/* Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License.
*/
/** * A store for domain related data. * * The Key for a piece of data is the set of 3 items * <group> + <domain> + <aspect> * * Examples: * "domains" + "greenbytes.de" + "pubcert.pem" * "ocsp" + "greenbytes.de" + "ocsp-XXXXX.json" * * Storage groups are pre-defined, domain and aspect names can be freely chosen. * * Groups reflect use cases and come with security restrictions. The groups * DOMAINS, ARCHIVE and NONE are only accessible during the startup * phase of httpd. * * Private key are stored unencrypted only in restricted groups. Meaning that certificate * keys in group DOMAINS are not encrypted, but only readable at httpd start/reload. * Keys in unrestricted groups are encrypted using a pass phrase generated once and stored * in NONE.
*/
/** Value types handled by a store */ typedefenum {
MD_SV_TEXT, /* plain text, value is (char*) */
MD_SV_JSON, /* JSON serialization, value is (md_json_t*) */
MD_SV_CERT, /* PEM x509 certificate, value is (md_cert_t*) */
MD_SV_PKEY, /* PEM private key, value is (md_pkey_t*) */
MD_SV_CHAIN, /* list of PEM x509 certificates, value is
(apr_array_header_t*) of (md_cert*) */
} md_store_vtype_t;
/** Store storage groups */ typedefenum {
MD_SG_NONE, /* top level of store, name MUST be NULL in calls */
MD_SG_ACCOUNTS, /* ACME accounts */
MD_SG_CHALLENGES, /* challenge response data for a domain */
MD_SG_DOMAINS, /* live certificates and settings for a domain */
MD_SG_STAGING, /* staged set of certificate and settings, maybe incomplete */
MD_SG_ARCHIVE, /* Archived live sets of a domain */
MD_SG_TMP, /* temporary domain storage */
MD_SG_OCSP, /* OCSP stapling related domain data */
MD_SG_COUNT, /* number of storage groups, used in setups */
} md_store_group_t;
/* The corresponding names for current cert & key files are constructed * in md_store and md_crypt.
*/
/* These three legacy filenames are only used in md_store_fs to * upgrade 1.0 directories. They should not be used for any other * purpose.
*/ #define MD_FN_PRIVKEY "privkey.pem" #define MD_FN_PUBCERT "pubcert.pem" #define MD_FN_CERT "cert.pem"
/** * Load the JSON value at key "group/name/aspect", allocated from pool p. * @return APR_ENOENT if there is no such value
*/
apr_status_t md_store_load_json(md_store_t *store, md_store_group_t group, constchar *name, constchar *aspect, struct md_json_t **pdata, apr_pool_t *p); /** * Save the JSON value at key "group/name/aspect". If create != 0, fail if there * already is a value for this key.
*/
apr_status_t md_store_save_json(md_store_t *store, apr_pool_t *p, md_store_group_t group, constchar *name, constchar *aspect, struct md_json_t *data, int create);
/** * Load the value of type at key "group/name/aspect", allocated from pool p. Usually, the * type is expected to be the same as used in saving the value. Some conversions will work, * others will fail the format. * @return APR_ENOENT if there is no such value
*/
apr_status_t md_store_load(md_store_t *store, md_store_group_t group, constchar *name, constchar *aspect,
md_store_vtype_t vtype, void **pdata,
apr_pool_t *p); /** * Save the JSON value at key "group/name/aspect". If create != 0, fail if there * already is a value for this key. The provided data MUST be of the correct type.
*/
apr_status_t md_store_save(md_store_t *store, apr_pool_t *p, md_store_group_t group, constchar *name, constchar *aspect,
md_store_vtype_t vtype, void *data, int create);
/** * Remove the value stored at key "group/name/aspect". Unless force != 0, a missing * value will cause the call to fail with APR_ENOENT.
*/
apr_status_t md_store_remove(md_store_t *store, md_store_group_t group, constchar *name, constchar *aspect,
apr_pool_t *p, int force); /** * Remove everything matching key "group/name".
*/
apr_status_t md_store_purge(md_store_t *store, apr_pool_t *p,
md_store_group_t group, constchar *name);
/** * Remove all items matching the name/aspect patterns that have not been * modified since the given timestamp.
*/
apr_status_t md_store_remove_not_modified_since(md_store_t *store, apr_pool_t *p,
apr_time_t modified,
md_store_group_t group, constchar *name, constchar *aspect);
/** * inspect callback function. Invoked for each matched value. Values allocated from * ptemp may disappear any time after the call returned. If this function returns * 0, the iteration is aborted.
*/ typedefint md_store_inspect(void *baton, constchar *name, constchar *aspect,
md_store_vtype_t vtype, void *value, apr_pool_t *ptemp);
/** * Iterator over all existing values matching the name pattern. Patterns are evaluated * using apr_fnmatch() without flags.
*/
apr_status_t md_store_iter(md_store_inspect *inspect, void *baton, md_store_t *store,
apr_pool_t *p, md_store_group_t group, constchar *pattern, constchar *aspect, md_store_vtype_t vtype);
/** * Move everything matching key "from/name" from one group to another. If archive != 0, * move any existing "to/name" into a new "archive/new_name" location.
*/
apr_status_t md_store_move(md_store_t *store, apr_pool_t *p,
md_store_group_t from, md_store_group_t to, constchar *name, int archive);
/** * Rename a group member.
*/
apr_status_t md_store_rename(md_store_t *store, apr_pool_t *p,
md_store_group_t group, constchar *name, constchar *to);
/** * Get the filename of an item stored in "group/name/aspect". The item does * not have to exist.
*/
apr_status_t md_store_get_fname(constchar **pfname,
md_store_t *store, md_store_group_t group, constchar *name, constchar *aspect,
apr_pool_t *p);
/** * Make a compare on the modification time of "group1/name/aspect" vs. "group2/name/aspect".
*/ int md_store_is_newer(md_store_t *store, md_store_group_t group1, md_store_group_t group2, constchar *name, constchar *aspect, apr_pool_t *p);
/** * Iterate over all names that exist in a group, e.g. there are items matching * "group/pattern". The inspect function is called with the name and NULL aspect * and value.
*/
apr_status_t md_store_iter_names(md_store_inspect *inspect, void *baton, md_store_t *store,
apr_pool_t *p, md_store_group_t group, constchar *pattern);
/** * Get the modification time of the item store under "group/name/aspect". * @return modification time or 0 if the item does not exist.
*/
apr_time_t md_store_get_modified(md_store_t *store, md_store_group_t group, constchar *name, constchar *aspect, apr_pool_t *p);
/** * Acquire a cooperative, global lock on store modifications.
* This will only prevent other children/processes/cluster nodes from * doing the same and does not protect individual store functions from * being called without it. * @param store the store * @param p memory pool to use * @param max_wait maximum time to wait in order to acquire * @return APR_SUCCESS when lock was obtained
*/
apr_status_t md_store_lock_global(md_store_t *store, apr_pool_t *p, apr_time_t max_wait);
/** * Realease the global store lock. Will do nothing if there is no lock.
*/ void md_store_unlock_global(md_store_t *store, apr_pool_t *p);
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
