xref: /openbsd-src/usr.sbin/acme-client/extern.h (revision f2da64fbbbf1b03f09f390ab01267c93dfd77c4c) 
1 /*	$Id: extern.h,v 1.5 2016/09/01 12:17:00 florian Exp $ */
2 /*
3  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 #ifndef EXTERN_H
18 #define EXTERN_H
19 
20 #define MAX_SERVERS_DNS 8
21 
22 #define	CERT_PEM "cert.pem"
23 #define	CERT_BAK "cert.pem~"
24 #define	CHAIN_PEM "chain.pem"
25 #define	CHAIN_BAK "chain.pem~"
26 #define	FCHAIN_PEM "fullchain.pem"
27 #define	FCHAIN_BAK "fullchain.pem~"
28 
29 #ifndef nitems
30 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
31 #endif
32 
33 /*
34  * Requests to and from acctproc.
35  */
36 enum	acctop {
37 	ACCT_STOP = 0,
38 	ACCT_READY,
39 	ACCT_SIGN,
40 	ACCT_THUMBPRINT,
41 	ACCT__MAX
42 };
43 
44 /*
45  * Requests to and from chngproc.
46  */
47 enum	chngop {
48 	CHNG_STOP = 0,
49 	CHNG_SYN,
50 	CHNG_ACK,
51 	CHNG__MAX
52 };
53 
54 /*
55  * Requests to keyproc.
56  */
57 enum	keyop {
58 	KEY_STOP = 0,
59 	KEY_READY,
60 	KEY__MAX
61 };
62 
63 /*
64  * Requests to certproc.
65  */
66 enum	certop {
67 	CERT_STOP = 0,
68 	CERT_REVOKE,
69 	CERT_UPDATE,
70 	CERT__MAX
71 };
72 
73 /*
74  * Requests to fileproc.
75  */
76 enum	fileop {
77 	FILE_STOP = 0,
78 	FILE_REMOVE,
79 	FILE_CREATE,
80 	FILE__MAX
81 };
82 
83 /*
84  * Requests to dnsproc.
85  */
86 enum	dnsop {
87 	DNS_STOP = 0,
88 	DNS_LOOKUP,
89 	DNS__MAX
90 };
91 
92 enum	revokeop {
93 	REVOKE_STOP = 0,
94 	REVOKE_CHECK,
95 	REVOKE_EXP,
96 	REVOKE_OK,
97 	REVOKE__MAX
98 };
99 
100 /*
101  * Our components.
102  * Each one of these is in a separated, isolated process.
103  */
104 enum	comp {
105 	COMP_NET, /* network-facing (to ACME) */
106 	COMP_KEY, /* handles domain keys */
107 	COMP_CERT, /* handles domain certificates */
108 	COMP_ACCOUNT, /* handles account key */
109 	COMP_CHALLENGE, /* handles challenges */
110 	COMP_FILE, /* handles writing certs */
111 	COMP_DNS, /* handles DNS lookups */
112 	COMP_REVOKE, /* checks X509 expiration */
113 	COMP__MAX
114 };
115 
116 /*
117  * Inter-process communication labels.
118  * This is purely for looking at debugging.
119  */
120 enum	comm {
121 	COMM_REQ,
122 	COMM_THUMB,
123 	COMM_CERT,
124 	COMM_PAY,
125 	COMM_NONCE,
126 	COMM_TOK,
127 	COMM_CHNG_OP,
128 	COMM_CHNG_ACK,
129 	COMM_ACCT,
130 	COMM_ACCT_STAT,
131 	COMM_CSR,
132 	COMM_CSR_OP,
133 	COMM_ISSUER,
134 	COMM_CHAIN,
135 	COMM_CHAIN_OP,
136 	COMM_DNS,
137 	COMM_DNSQ,
138 	COMM_DNSA,
139 	COMM_DNSF,
140 	COMM_DNSLEN,
141 	COMM_KEY_STAT,
142 	COMM_REVOKE_OP,
143 	COMM_REVOKE_CHECK,
144 	COMM_REVOKE_RESP,
145 	COMM__MAX
146 };
147 
148 struct authority {
149 	char	*name;
150 	char	*agreement;
151 	char	*caurl;
152 };
153 
154 extern struct authority authorities[];
155 
156 /*
157  * This contains the URI and token of an ACME-issued challenge.
