Apache2
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
md_reg.h File Reference
#include "md_store.h"
Include dependency graph for md_reg.h:

Go to the source code of this file.

Data Structures

struct  md_proto_driver_t
 
struct  md_proto_t
 

Macros

#define MD_UPD_DOMAINS   0x00001
 
#define MD_UPD_CA_URL   0x00002
 
#define MD_UPD_CA_PROTO   0x00004
 
#define MD_UPD_CA_ACCOUNT   0x00008
 
#define MD_UPD_CONTACTS   0x00010
 
#define MD_UPD_AGREEMENT   0x00020
 
#define MD_UPD_DRIVE_MODE   0x00080
 
#define MD_UPD_RENEW_WINDOW   0x00100
 
#define MD_UPD_CA_CHALLENGES   0x00200
 
#define MD_UPD_PKEY_SPEC   0x00400
 
#define MD_UPD_REQUIRE_HTTPS   0x00800
 
#define MD_UPD_TRANSITIVE   0x01000
 
#define MD_UPD_MUST_STAPLE   0x02000
 
#define MD_UPD_PROTO   0x04000
 
#define MD_UPD_WARN_WINDOW   0x08000
 
#define MD_UPD_STAPLING   0x10000
 
#define MD_UPD_ALL   0x7FFFFFFF
 

Typedefs

typedef struct md_reg_t md_reg_t
 
typedef int md_reg_do_cb (void *baton, md_reg_t *reg, md_t *md)
 
typedef struct md_proto_t md_proto_t
 
typedef struct md_proto_driver_t md_proto_driver_t
 
typedef apr_status_t md_proto_init_cb (md_proto_driver_t *driver, struct md_result_t *result)
 
typedef apr_status_t md_proto_renew_cb (md_proto_driver_t *driver, struct md_result_t *result)
 
typedef apr_status_t md_proto_init_preload_cb (md_proto_driver_t *driver, struct md_result_t *result)
 
typedef apr_status_t md_proto_preload_cb (md_proto_driver_t *driver, md_store_group_t group, struct md_result_t *result)
 

Functions

apr_status_t md_reg_create (md_reg_t **preg, apr_pool_t *pm, md_store_t *store, const char *proxy_url)
 
md_store_tmd_reg_store_get (md_reg_t *reg)
 
apr_status_t md_reg_set_props (md_reg_t *reg, apr_pool_t *p, int can_http, int can_https)
 
apr_status_t md_reg_add (md_reg_t *reg, md_t *md, apr_pool_t *p)
 
md_tmd_reg_find (md_reg_t *reg, const char *domain, apr_pool_t *p)
 
md_tmd_reg_find_overlap (md_reg_t *reg, const md_t *md, const char **pdomain, apr_pool_t *p)
 
md_tmd_reg_get (md_reg_t *reg, const char *name, apr_pool_t *p)
 
int md_reg_do (md_reg_do_cb *cb, void *baton, md_reg_t *reg, apr_pool_t *p)
 
apr_status_t md_reg_update (md_reg_t *reg, apr_pool_t *p, const char *name, const md_t *md, int fields, int check_consistency)
 
apr_status_t md_reg_get_pubcert (const md_pubcert_t **ppubcert, md_reg_t *reg, const md_t *md, apr_pool_t *p)
 
apr_status_t md_reg_get_cred_files (const char **pkeyfile, const char **pcertfile, md_reg_t *reg, md_store_group_t group, const md_t *md, apr_pool_t *p)
 
apr_status_t md_reg_sync_start (md_reg_t *reg, apr_array_header_t *master_mds, apr_pool_t *p)
 
apr_status_t md_reg_sync_finish (md_reg_t *reg, md_t *md, apr_pool_t *p, apr_pool_t *ptemp)
 
apr_status_t md_reg_remove (md_reg_t *reg, apr_pool_t *p, const char *name, int archive)
 
apr_status_t md_reg_delete_acct (md_reg_t *reg, apr_pool_t *p, const char *acct_id)
 
apr_status_t md_reg_cleanup_challenges (md_reg_t *reg, apr_pool_t *p, apr_pool_t *ptemp, apr_array_header_t *mds)
 
apr_status_t md_reg_freeze_domains (md_reg_t *reg, apr_array_header_t *mds)
 
int md_reg_should_renew (md_reg_t *reg, const md_t *md, apr_pool_t *p)
 
apr_time_t md_reg_renew_at (md_reg_t *reg, const md_t *md, apr_pool_t *p)
 
