md_reg.c File Reference

#include <assert.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <apr_lib.h>
#include <apr_hash.h>
#include <apr_strings.h>
#include <apr_uri.h>
#include "md.h"
#include "md_crypt.h"
#include "md_event.h"
#include "md_log.h"
#include "md_json.h"
#include "md_result.h"
#include "md_reg.h"
#include "md_ocsp.h"
#include "md_store.h"
#include "md_status.h"
#include "md_tailscale.h"
#include "md_util.h"
#include "md_acme.h"
#include "md_acme_acct.h"

Go to the source code of this file.

Classes
struct	md_reg_t
struct	reg_do_ctx
struct	find_domain_ctx
struct	find_overlap_ctx
struct	sync_ctx_v2
struct	cleanup_challenge_ctx

Functions
static apr_status_t	load_props (md_reg_t *reg, apr_pool_t *p)
apr_status_t	md_reg_create (md_reg_t **preg, apr_pool_t *p, struct md_store_t *store, const char *proxy_url, const char *ca_file, apr_time_t min_delay, int retry_failover, int use_store_locks, apr_time_t lock_wait_timeout)
struct md_store_t *	md_reg_store_get (md_reg_t *reg)
static apr_status_t	check_values (md_reg_t *reg, apr_pool_t *p, const md_t *md, int fields)
static apr_status_t	state_init (md_reg_t *reg, apr_pool_t *p, md_t *md)
static int	reg_md_iter (void *baton, md_store_t *store, md_t *md, apr_pool_t *ptemp)
static int	reg_do (md_reg_do_cb *cb, void *baton, md_reg_t *reg, apr_pool_t *p, const char *exclude)
int	md_reg_do (md_reg_do_cb *cb, void *baton, md_reg_t *reg, apr_pool_t *p)
md_t *	md_reg_get (md_reg_t *reg, const char *name, apr_pool_t *p)
static int	find_domain (void *baton, md_reg_t *reg, md_t *md)
md_t *	md_reg_find (md_reg_t *reg, const char *domain, apr_pool_t *p)
static int	find_overlap (void *baton, md_reg_t *reg, md_t *md)
md_t *	md_reg_find_overlap (md_reg_t *reg, const md_t *md, const char **pdomain, apr_pool_t *p)
static apr_status_t	p_md_add (void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap)
static apr_status_t	add_md (md_reg_t *reg, md_t *md, apr_pool_t *p, int do_checks)
apr_status_t	md_reg_add (md_reg_t *reg, md_t *md, apr_pool_t *p)
static apr_status_t	p_md_update (void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap)
apr_status_t	md_reg_update (md_reg_t *reg, apr_pool_t *p, const char *name, const md_t *md, int fields, int do_checks)
apr_status_t	md_reg_delete_acct (md_reg_t *reg, apr_pool_t *p, const char *acct_id)
static apr_status_t	pubcert_load (void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap)
apr_status_t	md_reg_get_pubcert (const md_pubcert_t **ppubcert, md_reg_t *reg, const md_t *md, int i, apr_pool_t *p)
apr_status_t	md_reg_get_cred_files (const char **pkeyfile, const char **pcertfile, md_reg_t *reg, md_store_group_t group, const md_t *md, md_pkey_spec_t *spec, apr_pool_t *p)
apr_time_t	md_reg_valid_until (md_reg_t *reg, const md_t *md, apr_pool_t *p)
apr_time_t	md_reg_renew_at (md_reg_t *reg, const md_t *md, apr_pool_t *p)
int	md_reg_should_renew (md_reg_t *reg, const md_t *md, apr_pool_t *p)
int	md_reg_should_warn (md_reg_t *reg, const md_t *md, apr_pool_t *p)
apr_status_t	md_reg_set_props (md_reg_t *reg, apr_pool_t *p, int can_http, int can_https)
static md_t *	find_closest_match (apr_array_header_t *mds, const md_t *md)
static int	iter_add_name (void *baton, const char *dir, const char *name, md_store_vtype_t vtype, void *value, apr_pool_t *ptemp)
apr_status_t	md_reg_sync_start (md_reg_t *reg, apr_array_header_t *master_mds, apr_pool_t *p)
apr_status_t	md_reg_sync_finish (md_reg_t *reg, md_t *md, apr_pool_t *p, apr_pool_t *ptemp)
apr_status_t	md_reg_remove (md_reg_t *reg, apr_pool_t *p, const char *name, int archive)
static apr_status_t	cleanup_challenge_inspector (void *baton, const char *dir, const char *name, md_store_vtype_t vtype, void *value, apr_pool_t *ptemp)
apr_status_t	md_reg_cleanup_challenges (md_reg_t *reg, apr_pool_t *p, apr_pool_t *ptemp, apr_array_header_t *mds)
static apr_status_t	run_init (void *baton, apr_pool_t *p,...)
static apr_status_t	run_test_init (void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap)
apr_status_t	md_reg_test_init (md_reg_t *reg, const md_t *md, struct apr_table_t *env, md_result_t *result, apr_pool_t *p)
static apr_status_t	run_renew (void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap)
apr_status_t	md_reg_renew (md_reg_t *reg, const md_t *md, apr_table_t *env, int reset, int attempt, md_result_t *result, apr_pool_t *p)
static apr_status_t	run_load_staging (void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap)
apr_status_t	md_reg_load_staging (md_reg_t *reg, const md_t *md, apr_table_t *env, md_result_t *result, apr_pool_t *p)
apr_status_t	md_reg_load_stagings (md_reg_t *reg, apr_array_header_t *mds, apr_table_t *env, apr_pool_t *p)
apr_status_t	md_reg_lock_global (md_reg_t *reg, apr_pool_t *p)
void	md_reg_unlock_global (md_reg_t *reg, apr_pool_t *p)
apr_status_t	md_reg_freeze_domains (md_reg_t *reg, apr_array_header_t *mds)
void	md_reg_set_renew_window_default (md_reg_t *reg, md_timeslice_t *renew_window)
void	md_reg_set_warn_window_default (md_reg_t *reg, md_timeslice_t *warn_window)
md_job_t *	md_reg_job_make (md_reg_t *reg, const char *mdomain, apr_pool_t *p)
static int	get_cert_count (const md_t *md)
int	md_reg_has_revoked_certs (md_reg_t *reg, struct md_ocsp_reg_t *ocsp, const md_t *md, apr_pool_t *p)

