xref: /openbsd/usr.sbin/acme-client/extern.h (revision ce7279d8) 
1 /*	$Id: extern.h,v 1.21 2024/05/21 05:00:48 jsg Exp $ */
2 /*
3  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 #ifndef EXTERN_H
18 #define EXTERN_H
19 
20 #include "parse.h"
21 
22 #define MAX_SERVERS_DNS 8
23 
24 #ifndef nitems
25 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
26 #endif
27 
28 /*
29  * Requests to and from acctproc.
30  */
31 enum	acctop {
32 	ACCT_STOP = 0,
33 	ACCT_READY,
34 	ACCT_SIGN,
35 	ACCT_KID_SIGN,
36 	ACCT_THUMBPRINT,
37 	ACCT__MAX
38 };
39 
40 /*
41  * Requests to and from chngproc.
42  */
43 enum	chngop {
44 	CHNG_STOP = 0,
45 	CHNG_SYN,
46 	CHNG_ACK,
47 	CHNG__MAX
48 };
49 
50 /*
51  * Requests to keyproc.
52  */
53 enum	keyop {
54 	KEY_STOP = 0,
55 	KEY_READY,
56 	KEY__MAX
57 };
58 
59 /*
60  * Requests to certproc.
61  */
62 enum	certop {
63 	CERT_STOP = 0,
64 	CERT_REVOKE,
65 	CERT_UPDATE,
66 	CERT__MAX
67 };
68 
69 /*
70  * Requests to fileproc.
71  */
72 enum	fileop {
73 	FILE_STOP = 0,
74 	FILE_REMOVE,
75 	FILE_CREATE,
76 	FILE__MAX
77 };
78 
79 /*
80  * Requests to dnsproc.
81  */
82 enum	dnsop {
83 	DNS_STOP = 0,
84 	DNS_LOOKUP,
85 	DNS__MAX
86 };
87 
88 enum	revokeop {
89 	REVOKE_STOP = 0,
90 	REVOKE_CHECK,
91 	REVOKE_EXP,
92 	REVOKE_OK,
93 	REVOKE__MAX
94 };
95 
96 /*
97  * Our components.
98  * Each one of these is in a separated, isolated process.
99  */
100 enum	comp {
101 	COMP_NET, /* network-facing (to ACME) */
102 	COMP_KEY, /* handles domain keys */
103 	COMP_CERT, /* handles domain certificates */
104 	COMP_ACCOUNT, /* handles account key */
105 	COMP_CHALLENGE, /* handles challenges */
106 	COMP_FILE, /* handles writing certs */
107 	COMP_DNS, /* handles DNS lookups */
108 	COMP_REVOKE, /* checks X509 expiration */
109 	COMP__MAX
110 };
111 
112 /*
113  * Inter-process communication labels.
114  * This is purely for looking at debugging.
115  */
116 enum	comm {
117 	COMM_REQ,
118 	COMM_THUMB,
119 	COMM_CERT,
120 	COMM_PAY,
121 	COMM_NONCE,
122 	COMM_KID,
123 	COMM_URL,
124 	COMM_TOK,
125 	COMM_CHNG_OP,
126 	COMM_CHNG_ACK,
127 	COMM_ACCT,
128 	COMM_ACCT_STAT,
129 	COMM_CSR,
130 	COMM_CSR_OP,
131 	COMM_ISSUER,
132 	COMM_CHAIN,
133 	COMM_CHAIN_OP,
134 	COMM_DNS,
135 	COMM_DNSQ,
136 	COMM_DNSA,
137 	COMM_DNSF,
138 	COMM_DNSLEN,
139 	COMM_KEY_STAT,
140 	COMM_REVOKE_OP,
141 	COMM_REVOKE_CHECK,
142 	COMM_REVOKE_RESP,
143 	COMM__MAX
144 };
145 
146 /*
147  * This contains the URI and token of an ACME-issued challenge.
148  * A challenge consists of a token, which we must present on the
149  * (presumably!) local machine to an ACME connection; and a URI, to
150  * which we must connect to verify the token.
