Apache2
|
#include "md_store.h"
Go to the source code of this file.
Data Structures | |
struct | md_proto_driver_t |
struct | md_proto_t |
Macros | |
#define | MD_UPD_DOMAINS 0x00001 |
#define | MD_UPD_CA_URL 0x00002 |
#define | MD_UPD_CA_PROTO 0x00004 |
#define | MD_UPD_CA_ACCOUNT 0x00008 |
#define | MD_UPD_CONTACTS 0x00010 |
#define | MD_UPD_AGREEMENT 0x00020 |
#define | MD_UPD_DRIVE_MODE 0x00080 |
#define | MD_UPD_RENEW_WINDOW 0x00100 |
#define | MD_UPD_CA_CHALLENGES 0x00200 |
#define | MD_UPD_PKEY_SPEC 0x00400 |
#define | MD_UPD_REQUIRE_HTTPS 0x00800 |
#define | MD_UPD_TRANSITIVE 0x01000 |
#define | MD_UPD_MUST_STAPLE 0x02000 |
#define | MD_UPD_PROTO 0x04000 |
#define | MD_UPD_WARN_WINDOW 0x08000 |
#define | MD_UPD_STAPLING 0x10000 |
#define | MD_UPD_ALL 0x7FFFFFFF |
Typedefs | |
typedef struct md_reg_t | md_reg_t |
typedef int | md_reg_do_cb(void *baton, md_reg_t *reg, md_t *md) |
typedef struct md_proto_t | md_proto_t |
typedef struct md_proto_driver_t | md_proto_driver_t |
typedef apr_status_t | md_proto_init_cb(md_proto_driver_t *driver, struct md_result_t *result) |
typedef apr_status_t | md_proto_renew_cb(md_proto_driver_t *driver, struct md_result_t *result) |
typedef apr_status_t | md_proto_init_preload_cb(md_proto_driver_t *driver, struct md_result_t *result) |
typedef apr_status_t | md_proto_preload_cb(md_proto_driver_t *driver, md_store_group_t group, struct md_result_t *result) |
typedef apr_status_t | md_proto_complete_md_cb(md_t *md, apr_pool_t *p) |
#define MD_UPD_AGREEMENT 0x00020 |
#define MD_UPD_ALL 0x7FFFFFFF |
#define MD_UPD_CA_ACCOUNT 0x00008 |
#define MD_UPD_CA_CHALLENGES 0x00200 |
#define MD_UPD_CA_PROTO 0x00004 |
#define MD_UPD_CA_URL 0x00002 |
#define MD_UPD_CONTACTS 0x00010 |
#define MD_UPD_DOMAINS 0x00001 |
Bitmask for fields that are updated.
#define MD_UPD_DRIVE_MODE 0x00080 |
#define MD_UPD_MUST_STAPLE 0x02000 |
#define MD_UPD_PKEY_SPEC 0x00400 |
#define MD_UPD_PROTO 0x04000 |
#define MD_UPD_RENEW_WINDOW 0x00100 |
#define MD_UPD_REQUIRE_HTTPS 0x00800 |
#define MD_UPD_STAPLING 0x10000 |
#define MD_UPD_TRANSITIVE 0x01000 |
#define MD_UPD_WARN_WINDOW 0x08000 |
typedef apr_status_t md_proto_complete_md_cb(md_t *md, apr_pool_t *p) |
typedef struct md_proto_driver_t md_proto_driver_t |
typedef apr_status_t md_proto_init_cb(md_proto_driver_t *driver, struct md_result_t *result) |
typedef apr_status_t md_proto_init_preload_cb(md_proto_driver_t *driver, struct md_result_t *result) |
typedef apr_status_t md_proto_preload_cb(md_proto_driver_t *driver, md_store_group_t group, struct md_result_t *result) |
typedef apr_status_t md_proto_renew_cb(md_proto_driver_t *driver, struct md_result_t *result) |
typedef struct md_proto_t md_proto_t |
Callback invoked for every md in the registry. If 0 is returned, iteration stops.
