/* Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include #include #include #include #include "md.h" #include "md_crypt.h" #include "md_log.h" #include "md_json.h" #include "md_store.h" #include "md_util.h" /**************************************************************************************************/ /* generic callback handling */ #define ASPECT_MD "md.json" #define ASPECT_CERT "cert.pem" #define ASPECT_PKEY "key.pem" #define ASPECT_CHAIN "chain.pem" #define GNAME_ACCOUNTS #define GNAME_CHALLENGES #define GNAME_DOMAINS #define GNAME_STAGING #define GNAME_ARCHIVE static const char *GROUP_NAME[] = { "none", "accounts", "challenges", "domains", "staging", "archive", "tmp", "ocsp", NULL }; const char *md_store_group_name(unsigned int group) { if (group < sizeof(GROUP_NAME)/sizeof(GROUP_NAME[0])) { return GROUP_NAME[group]; } return "UNKNOWN"; } apr_status_t md_store_load(md_store_t *store, md_store_group_t group, const char *name, const char *aspect, md_store_vtype_t vtype, void **pdata, apr_pool_t *p) { return store->load(store, group, name, aspect, vtype, pdata, p); } apr_status_t md_store_save(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, const char *aspect, md_store_vtype_t vtype, void *data, int create) { return store->save(store, p, group, name, aspect, vtype, data, create); } apr_status_t md_store_remove(md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p, int force) { return store->remove(store, group, name, aspect, p, force); } apr_status_t md_store_purge(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name) { return store->purge(store, p, group, name); } apr_status_t md_store_iter(md_store_inspect *inspect, void *baton, md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *pattern, const char *aspect, md_store_vtype_t vtype) { return store->iterate(inspect, baton, store, p, group, pattern, aspect, vtype); } apr_status_t md_store_load_json(md_store_t *store, md_store_group_t group, const char *name, const char *aspect, struct md_json_t **pdata, apr_pool_t *p) { return md_store_load(store, group, name, aspect, MD_SV_JSON, (void**)pdata, p); } apr_status_t md_store_save_json(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, const char *aspect, struct md_json_t *data, int create) { return md_store_save(store, p, group, name, aspect, MD_SV_JSON, (void*)data, create); } apr_status_t md_store_move(md_store_t *store, apr_pool_t *p, md_store_group_t from, md_store_group_t to, const char *name, int archive) { return store->move(store, p, from, to, name, archive); } apr_status_t md_store_get_fname(const char **pfname, md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p) { if (store->get_fname) { return store->get_fname(pfname, store, group, name, aspect, p); } return APR_ENOTIMPL; } int md_store_is_newer(md_store_t *store, md_store_group_t group1, md_store_group_t group2, const char *name, const char *aspect, apr_pool_t *p) { return store->is_newer(store, group1, group2, name, aspect, p); } apr_time_t md_store_get_modified(md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p) { return store->get_modified(store, group, name, aspect, p); } apr_status_t md_store_iter_names(md_store_inspect *inspect, void *baton, md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *pattern) { return store->iterate_names(inspect, baton, store, p, group, pattern); } apr_status_t md_store_remove_not_modified_since(md_store_t *store, apr_pool_t *p, apr_time_t modified, md_store_group_t group, const char *name, const char *aspect) { return store->remove_nms(store, p, modified, group, name, aspect); } apr_status_t md_store_rename(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, const char *to) { return store->rename(store, p, group, name, to); } /**************************************************************************************************/ /* convenience */ typedef struct { md_store_t *store; md_store_group_t group; } md_group_ctx; apr_status_t md_load(md_store_t *store, md_store_group_t group, const char *name, md_t **pmd, apr_pool_t *p) { md_json_t *json; apr_status_t rv; rv = md_store_load_json(store, group, name, MD_FN_MD, pmd? &json : NULL, p); if (APR_SUCCESS == rv) { if (pmd) { *pmd = md_from_json(json, p); } return APR_SUCCESS; } return rv; } static apr_status_t p_save(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap) { md_group_ctx *ctx = baton; md_json_t *json; md_t *md; int create; md = va_arg(ap, md_t *); create = va_arg(ap, int); json = md_to_json(md, ptemp); assert(json); assert(md->name); return md_store_save_json(ctx->store, p, ctx->group, md->name, MD_FN_MD, json, create); } apr_status_t md_save(md_store_t *store, apr_pool_t *p, md_store_group_t group, md_t *md, int create) { md_group_ctx ctx; ctx.store = store; ctx.group = group; return md_util_pool_vdo(p_save, &ctx, p, md, create, NULL); } static apr_status_t p_remove(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap) { md_group_ctx *ctx = baton; const char *name; int force; (void)p; name = va_arg(ap, const char *); force = va_arg(ap, int); assert(name); return md_store_remove(ctx->store, ctx->group, name, MD_FN_MD, ptemp, force); } apr_status_t md_remove(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, int force) { md_group_ctx ctx; ctx.store = store; ctx.group = group; return md_util_pool_vdo(p_remove, &ctx, p, name, force, NULL); } int md_is_newer(md_store_t *store, md_store_group_t group1, md_store_group_t group2, const char *name, apr_pool_t *p) { return md_store_is_newer(store, group1, group2, name, MD_FN_MD, p); } typedef struct { apr_pool_t *p; apr_array_header_t *mds; } md_load_ctx; static const char *pk_filename(const char *keyname, const char *base, apr_pool_t *p) { char *s, *t; /* We also run on various filesystems with difference upper/lower preserve matching * rules. Normalize the names we use, since private key specifications are basically * user input. */ s = (keyname && apr_strnatcasecmp("rsa", keyname))? apr_pstrcat(p, base, ".", keyname, ".pem", NULL) : apr_pstrcat(p, base, ".pem", NULL); for (t = s; *t; t++ ) *t = (char)apr_tolower(*t); return s; } const char *md_pkey_filename(md_pkey_spec_t *spec, apr_pool_t *p) { return pk_filename(md_pkey_spec_name(spec), "privkey", p); } const char *md_chain_filename(md_pkey_spec_t *spec, apr_pool_t *p) { return pk_filename(md_pkey_spec_name(spec), "pubcert", p); } apr_status_t md_pkey_load(md_store_t *store, md_store_group_t group, const char *name, md_pkey_spec_t *spec, md_pkey_t **ppkey, apr_pool_t *p) { const char *fname = md_pkey_filename(spec, p); return md_store_load(store, group, name, fname, MD_SV_PKEY, (void**)ppkey, p); } apr_status_t md_pkey_save(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, md_pkey_spec_t *spec, struct md_pkey_t *pkey, int create) { const char *fname = md_pkey_filename(spec, p); return md_store_save(store, p, group, name, fname, MD_SV_PKEY, pkey, create); } apr_status_t md_pubcert_load(md_store_t *store, md_store_group_t group, const char *name, md_pkey_spec_t *spec, struct apr_array_header_t **ppubcert, apr_pool_t *p) { const char *fname = md_chain_filename(spec, p); return md_store_load(store, group, name, fname, MD_SV_CHAIN, (void**)ppubcert, p); } apr_status_t md_pubcert_save(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, md_pkey_spec_t *spec, struct apr_array_header_t *pubcert, int create) { const char *fname = md_chain_filename(spec, p); return md_store_save(store, p, group, name, fname, MD_SV_CHAIN, pubcert, create); } apr_status_t md_creds_load(md_store_t *store, md_store_group_t group, const char *name, md_pkey_spec_t *spec, md_credentials_t **pcreds, apr_pool_t *p) { md_credentials_t *creds = apr_pcalloc(p, sizeof(*creds)); apr_status_t rv; creds->spec = spec; if (APR_SUCCESS != (rv = md_pkey_load(store, group, name, spec, &creds->pkey, p))) { goto leave; } /* chain is optional */ rv = md_pubcert_load(store, group, name, spec, &creds->chain, p); if (APR_STATUS_IS_ENOENT(rv)) rv = APR_SUCCESS; leave: *pcreds = (APR_SUCCESS == rv)? creds : NULL; return rv; } apr_status_t md_creds_save(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, md_credentials_t *creds, int create) { apr_status_t rv; if (APR_SUCCESS != (rv = md_pkey_save(store, p, group, name, creds->spec, creds->pkey, create))) { goto leave; } rv = md_pubcert_save(store, p, group, name, creds->spec, creds->chain, create); leave: return rv; } typedef struct { md_store_t *store; md_store_group_t group; const char *pattern; const char *aspect; md_store_md_inspect *inspect; void *baton; } inspect_md_ctx; static int insp_md(void *baton, const char *name, const char *aspect, md_store_vtype_t vtype, void *value, apr_pool_t *ptemp) { inspect_md_ctx *ctx = baton; if (!strcmp(MD_FN_MD, aspect) && vtype == MD_SV_JSON) { md_t *md = md_from_json(value, ptemp); md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, ptemp, "inspecting md at: %s", name); return ctx->inspect(ctx->baton, ctx->store, md, ptemp); } return 1; } apr_status_t md_store_md_iter(md_store_md_inspect *inspect, void *baton, md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *pattern) { inspect_md_ctx ctx; ctx.store = store; ctx.group = group; ctx.inspect = inspect; ctx.baton = baton; return md_store_iter(insp_md, &ctx, store, p, group, pattern, MD_FN_MD, MD_SV_JSON); } apr_status_t md_store_lock_global(md_store_t *store, apr_pool_t *p, apr_time_t max_wait) { return store->lock_global(store, p, max_wait); } void md_store_unlock_global(md_store_t *store, apr_pool_t *p) { store->unlock_global(store, p); }