acme_client.h
Go to the documentation of this file.
1 /**
2  * @file acme_client.h
3  * @brief ACME client (Automatic Certificate Management Environment)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2019-2023 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneACME Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.2.2
29  **/
30 
31 #ifndef _ACME_CLIENT_H
32 #define _ACME_CLIENT_H
33 
34 //Dependencies
35 #include "acme_config.h"
36 #include "core/net.h"
37 #include "http/http_client.h"
38 #include "tls.h"
39 #include "pkix/x509_common.h"
40 
41 
42 /*
43  * CycloneACME Open is licensed under GPL version 2. In particular:
44  *
45  * - If you link your program to CycloneACME Open, the result is a derivative
46  * work that can only be distributed under the same GPL license terms.
47  *
48  * - If additions or changes to CycloneACME Open are made, the result is a
49  * derivative work that can only be distributed under the same license terms.
50  *
51  * - The GPL license requires that you make the source code available to
52  * whoever you make the binary available to.
53  *
54  * - If you sell or distribute a hardware product that runs CycloneACME Open,
55  * the GPL license requires you to provide public and full access to all
56  * source code on a nondiscriminatory basis.
57  *
58  * If you fully understand and accept the terms of the GPL license, then edit
59  * the os_port_config.h header and add the following directive:
60  *
61  * #define GPL_LICENSE_TERMS_ACCEPTED
62  */
63 
64 #ifndef GPL_LICENSE_TERMS_ACCEPTED
65  #error Before compiling CycloneACME Open, you must accept the terms of the GPL license
66 #endif
67 
68 //Version string
69 #define CYCLONE_ACME_VERSION_STRING "2.2.2"
70 //Major version
71 #define CYCLONE_ACME_MAJOR_VERSION 2
72 //Minor version
73 #define CYCLONE_ACME_MINOR_VERSION 2
74 //Revision number
75 #define CYCLONE_ACME_REV_NUMBER 2
76 
77 //ACME client support
78 #ifndef ACME_CLIENT_SUPPORT
79  #define ACME_CLIENT_SUPPORT ENABLED
80 #elif (ACME_CLIENT_SUPPORT != ENABLED && ACME_CLIENT_SUPPORT != DISABLED)
81  #error ACME_CLIENT_SUPPORT parameter is not valid
82 #endif
83 
84 //HTTP challenge support
85 #ifndef ACME_CLIENT_HTTP_CHALLENGE_SUPPORT
86  #define ACME_CLIENT_HTTP_CHALLENGE_SUPPORT ENABLED
87 #elif (ACME_CLIENT_HTTP_CHALLENGE_SUPPORT != ENABLED && \
88  ACME_CLIENT_HTTP_CHALLENGE_SUPPORT != DISABLED)
89  #error ACME_CLIENT_HTTP_CHALLENGE_SUPPORT is not valid
90 #endif
91 
92 //DNS challenge support
93 #ifndef ACME_CLIENT_DNS_CHALLENGE_SUPPORT
94  #define ACME_CLIENT_DNS_CHALLENGE_SUPPORT ENABLED
95 #elif (ACME_CLIENT_DNS_CHALLENGE_SUPPORT != ENABLED && \
96  ACME_CLIENT_DNS_CHALLENGE_SUPPORT != DISABLED)
97  #error ACME_CLIENT_DNS_CHALLENGE_SUPPORT is not valid
98 #endif
99 
100 //TLS-ALPN challenge support
101 #ifndef ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT
102  #define ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT DISABLED
103 #elif (ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT != ENABLED && \
104  ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT != DISABLED)
105  #error ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT is not valid
106 #endif
107 
108 //RSA key support
109 #ifndef ACME_CLIENT_RSA_SUPPORT
110  #define ACME_CLIENT_RSA_SUPPORT ENABLED
111 #elif (ACME_CLIENT_RSA_SUPPORT != ENABLED && ACME_CLIENT_RSA_SUPPORT != DISABLED)