int md_reg_should_warn (md_reg_t *reg, const md_t *md, apr_pool_t *p)
 
apr_status_t md_reg_test_init (md_reg_t *reg, const md_t *md, struct apr_table_t *env, struct md_result_t *result, apr_pool_t *p)
 
apr_status_t md_reg_renew (md_reg_t *reg, const md_t *md, struct apr_table_t *env, int reset, struct md_result_t *result, apr_pool_t *p)
 
apr_status_t md_reg_load_staging (md_reg_t *reg, const md_t *md, struct apr_table_t *env, struct md_result_t *result, apr_pool_t *p)
 
void md_reg_set_renew_window_default (md_reg_t *reg, md_timeslice_t *renew_window)
 
void md_reg_set_warn_window_default (md_reg_t *reg, md_timeslice_t *warn_window)
 
void md_reg_set_notify_cb (md_reg_t *reg, md_job_notify_cb *cb, void *baton)
 
struct md_job_tmd_reg_job_make (md_reg_t *reg, const char *mdomain, apr_pool_t *p)
 

Macro Definition Documentation

#define MD_UPD_AGREEMENT   0x00020
#define MD_UPD_ALL   0x7FFFFFFF
#define MD_UPD_CA_ACCOUNT   0x00008
#define MD_UPD_CA_CHALLENGES   0x00200
#define MD_UPD_CA_PROTO   0x00004
#define MD_UPD_CA_URL   0x00002
#define MD_UPD_CONTACTS   0x00010
#define MD_UPD_DOMAINS   0x00001

Bitmask for fields that are updated.

#define MD_UPD_DRIVE_MODE   0x00080
#define MD_UPD_MUST_STAPLE   0x02000
#define MD_UPD_PKEY_SPEC   0x00400
#define MD_UPD_PROTO   0x04000
#define MD_UPD_RENEW_WINDOW   0x00100
#define MD_UPD_REQUIRE_HTTPS   0x00800
#define MD_UPD_STAPLING   0x10000
#define MD_UPD_TRANSITIVE   0x01000
#define MD_UPD_WARN_WINDOW   0x08000

Typedef Documentation

typedef apr_status_t md_proto_init_cb(md_proto_driver_t *driver, struct md_result_t *result)
typedef apr_status_t md_proto_init_preload_cb(md_proto_driver_t *driver, struct md_result_t *result)
typedef apr_status_t md_proto_preload_cb(md_proto_driver_t *driver, md_store_group_t group, struct md_result_t *result)
typedef apr_status_t md_proto_renew_cb(md_proto_driver_t *driver, struct md_result_t *result)
typedef struct md_proto_t md_proto_t
typedef int md_reg_do_cb(void *baton, md_reg_t *reg, md_t *md)

Callback invoked for every md in the registry. If 0 is returned, iteration stops.

typedef struct md_reg_t md_reg_t

A registry for managed domains with a md_store_t as persistence.

Function Documentation

apr_status_t md_reg_add ( md_reg_t reg,
md_t md,
apr_pool_t p 
)

Add a new md to the registry. This will check the name for uniqueness and that domain names do not overlap with already existing mds.

apr_status_t md_reg_cleanup_challenges ( md_reg_t reg,
apr_pool_t p,
apr_pool_t ptemp,
apr_array_header_t mds 
)

Cleanup any challenges that are no longer in use.

Parameters
regthe registry
ppool for permanent storage
ptemppool for temporary storage
mdsthe list of configured MDs
apr_status_t md_reg_create ( md_reg_t **  preg,
apr_pool_t pm,
md_store_t store,
const char *  proxy_url 
)

Create the MD registry, using the pool and store.

apr_status_t md_reg_delete_acct ( md_reg_t reg,
apr_pool_t p,
const char *  acct_id 
)

Delete the account from the local store.

int md_reg_do ( md_reg_do_cb cb,
void baton,
md_reg_t reg,
apr_pool_t p 
)

Invoke callback for all mds in this registry. Order is not guaranteed. If the callback returns 0, iteration stops. Returns 0 if iteration was aborted.

md_t* md_reg_find ( md_reg_t reg,
const char *  domain,
apr_pool_t p 
)

Find the md, if any, that contains the given domain name. NULL if none found.

md_t* md_reg_find_overlap ( md_reg_t reg,
const md_t md,
const char **  pdomain,
apr_pool_t p 
)

Find one md, which domain names overlap with the given md and that has a different name. There may be more than one existing md that overlaps. It is not defined which one will be returned.

