xref: /openbsd-src/usr.sbin/acme-client/extern.h (revision 99fd087599a8791921855f21bd7e36130f39aadc) 
1 /*	$Id: extern.h,v 1.17 2020/02/07 14:34:15 florian Exp $ */
2 /*
3  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 #ifndef EXTERN_H
18 #define EXTERN_H
19 
20 #include "parse.h"
21 
22 #define MAX_SERVERS_DNS 8
23 
24 #ifndef nitems
25 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
26 #endif
27 
28 /*
29  * Requests to and from acctproc.
30  */
31 enum	acctop {
32 	ACCT_STOP = 0,
33 	ACCT_READY,
34 	ACCT_SIGN,
35 	ACCT_KID_SIGN,
36 	ACCT_THUMBPRINT,
37 	ACCT__MAX
38 };
39 
40 /*
41  * Requests to and from chngproc.
42  */
43 enum	chngop {
44 	CHNG_STOP = 0,
45 	CHNG_SYN,
46 	CHNG_ACK,
47 	CHNG__MAX
48 };
49 
50 /*
51  * Requests to keyproc.
52  */
53 enum	keyop {
54 	KEY_STOP = 0,
55 	KEY_READY,
56 	KEY__MAX
57 };
58 
59 /*
60  * Requests to certproc.
61  */
62 enum	certop {
63 	CERT_STOP = 0,
64 	CERT_REVOKE,
65 	CERT_UPDATE,
66 	CERT__MAX
67 };
68 
69 /*
70  * Requests to fileproc.
71  */
72 enum	fileop {
73 	FILE_STOP = 0,
74 	FILE_REMOVE,
75 	FILE_CREATE,
76 	FILE__MAX
77 };
78 
79 /*
80  * Requests to dnsproc.
81  */
82 enum	dnsop {
83 	DNS_STOP = 0,
84 	DNS_LOOKUP,
85 	DNS__MAX
86 };
87 
88 enum	revokeop {
89 	REVOKE_STOP = 0,
90 	REVOKE_CHECK,
91 	REVOKE_EXP,
92 	REVOKE_OK,
93 	REVOKE__MAX
94 };
95 
96 /*
97  * Our components.
98  * Each one of these is in a separated, isolated process.
99  */
100 enum	comp {
101 	COMP_NET, /* network-facing (to ACME) */
102 	COMP_KEY, /* handles domain keys */
103 	COMP_CERT, /* handles domain certificates */
104 	COMP_ACCOUNT, /* handles account key */
105 	COMP_CHALLENGE, /* handles challenges */
106 	COMP_FILE, /* handles writing certs */
107 	COMP_DNS, /* handles DNS lookups */
108 	COMP_REVOKE, /* checks X509 expiration */
109 	COMP__MAX
110 };
111 
112 /*
113  * Inter-process communication labels.
114  * This is purely for looking at debugging.
115  */
116 enum	comm {
117 	COMM_REQ,
118 	COMM_THUMB,
119 	COMM_CERT,
120 	COMM_PAY,
121 	COMM_NONCE,
122 	COMM_KID,
123 	COMM_URL,
124 	COMM_TOK,
125 	COMM_CHNG_OP,
126 	COMM_CHNG_ACK,
127 	COMM_ACCT,
128 	COMM_ACCT_STAT,
129 	COMM_CSR,
130 	COMM_CSR_OP,
131 	COMM_ISSUER,
132 	COMM_CHAIN,
133 	COMM_CHAIN_OP,
134 	COMM_DNS,
135 	COMM_DNSQ,
136 	COMM_DNSA,
137 	COMM_DNSF,
138 	COMM_DNSLEN,
139 	COMM_KEY_STAT,
140 	COMM_REVOKE_OP,
141 	COMM_REVOKE_CHECK,
142 	COMM_REVOKE_RESP,
143 	COMM__MAX
144 };
145 
146 /*
147  * This contains the URI and token of an ACME-issued challenge.
148  * A challenge consists of a token, which we must present on the
149  * (presumably!) local machine to an ACME connection; and a URI, to
150  * which we must connect to verify the token.