112  #error ACME_CLIENT_RSA_SUPPORT parameter is not valid
113 #endif
114 
115 //ECDSA key support
116 #ifndef ACME_CLIENT_ECDSA_SUPPORT
117  #define ACME_CLIENT_ECDSA_SUPPORT ENABLED
118 #elif (ACME_CLIENT_ECDSA_SUPPORT != ENABLED && ACME_CLIENT_ECDSA_SUPPORT != DISABLED)
119  #error ACME_CLIENT_ECDSA_SUPPORT parameter is not valid
120 #endif
121 
122 //Ed25519 key support
123 #ifndef ACME_CLIENT_ED25519_SUPPORT
124  #define ACME_CLIENT_ED25519_SUPPORT DISABLED
125 #elif (ACME_CLIENT_ED25519_SUPPORT != ENABLED && ACME_CLIENT_ED25519_SUPPORT != DISABLED)
126  #error ACME_CLIENT_ED25519_SUPPORT parameter is not valid
127 #endif
128 
129 //Ed448 key support
130 #ifndef ACME_CLIENT_ED448_SUPPORT
131  #define ACME_CLIENT_ED448_SUPPORT DISABLED
132 #elif (ACME_CLIENT_ED448_SUPPORT != ENABLED && ACME_CLIENT_ED448_SUPPORT != DISABLED)
133  #error ACME_CLIENT_ED448_SUPPORT parameter is not valid
134 #endif
135 
136 //Default timeout
137 #ifndef ACME_CLIENT_DEFAULT_TIMEOUT
138  #define ACME_CLIENT_DEFAULT_TIMEOUT 20000
139 #elif (ACME_CLIENT_DEFAULT_TIMEOUT < 1000)
140  #error ACME_CLIENT_DEFAULT_TIMEOUT parameter is not valid
141 #endif
142 
143 //Maximum number of contacts per account
144 #ifndef ACME_CLIENT_MAX_CONTACTS
145  #define ACME_CLIENT_MAX_CONTACTS 4
146 #elif (ACME_CLIENT_MAX_CONTACTS < 1)
147  #error ACME_CLIENT_MAX_CONTACTS parameter is not valid
148 #endif
149 
150 //Maximum number of domains per certificate order
151 #ifndef ACME_CLIENT_MAX_DOMAINS
152  #define ACME_CLIENT_MAX_DOMAINS 2
153 #elif (ACME_CLIENT_MAX_DOMAINS < 1)
154  #error ACME_CLIENT_MAX_DOMAINS parameter is not valid
155 #endif
156 
157 //Size of the buffer for input/output operations
158 #ifndef ACME_CLIENT_BUFFER_SIZE
159  #define ACME_CLIENT_BUFFER_SIZE 6144
160 #elif (ACME_CLIENT_BUFFER_SIZE < 2048)
161  #error ACME_CLIENT_BUFFER_SIZE parameter is not valid
162 #endif
163 
164 //Maximum length of domain names
165 #ifndef ACME_CLIENT_MAX_NAME_LEN
166  #define ACME_CLIENT_MAX_NAME_LEN 64
167 #elif (ACME_CLIENT_MAX_NAME_LEN < 1)
168  #error ACME_CLIENT_MAX_NAME_LEN parameter is not valid
169 #endif
170 
171 //Maximum length of URIs
172 #ifndef ACME_CLIENT_MAX_URI_LEN
173  #define ACME_CLIENT_MAX_URI_LEN 32
174 #elif (ACME_CLIENT_MAX_URI_LEN < 1)
175  #error ACME_CLIENT_MAX_URI_LEN parameter is not valid
176 #endif
177 
178 //Maximum length of URLs
179 #ifndef ACME_CLIENT_MAX_URL_LEN
180  #define ACME_CLIENT_MAX_URL_LEN 128
181 #elif (ACME_CLIENT_MAX_URL_LEN < 1)
182  #error ACME_CLIENT_MAX_URL_LEN parameter is not valid
183 #endif
184 
185 //Maximum length of URNs
186 #ifndef ACME_CLIENT_MAX_URN_LEN
187  #define ACME_CLIENT_MAX_URN_LEN 64
188 #elif (ACME_CLIENT_MAX_URN_LEN < 1)
189  #error ACME_CLIENT_MAX_URN_LEN parameter is not valid
190 #endif
191 
192 //Maximum length of nonces
193 #ifndef ACME_CLIENT_MAX_NONCE_LEN
194  #define ACME_CLIENT_MAX_NONCE_LEN 64
195 #elif (ACME_CLIENT_MAX_NONCE_LEN < 1)
196  #error ACME_CLIENT_MAX_NONCE_LEN parameter is not valid
197 #endif
198 
199 //Maximum length of tokens
200 #ifndef ACME_CLIENT_MAX_TOKEN_LEN
201  #define ACME_CLIENT_MAX_TOKEN_LEN 64
202 #elif (ACME_CLIENT_MAX_TOKEN_LEN < 1)
203  #error ACME_CLIENT_MAX_TOKEN_LEN parameter is not valid
204 #endif
205 
206 //Maximum length of key authorizations
207 #ifndef ACME_CLIENT_MAX_KEY_AUTH_LEN
208  #define ACME_CLIENT_MAX_KEY_AUTH_LEN 128
209 #elif (ACME_CLIENT_MAX_KEY_AUTH_LEN < 1)
