Apache2
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
md_store.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  md_store_t
 

Macros

#define MD_FN_MD   "md.json"
 
#define MD_FN_JOB   "job.json"
 
#define MD_FN_PRIVKEY   "privkey.pem"
 
#define MD_FN_PUBCERT   "pubcert.pem"
 
#define MD_FN_CERT   "cert.pem"
 
#define MD_FN_HTTPD_JSON   "httpd.json"
 
#define MD_FN_FALLBACK_PKEY   "fallback-privkey.pem"
 
#define MD_FN_FALLBACK_CERT   "fallback-cert.pem"
 

Typedefs

typedef struct md_store_t md_store_t
 
typedef int md_store_inspect (void *baton, const char *name, const char *aspect, md_store_vtype_t vtype, void *value, apr_pool_t *ptemp)
 
typedef int md_store_md_inspect (void *baton, md_store_t *store, md_t *md, apr_pool_t *ptemp)
 
typedef apr_status_t md_store_load_cb (md_store_t *store, md_store_group_t group, const char *name, const char *aspect, md_store_vtype_t vtype, void **pvalue, apr_pool_t *p)
 
typedef apr_status_t md_store_save_cb (md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, const char *aspect, md_store_vtype_t vtype, void *value, int create)
 
typedef apr_status_t md_store_remove_cb (md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p, int force)
 
typedef apr_status_t md_store_purge_cb (md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name)
 
typedef apr_status_t md_store_iter_cb (md_store_inspect *inspect, void *baton, md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *pattern, const char *aspect, md_store_vtype_t vtype)
 
typedef apr_status_t md_store_names_iter_cb (md_store_inspect *inspect, void *baton, md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *pattern)
 
typedef apr_status_t md_store_move_cb (md_store_t *store, apr_pool_t *p, md_store_group_t from, md_store_group_t to, const char *name, int archive)
 
typedef apr_status_t md_store_rename_cb (md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *from, const char *to)
 
typedef apr_status_t md_store_get_fname_cb (const char **pfname, md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p)
 
typedef int md_store_is_newer_cb (md_store_t *store, md_store_group_t group1, md_store_group_t group2, const char *name, const char *aspect, apr_pool_t *p)
 
typedef apr_time_t md_store_get_modified_cb (md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p)
 
typedef apr_status_t md_store_remove_nms_cb (md_store_t *store, apr_pool_t *p, apr_time_t modified, md_store_group_t group, const char *name, const char *aspect)
 

Enumerations

enum  md_store_vtype_t {
  MD_SV_TEXT, MD_SV_JSON, MD_SV_CERT, MD_SV_PKEY,
  MD_SV_CHAIN
}
 
enum  md_store_group_t {
  MD_SG_NONE, MD_SG_ACCOUNTS, MD_SG_CHALLENGES, MD_SG_DOMAINS,
  MD_SG_STAGING, MD_SG_ARCHIVE, MD_SG_TMP, MD_SG_OCSP,
  MD_SG_COUNT
}
 

Functions

const char * md_store_group_name (unsigned int group)
 
apr_status_t md_store_load_json (md_store_t *store, md_store_group_t group, const char *name, const char *aspect, struct md_json_t **pdata, apr_pool_t *p)
 
apr_status_t md_store_save_json (md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, const char *aspect, struct md_json_t *data, int create)
 
apr_status_t md_store_load (md_store_t *store, md_store_group_t group, const char *name, const char *aspect, md_store_vtype_t vtype, void **pdata, apr_pool_t *p)
 
apr_status_t md_store_save (md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, const char *aspect, md_store_vtype_t vtype, void *data, int create)
 
apr_status_t md_store_remove (md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p, int force)
 
apr_status_t md_store_purge (md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name)
 
apr_status_t md_store_remove_not_modified_since (md_store_t *store, apr_pool_t *p, apr_time_t modified, md_store_group_t group, const char *name, const char *aspect)
 
apr_status_t md_store_iter (md_store_inspect *inspect, void *baton, md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *pattern, const char *aspect, md_store_vtype_t vtype)
 
apr_status_t md_store_move (md_store_t *store, apr_pool_t *p, md_store_group_t from, md_store_group_t to, const char *name, int archive)
 
apr_status_t md_store_rename (md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, const char *to)
 
apr_status_t md_store_get_fname (const char **pfname, md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p)
 
int md_store_is_newer (md_store_t *store, md_store_group_t group1, md_store_group_t group2, const char *name, const char *aspect, apr_pool_t *p)
 
apr_status_t md_store_iter_names (md_store_inspect *inspect, void *baton, md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *pattern)
 
apr_time_t md_store_get_modified (md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p)
 
apr_status_t md_load (md_store_t *store, md_store_group_t group, const char *name, md_t **pmd, apr_pool_t *p)
 
apr_status_t md_save (struct md_store_t *store, apr_pool_t *p, md_store_group_t group, md_t *md, int create)
 
apr_status_t md_remove (md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, int force)
 
