File: [local] / src / usr.sbin / acme-client / extern.h (download)
Revision 1.20, Mon Sep 14 16:00:17 2020 UTC (3 years, 8 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE, OPENBSD_7_5, OPENBSD_7_4_BASE, OPENBSD_7_4, OPENBSD_7_3_BASE, OPENBSD_7_3, OPENBSD_7_2_BASE, OPENBSD_7_2, OPENBSD_7_1_BASE, OPENBSD_7_1, OPENBSD_7_0_BASE, OPENBSD_7_0, OPENBSD_6_9_BASE, OPENBSD_6_9, OPENBSD_6_8_BASE, OPENBSD_6_8 Changes since 1.19: +2 -2 lines
We need to be able to provide contact information to use the
buypass.com acme api.
From Bartosz Kuzma (bartosz.kuzma AT release11.com), thanks!
OK beck, deraadt
|
/* $Id: extern.h,v 1.20 2020/09/14 16:00:17 florian Exp $ */
/*
* Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef EXTERN_H
#define EXTERN_H
#include "parse.h"
#define MAX_SERVERS_DNS 8
#ifndef nitems
#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
#endif
/*
* Requests to and from acctproc.
*/
enum acctop {
ACCT_STOP = 0,
ACCT_READY,
ACCT_SIGN,
ACCT_KID_SIGN,
ACCT_THUMBPRINT,
ACCT__MAX
};
/*
* Requests to and from chngproc.
*/
enum chngop {
CHNG_STOP = 0,
CHNG_SYN,
CHNG_ACK,
CHNG__MAX
};
/*
* Requests to keyproc.
*/
enum keyop {
KEY_STOP = 0,
KEY_READY,
KEY__MAX
};
/*
* Requests to certproc.
*/
enum certop {
CERT_STOP = 0,
CERT_REVOKE,
CERT_UPDATE,
CERT__MAX
};
/*
* Requests to fileproc.
*/
enum fileop {
FILE_STOP = 0,
FILE_REMOVE,
FILE_CREATE,
FILE__MAX
};
/*
* Requests to dnsproc.
*/
enum dnsop {
DNS_STOP = 0,
DNS_LOOKUP,
DNS__MAX
};
enum revokeop {
REVOKE_STOP = 0,
REVOKE_CHECK,
REVOKE_EXP,
REVOKE_OK,
REVOKE__MAX
};
/*
* Our components.
* Each one of these is in a separated, isolated process.
*/
enum comp {
COMP_NET, /* network-facing (to ACME) */
COMP_KEY, /* handles domain keys */
COMP_CERT, /* handles domain certificates */
COMP_ACCOUNT, /* handles account key */
COMP_CHALLENGE, /* handles challenges */
COMP_FILE, /* handles writing certs */
COMP_DNS, /* handles DNS lookups */
COMP_REVOKE, /* checks X509 expiration */
COMP__MAX
};
/*
* Inter-process communication labels.
* This is purely for looking at debugging.
*/
enum comm {
COMM_REQ,
COMM_THUMB,
COMM_CERT,
COMM_PAY,
COMM_NONCE,
COMM_KID,
COMM_URL,
COMM_TOK,
COMM_CHNG_OP,
COMM_CHNG_ACK,
COMM_ACCT,
COMM_ACCT_STAT,
COMM_CSR,
COMM_CSR_OP,
COMM_ISSUER,
COMM_CHAIN,
COMM_CHAIN_OP,
COMM_DNS,
COMM_DNSQ,
COMM_DNSA,
COMM_DNSF,
COMM_DNSLEN,
COMM_KEY_STAT,
COMM_REVOKE_OP,
COMM_REVOKE_CHECK,
COMM_REVOKE_RESP,
COMM__MAX
};
/*
* This contains the URI and token of an ACME-issued challenge.
* A challenge consists of a token, which we must present on the
* (presumably!) local machine to an ACME connection; and a URI, to
* which we must connect to verify the token.
