renewed. A value of 0 indicates that that renewal is not configured (see renew_mode).

◆ md_reg_set_props()

apr_status_t md_reg_set_props ( md_reg_t reg,
apr_pool_t p,
int  can_http,
int  can_https 
)

◆ md_reg_set_renew_window_default()

void md_reg_set_renew_window_default ( md_reg_t reg,
md_timeslice_t renew_window 
)

◆ md_reg_set_warn_window_default()

void md_reg_set_warn_window_default ( md_reg_t reg,
md_timeslice_t warn_window 
)

◆ md_reg_should_renew()

int md_reg_should_renew ( md_reg_t reg,
const md_t md,
apr_pool_t p 
)

Return if the certificate of the MD should be renewed. This includes reaching the renewal window of an otherwise valid certificate. It return also !0 iff no certificate has been obtained yet.

◆ md_reg_should_warn()

int md_reg_should_warn ( md_reg_t reg,
const md_t md,
apr_pool_t p 
)

Return if a warning should be issued about the certificate expiration. This applies the configured warn window to the remaining lifetime of the current certiciate. If no certificate is present, this returns 0.

◆ md_reg_store_get()

md_store_t* md_reg_store_get ( md_reg_t reg)

◆ md_reg_sync_finish()

apr_status_t md_reg_sync_finish ( md_reg_t reg,
md_t md,
apr_pool_t p,
apr_pool_t ptemp 
)

Re-compute the state of the MD, given current store contents.

◆ md_reg_sync_start()

apr_status_t md_reg_sync_start ( md_reg_t reg,
apr_array_header_t master_mds,
apr_pool_t p 
)

Synchronize the given master mds with the store.

◆ md_reg_test_init()

apr_status_t md_reg_test_init ( md_reg_t reg,
const md_t md,
struct apr_table_t env,
struct md_result_t result,
apr_pool_t p 
)

Run a test initialization of the renew protocol for the given MD. This verifies basic parameter settings and is expected to return a description of encountered problems in <pmessage> when != APR_SUCCESS. A message return is allocated fromt the given pool.

◆ md_reg_unlock_global()

void md_reg_unlock_global ( md_reg_t reg,
apr_pool_t p 
)

Realease the global registry lock. Will do nothing if there is no lock.

◆ md_reg_update()

apr_status_t md_reg_update ( md_reg_t reg,
apr_pool_t p,
const char *  name,
const md_t md,
int  fields,
int  check_consistency 
)

Update the given fields for the managed domain. Take the new values from the given md, all other values remain unchanged.

◆ md_reg_valid_until()

apr_time_t md_reg_valid_until ( md_reg_t reg,
const md_t md,
apr_pool_t p 
)

Return the timestamp up to which all certificates for the MD can be used. A value of 0 indicates that there is no certificate.