Function Documentation

add_md()

static apr_status_t add_md ( md_reg_t *  reg, md_t *  md, apr_pool_t *  p, int  do_checks  )

static

Definition at line 428 of file md_reg.c.

check_values()

static apr_status_t check_values ( md_reg_t *  reg, apr_pool_t *  p, const md_t *  md, int  fields  )

static

Definition at line 130 of file md_reg.c.

cleanup_challenge_inspector()

static apr_status_t cleanup_challenge_inspector ( void *  baton, const char *  dir, const char *  name, md_store_vtype_t  vtype, void *  value, apr_pool_t *  ptemp  )

static

Definition at line 1004 of file md_reg.c.

find_closest_match()

static md_t * find_closest_match ( apr_array_header_t *  mds, const md_t *  md  )

static

Definition at line 768 of file md_reg.c.

find_domain()

static int find_domain ( void *  baton, md_reg_t *  reg, md_t *  md  )

static

Definition at line 342 of file md_reg.c.

find_overlap()

static int find_overlap ( void *  baton, md_reg_t *  reg, md_t *  md  )

static

Definition at line 374 of file md_reg.c.

get_cert_count()

static int get_cert_count ( const md_t *  md )

static

Definition at line 1326 of file md_reg.c.

iter_add_name()

static int iter_add_name ( void *  baton, const char *  dir, const char *  name, md_store_vtype_t  vtype, void *  value, apr_pool_t *  ptemp  )

static

Definition at line 809 of file md_reg.c.

load_props()

static apr_status_t load_props ( md_reg_t *  reg, apr_pool_t *  p  )

static

Definition at line 66 of file md_reg.c.

md_reg_add()

apr_status_t md_reg_add	(	md_reg_t *	reg,
		md_t *	md,
		apr_pool_t *	p
	)

Add a new md to the registry. This will check the name for uniqueness and that domain names do not overlap with already existing mds.

