This graph shows which files directly or indirectly include this file:

Data Structures
struct	md_credentials_t

struct	md_store_t

Macros
#define	MD_FN_MD "md.json"

#define	MD_FN_JOB "job.json"

#define	MD_FN_HTTPD_JSON "httpd.json"

#define	MD_FN_PRIVKEY "privkey.pem"

#define	MD_FN_PUBCERT "pubcert.pem"

#define	MD_FN_CERT "cert.pem"

Typedefs
typedef struct md_store_t	md_store_t

typedef int	md_store_inspect(void baton, const char name, const char aspect, md_store_vtype_t vtype, void value, apr_pool_t *ptemp)

typedef int	md_store_md_inspect(void baton, md_store_t store, md_t md, apr_pool_t ptemp)

typedef struct md_credentials_t	md_credentials_t

typedef apr_status_t	md_store_load_cb(md_store_t store, md_store_group_t group, const char name, const char aspect, md_store_vtype_t vtype, void pvalue, apr_pool_t p)

typedef apr_status_t	md_store_save_cb(md_store_t store, apr_pool_t p, md_store_group_t group, const char name, const char aspect, md_store_vtype_t vtype, void *value, int create)

typedef apr_status_t	md_store_remove_cb(md_store_t store, md_store_group_t group, const char name, const char aspect, apr_pool_t p, int force)

typedef apr_status_t	md_store_purge_cb(md_store_t store, apr_pool_t p, md_store_group_t group, const char *name)

typedef apr_status_t	md_store_iter_cb(md_store_inspect inspect, void baton, md_store_t store, apr_pool_t p, md_store_group_t group, const char pattern, const char aspect, md_store_vtype_t vtype)

typedef apr_status_t	md_store_names_iter_cb(md_store_inspect inspect, void baton, md_store_t store, apr_pool_t p, md_store_group_t group, const char *pattern)

typedef apr_status_t	md_store_move_cb(md_store_t store, apr_pool_t p, md_store_group_t from, md_store_group_t to, const char *name, int archive)

typedef apr_status_t	md_store_rename_cb(md_store_t store, apr_pool_t p, md_store_group_t group, const char from, const char to)

typedef apr_status_t	md_store_get_fname_cb(const char *pfname, md_store_t store, md_store_group_t group, const char name, const char aspect, apr_pool_t *p)

typedef int	md_store_is_newer_cb(md_store_t store, md_store_group_t group1, md_store_group_t group2, const char name, const char aspect, apr_pool_t p)

typedef apr_time_t	md_store_get_modified_cb(md_store_t store, md_store_group_t group, const char name, const char aspect, apr_pool_t p)

typedef apr_status_t	md_store_remove_nms_cb(md_store_t store, apr_pool_t p, apr_time_t modified, md_store_group_t group, const char name, const char aspect)

typedef apr_status_t	md_store_lock_global_cb(md_store_t store, apr_pool_t p, apr_time_t max_wait)

typedef void	md_store_unlock_global_cb(md_store_t store, apr_pool_t p)

Enumerations
enum	md_store_vtype_t { MD_SV_TEXT , MD_SV_JSON , MD_SV_CERT , MD_SV_PKEY , MD_SV_CHAIN }

enum	md_store_group_t { MD_SG_NONE , MD_SG_ACCOUNTS , MD_SG_CHALLENGES , MD_SG_DOMAINS , MD_SG_STAGING , MD_SG_ARCHIVE , MD_SG_TMP , MD_SG_OCSP , MD_SG_COUNT }

Functions
const char *	md_store_group_name (unsigned int group)

apr_status_t	md_store_load_json (md_store_t store, md_store_group_t group, const char name, const char aspect, struct md_json_t pdata, apr_pool_t p)

apr_status_t	md_store_save_json (md_store_t store, apr_pool_t p, md_store_group_t group, const char name, const char aspect, struct md_json_t *data, int create)

apr_status_t	md_store_load (md_store_t store, md_store_group_t group, const char name, const char aspect, md_store_vtype_t vtype, void pdata, apr_pool_t p)

apr_status_t	md_store_save (md_store_t store, apr_pool_t p, md_store_group_t group, const char name, const char aspect, md_store_vtype_t vtype, void *data, int create)