210  #error ACME_CLIENT_MAX_KEY_AUTH_LEN parameter is not valid
211 #endif
212 
213 //Maximum length of TLS-ALPN certificates
214 #ifndef ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN
215  #define ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN 1536
216 #elif (ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN < 1)
217  #error ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN parameter is not valid
218 #endif
219 
220 //Maximum length of media types
221 #ifndef ACME_CLIENT_MAX_CONTENT_TYPE_LEN
222  #define ACME_CLIENT_MAX_CONTENT_TYPE_LEN 40
223 #elif (ACME_CLIENT_MAX_CONTENT_TYPE_LEN < 1)
224  #error ACME_CLIENT_MAX_CONTENT_TYPE_LEN parameter is not valid
225 #endif
226 
227 //Maximum number of bad nonce errors
228 #ifndef ACME_CLIENT_MAX_BAD_NONCE_ERRORS
229  #define ACME_CLIENT_MAX_BAD_NONCE_ERRORS 5
230 #elif (ACME_CLIENT_MAX_BAD_NONCE_ERRORS < 0)
231  #error ACME_CLIENT_MAX_BAD_NONCE_ERRORS parameter is not valid
232 #endif
233 
234 //Forward declaration of AcmeClientContext structure
235 struct _AcmeClientContext;
236 #define AcmeClientContext struct _AcmeClientContext
237 
238 //C++ guard
239 #ifdef __cplusplus
240 extern "C" {
241 #endif
242 
243 
244 /**
245  * @brief ACME client states
246  **/
247 
248 typedef enum
249 {
269 
270 
271 /**
272  * @brief HTTP request states
273  */
274 
275 typedef enum
276 {
288 
289 
290 /**
291  * @brief Account status
292  **/
293 
294 typedef enum
295 {
301 
302 
303 /**
304  * @brief Order status
305  **/
306 
307 typedef enum
308 {
316 
317 
318 /**
319  * @brief Authorization status
320  **/
321 
322 typedef enum
323 {
332 
333 
334 /**
335  * @brief Challenge status
336  **/
337 
338 typedef enum
339 {
346 
347 
348 /**
349  * @brief Challenge types
350  **/
351 
352 typedef enum
353 {
359 
360 
361 /**
362  * @brief Revocation reason codes
363  **/
364 
365 typedef enum
366 {
378 
379 
380 /**
381  * @brief TLS initialization callback function
382  **/
383 
385  TlsContext *tlsContext);
386 
387 
388 /**
389  * @brief CSR generation callback function
390  **/
391 
393  uint8_t *buffer, size_t size, size_t *length);
394 
395 
396 /**
397  * @brief Public/private key pair
398  **/
399 
400 typedef struct
401 {
403  char_t alg[8];
404  char_t crv[8];
405  const void *publicKey;
406  const void *privateKey;
407 #if (ACME_CLIENT_RSA_SUPPORT == ENABLED)
410 #endif
411 #if (ACME_CLIENT_ECDSA_SUPPORT == ENABLED)
415 #endif
416 #if (ACME_CLIENT_ED25519_SUPPORT == ENABLED || \
417  ACME_CLIENT_ED448_SUPPORT == ENABLED)
420 #endif
421 } AcmeKeyPair;
422 
423 
424 /**
425  * @brief ACME account creation parameters
426  **/
427 
428 typedef struct
429 {
430  uint_t numContacts; ///<Number of contact URLs
431  const char_t *contacts[ACME_CLIENT_MAX_CONTACTS]; ///<Array of URLs that the server can use to contact the client
432  bool_t termsOfServiceAgreed; ///<Indicates the client's agreement with the terms of service
433  const char_t *publicKey; ///<Account public key
434  size_t publicKeyLen; ///<Length of the account public key, in bytes
435  const char_t *privateKey; ///<Account private key
436  size_t privateKeyLen; ///<Length of the account private key, in bytes
437  const char_t *status; ///<Status of the account
439 
440 
441 /**
442  * @brief Domain parameters
443  **/
444 
445 typedef struct
446 {
447  const char_t *name; ///<Domain name