Definition at line 433 of file md_reg.c.

md_reg_cleanup_challenges()

apr_status_t md_reg_cleanup_challenges	(	md_reg_t *	reg,
		apr_pool_t *	p,
		apr_pool_t *	ptemp,
		apr_array_header_t *	mds
	)

Cleanup any challenges that are no longer in use.

Parameters

reg	the registry
p	pool for permanent storage
ptemp	pool for temporary storage
mds	the list of configured MDs

Definition at line 1032 of file md_reg.c.

md_reg_create()

apr_status_t md_reg_create	(	md_reg_t **	preg,
		apr_pool_t *	pm,
		md_store_t *	store,
		const char *	proxy_url,
		const char *	ca_file,
		apr_time_t	min_delay,
		int	retry_failover,
		int	use_store_locks,
		apr_time_t	lock_wait_timeout
	)

Create the MD registry, using the pool and store.

Parameters

preg	on APR_SUCCESS, the create md_reg_t
pm	memory pool to use for creation
store	the store to base on
proxy_url	optional URL of a proxy to use for requests
ca_file	optioinal CA trust anchor file to use
min_delay	minimum delay between renewal attempts for a domain
retry_failover	numer of failed renewals attempt to fail over to alternate ACME ca

Definition at line 87 of file md_reg.c.

md_reg_delete_acct()

apr_status_t md_reg_delete_acct	(	md_reg_t *	reg,
		apr_pool_t *	p,
		const char *	acct_id
	)

Delete the account from the local store.

Definition at line 545 of file md_reg.c.

md_reg_do()

int md_reg_do	(	md_reg_do_cb *	cb,
		void *	baton,
		md_reg_t *	reg,
		apr_pool_t *	p
	)

Invoke callback for all mds in this registry. Order is not guaranteed. If the callback returns 0, iteration stops. Returns 0 if iteration was aborted.

Definition at line 318 of file md_reg.c.

md_reg_find()

md_t * md_reg_find	(	md_reg_t *	reg,
		const char *	domain,
		apr_pool_t *	p
	)

Find the md, if any, that contains the given domain name. NULL if none found.

Definition at line 354 of file md_reg.c.

md_reg_find_overlap()

md_t * md_reg_find_overlap	(	md_reg_t *	reg,
		const md_t *	md,
		const char **	pdomain,
		apr_pool_t *	p
	)

Find one md, which domain names overlap with the given md and that has a different name. There may be more than one existing md that overlaps. It is not defined which one will be returned.

Definition at line 388 of file md_reg.c.

md_reg_freeze_domains()

apr_status_t md_reg_freeze_domains	(	md_reg_t *	reg,
		apr_array_header_t *	mds
	)

Mark all information from group MD_SG_DOMAINS as readonly, deny future modifications (MD_SG_STAGING and MD_SG_CHALLENGES remain writeable). For the given MDs, cache the public information (MDs themselves and their pubcerts or lack of).

Definition at line 1290 of file md_reg.c.

md_reg_get()

md_t * md_reg_get	(	md_reg_t *	reg,
		const char *	name,
		apr_pool_t *	p
	)

Get the md with the given unique name. NULL if it does not exist. Will update the md->state.

Definition at line 326 of file md_reg.c.

md_reg_get_cred_files()

apr_status_t md_reg_get_cred_files	(	const char **	pkeyfile,
		const char **	pcertfile,
		md_reg_t *	reg,
		md_store_group_t	group,
		const md_t *	md,
		struct md_pkey_spec_t *	spec,
		apr_pool_t *	p
	)

Get the filenames of private key and pubcert of the MD - if they exist.

Returns

APR_ENOENT if one or both do not exist.

Definition at line 635 of file md_reg.c.

md_reg_get_pubcert()

apr_status_t md_reg_get_pubcert	(	const md_pubcert_t **	ppubcert,
		md_reg_t *	reg,
		const md_t *	md,
		int	i,
		apr_pool_t *	p
	)

Get the chain of public certificates of the managed domain md, starting with the cert of the domain and going up the issuers. Returns APR_ENOENT when not available.

Definition at line 608 of file md_reg.c.

md_reg_has_revoked_certs()

int md_reg_has_revoked_certs	(	md_reg_t *	reg,
		struct md_ocsp_reg_t *	ocsp,
		const md_t *	md,
		apr_pool_t *	p
	)

Returns

!= 0 iff md has any certificates known to be REVOKED.