158  * A challenge consists of a token, which we must present on the
159  * (presumably!) local machine to an ACME connection; and a URI, to
160  * which we must connect to verify the token.
161  */
162 struct	chng {
163 	char		*uri; /* uri on ACME server */
164 	char		*token; /* token we must offer */
165 	size_t		 retry; /* how many times have we tried */
166 	int		 status; /* challenge accepted? */
167 };
168 
169 /*
170  * This consists of the services offered by the CA.
171  * They must all be filled in.
172  */
173 struct	capaths {
174 	char		*newauthz; /* new authorisation */
175 	char		*newcert;  /* sign certificate */
176 	char		*newreg; /* new acme account */
177 	char		*revokecert; /* revoke certificate */
178 };
179 
180 struct	jsmnn;
181 
182 __BEGIN_DECLS
183 
184 /*
185  * Start with our components.
186  * These are all isolated and talk to each other using sockets.
187  */
188 int		 acctproc(int, const char *, int);
189 int		 certproc(int, int);
190 int		 chngproc(int, const char *, int);
191 int		 dnsproc(int);
192 int		 revokeproc(int, const char *,
193 			int, int, const char *const *, size_t);
194 int		 fileproc(int, int, const char *);
195 int		 keyproc(int, const char *,
196 			const char **, size_t, int);
197 int		 netproc(int, int, int, int, int, int, int, int, int,
198 			const char *const *, size_t, const char *);
199 
200 /*
201  * Debugging functions.
202  * These just route to warnx according to the verbosity.
203  */
204 void		 dodbg(const char *, ...)
205 			__attribute__((format(printf, 1, 2)));
206 void		 doddbg(const char *, ...)
207 			__attribute__((format(printf, 1, 2)));
208 
209 /*
210  * Read and write things from the wire.
211  * The readers behave differently with respect to EOF.
212  */
213 long		 readop(int, enum comm);
214 char		*readbuf(int, enum comm, size_t *);
215 char		*readstr(int, enum comm);
216 int		 writebuf(int, enum comm, const void *, size_t);
217 int		 writestr(int, enum comm, const char *);
218 int		 writeop(int, enum comm, long);
219 
220 int		 checkexit(pid_t, enum comp);
221 int		 checkexit_ext(int *, pid_t, enum comp);
222 
223 /*
224  * Base64 and URL encoding.
225  * Returns a buffer or NULL on allocation error.
226  */
227 size_t		 base64buf(char *, const char *, size_t);
228 size_t		 base64len(size_t);
229 char		*base64buf_url(const char *, size_t);
230 
231 /*
232  * JSON parsing routines.
233  * Keep this all in on place, though it's only used by one file.
234  */
235 struct jsmnn	*json_parse(const char *, size_t);
236 void		 json_free(struct jsmnn *);
237 int		 json_parse_response(struct jsmnn *);
238 void		 json_free_challenge(struct chng *);
239 int		 json_parse_challenge(struct jsmnn *, struct chng *);
240 void		 json_free_capaths(struct capaths *);
241 int		 json_parse_capaths(struct jsmnn *, struct capaths *);
242 
243 char		*json_fmt_challenge(const char *, const char *);
244 char		*json_fmt_newauthz(const char *);
245 char		*json_fmt_newcert(const char *);
246 char		*json_fmt_newreg(const char *);
247 char		*json_fmt_protected_rsa(const char *,
248 			const char *, const char *);
249 char		*json_fmt_revokecert(const char *);
250 char		*json_fmt_header_rsa(const char *, const char *);
251 char		*json_fmt_thumb_rsa(const char *, const char *);
252 char		*json_fmt_signed(const char *,
253 			const char *, const char *, const char *);
254 
255 /*
256  * Should we print debugging messages?
257  */
258 int		 verbose;
259 
260 /*
261  * What component is the process within (COMP__MAX for none)?
262  */
263 enum comp	 proccomp;
264 
265 __END_DECLS
266 
267 #endif /* ! EXTERN_H */
268