448  AcmeChallengeType challengeType; ///<Challenge type
450 
451 
452 /**
453  * @brief Certificate order parameters
454  **/
455 
456 typedef struct
457 {
458  uint_t numDomains; ///<Number of domain names
459  AcmeDomainParams domains[ACME_CLIENT_MAX_DOMAINS]; ///<Domain names that the client wishes to submit an order for
460  DateTime notBefore; ///<The requested value of the notBefore field in the certificate
461  DateTime notAfter; ///<The requested value of the notAfter field in the certificate
462  const char_t *publicKey; ///<Certificate public key
463  size_t publicKeyLen; ///<Length of the certificate public key, in bytes
464  const char_t *privateKey; ///<Certificate private key
465  size_t privateKeyLen; ///<Length of the certificate private key, in bytes
467 
468 
469 /**
470  * @brief Directory object
471  **/
472 
473 typedef struct
474 {
475  char_t newNonce[ACME_CLIENT_MAX_URL_LEN + 1]; ///<New nonce
476  char_t newAccount[ACME_CLIENT_MAX_URL_LEN + 1]; ///<New account
477  char_t newOrder[ACME_CLIENT_MAX_URL_LEN + 1]; ///<New order
478  char_t revokeCert[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Revoke certificate
479  char_t keyChange[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Key change
480 } AcmeDirectory;
481 
482 
483 /**
484  * @brief Account object
485  **/
486 
487 typedef struct
488 {
489  AcmeAccountStatus status; ///<Status of the account
490  char_t url[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Account URL
491 } AcmeAccount;
492 
493 
494 /**
495  * @brief Identifier object
496  **/
497 
498 typedef struct
499 {
500  char_t value[ACME_CLIENT_MAX_NAME_LEN + 1]; ///<Domain name
501  AcmeChallengeType challengeType; ///<Challenge type
503 
504 
505 /**
506  * @brief Order object
507  **/
508 
509 typedef struct
510 {
511  AcmeOrderStatus status; ///<Status of the order
512  char_t url[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Order URL
513  char_t finalize[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Finalize URL
514  char_t certificate[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Certificate URL
515 } AcmeOrder;
516 
517 
518 /**
519  * @brief Authorization object
520  **/
521 
522 typedef struct
523 {
524  AcmeAuthStatus status; ///<Status of the authorization
525  char_t url[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Authorization URL
526  bool_t wildcard; ///<Wildcard domain name
528 
529 
530 /**
531  * @brief Challenge object
532  **/
533 
534 typedef struct
535 {
536  AcmeChallengeType type; ///<Challenge type
537  AcmeChallengeStatus status; ///<Status of the challenge
539  bool_t wildcard; ///<Wildcard domain name
540  char_t url[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Challenge URL
541  char_t token[ACME_CLIENT_MAX_TOKEN_LEN + 1]; ///<Token value
542  char_t keyAuth[ACME_CLIENT_MAX_KEY_AUTH_LEN + 1]; ///<Key authorization
543 #if (ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT == ENABLED)
544  char_t cert[ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN + 1]; ///<TLS-ALPN certificate
545 #endif
546 } AcmeChallenge;
547 
548 
549 /**
550  * @brief ACME client context
551  **/
552 
554 {
555  AcmeClientState state; ///<ACME client state
556  AcmeRequestState requestState; ///<HTTP request state
557  NetInterface *interface; ///<Underlying network interface
558  systime_t timeout; ///<Timeout value