Definition at line 1334 of file md_reg.c.

md_reg_job_make()

md_job_t * md_reg_job_make	(	md_reg_t *	reg,
		const char *	mdomain,
		apr_pool_t *	p
	)

Definition at line 1321 of file md_reg.c.

md_reg_load_staging()

apr_status_t md_reg_load_staging	(	md_reg_t *	reg,
		const md_t *	md,
		struct apr_table_t *	env,
		struct md_result_t *	result,
		apr_pool_t *	p
	)

Load a new set of credentials for the managed domain from STAGING - if it exists. This will archive any existing credential data and make the staged set the new one in DOMAINS. If staging is incomplete or missing, the load will fail and all credentials remain as they are.

Returns

APR_SUCCESS on loading new data, APR_ENOENT when nothing is staged, error otherwise.

Definition at line 1237 of file md_reg.c.

md_reg_load_stagings()

apr_status_t md_reg_load_stagings	(	md_reg_t *	reg,
		apr_array_header_t *	mds,
		apr_table_t *	env,
		apr_pool_t *	p
	)

Check given MDomains for new data in staging areas and, if it exists, load the new credentials. On encountering errors, leave the credentails as they are.

Definition at line 1244 of file md_reg.c.

md_reg_lock_global()

apr_status_t md_reg_lock_global	(	md_reg_t *	reg,
		apr_pool_t *	p
	)

Acquire a cooperative, global lock on registry modifications. Will do nothing if locking is not configured.

This will only prevent other children/processes/cluster nodes from doing the same and does not protect individual store functions from being called without it.

Parameters

reg	the registy
p	memory pool to use
max_wait	maximum time to wait in order to acquire

Returns

APR_SUCCESS when lock was obtained

Definition at line 1269 of file md_reg.c.

md_reg_remove()

apr_status_t md_reg_remove	(	md_reg_t *	reg,
		apr_pool_t *	p,
		const char *	name,
		int	archive
	)

Definition at line 992 of file md_reg.c.

md_reg_renew()

apr_status_t md_reg_renew	(	md_reg_t *	reg,
		const md_t *	md,
		struct apr_table_t *	env,
		int	reset,
		int	attempt,
		struct md_result_t *	result,
		apr_pool_t *	p
	)

Obtain new credentials for the given managed domain in STAGING.

Parameters

reg	the registry instance
md	the mdomain to renew
env	global environment of settings
reset	!= 0 if any previous, partial information should be wiped
attempt	the number of attempts made this far (for this md)
result	for reporting results of the renewal
p	the memory pool to use

Returns

APR_SUCCESS if new credentials have been staged successfully

Definition at line 1168 of file md_reg.c.

md_reg_renew_at()

apr_time_t md_reg_renew_at	(	md_reg_t *	reg,
		const md_t *	md,
		apr_pool_t *	p
	)

Return the timestamp when the certificate should be renewed. A value of 0 indicates that that renewal is not configured (see renew_mode).

Definition at line 671 of file md_reg.c.

md_reg_set_props()

apr_status_t md_reg_set_props	(	md_reg_t *	reg,
		apr_pool_t *	p,
		int	can_http,
		int	can_https
	)

Definition at line 750 of file md_reg.c.

md_reg_set_renew_window_default()

void md_reg_set_renew_window_default	(	md_reg_t *	reg,
		md_timeslice_t *	renew_window
	)

Definition at line 1311 of file md_reg.c.

md_reg_set_warn_window_default()

void md_reg_set_warn_window_default	(	md_reg_t *	reg,
		md_timeslice_t *	warn_window
	)

Definition at line 1316 of file md_reg.c.

md_reg_should_renew()

int md_reg_should_renew	(	md_reg_t *	reg,
		const md_t *	md,
		apr_pool_t *	p
	)

Return if the certificate of the MD should be renewed. This includes reaching the renewal window of an otherwise valid certificate. It return also !0 iff no certificate has been obtained yet.

Definition at line 706 of file md_reg.c.

md_reg_should_warn()

int md_reg_should_warn	(	md_reg_t *	reg,
		const md_t *	md,
		apr_pool_t *	p
	)

Return if a warning should be issued about the certificate expiration. This applies the configured warn window to the remaining lifetime of the current certiciate. If no certificate is present, this returns 0.