*/
enum chngstatus {
CHNG_INVALID = -1,
CHNG_PENDING = 0,
CHNG_PROCESSING = 1,
CHNG_VALID = 2
};
struct chng {
char *uri; /* uri on ACME server */
char *token; /* token we must offer */
char *error; /* "detail" field in case of error */
size_t retry; /* how many times have we tried */
enum chngstatus status; /* challenge accepted? */
};
enum orderstatus {
ORDER_INVALID = -1,
ORDER_PENDING = 0,
ORDER_READY = 1,
ORDER_PROCESSING = 2,
ORDER_VALID = 3
};
struct order {
char *uri; /* uri of the order request */
char *finalize; /* finalize uri */
char *certificate; /* uri for issued certificate */
enum orderstatus status; /* status of order */
char **auths; /* authorization uris */
size_t authsz;
};
/*
* This consists of the services offered by the CA.
* They must all be filled in.
*/
struct capaths {
char *newaccount; /* new acme account */
char *newnonce; /* new nonce */
char *neworder; /* order new certificate */
char *revokecert; /* revoke certificate */
};
struct jsmnn;
__BEGIN_DECLS
/*
* Start with our components.
* These are all isolated and talk to each other using sockets.
*/
int acctproc(int, const char *, enum keytype);
int certproc(int, int);
int chngproc(int, const char *);
int dnsproc(int);
int revokeproc(int, const char *, int, int, const char *const *,
size_t);
int fileproc(int, const char *, const char *, const char *,
const char *);
int keyproc(int, const char *, const char **, size_t,
enum keytype);
int netproc(int, int, int, int, int, int, int,
struct authority_c *, const char *const *,
size_t);
/*
* Debugging functions.
* These just route to warnx according to the verbosity.
*/
void dodbg(const char *, ...)
__attribute__((format(printf, 1, 2)));
void doddbg(const char *, ...)
__attribute__((format(printf, 1, 2)));
/*
* Read and write things from the wire.
* The readers behave differently with respect to EOF.
*/
long readop(int, enum comm);
char *readbuf(int, enum comm, size_t *);
char *readstr(int, enum comm);
int writebuf(int, enum comm, const void *, size_t);
int writestr(int, enum comm, const char *);
int writeop(int, enum comm, long);
int checkexit(pid_t, enum comp);
int checkexit_ext(int *, pid_t, enum comp);
/*
* Base64 and URL encoding.
* Returns a buffer or NULL on allocation error.
*/
size_t base64buf(char *, const char *, size_t);
size_t base64len(size_t);
char *base64buf_url(const char *, size_t);
/*
* JSON parsing routines.
* Keep this all in on place, though it's only used by one file.
*/
struct jsmnn *json_parse(const char *, size_t);
void json_free(struct jsmnn *);
int json_parse_response(struct jsmnn *);
void json_free_challenge(struct chng *);
int json_parse_challenge(struct jsmnn *, struct chng *);
void json_free_order(struct order *);
int json_parse_order(struct jsmnn *, struct order *);
int json_parse_upd_order(struct jsmnn *, struct order *);
void json_free_capaths(struct capaths *);
int json_parse_capaths(struct jsmnn *, struct capaths *);
char *json_getstr(struct jsmnn *, const char *);
char *json_fmt_newcert(const char *);
char *json_fmt_chkacc(void);
char *json_fmt_newacc(const char *);
char *json_fmt_neworder(const char *const *, size_t);
char *json_fmt_protected_rsa(const char *,
const char *, const char *, const char *);
char *json_fmt_protected_ec(const char *, const char *, const char *,
const char *);
char *json_fmt_protected_kid(const char*, const char *, const char *,
const char *);
char *json_fmt_revokecert(const char *);
char *json_fmt_thumb_rsa(const char *, const char *);
char *json_fmt_thumb_ec(const char *, const char *);
char *json_fmt_signed(const char *, const char *, const char *);
/*
* Should we print debugging messages?
*/
extern int verbose;
/*
* What component is the process within (COMP__MAX for none)?
*/
extern enum comp proccomp;
__END_DECLS
#endif /* ! EXTERN_H */