int md_is_newer (md_store_t *store, md_store_group_t group1, md_store_group_t group2, const char *name, apr_pool_t *p)
 
apr_status_t md_store_md_iter (md_store_md_inspect *inspect, void *baton, md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *pattern)
 
apr_status_t md_pkey_load (md_store_t *store, md_store_group_t group, const char *name, struct md_pkey_t **ppkey, apr_pool_t *p)
 
apr_status_t md_pkey_save (md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, struct md_pkey_t *pkey, int create)
 
apr_status_t md_pubcert_load (md_store_t *store, md_store_group_t group, const char *name, struct apr_array_header_t **ppubcert, apr_pool_t *p)
 
apr_status_t md_pubcert_save (md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, struct apr_array_header_t *pubcert, int create)
 

Macro Definition Documentation

#define MD_FN_CERT   "cert.pem"
#define MD_FN_FALLBACK_CERT   "fallback-cert.pem"
#define MD_FN_FALLBACK_PKEY   "fallback-privkey.pem"
#define MD_FN_HTTPD_JSON   "httpd.json"
#define MD_FN_JOB   "job.json"
#define MD_FN_MD   "md.json"
#define MD_FN_PRIVKEY   "privkey.pem"
#define MD_FN_PUBCERT   "pubcert.pem"

Typedef Documentation

typedef apr_status_t md_store_get_fname_cb(const char **pfname, md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p)
typedef apr_time_t md_store_get_modified_cb(md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p)
typedef int md_store_inspect(void *baton, const char *name, const char *aspect, md_store_vtype_t vtype, void *value, apr_pool_t *ptemp)

inspect callback function. Invoked for each matched value. Values allocated from ptemp may disappear any time after the call returned. If this function returns 0, the iteration is aborted.

typedef int md_store_is_newer_cb(md_store_t *store, md_store_group_t group1, md_store_group_t group2, const char *name, const char *aspect, apr_pool_t *p)
typedef apr_status_t md_store_iter_cb(md_store_inspect *inspect, void *baton, md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *pattern, const char *aspect, md_store_vtype_t vtype)
typedef apr_status_t md_store_load_cb(md_store_t *store, md_store_group_t group, const char *name, const char *aspect, md_store_vtype_t vtype, void **pvalue, apr_pool_t *p)
typedef int md_store_md_inspect(void *baton, md_store_t *store, md_t *md, apr_pool_t *ptemp)
typedef apr_status_t md_store_move_cb(md_store_t *store, apr_pool_t *p, md_store_group_t from, md_store_group_t to, const char *name, int archive)
typedef apr_status_t md_store_names_iter_cb(md_store_inspect *inspect, void *baton, md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *pattern)
typedef apr_status_t md_store_purge_cb(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name)
typedef apr_status_t md_store_remove_cb(md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p, int force)
typedef apr_status_t md_store_remove_nms_cb(md_store_t *store, apr_pool_t *p, apr_time_t modified, md_store_group_t group, const char *name, const char *aspect)
typedef apr_status_t md_store_rename_cb(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *from, const char *to)
typedef apr_status_t md_store_save_cb(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, const char *aspect, md_store_vtype_t vtype, void *value, int create)
typedef struct md_store_t md_store_t

Enumeration Type Documentation

Store storage groups

Enumerator
MD_SG_NONE 
MD_SG_ACCOUNTS 
MD_SG_CHALLENGES 
MD_SG_DOMAINS 
MD_SG_STAGING 
MD_SG_ARCHIVE 
MD_SG_TMP 
MD_SG_OCSP 
MD_SG_COUNT 

A store for domain related data.

The Key for a piece of data is the set of 3 items <group> + <domain> + <aspect>

Examples: "domains" + "greenbytes.de" + "pubcert.pem" "ocsp" + "greenbytes.de" + "ocsp-XXXXX.json"

Storage groups are pre-defined, domain and aspect names can be freely chosen.

Groups reflect use cases and come with security restrictions. The groups DOMAINS, ARCHIVE and NONE are only accessible during the startup phase of httpd.

Private key are stored unencrypted only in restricted groups. Meaning that certificate keys in group DOMAINS are not encrypted, but only readable at httpd start/reload. Keys in unrestricted groups are encrypted using a pass phrase generated once and stored in NONE.Value types handled by a store