559  const PrngAlgo *prngAlgo; ///<Pseudo-random number generator to be used
560  void *prngContext; ///<Pseudo-random number generator context
561  HttpClientContext httpClientContext; ///<HTTP client context
562  AcmeClientTlsInitCallback tlsInitCallback; ///<TLS initialization callback function
563  AcmeClientCsrCallback csrCallback; ///<CSR generation callback function
564  AcmeKeyPair accountKey; ///<ACME account key
565  AcmeKeyPair certKey; ///<Certificate key
566  char_t serverName[ACME_CLIENT_MAX_NAME_LEN + 1]; ///<Host name of the ACME server
567  uint16_t serverPort; ///<TCP port number
569  char_t nonce[ACME_CLIENT_MAX_NONCE_LEN + 1]; ///<Value of the Replay-Nonce header field
570  AcmeDirectory directory; ///<Directory object
571  AcmeAccount account; ///<Account object
572  AcmeOrder order; ///<Order object
573  uint_t numIdentifiers; ///<Number of identifiers
574  AcmeIdentifier identifiers[ACME_CLIENT_MAX_DOMAINS]; ///<Array of identifiers objects
575  uint_t numAuthorizations; ///<Number of authorizations
576  AcmeAuthorization authorizations[ACME_CLIENT_MAX_DOMAINS]; ///<Array of authorization objects
577  uint_t numChallenges; ///<Number of challenges
578  uint_t index; ///<Current index
579  AcmeChallenge challenges[ACME_CLIENT_MAX_DOMAINS]; ///<Array of challenge objects
580  char_t buffer[ACME_CLIENT_BUFFER_SIZE + 1]; ///<Memory buffer for input/output operations
581  size_t bufferLen; ///<Length of the buffer, in bytes
582  size_t bufferPos; ///<Current position in the buffer
583  uint_t statusCode; ///<HTTP status code
584  char_t contentType[ACME_CLIENT_MAX_CONTENT_TYPE_LEN + 1]; ///<Content type of the response
585  char_t errorType[ACME_CLIENT_MAX_URN_LEN + 1]; ///<ACME error type
586  uint_t badNonceErrors; ///<Number of consecutive bad nonce errors
587 };
588 
589 
590 //ACME client related functions
592 
594  AcmeClientTlsInitCallback callback);
595 
597  AcmeClientCsrCallback callback);
598 
599 error_t acmeClientSetPrng(AcmeClientContext *context, const PrngAlgo *prngAlgo,
600  void *prngContext);
601 
603 error_t acmeClientSetHost(AcmeClientContext *context, const char_t *host);
604 
606  const char_t *directoryUri);
607 
609  NetInterface *interface);
610 
612  const IpAddr *serverIpAddr, uint16_t serverPort);
613 
615  const char_t *publicKey, size_t publicKeyLen,
616  const char_t *privateKey, size_t privateKeyLen);
617 
619  const AcmeAccountParams *params);
620 
622  const AcmeAccountParams *params);
623 
625  const char_t *publicKey, size_t publicKeyLen,
626  const char_t *privateKey, size_t privateKeyLen);
627 
629 
631  const AcmeOrderParams *params);
632 
634  const char_t *token);
635 
637  const char_t *identifier);
638 
640  const char_t *identifier);
641 
643  AcmeOrderStatus *orderStatus);
644 
646  char_t *buffer, size_t size, size_t *length);
647 
649  const char_t *cert, size_t certLen, const char_t *privateKey,
650  size_t privateKeyLen, AcmeReasonCode reason);
651 
654 
655 void acmeClientDeinit(AcmeClientContext *context);
656 
657 //C++ guard
658 #ifdef __cplusplus
659 }
660 #endif
661 
662 #endif
EddsaPrivateKey eddsaPrivateKey
Definition: acme_client.h:419
#define ACME_CLIENT_MAX_KEY_AUTH_LEN
Definition: acme_client.h:208
uint8_t length
Definition: coap_common.h:193
error_t acmeClientRegisterCsrCallback(AcmeClientContext *context, AcmeClientCsrCallback callback)
Register CSR generation callback function.