151  */
152 enum	chngstatus {
153 	CHNG_INVALID = -1,
154 	CHNG_PENDING = 0,
155 	CHNG_PROCESSING = 1,
156 	CHNG_VALID = 2
157 };
158 
159 struct	chng {
160 	char		*uri; /* uri on ACME server */
161 	char		*token; /* token we must offer */
162 	size_t		 retry; /* how many times have we tried */
163 	enum chngstatus	 status; /* challenge accepted? */
164 };
165 
166 enum	orderstatus {
167 	ORDER_INVALID = -1,
168 	ORDER_PENDING = 0,
169 	ORDER_READY = 1,
170 	ORDER_PROCESSING = 2,
171 	ORDER_VALID = 3
172 };
173 
174 struct	order {
175 	char			*uri;		/* uri of the order request */
176 	char			*finalize;	/* finalize uri */
177 	char			*certificate;	/* uri for issued certificate */
178 	enum orderstatus	 status;	/* status of order */
179 	char			**auths;	/* authorization uris */
180 	size_t			 authsz;
181 };
182 
183 /*
184  * This consists of the services offered by the CA.
185  * They must all be filled in.
186  */
187 struct	capaths {
188 	char		*newaccount;	/* new acme account */
189 	char		*newnonce;	/* new nonce */
190 	char		*neworder;	/* order new certificate */
191 	char		*revokecert; /* revoke certificate */
192 };
193 
194 struct	jsmnn;
195 
196 __BEGIN_DECLS
197 
198 /*
199  * Start with our components.
200  * These are all isolated and talk to each other using sockets.
201  */
202 int		 acctproc(int, const char *, enum keytype);
203 int		 certproc(int, int);
204 int		 chngproc(int, const char *);
205 int		 dnsproc(int);
206 int		 revokeproc(int, const char *, int, int, const char *const *,
207 			size_t);
208 int		 fileproc(int, const char *, const char *, const char *,
209 			const char *);
210 int		 keyproc(int, const char *, const char **, size_t,
211 			enum keytype);
212 int		 netproc(int, int, int, int, int, int, int,
213 			struct authority_c *, const char *const *,
214 			size_t);
215 
216 /*
217  * Debugging functions.
218  * These just route to warnx according to the verbosity.
219  */
220 void		 dodbg(const char *, ...)
221 			__attribute__((format(printf, 1, 2)));
222 void		 doddbg(const char *, ...)
223 			__attribute__((format(printf, 1, 2)));
224 
225 /*
226  * Read and write things from the wire.
227  * The readers behave differently with respect to EOF.
228  */
229 long		 readop(int, enum comm);
230 char		*readbuf(int, enum comm, size_t *);
231 char		*readstr(int, enum comm);
232 int		 writebuf(int, enum comm, const void *, size_t);
233 int		 writestr(int, enum comm, const char *);
234 int		 writeop(int, enum comm, long);
235 
236 int		 checkexit(pid_t, enum comp);
237 int		 checkexit_ext(int *, pid_t, enum comp);
238 
239 /*
240  * Base64 and URL encoding.
241  * Returns a buffer or NULL on allocation error.
242  */
243 size_t		 base64buf(char *, const char *, size_t);
244 size_t		 base64len(size_t);
245 char		*base64buf_url(const char *, size_t);
246 
247 /*
248  * JSON parsing routines.
249  * Keep this all in on place, though it's only used by one file.
250  */
251 struct jsmnn	*json_parse(const char *, size_t);
252 void		 json_free(struct jsmnn *);
253 int		 json_parse_response(struct jsmnn *);
254 void		 json_free_challenge(struct chng *);
255 int		 json_parse_challenge(struct jsmnn *, struct chng *);
256 void		 json_free_order(struct order *);
257 int		 json_parse_order(struct jsmnn *, struct order *);
258 int		 json_parse_upd_order(struct jsmnn *, struct order *);
259 void		 json_free_capaths(struct capaths *);
260 int		 json_parse_capaths(struct jsmnn *, struct capaths *);
261 
262 char		*json_fmt_newcert(const char *);
263 char		*json_fmt_chkacc(void);
264 char		*json_fmt_newacc(void);
265 char		*json_fmt_neworder(const char *const *, size_t);
266 char		*json_fmt_protected_rsa(const char *,
267 			const char *, const char *, const char *);
268 char		*json_fmt_protected_ec(const char *, const char *, const char *,
269 			const char *);
270 char		*json_fmt_protected_kid(const char*, const char *, const char *,
271 			const char *);
272 char		*json_fmt_revokecert(const char *);
273 char		*json_fmt_thumb_rsa(const char *, const char *);
274 char		*json_fmt_thumb_ec(const char *, const char *);
275 char		*json_fmt_signed(const char *, const char *, const char *);
276 
277 /*
278  * Should we print debugging messages?
279  */
280 extern int	 verbose;
281 
282 /*
283  * What component is the process within (COMP__MAX for none)?
284  */
285 extern enum comp proccomp;
286 
287 __END_DECLS
288 
289 #endif /* ! EXTERN_H */
290