md_acme.h

Go to the documentation of this file.

/* Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 
#ifndef mod_md_md_acme_h
#define mod_md_md_acme_h
 
struct apr_array_header_t;
struct apr_bucket_brigade;
struct md_http_response_t;
struct apr_hash_t;
struct md_http_t;
struct md_json_t;
struct md_pkey_t;
struct md_t;
struct md_acme_acct_t;
struct md_acmev2_acct_t;
struct md_store_t;
struct md_result_t;
 
#define MD_PROTO_ACME               "ACME"
 
#define MD_AUTHZ_CHA_HTTP_01        "http-01"
#define MD_AUTHZ_CHA_SNI_01         "tls-sni-01"
 
#define MD_ACME_VERSION_UNKNOWN    0x0
#define MD_ACME_VERSION_1          0x010000
#define MD_ACME_VERSION_2          0x020000
 
#define MD_ACME_VERSION_MAJOR(i)    (((i)&0xFF0000) >> 16)
 
typedef enum {
    MD_ACME_S_UNKNOWN,              /* MD has not been analysed yet */
    MD_ACME_S_REGISTERED,           /* MD is registered at CA, but not more */
    MD_ACME_S_TOS_ACCEPTED,         /* Terms of Service were accepted by account holder */
    MD_ACME_S_CHALLENGED,           /* MD challenge information for all domains is known */
    MD_ACME_S_VALIDATED,            /* MD domains have been validated */
    MD_ACME_S_CERTIFIED,            /* MD has valid certificate */
    MD_ACME_S_DENIED,               /* MD domains (at least one) have been denied by CA */
} md_acme_state_t;
 
typedef struct md_acme_t md_acme_t;
 
typedef struct md_acme_req_t md_acme_req_t;
typedef apr_status_t md_acme_req_res_cb(md_acme_t *acme, 
                                        const struct md_http_response_t *res, void *baton);
 
typedef apr_status_t md_acme_req_init_cb(md_acme_req_t *req, void *baton);
 
typedef apr_status_t md_acme_req_json_cb(md_acme_t *acme, apr_pool_t *p, 
                                         const apr_table_t *headers, 
                                         struct md_json_t *jbody, void *baton);
 
typedef apr_status_t md_acme_req_err_cb(md_acme_req_t *req, 
                                        const struct md_result_t *result, void *baton);
 
 
typedef apr_status_t md_acme_new_nonce_fn(md_acme_t *acme);
typedef apr_status_t md_acme_req_init_fn(md_acme_req_t *req, struct md_json_t *jpayload);
 
typedef apr_status_t md_acme_post_fn(md_acme_t *acme, 
                                     md_acme_req_init_cb *on_init,
                                     md_acme_req_json_cb *on_json,
                                     md_acme_req_res_cb *on_res,
                                     md_acme_req_err_cb *on_err,
                                     void *baton);
 
struct md_acme_t {
    const char *url;                /* directory url of the ACME service */
    const char *sname;              /* short name for the service, not necessarily unique */
    apr_pool_t *p;
    const char *user_agent;
    const char *proxy_url;
    const char *ca_file;
    
    const char *acct_id;            /* local storage id account was loaded from or NULL */
    struct md_acme_acct_t *acct;    /* account at ACME server to use for requests */
    struct md_pkey_t *acct_key;     /* private RSA key belonging to account */
    
    int version;                    /* as detected from the server */
    union {
        struct { /* obsolete */
            const char *new_authz;
            const char *new_cert;
            const char *new_reg;
            const char *revoke_cert;
            
        } v1;
        struct {
            const char *new_account;
            const char *new_order;
            const char *key_change;
            const char *revoke_cert;
            const char *new_nonce;
        } v2;
    } api;
    const char *ca_agreement;
    const char *acct_name;
    int eab_required;
    
    md_acme_new_nonce_fn *new_nonce_fn;
    md_acme_req_init_fn *req_init_fn;
    md_acme_post_fn *post_new_account_fn;
    
    struct md_http_t *http;
    
    const char *nonce;
    int max_retries;
    struct md_result_t *last;      /* result of last request */
};
 
apr_status_t md_acme_init(apr_pool_t *pool, const char *base_version, int init_ssl);
 
apr_status_t md_acme_create(md_acme_t **pacme, apr_pool_t *p, const char *url,
                            const char *proxy_url, const char *ca_file);
 
apr_status_t md_acme_setup(md_acme_t *acme, struct md_result_t *result);
 
void md_acme_report_result(md_acme_t *acme, apr_status_t rv, struct md_result_t *result);
 