Enumerator
MD_SV_TEXT 
MD_SV_JSON 
MD_SV_CERT 
MD_SV_PKEY 
MD_SV_CHAIN 

Function Documentation

int md_is_newer ( md_store_t store,
md_store_group_t  group1,
md_store_group_t  group2,
const char *  name,
apr_pool_t p 
)
apr_status_t md_load ( md_store_t store,
md_store_group_t  group,
const char *  name,
md_t **  pmd,
apr_pool_t p 
)
apr_status_t md_pkey_load ( md_store_t store,
md_store_group_t  group,
const char *  name,
struct md_pkey_t **  ppkey,
apr_pool_t p 
)
apr_status_t md_pkey_save ( md_store_t store,
apr_pool_t p,
md_store_group_t  group,
const char *  name,
struct md_pkey_t pkey,
int  create 
)
apr_status_t md_pubcert_load ( md_store_t store,
md_store_group_t  group,
const char *  name,
struct apr_array_header_t **  ppubcert,
apr_pool_t p 
)
apr_status_t md_pubcert_save ( md_store_t store,
apr_pool_t p,
md_store_group_t  group,
const char *  name,
struct apr_array_header_t pubcert,
int  create 
)
apr_status_t md_remove ( md_store_t store,
apr_pool_t p,
md_store_group_t  group,
const char *  name,
int  force 
)
apr_status_t md_save ( struct md_store_t store,
apr_pool_t p,
md_store_group_t  group,
md_t md,
int  create 
)
apr_status_t md_store_get_fname ( const char **  pfname,
md_store_t store,
md_store_group_t  group,
const char *  name,
const char *  aspect,
apr_pool_t p 
)

Get the filename of an item stored in "group/name/aspect". The item does not have to exist.

apr_time_t md_store_get_modified ( md_store_t store,
md_store_group_t  group,
const char *  name,
const char *  aspect,
apr_pool_t p 
)

Get the modification time of the item store under "group/name/aspect".

Returns
modification time or 0 if the item does not exist.
const char* md_store_group_name ( unsigned int  group)
int md_store_is_newer ( md_store_t store,
md_store_group_t  group1,
md_store_group_t  group2,
const char *  name,
const char *  aspect,
apr_pool_t p 
)

Make a compare on the modification time of "group1/name/aspect" vs. "group2/name/aspect".

apr_status_t md_store_iter ( md_store_inspect inspect,
void baton,
md_store_t store,
apr_pool_t p,
md_store_group_t  group,
const char *  pattern,
const char *  aspect,
md_store_vtype_t  vtype 
)

Iterator over all existing values matching the name pattern. Patterns are evaluated using apr_fnmatch() without flags.

apr_status_t md_store_iter_names ( md_store_inspect inspect,
void baton,
md_store_t store,
apr_pool_t p,
md_store_group_t  group,
const char *  pattern 
)

Iterate over all names that exist in a group, e.g. there are items matching "group/pattern". The inspect function is called with the name and NULL aspect and value.

apr_status_t md_store_load ( md_store_t store,
md_store_group_t  group,
const char *  name,
const char *  aspect,
md_store_vtype_t  vtype,
void **  pdata,
apr_pool_t p 
)

Load the value of type at key "group/name/aspect", allocated from pool p. Usually, the type is expected to be the same as used in saving the value. Some conversions will work, others will fail the format.

Returns
APR_ENOENT if there is no such value
apr_status_t md_store_load_json ( md_store_t store,
md_store_group_t  group,
const char *  name,
const char *  aspect,
struct md_json_t **  pdata,
apr_pool_t p 
)

Load the JSON value at key "group/name/aspect", allocated from pool p.

Returns
APR_ENOENT if there is no such value
apr_status_t md_store_md_iter ( md_store_md_inspect inspect,
void baton,
md_store_t store,
apr_pool_t p,
md_store_group_t  group,
const char *  pattern 
)
apr_status_t md_store_move ( md_store_t store,
apr_pool_t p,
md_store_group_t  from,
md_store_group_t  to,
const char *  name,
int  archive 
)

Move everything matching key "from/name" from one group to another. If archive != 0, move any existing "to/name" into a new "archive/new_name" location.

apr_status_t md_store_purge ( md_store_t store,
apr_pool_t p,
md_store_group_t  group,
const char *  name 
)

Remove everything matching key "group/name".

apr_status_t md_store_remove ( md_store_t store,
md_store_group_t  group,
const char *  name,
const char *  aspect,
apr_pool_t p,
int  force 
)

Remove the value stored at key "group/name/aspect". Unless force != 0, a missing value will cause the call to fail with APR_ENOENT.

apr_status_t md_store_remove_not_modified_since ( md_store_t store,
apr_pool_t p,
apr_time_t  modified,
md_store_group_t  group,
const char *  name,
const char *  aspect 
)

Remove all items matching the name/aspect patterns that have not been modified since the given timestamp.

apr_status_t md_store_rename ( md_store_t store,
apr_pool_t p,
md_store_group_t  group,
const char *  name,
const char *  to 
)

Rename a group member.

apr_status_t md_store_save ( md_store_t store,
apr_pool_t p,
md_store_group_t  group,
const char *  name,
const char *  aspect,
md_store_vtype_t  vtype,
void data,
int  create 
)

Save the JSON value at key "group/name/aspect". If create != 0, fail if there already is a value for this key. The provided data MUST be of the correct type.

apr_status_t md_store_save_json ( md_store_t store,
apr_pool_t p,
md_store_group_t  group,
const char *  name,
const char *  aspect,
struct md_json_t data,
int  create 
)

Save the JSON value at key "group/name/aspect". If create != 0, fail if there already is a value for this key.