apr_status_t	md_store_remove (md_store_t store, md_store_group_t group, const char name, const char aspect, apr_pool_t p, int force)

apr_status_t	md_store_purge (md_store_t store, apr_pool_t p, md_store_group_t group, const char *name)

apr_status_t	md_store_remove_not_modified_since (md_store_t store, apr_pool_t p, apr_time_t modified, md_store_group_t group, const char name, const char aspect)

apr_status_t	md_store_iter (md_store_inspect inspect, void baton, md_store_t store, apr_pool_t p, md_store_group_t group, const char pattern, const char aspect, md_store_vtype_t vtype)

apr_status_t	md_store_move (md_store_t store, apr_pool_t p, md_store_group_t from, md_store_group_t to, const char *name, int archive)

apr_status_t	md_store_rename (md_store_t store, apr_pool_t p, md_store_group_t group, const char name, const char to)

apr_status_t	md_store_get_fname (const char *pfname, md_store_t store, md_store_group_t group, const char name, const char aspect, apr_pool_t *p)

int	md_store_is_newer (md_store_t store, md_store_group_t group1, md_store_group_t group2, const char name, const char aspect, apr_pool_t p)

apr_status_t	md_store_iter_names (md_store_inspect inspect, void baton, md_store_t store, apr_pool_t p, md_store_group_t group, const char *pattern)

apr_time_t	md_store_get_modified (md_store_t store, md_store_group_t group, const char name, const char aspect, apr_pool_t p)

apr_status_t	md_store_lock_global (md_store_t store, apr_pool_t p, apr_time_t max_wait)

void	md_store_unlock_global (md_store_t store, apr_pool_t p)

apr_status_t	md_load (md_store_t store, md_store_group_t group, const char name, md_t *pmd, apr_pool_t p)

apr_status_t	md_save (struct md_store_t store, apr_pool_t p, md_store_group_t group, md_t *md, int create)

apr_status_t	md_remove (md_store_t store, apr_pool_t p, md_store_group_t group, const char *name, int force)

int	md_is_newer (md_store_t store, md_store_group_t group1, md_store_group_t group2, const char name, apr_pool_t *p)

apr_status_t	md_store_md_iter (md_store_md_inspect inspect, void baton, md_store_t store, apr_pool_t p, md_store_group_t group, const char *pattern)

const char *	md_pkey_filename (struct md_pkey_spec_t spec, apr_pool_t p)

const char *	md_chain_filename (struct md_pkey_spec_t spec, apr_pool_t p)

apr_status_t	md_pkey_load (md_store_t store, md_store_group_t group, const char name, struct md_pkey_spec_t spec, struct md_pkey_t ppkey, apr_pool_t p)

apr_status_t	md_pkey_save (md_store_t store, apr_pool_t p, md_store_group_t group, const char name, struct md_pkey_spec_t spec, struct md_pkey_t *pkey, int create)

apr_status_t	md_pubcert_load (md_store_t store, md_store_group_t group, const char name, struct md_pkey_spec_t spec, struct apr_array_header_t ppubcert, apr_pool_t p)

apr_status_t	md_pubcert_save (md_store_t store, apr_pool_t p, md_store_group_t group, const char name, struct md_pkey_spec_t spec, struct apr_array_header_t *pubcert, int create)

apr_status_t	md_creds_load (md_store_t store, md_store_group_t group, const char name, struct md_pkey_spec_t spec, md_credentials_t pcreds, apr_pool_t p)

apr_status_t	md_creds_save (md_store_t store, apr_pool_t p, md_store_group_t group, const char name, md_credentials_t creds, int create)

Macro Definition Documentation

◆ MD_FN_CERT

#define MD_FN_CERT "cert.pem"

◆ MD_FN_HTTPD_JSON

#define MD_FN_HTTPD_JSON "httpd.json"

◆ MD_FN_JOB

#define MD_FN_JOB "job.json"

◆ MD_FN_MD

#define MD_FN_MD "md.json"

◆ MD_FN_PRIVKEY

#define MD_FN_PRIVKEY "privkey.pem"

◆ MD_FN_PUBCERT

#define MD_FN_PUBCERT "pubcert.pem"

Typedef Documentation

◆ md_credentials_t

typedef struct md_credentials_t md_credentials_t

◆ md_store_get_fname_cb

typedef apr_status_t md_store_get_fname_cb(const char **pfname, md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p)

◆ md_store_get_modified_cb

typedef apr_time_t md_store_get_modified_cb(md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p)

◆ md_store_inspect

typedef int md_store_inspect(void *baton, const char *name, const char *aspect, md_store_vtype_t vtype, void *value, apr_pool_t *ptemp)

inspect callback function. Invoked for each matched value. Values allocated from ptemp may disappear any time after the call returned. If this function returns 0, the iteration is aborted.