Definition: acme_client.c:130
X.509 common definitions.
@ ACME_REASON_AFFILIATION_CHANGED
Definition: acme_client.h:370
int bool_t
Definition: compiler_port.h:53
@ ACME_ORDER_STATUS_VALID
Definition: acme_client.h:313
const char_t * acmeClientGetDnsKeyAuthorization(AcmeClientContext *context, const char_t *identifier)
Get the key authorization digest that matches a given identifier (DNS challenge)
Definition: acme_client.c:1084
NetInterface * interface
Underlying network interface.
Definition: acme_client.h:557
const char_t * privateKey
Certificate private key.
Definition: acme_client.h:464
char_t contentType[ACME_CLIENT_MAX_CONTENT_TYPE_LEN+1]
Content type of the response.
Definition: acme_client.h:584
@ ACME_CHALLENGE_STATUS_PENDING
Definition: acme_client.h:341
EddsaPublicKey eddsaPublicKey
Definition: acme_client.h:418
EcDomainParameters ecParams
Definition: acme_client.h:412
IP network address.
Definition: ip.h:79
DateTime notAfter
The requested value of the notAfter field in the certificate.
Definition: acme_client.h:461
#define PrngAlgo
Definition: crypto.h:840
error_t acmeClientRegisterTlsInitCallback(AcmeClientContext *context, AcmeClientTlsInitCallback callback)
Register TLS initialization callback function.
Definition: acme_client.c:108
@ ACME_CHALLENGE_STATUS_INVALID
Definition: acme_client.h:344
const void * publicKey
Definition: acme_client.h:405
AcmeKeyPair accountKey
ACME account key.
Definition: acme_client.h:564
size_t bufferPos
Current position in the buffer.
Definition: acme_client.h:582
const char_t * name
Domain name.
Definition: acme_client.h:447
error_t acmeClientConnect(AcmeClientContext *context, const IpAddr *serverIpAddr, uint16_t serverPort)
Establish a connection with the specified ACME server.
Definition: acme_client.c:272
AcmeReasonCode
Revocation reason codes.
Definition: acme_client.h:366
@ ACME_CLIENT_STATE_CONNECTING
Definition: acme_client.h:251
@ ACME_AUTH_STATUS_REVOKED
Definition: acme_client.h:330
@ ACME_REQ_STATE_PARSE_BODY
Definition: acme_client.h:285
RsaPrivateKey rsaPrivateKey
Definition: acme_client.h:409
Challenge object.
Definition: acme_client.h:535
error_t acmeClientSetTimeout(AcmeClientContext *context, systime_t timeout)
Set communication timeout.
Definition: acme_client.c:177
char_t errorType[ACME_CLIENT_MAX_URN_LEN+1]
ACME error type.
Definition: acme_client.h:585
error_t acmeClientDownloadCertificate(AcmeClientContext *context, char_t *buffer, size_t size, size_t *length)
Download the certificate.
Definition: acme_client.c:1454
const char_t * publicKey
Account public key.
Definition: acme_client.h:433
error_t acmeClientBindToInterface(AcmeClientContext *context, NetInterface *interface)
Bind the ACME client to a particular network interface.
Definition: acme_client.c:249
Certificate order parameters.
Definition: acme_client.h:457
@ ACME_CHALLENGE_TYPE_DNS_01
Definition: acme_client.h:356
#define ACME_CLIENT_BUFFER_SIZE
Definition: acme_client.h:159
size_t privateKeyLen
Length of the certificate private key, in bytes.
Definition: acme_client.h:465
const char_t * acmeClientGetHttpKeyAuthorization(AcmeClientContext *context, const char_t *token)
Get the key authorization that matches a given token (HTTP challenge)
Definition: acme_client.c:1033
EC domain parameters.
Definition: ec.h:76
Directory object.
Definition: acme_client.h:474
@ ACME_AUTH_STATUS_INVALID
Definition: acme_client.h:327
#define ACME_CLIENT_MAX_NAME_LEN
Definition: acme_client.h:166
@ ACME_CLIENT_STATE_AUTHORIZATION
Definition: acme_client.h:260
@ ACME_CLIENT_STATE_CONNECTED
Definition: acme_client.h:252
Account object.