A registry for managed domains with a md_store_t as persistence.
apr_status_t md_reg_add | ( | md_reg_t * | reg, |
md_t * | md, | ||
apr_pool_t * | p | ||
) |
Add a new md to the registry. This will check the name for uniqueness and that domain names do not overlap with already existing mds.
apr_status_t md_reg_cleanup_challenges | ( | md_reg_t * | reg, |
apr_pool_t * | p, | ||
apr_pool_t * | ptemp, | ||
apr_array_header_t * | mds | ||
) |
Cleanup any challenges that are no longer in use.
reg | the registry |
p | pool for permanent storage |
ptemp | pool for temporary storage |
mds | the list of configured MDs |
apr_status_t md_reg_create | ( | md_reg_t ** | preg, |
apr_pool_t * | pm, | ||
md_store_t * | store, | ||
const char * | proxy_url, | ||
const char * | ca_file, | ||
apr_time_t | min_delay, | ||
int | retry_failover, | ||
int | use_store_locks, | ||
apr_time_t | lock_wait_timeout | ||
) |
Create the MD registry, using the pool and store.
preg | on APR_SUCCESS, the create md_reg_t |
pm | memory pool to use for creation |
store | the store to base on |
proxy_url | optional URL of a proxy to use for requests |
ca_file | optioinal CA trust anchor file to use |
min_delay | minimum delay between renewal attempts for a domain |
retry_failover | numer of failed renewals attempt to fail over to alternate ACME ca |
apr_status_t md_reg_delete_acct | ( | md_reg_t * | reg, |
apr_pool_t * | p, | ||
const char * | acct_id | ||
) |
Delete the account from the local store.
int md_reg_do | ( | md_reg_do_cb * | cb, |
void * | baton, | ||
md_reg_t * | reg, | ||
apr_pool_t * | p | ||
) |
Invoke callback for all mds in this registry. Order is not guaranteed. If the callback returns 0, iteration stops. Returns 0 if iteration was aborted.
md_t* md_reg_find | ( | md_reg_t * | reg, |
const char * | domain, | ||
apr_pool_t * | p | ||
) |
Find the md, if any, that contains the given domain name. NULL if none found.
md_t* md_reg_find_overlap | ( | md_reg_t * | reg, |
const md_t * | md, | ||
const char ** | pdomain, | ||
apr_pool_t * | p | ||
) |
Find one md, which domain names overlap with the given md and that has a different name. There may be more than one existing md that overlaps. It is not defined which one will be returned.
apr_status_t md_reg_freeze_domains | ( | md_reg_t * | reg, |
apr_array_header_t * | mds | ||
) |
Mark all information from group MD_SG_DOMAINS as readonly, deny future modifications (MD_SG_STAGING and MD_SG_CHALLENGES remain writeable). For the given MDs, cache the public information (MDs themselves and their pubcerts or lack of).
md_t* md_reg_get | ( | md_reg_t * | reg, |
const char * | name, | ||
apr_pool_t * | p | ||
) |
Get the md with the given unique name. NULL if it does not exist. Will update the md->state.
apr_status_t md_reg_get_cred_files | ( | const char ** | pkeyfile, |
const char ** | pcertfile, | ||
md_reg_t * | reg, | ||
md_store_group_t | group, | ||
const md_t * | md, | ||
struct md_pkey_spec_t * | spec, | ||
apr_pool_t * | p | ||
) |
Get the filenames of private key and pubcert of the MD - if they exist.
apr_status_t md_reg_get_pubcert | ( | const md_pubcert_t ** | ppubcert, |
md_reg_t * | reg, | ||
const md_t * | md, | ||
int | i, | ||
apr_pool_t * | p | ||
) |
Get the chain of public certificates of the managed domain md, starting with the cert of the domain and going up the issuers. Returns APR_ENOENT when not available.
struct md_job_t* md_reg_job_make | ( | md_reg_t * | reg, |
const char * | mdomain, | ||
apr_pool_t * | p | ||
) |
apr_status_t md_reg_load_staging | ( | md_reg_t * | reg, |
const md_t * | md, | ||
struct apr_table_t * | env, | ||
struct md_result_t * | result, | ||
apr_pool_t * | p | ||
) |
Load a new set of credentials for the managed domain from STAGING - if it exists. This will archive any existing credential data and make the staged set the new one in DOMAINS. If staging is incomplete or missing, the load will fail and all credentials remain as they are.
apr_status_t md_reg_load_stagings | ( | md_reg_t * | reg, |
apr_array_header_t * | mds, | ||
apr_table_t * | env, | ||
apr_pool_t * | p | ||
) |
Check given MDomains for new data in staging areas and, if it exists, load the new credentials. On encountering errors, leave the credentails as they are.
apr_status_t md_reg_lock_global | ( | md_reg_t * | reg, |
apr_pool_t * | p | ||
) |
Acquire a cooperative, global lock on registry modifications. Will do nothing if locking is not configured.