◆ md_store_is_newer_cb

typedef int md_store_is_newer_cb(md_store_t *store, md_store_group_t group1, md_store_group_t group2, const char *name, const char *aspect, apr_pool_t *p)

◆ md_store_iter_cb

typedef apr_status_t md_store_iter_cb(md_store_inspect *inspect, void *baton, md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *pattern, const char *aspect, md_store_vtype_t vtype)

◆ md_store_load_cb

typedef apr_status_t md_store_load_cb(md_store_t *store, md_store_group_t group, const char *name, const char *aspect, md_store_vtype_t vtype, void **pvalue, apr_pool_t *p)

◆ md_store_lock_global_cb

typedef apr_status_t md_store_lock_global_cb(md_store_t *store, apr_pool_t *p, apr_time_t max_wait)

◆ md_store_md_inspect

typedef int md_store_md_inspect(void *baton, md_store_t *store, md_t *md, apr_pool_t *ptemp)

◆ md_store_move_cb

typedef apr_status_t md_store_move_cb(md_store_t *store, apr_pool_t *p, md_store_group_t from, md_store_group_t to, const char *name, int archive)

◆ md_store_names_iter_cb

typedef apr_status_t md_store_names_iter_cb(md_store_inspect *inspect, void *baton, md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *pattern)

◆ md_store_purge_cb

typedef apr_status_t md_store_purge_cb(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name)

◆ md_store_remove_cb

typedef apr_status_t md_store_remove_cb(md_store_t *store, md_store_group_t group, const char *name, const char *aspect, apr_pool_t *p, int force)

◆ md_store_remove_nms_cb

typedef apr_status_t md_store_remove_nms_cb(md_store_t *store, apr_pool_t *p, apr_time_t modified, md_store_group_t group, const char *name, const char *aspect)

◆ md_store_rename_cb

typedef apr_status_t md_store_rename_cb(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *from, const char *to)

◆ md_store_save_cb

typedef apr_status_t md_store_save_cb(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, const char *aspect, md_store_vtype_t vtype, void *value, int create)

◆ md_store_t

typedef struct md_store_t md_store_t

◆ md_store_unlock_global_cb

typedef void md_store_unlock_global_cb(md_store_t *store, apr_pool_t *p)

Enumeration Type Documentation

◆ md_store_group_t

enum md_store_group_t

Store storage groups

Enumerator
MD_SG_NONE
MD_SG_ACCOUNTS
MD_SG_CHALLENGES
MD_SG_DOMAINS
MD_SG_STAGING
MD_SG_ARCHIVE
MD_SG_TMP
MD_SG_OCSP
MD_SG_COUNT

◆ md_store_vtype_t

enum md_store_vtype_t

A store for domain related data.

The Key for a piece of data is the set of 3 items <group> + <domain> + <aspect>

Examples: "domains" + "greenbytes.de" + "pubcert.pem" "ocsp" + "greenbytes.de" + "ocsp-XXXXX.json"

Storage groups are pre-defined, domain and aspect names can be freely chosen.

Groups reflect use cases and come with security restrictions. The groups DOMAINS, ARCHIVE and NONE are only accessible during the startup phase of httpd.

