diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:06 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:06 +0000 |
commit | 5dff2d61cc1c27747ee398e04d8e02843aabb1f8 (patch) | |
tree | a67c336b406c8227bac912beb74a1ad3cdc55100 /modules/md/md_reg.h | |
parent | Initial commit. (diff) | |
download | apache2-5dff2d61cc1c27747ee398e04d8e02843aabb1f8.tar.xz apache2-5dff2d61cc1c27747ee398e04d8e02843aabb1f8.zip |
Adding upstream version 2.4.38.upstream/2.4.38
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules/md/md_reg.h')
-rw-r--r-- | modules/md/md_reg.h | 179 |
1 files changed, 179 insertions, 0 deletions
diff --git a/modules/md/md_reg.h b/modules/md/md_reg.h new file mode 100644 index 0000000..d976b7f --- /dev/null +++ b/modules/md/md_reg.h @@ -0,0 +1,179 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef mod_md_md_reg_h +#define mod_md_md_reg_h + +struct apr_hash_t; +struct apr_array_header_t; +struct md_store_t; +struct md_pkey_t; +struct md_cert_t; + +/** + * A registry for managed domains with a md_store_t as persistence. + * + */ +typedef struct md_reg_t md_reg_t; + +/** + * Initialize the registry, using the pool and loading any existing information + * from the store. + */ +apr_status_t md_reg_init(md_reg_t **preg, apr_pool_t *pm, struct md_store_t *store, + const char *proxy_url); + +struct md_store_t *md_reg_store_get(md_reg_t *reg); + +apr_status_t md_reg_set_props(md_reg_t *reg, apr_pool_t *p, int can_http, int can_https); + +/** + * Add a new md to the registry. This will check the name for uniqueness and + * that domain names do not overlap with already existing mds. + */ +apr_status_t md_reg_add(md_reg_t *reg, md_t *md, apr_pool_t *p); + +/** + * Find the md, if any, that contains the given domain name. + * NULL if none found. + */ +md_t *md_reg_find(md_reg_t *reg, const char *domain, apr_pool_t *p); + +/** + * Find one md, which domain names overlap with the given md and that has a different + * name. There may be more than one existing md that overlaps. It is not defined + * which one will be returned. + */ +md_t *md_reg_find_overlap(md_reg_t *reg, const md_t *md, const char **pdomain, apr_pool_t *p); + +/** + * Get the md with the given unique name. NULL if it does not exist. + * Will update the md->state. + */ +md_t *md_reg_get(md_reg_t *reg, const char *name, apr_pool_t *p); + +/** + * Assess the capability and need to driving this managed domain. + */ +apr_status_t md_reg_assess(md_reg_t *reg, md_t *md, int *perrored, int *prenew, apr_pool_t *p); + +/** + * Callback invoked for every md in the registry. If 0 is returned, iteration stops. + */ +typedef int md_reg_do_cb(void *baton, md_reg_t *reg, md_t *md); + +/** + * Invoke callback for all mds in this registry. Order is not guaranteed. + * If the callback returns 0, iteration stops. Returns 0 if iteration was + * aborted. + */ +int md_reg_do(md_reg_do_cb *cb, void *baton, md_reg_t *reg, apr_pool_t *p); + +/** + * Bitmask for fields that are updated. + */ +#define MD_UPD_DOMAINS 0x0001 +#define MD_UPD_CA_URL 0x0002 +#define MD_UPD_CA_PROTO 0x0004 +#define MD_UPD_CA_ACCOUNT 0x0008 +#define MD_UPD_CONTACTS 0x0010 +#define MD_UPD_AGREEMENT 0x0020 +#define MD_UPD_CERT_URL 0x0040 +#define MD_UPD_DRIVE_MODE 0x0080 +#define MD_UPD_RENEW_WINDOW 0x0100 +#define MD_UPD_CA_CHALLENGES 0x0200 +#define MD_UPD_PKEY_SPEC 0x0400 +#define MD_UPD_REQUIRE_HTTPS 0x0800 +#define MD_UPD_TRANSITIVE 0x1000 +#define MD_UPD_MUST_STAPLE 0x2000 +#define MD_UPD_ALL 0x7FFFFFFF + +/** + * Update the given fields for the managed domain. Take the new + * values from the given md, all other values remain unchanged. + */ +apr_status_t md_reg_update(md_reg_t *reg, apr_pool_t *p, + const char *name, const md_t *md, int fields); + +/** + * Get the credentials available for the managed domain md. Returns APR_ENOENT + * when none is available. The returned values are immutable. + */ +apr_status_t md_reg_creds_get(const md_creds_t **pcreds, md_reg_t *reg, + md_store_group_t group, const md_t *md, apr_pool_t *p); + +apr_status_t md_reg_get_cred_files(md_reg_t *reg, const md_t *md, apr_pool_t *p, + const char **pkeyfile, const char **pcertfile); + +/** + * Synchronise the give master mds with the store. + */ +apr_status_t md_reg_sync(md_reg_t *reg, apr_pool_t *p, apr_pool_t *ptemp, + apr_array_header_t *master_mds); + +apr_status_t md_reg_remove(md_reg_t *reg, apr_pool_t *p, const char *name, int archive); + +/**************************************************************************************************/ +/* protocol drivers */ + +typedef struct md_proto_t md_proto_t; + +typedef struct md_proto_driver_t md_proto_driver_t; + +struct md_proto_driver_t { + const md_proto_t *proto; + apr_pool_t *p; + const char *challenge; + int can_http; + int can_https; + struct md_store_t *store; + md_reg_t *reg; + const md_t *md; + void *baton; + int reset; + apr_time_t stage_valid_from; + const char *proxy_url; +}; + +typedef apr_status_t md_proto_init_cb(md_proto_driver_t *driver); +typedef apr_status_t md_proto_stage_cb(md_proto_driver_t *driver); +typedef apr_status_t md_proto_preload_cb(md_proto_driver_t *driver, md_store_group_t group); + +struct md_proto_t { + const char *protocol; + md_proto_init_cb *init; + md_proto_stage_cb *stage; + md_proto_preload_cb *preload; +}; + + +/** + * Stage a new credentials set for the given managed domain in a separate location + * without interfering with any existing credentials. + */ +apr_status_t md_reg_stage(md_reg_t *reg, const md_t *md, + const char *challenge, int reset, + apr_time_t *pvalid_from, apr_pool_t *p); + +/** + * Load a staged set of new credentials for the managed domain. This will archive + * any existing credential data and make the staged set the new live one. + * If staging is incomplete or missing, the load will fail and all credentials remain + * as they are. + */ +apr_status_t md_reg_load(md_reg_t *reg, const char *name, apr_pool_t *p); + +#endif /* mod_md_md_reg_h */ |