apr_status_t md_reg_freeze_domains ( md_reg_t reg,
apr_array_header_t mds 
)

Mark all information from group MD_SG_DOMAINS as readonly, deny future modifications (MD_SG_STAGING and MD_SG_CHALLENGES remain writeable). For the given MDs, cache the public information (MDs themselves and their pubcerts or lack of).

md_t* md_reg_get ( md_reg_t reg,
const char *  name,
apr_pool_t p 
)

Get the md with the given unique name. NULL if it does not exist. Will update the md->state.

apr_status_t md_reg_get_cred_files ( const char **  pkeyfile,
const char **  pcertfile,
md_reg_t reg,
md_store_group_t  group,
const md_t md,
apr_pool_t p 
)

Get the filenames of private key and pubcert of the MD - if they exist.

Returns
APR_ENOENT if one or both do not exist.
apr_status_t md_reg_get_pubcert ( const md_pubcert_t **  ppubcert,
md_reg_t reg,
const md_t md,
apr_pool_t p 
)

Get the chain of public certificates of the managed domain md, starting with the cert of the domain and going up the issuers. Returns APR_ENOENT when not available.

struct md_job_t* md_reg_job_make ( md_reg_t reg,
const char *  mdomain,
apr_pool_t p 
)
apr_status_t md_reg_load_staging ( md_reg_t reg,
const md_t md,
struct apr_table_t env,
struct md_result_t result,
apr_pool_t p 
)

Load a new set of credentials for the managed domain from STAGING - if it exists. This will archive any existing credential data and make the staged set the new one in DOMAINS. If staging is incomplete or missing, the load will fail and all credentials remain as they are.

Returns
APR_SUCCESS on loading new data, APR_ENOENT when nothing is staged, error otherwise.
apr_status_t md_reg_remove ( md_reg_t reg,
apr_pool_t p,
const char *  name,
int  archive 
)
apr_status_t md_reg_renew ( md_reg_t reg,
const md_t md,
struct apr_table_t env,
int  reset,
struct md_result_t result,
apr_pool_t p 
)

Obtain new credentials for the given managed domain in STAGING.

Returns
APR_SUCCESS if new credentials have been staged successfully
apr_time_t md_reg_renew_at ( md_reg_t reg,
const md_t md,
apr_pool_t p 
)

Return the timestamp when the certificate should be renewed. A value of 0 indicates that that renewal is not configured (see renew_mode).

void md_reg_set_notify_cb ( md_reg_t reg,
md_job_notify_cb cb,
void baton 
)
apr_status_t md_reg_set_props ( md_reg_t reg,
apr_pool_t p,
int  can_http,
int  can_https 
)
void md_reg_set_renew_window_default ( md_reg_t reg,
md_timeslice_t renew_window 
)
void md_reg_set_warn_window_default ( md_reg_t reg,
md_timeslice_t warn_window 
)
int md_reg_should_renew ( md_reg_t reg,
const md_t md,
apr_pool_t p 
)

Return if the certificate of the MD should be renewed. This includes reaching the renewal window of an otherwise valid certificate. It return also !0 iff no certificate has been obtained yet.

int md_reg_should_warn ( md_reg_t reg,
const md_t md,
apr_pool_t p 
)

Return if a warning should be issued about the certificate expiration. This applies the configured warn window to the remaining lifetime of the current certiciate. If no certificate is present, this returns 0.

md_store_t* md_reg_store_get ( md_reg_t reg)
apr_status_t md_reg_sync_finish ( md_reg_t reg,
md_t md,
apr_pool_t p,
apr_pool_t ptemp 
)

Re-compute the state of the MD, given current store contents.

apr_status_t md_reg_sync_start ( md_reg_t reg,
apr_array_header_t master_mds,
apr_pool_t p 
)

Synchronise the give master mds with the store.

apr_status_t md_reg_test_init ( md_reg_t reg,
const md_t md,
struct apr_table_t env,
struct md_result_t result,
apr_pool_t p 
)

Run a test initialization of the renew protocol for the given MD. This verifies basic parameter settings and is expected to return a description of encountered problems in <pmessage> when != APR_SUCCESS. A message return is allocated fromt the given pool.

apr_status_t md_reg_update ( md_reg_t reg,
apr_pool_t p,
const char *  name,
const md_t md,
int  fields,
int  check_consistency 
)

Update the given fields for the managed domain. Take the new values from the given md, all other values remain unchanged.