Private key are stored unencrypted only in restricted groups. Meaning that certificate keys in group DOMAINS are not encrypted, but only readable at httpd start/reload. Keys in unrestricted groups are encrypted using a pass phrase generated once and stored in NONE. Value types handled by a store

Enumerator
MD_SV_TEXT
MD_SV_JSON
MD_SV_CERT
MD_SV_PKEY
MD_SV_CHAIN

Function Documentation

◆ md_chain_filename()

const char* md_chain_filename	(	struct md_pkey_spec_t *	spec,
		apr_pool_t *	p
	)

◆ md_creds_load()

apr_status_t md_creds_load	(	md_store_t *	store,
		md_store_group_t	group,
		const char *	name,
		struct md_pkey_spec_t *	spec,
		md_credentials_t **	pcreds,
		apr_pool_t *	p
	)

◆ md_creds_save()

apr_status_t md_creds_save	(	md_store_t *	store,
		apr_pool_t *	p,
		md_store_group_t	group,
		const char *	name,
		md_credentials_t *	creds,
		int	create
	)

◆ md_is_newer()

int md_is_newer	(	md_store_t *	store,
		md_store_group_t	group1,
		md_store_group_t	group2,
		const char *	name,
		apr_pool_t *	p
	)

◆ md_load()

apr_status_t md_load	(	md_store_t *	store,
		md_store_group_t	group,
		const char *	name,
		md_t **	pmd,
		apr_pool_t *	p
	)

◆ md_pkey_filename()

const char* md_pkey_filename	(	struct md_pkey_spec_t *	spec,
		apr_pool_t *	p
	)

◆ md_pkey_load()

apr_status_t md_pkey_load	(	md_store_t *	store,
		md_store_group_t	group,
		const char *	name,
		struct md_pkey_spec_t *	spec,
		struct md_pkey_t **	ppkey,
		apr_pool_t *	p
	)

◆ md_pkey_save()

apr_status_t md_pkey_save	(	md_store_t *	store,
		apr_pool_t *	p,
		md_store_group_t	group,
		const char *	name,
		struct md_pkey_spec_t *	spec,
		struct md_pkey_t *	pkey,
		int	create
	)

◆ md_pubcert_load()

apr_status_t md_pubcert_load	(	md_store_t *	store,
		md_store_group_t	group,
		const char *	name,
		struct md_pkey_spec_t *	spec,
		struct apr_array_header_t **	ppubcert,
		apr_pool_t *	p
	)

◆ md_pubcert_save()

apr_status_t md_pubcert_save	(	md_store_t *	store,
		apr_pool_t *	p,
		md_store_group_t	group,
		const char *	name,
		struct md_pkey_spec_t *	spec,
		struct apr_array_header_t *	pubcert,
		int	create
	)

◆ md_remove()

apr_status_t md_remove	(	md_store_t *	store,
		apr_pool_t *	p,
		md_store_group_t	group,
		const char *	name,
		int	force
	)

◆ md_save()

apr_status_t md_save	(	struct md_store_t *	store,
		apr_pool_t *	p,
		md_store_group_t	group,
		md_t *	md,
		int	create
	)

◆ md_store_get_fname()

apr_status_t md_store_get_fname	(	const char **	pfname,
		md_store_t *	store,
		md_store_group_t	group,
		const char *	name,
		const char *	aspect,
		apr_pool_t *	p
	)

Get the filename of an item stored in "group/name/aspect". The item does not have to exist.

◆ md_store_get_modified()

apr_time_t md_store_get_modified	(	md_store_t *	store,
		md_store_group_t	group,
		const char *	name,
		const char *	aspect,
		apr_pool_t *	p
	)

Get the modification time of the item store under "group/name/aspect".

Returns: modification time or 0 if the item does not exist.

◆ md_store_group_name()

const char* md_store_group_name ( unsigned int group )

◆ md_store_is_newer()

int md_store_is_newer	(	md_store_t *	store,
		md_store_group_t	group1,
		md_store_group_t	group2,
		const char *	name,
		const char *	aspect,
		apr_pool_t *	p
	)

Make a compare on the modification time of "group1/name/aspect" vs. "group2/name/aspect".

◆ md_store_iter()

apr_status_t md_store_iter	(	md_store_inspect *	inspect,
		void *	baton,
		md_store_t *	store,
		apr_pool_t *	p,
		md_store_group_t	group,
		const char *	pattern,
		const char *	aspect,
		md_store_vtype_t	vtype
	)

Iterator over all existing values matching the name pattern. Patterns are evaluated using apr_fnmatch() without flags.