151  */
152 enum	chngstatus {
153 	CHNG_INVALID = -1,
154 	CHNG_PENDING = 0,
155 	CHNG_PROCESSING = 1,
156 	CHNG_VALID = 2
157 };
158 
159 struct	chng {
160 	char		*uri; /* uri on ACME server */
161 	char		*token; /* token we must offer */
162 	char		*error; /* "detail" field in case of error */
163 	size_t		 retry; /* how many times have we tried */
164 	enum chngstatus	 status; /* challenge accepted? */
165 };
166 
167 enum	orderstatus {
168 	ORDER_INVALID = -1,
169 	ORDER_PENDING = 0,
170 	ORDER_READY = 1,
171 	ORDER_PROCESSING = 2,
172 	ORDER_VALID = 3
173 };
174 
175 struct	order {
176 	char			*uri;		/* uri of the order request */
177 	char			*finalize;	/* finalize uri */
178 	char			*certificate;	/* uri for issued certificate */
179 	enum orderstatus	 status;	/* status of order */
180 	char			**auths;	/* authorization uris */
181 	size_t			 authsz;
182 };
183 
184 /*
185  * This consists of the services offered by the CA.
186  * They must all be filled in.
187  */
188 struct	capaths {
189 	char		*newaccount;	/* new acme account */
190 	char		*newnonce;	/* new nonce */
191 	char		*neworder;	/* order new certificate */
192 	char		*revokecert; /* revoke certificate */
193 };
194 
195 struct	jsmnn;
196 
197 __BEGIN_DECLS
198 
199 /*
200  * Start with our components.
201  * These are all isolated and talk to each other using sockets.
202  */
203 int		 acctproc(int, const char *, enum keytype);
204 int		 certproc(int, int);
205 int		 chngproc(int, const char *);
206 int		 dnsproc(int);
207 int		 revokeproc(int, const char *, int, int, const char *const *,
208 			size_t);
209 int		 fileproc(int, const char *, const char *, const char *,
210 			const char *);
211 int		 keyproc(int, const char *, const char **, size_t,
212 			enum keytype);
213 int		 netproc(int, int, int, int, int, int, int,
214 			struct authority_c *, const char *const *,
215 			size_t);
216 
217 /*
218  * Debugging functions.
219  * These just route to warnx according to the verbosity.
220  */
221 void		 dodbg(const char *, ...)
222 			__attribute__((format(printf, 1, 2)));
223 void		 doddbg(const char *, ...)
224 			__attribute__((format(printf, 1, 2)));
225 
226 /*
227  * Read and write things from the wire.
228  * The readers behave differently with respect to EOF.
229  */
230 long		 readop(int, enum comm);
231 char		*readbuf(int, enum comm, size_t *);
232 char		*readstr(int, enum comm);
233 int		 writebuf(int, enum comm, const void *, size_t);
234 int		 writestr(int, enum comm, const char *);
235 int		 writeop(int, enum comm, long);
236 
237 int		 checkexit(pid_t, enum comp);
238 int		 checkexit_ext(int *, pid_t, enum comp);
239 
240 /*
241  * Base64 and URL encoding.
242  * Returns a buffer or NULL on allocation error.
243  */
244 size_t		 base64len(size_t);
245 char		*base64buf_url(const char *, size_t);
246 
247 /*
248  * JSON parsing routines.
249  * Keep this all in on place, though it's only used by one file.
250  */
251 struct jsmnn	*json_parse(const char *, size_t);
252 void		 json_free(struct jsmnn *);
253 int		 json_parse_response(struct jsmnn *);
254 void		 json_free_challenge(struct chng *);
255 int		 json_parse_challenge(struct jsmnn *, struct chng *);
256 void		 json_free_order(struct order *);
257 int		 json_parse_order(struct jsmnn *, struct order *);
258 int		 json_parse_upd_order(struct jsmnn *, struct order *);
259 void		 json_free_capaths(struct capaths *);
260 int		 json_parse_capaths(struct jsmnn *, struct capaths *);
261 char		*json_getstr(struct jsmnn *, const char *);
262 
263 char		*json_fmt_newcert(const char *);
264 char		*json_fmt_chkacc(void);
265 char		*json_fmt_newacc(const char *);
266 char		*json_fmt_neworder(const char *const *, size_t);
267 char		*json_fmt_protected_rsa(const char *,
268 			const char *, const char *, const char *);
269 char		*json_fmt_protected_ec(const char *, const char *, const char *,
270 			const char *);
271 char		*json_fmt_protected_kid(const char*, const char *, const char *,
272 			const char *);
273 char		*json_fmt_revokecert(const char *);
274 char		*json_fmt_thumb_rsa(const char *, const char *);
275 char		*json_fmt_thumb_ec(const char *, const char *);
276 char		*json_fmt_signed(const char *, const char *, const char *);
277 
278 /*
279  * Should we print debugging messages?
280  */
281 extern int	 verbose;
282 
283 /*
284  * What component is the process within (COMP__MAX for none)?
285  */
286 extern enum comp proccomp;
287 
288 __END_DECLS
289 
290 #endif /* ! EXTERN_H */
291