This will only prevent other children/processes/cluster nodes from doing the same and does not protect individual store functions from being called without it.
reg | the registy |
p | memory pool to use |
max_wait | maximum time to wait in order to acquire |
apr_status_t md_reg_remove | ( | md_reg_t * | reg, |
apr_pool_t * | p, | ||
const char * | name, | ||
int | archive | ||
) |
apr_status_t md_reg_renew | ( | md_reg_t * | reg, |
const md_t * | md, | ||
struct apr_table_t * | env, | ||
int | reset, | ||
int | attempt, | ||
struct md_result_t * | result, | ||
apr_pool_t * | p | ||
) |
Obtain new credentials for the given managed domain in STAGING.
reg | the registry instance |
md | the mdomain to renew |
env | global environment of settings |
reset | != 0 if any previous, partial information should be wiped |
attempt | the number of attempts made this far (for this md) |
result | for reporting results of the renewal |
p | the memory pool to use |
apr_time_t md_reg_renew_at | ( | md_reg_t * | reg, |
const md_t * | md, | ||
apr_pool_t * | p | ||
) |
Return the timestamp when the certificate should be renewed. A value of 0 indicates that that renewal is not configured (see renew_mode).
apr_status_t md_reg_set_props | ( | md_reg_t * | reg, |
apr_pool_t * | p, | ||
int | can_http, | ||
int | can_https | ||
) |
void md_reg_set_renew_window_default | ( | md_reg_t * | reg, |
md_timeslice_t * | renew_window | ||
) |
void md_reg_set_warn_window_default | ( | md_reg_t * | reg, |
md_timeslice_t * | warn_window | ||
) |
int md_reg_should_renew | ( | md_reg_t * | reg, |
const md_t * | md, | ||
apr_pool_t * | p | ||
) |
Return if the certificate of the MD should be renewed. This includes reaching the renewal window of an otherwise valid certificate. It return also !0 iff no certificate has been obtained yet.
int md_reg_should_warn | ( | md_reg_t * | reg, |
const md_t * | md, | ||
apr_pool_t * | p | ||
) |
Return if a warning should be issued about the certificate expiration. This applies the configured warn window to the remaining lifetime of the current certiciate. If no certificate is present, this returns 0.
md_store_t* md_reg_store_get | ( | md_reg_t * | reg | ) |
apr_status_t md_reg_sync_finish | ( | md_reg_t * | reg, |
md_t * | md, | ||
apr_pool_t * | p, | ||
apr_pool_t * | ptemp | ||
) |
Re-compute the state of the MD, given current store contents.
apr_status_t md_reg_sync_start | ( | md_reg_t * | reg, |
apr_array_header_t * | master_mds, | ||
apr_pool_t * | p | ||
) |
Synchronize the given master mds with the store.
apr_status_t md_reg_test_init | ( | md_reg_t * | reg, |
const md_t * | md, | ||
struct apr_table_t * | env, | ||
struct md_result_t * | result, | ||
apr_pool_t * | p | ||
) |
Run a test initialization of the renew protocol for the given MD. This verifies basic parameter settings and is expected to return a description of encountered problems in <pmessage> when != APR_SUCCESS. A message return is allocated fromt the given pool.
void md_reg_unlock_global | ( | md_reg_t * | reg, |
apr_pool_t * | p | ||
) |
Realease the global registry lock. Will do nothing if there is no lock.
apr_status_t md_reg_update | ( | md_reg_t * | reg, |
apr_pool_t * | p, | ||
const char * | name, | ||
const md_t * | md, | ||
int | fields, | ||
int | check_consistency | ||
) |
Update the given fields for the managed domain. Take the new values from the given md, all other values remain unchanged.
apr_time_t md_reg_valid_until | ( | md_reg_t * | reg, |
const md_t * | md, | ||
apr_pool_t * | p | ||
) |
Return the timestamp up to which all certificates for the MD can be used. A value of 0 indicates that there is no certificate.