◆ md_store_iter_names()

apr_status_t md_store_iter_names	(	md_store_inspect *	inspect,
		void *	baton,
		md_store_t *	store,
		apr_pool_t *	p,
		md_store_group_t	group,
		const char *	pattern
	)

Iterate over all names that exist in a group, e.g. there are items matching "group/pattern". The inspect function is called with the name and NULL aspect and value.

◆ md_store_load()

apr_status_t md_store_load	(	md_store_t *	store,
		md_store_group_t	group,
		const char *	name,
		const char *	aspect,
		md_store_vtype_t	vtype,
		void **	pdata,
		apr_pool_t *	p
	)

Load the value of type at key "group/name/aspect", allocated from pool p. Usually, the type is expected to be the same as used in saving the value. Some conversions will work, others will fail the format.

Returns: APR_ENOENT if there is no such value

◆ md_store_load_json()

apr_status_t md_store_load_json	(	md_store_t *	store,
		md_store_group_t	group,
		const char *	name,
		const char *	aspect,
		struct md_json_t **	pdata,
		apr_pool_t *	p
	)

Load the JSON value at key "group/name/aspect", allocated from pool p.

Returns: APR_ENOENT if there is no such value

◆ md_store_lock_global()

apr_status_t md_store_lock_global	(	md_store_t *	store,
		apr_pool_t *	p,
		apr_time_t	max_wait
	)

Acquire a cooperative, global lock on store modifications.

This will only prevent other children/processes/cluster nodes from doing the same and does not protect individual store functions from being called without it.

Parameters

store	the store
p	memory pool to use
max_wait	maximum time to wait in order to acquire

Returns: APR_SUCCESS when lock was obtained

◆ md_store_md_iter()

apr_status_t md_store_md_iter	(	md_store_md_inspect *	inspect,
		void *	baton,
		md_store_t *	store,
		apr_pool_t *	p,
		md_store_group_t	group,
		const char *	pattern
	)

◆ md_store_move()

apr_status_t md_store_move	(	md_store_t *	store,
		apr_pool_t *	p,
		md_store_group_t	from,
		md_store_group_t	to,
		const char *	name,
		int	archive
	)

Move everything matching key "from/name" from one group to another. If archive != 0, move any existing "to/name" into a new "archive/new_name" location.

◆ md_store_purge()

apr_status_t md_store_purge	(	md_store_t *	store,
		apr_pool_t *	p,
		md_store_group_t	group,
		const char *	name
	)

Remove everything matching key "group/name".

◆ md_store_remove()

apr_status_t md_store_remove	(	md_store_t *	store,
		md_store_group_t	group,
		const char *	name,
		const char *	aspect,
		apr_pool_t *	p,
		int	force
	)

Remove the value stored at key "group/name/aspect". Unless force != 0, a missing value will cause the call to fail with APR_ENOENT.

◆ md_store_remove_not_modified_since()

apr_status_t md_store_remove_not_modified_since	(	md_store_t *	store,
		apr_pool_t *	p,
		apr_time_t	modified,
		md_store_group_t	group,
		const char *	name,
		const char *	aspect
	)

Remove all items matching the name/aspect patterns that have not been modified since the given timestamp.

◆ md_store_rename()

apr_status_t md_store_rename	(	md_store_t *	store,
		apr_pool_t *	p,
		md_store_group_t	group,
		const char *	name,
		const char *	to
	)

Rename a group member.

◆ md_store_save()

apr_status_t md_store_save	(	md_store_t *	store,
		apr_pool_t *	p,
		md_store_group_t	group,
		const char *	name,
		const char *	aspect,
		md_store_vtype_t	vtype,
		void *	data,
		int	create
	)

Save the JSON value at key "group/name/aspect". If create != 0, fail if there already is a value for this key. The provided data MUST be of the correct type.

◆ md_store_save_json()

apr_status_t md_store_save_json	(	md_store_t *	store,
		apr_pool_t *	p,
		md_store_group_t	group,
		const char *	name,
		const char *	aspect,
		struct md_json_t *	data,
		int	create
	)

Save the JSON value at key "group/name/aspect". If create != 0, fail if there already is a value for this key.

◆ md_store_unlock_global()

void md_store_unlock_global	(	md_store_t *	store,
		apr_pool_t *	p
	)

Realease the global store lock. Will do nothing if there is no lock.

Data Structures

Macros

Typedefs

Enumerations

Functions