/**************************************************************************************************/
/* account handling */
 
void md_acme_clear_acct(md_acme_t *acme);
 
apr_status_t md_acme_POST_new_account(md_acme_t *acme, 
                                      md_acme_req_init_cb *on_init,
                                      md_acme_req_json_cb *on_json,
                                      md_acme_req_res_cb *on_res,
                                      md_acme_req_err_cb *on_err,
                                      void *baton);
 
const char *md_acme_acct_id_get(md_acme_t *acme);
const char *md_acme_acct_url_get(md_acme_t *acme);
 
apr_status_t md_acme_use_acct(md_acme_t *acme, struct md_store_t *store, 
                              apr_pool_t *p, const char *acct_id);
 
apr_status_t md_acme_use_acct_for_md(md_acme_t *acme, struct md_store_t *store,
                                     apr_pool_t *p, const char *acct_id,
                                     const md_t *md);
 
const char *md_acme_acct_id_get(md_acme_t *acme);
 
apr_status_t md_acme_agree(md_acme_t *acme, apr_pool_t *p, const char *tos);
 
apr_status_t md_acme_check_agreement(md_acme_t *acme, apr_pool_t *p, 
                                     const char *agreement, const char **prequired);
 
apr_status_t md_acme_save_acct(md_acme_t *acme, apr_pool_t *p, struct md_store_t *store);
                               
apr_status_t md_acme_acct_deactivate(md_acme_t *acme, apr_pool_t *p);
 
/**************************************************************************************************/
/* request handling */
 
struct md_acme_req_t {
    md_acme_t *acme;               /* the ACME server to talk to */
    apr_pool_t *p;                 /* pool for the request duration */
    
    const char *url;               /* url to POST the request to */
    const char *method;            /* HTTP method to use */
    struct md_json_t *prot_fields; /* JWS protected fields */
    struct md_json_t *req_json;    /* JSON to be POSTed in request body */
 
    apr_table_t *resp_hdrs;        /* HTTP response headers */
    struct md_json_t *resp_json;   /* JSON response body received */
    
    apr_status_t rv;               /* status of request */
    
    md_acme_req_init_cb *on_init;  /* callback to initialize the request before submit */
    md_acme_req_json_cb *on_json;  /* callback on successful JSON response */
    md_acme_req_res_cb *on_res;    /* callback on generic HTTP response */
    md_acme_req_err_cb *on_err;    /* callback on encountered error */
    int max_retries;               /* how often this might be retried */
    void *baton;                   /* userdata for callbacks */
    struct md_result_t *result;    /* result of this request */
};
 
apr_status_t md_acme_req_body_init(md_acme_req_t *req, struct md_json_t *payload);
 
apr_status_t md_acme_GET(md_acme_t *acme, const char *url,
                         md_acme_req_init_cb *on_init,
                         md_acme_req_json_cb *on_json,
                         md_acme_req_res_cb *on_res,
                         md_acme_req_err_cb *on_err,
                         void *baton);
apr_status_t md_acme_POST(md_acme_t *acme, const char *url,
                          md_acme_req_init_cb *on_init,
                          md_acme_req_json_cb *on_json,
                          md_acme_req_res_cb *on_res,
                          md_acme_req_err_cb *on_err,
                          void *baton);
 
apr_status_t md_acme_get_json(struct md_json_t **pjson, md_acme_t *acme, 
                              const char *url, apr_pool_t *p);
 
 
apr_status_t md_acme_req_body_init(md_acme_req_t *req, struct md_json_t *jpayload);
 
apr_status_t md_acme_protos_add(struct apr_hash_t *protos, apr_pool_t *p);
 
int md_acme_problem_is_input_related(const char *problem);
 
#endif /* md_acme_h */