Definition at line 714 of file md_reg.c.

md_reg_store_get()

struct md_store_t * md_reg_store_get

(

md_reg_t *

reg

)

Definition at line 122 of file md_reg.c.

md_reg_sync_finish()

apr_status_t md_reg_sync_finish	(	md_reg_t *	reg,
		md_t *	md,
		apr_pool_t *	p,
		apr_pool_t *	ptemp
	)

Finish syncing an MD with the store.

1. if there are changed properties (or if the MD is new), save it.
2. read any existing certificate and init the state of the memory MD

Definition at line 918 of file md_reg.c.

md_reg_sync_start()

apr_status_t md_reg_sync_start	(	md_reg_t *	reg,
		apr_array_header_t *	master_mds,
		apr_pool_t *	p
	)

Synchronize the given master mds with the store.

Definition at line 834 of file md_reg.c.

md_reg_test_init()

apr_status_t md_reg_test_init	(	md_reg_t *	reg,
		const md_t *	md,
		struct apr_table_t *	env,
		struct md_result_t *	result,
		apr_pool_t *	p
	)

Run a test initialization of the renew protocol for the given MD. This verifies basic parameter settings and is expected to return a description of encountered problems in <pmessage> when != APR_SUCCESS. A message return is allocated fromt the given pool.

Definition at line 1133 of file md_reg.c.

md_reg_unlock_global()

void md_reg_unlock_global	(	md_reg_t *	reg,
		apr_pool_t *	p
	)

Realease the global registry lock. Will do nothing if there is no lock.

Definition at line 1283 of file md_reg.c.

md_reg_update()

apr_status_t md_reg_update	(	md_reg_t *	reg,
		apr_pool_t *	p,
		const char *	name,
		const md_t *	md,
		int	fields,
		int	check_consistency
	)

Update the given fields for the managed domain. Take the new values from the given md, all other values remain unchanged.

Definition at line 538 of file md_reg.c.

md_reg_valid_until()

apr_time_t md_reg_valid_until	(	md_reg_t *	reg,
		const md_t *	md,
		apr_pool_t *	p
	)

Return the timestamp up to which all certificates for the MD can be used. A value of 0 indicates that there is no certificate.

Definition at line 650 of file md_reg.c.

p_md_add()

static apr_status_t p_md_add ( void *  baton, apr_pool_t *  p, apr_pool_t *  ptemp, va_list  ap  )

static

Definition at line 409 of file md_reg.c.

p_md_update()

static apr_status_t p_md_update ( void *  baton, apr_pool_t *  p, apr_pool_t *  ptemp, va_list  ap  )

static

Definition at line 438 of file md_reg.c.

pubcert_load()

static apr_status_t pubcert_load ( void *  baton, apr_pool_t *  p, apr_pool_t *  ptemp, va_list  ap  )

static

Definition at line 559 of file md_reg.c.

reg_do()

static int reg_do ( md_reg_do_cb *  cb, void *  baton, md_reg_t *  reg, apr_pool_t *  p, const char *  exclude  )

static

Definition at line 306 of file md_reg.c.

reg_md_iter()

static int reg_md_iter ( void *  baton, md_store_t *  store, md_t *  md, apr_pool_t *  ptemp  )

static

Definition at line 294 of file md_reg.c.

run_init()

static apr_status_t run_init ( void *  baton, apr_pool_t *  p,   ...  )

static

Definition at line 1051 of file md_reg.c.

run_load_staging()

static apr_status_t run_load_staging ( void *  baton, apr_pool_t *  p, apr_pool_t *  ptemp, va_list  ap  )

static

Definition at line 1175 of file md_reg.c.

run_renew()

static apr_status_t run_renew ( void *  baton, apr_pool_t *  p, apr_pool_t *  ptemp, va_list  ap  )

static

Definition at line 1139 of file md_reg.c.

run_test_init()

static apr_status_t run_test_init ( void *  baton, apr_pool_t *  p, apr_pool_t *  ptemp, va_list  ap  )

static

Definition at line 1118 of file md_reg.c.

state_init()

static apr_status_t state_init ( md_reg_t *  reg, apr_pool_t *  p, md_t *  md  )

static

Definition at line 217 of file md_reg.c.