Definition: acme_client.h:488
@ ACME_REASON_PRIVILEGE_WITHDRAWN
Definition: acme_client.h:375
char_t directoryUri[ACME_CLIENT_MAX_URI_LEN+1]
Directory URI.
Definition: acme_client.h:568
size_t publicKeyLen
Length of the certificate public key, in bytes.
Definition: acme_client.h:463
DateTime notBefore
The requested value of the notBefore field in the certificate.
Definition: acme_client.h:460
#define ACME_CLIENT_MAX_URI_LEN
Definition: acme_client.h:173
ACME account creation parameters.
Definition: acme_client.h:429
@ ACME_CLIENT_STATE_NEW_ACCOUNT
Definition: acme_client.h:255
@ ACME_AUTH_STATUS_DEACTIVATED
Definition: acme_client.h:329
AcmeAuthorization authorizations[ACME_CLIENT_MAX_DOMAINS]
Array of authorization objects.
Definition: acme_client.h:576
AcmeChallenge challenges[ACME_CLIENT_MAX_DOMAINS]
Array of challenge objects.
Definition: acme_client.h:579
error_t acmeClientInit(AcmeClientContext *context)
Initialize ACME client context.
Definition: acme_client.c:69
uint_t numIdentifiers
Number of identifiers.
Definition: acme_client.h:573
@ ACME_REQ_STATE_FORMAT_HEADER
Definition: acme_client.h:278
error_t acmeClientCreateAccount(AcmeClientContext *context, const AcmeAccountParams *params)
Account creation.
Definition: acme_client.c:424
error_t acmeClientPollOrderStatus(AcmeClientContext *context, AcmeOrderStatus *orderStatus)
Poll for order status.
Definition: acme_client.c:1202
AcmeKeyPair certKey
Certificate key.
Definition: acme_client.h:565
error_t acmeClientSetPrng(AcmeClientContext *context, const PrngAlgo *prngAlgo, void *prngContext)
Set the pseudo-random number generator to be used.
Definition: acme_client.c:153
uint16_t serverPort
TCP port number.
Definition: acme_client.h:567
@ ACME_CHALLENGE_STATUS_PROCESSING
Definition: acme_client.h:342
@ ACME_CLIENT_STATE_NEW_ORDER
Definition: acme_client.h:259
@ ACME_CLIENT_STATE_FINALIZE
Definition: acme_client.h:263
#define ACME_CLIENT_MAX_NONCE_LEN
Definition: acme_client.h:194
@ ACME_REASON_CA_COMPROMISE
Definition: acme_client.h:369
AcmeAuthStatus
Authorization status.
Definition: acme_client.h:323
error_t acmeClientDisconnect(AcmeClientContext *context)
Gracefully disconnect from the ACME server.
Definition: acme_client.c:1680
#define ACME_CLIENT_MAX_TOKEN_LEN
Definition: acme_client.h:201
#define HttpClientContext
Definition: http_client.h:198
AcmeOrderStatus
Order status.
Definition: acme_client.h:308
AcmeChallengeType challengeType
Challenge type.
Definition: acme_client.h:501
#define TlsContext
Definition: tls.h:36
ACME client context.
Definition: acme_client.h:554
error_t
Error codes.
Definition: error.h:43
AcmeClientCsrCallback csrCallback
CSR generation callback function.
Definition: acme_client.h:563
AcmeChallengeStatus status
Status of the challenge.
Definition: acme_client.h:537
size_t bufferLen
Length of the buffer, in bytes.
Definition: acme_client.h:581
EdDSA public key.
Definition: eddsa.h:49
error_t acmeClientClose(AcmeClientContext *context)
Close the connection with the ACME server.
Definition: acme_client.c:1746
@ ACME_CHALLENGE_TYPE_HTTP_01
Definition: acme_client.h:355
AcmeChallengeStatus
Challenge status.
Definition: acme_client.h:339
uint8_t value[]
Definition: tcp.h:367
uint8_t identifier[]
EcPrivateKey ecPrivateKey
Definition: acme_client.h:414
@ ACME_REQ_STATE_CLOSE_BODY
Definition: acme_client.h:286
RSA public key.
Definition: rsa.h:50
AcmeAccountStatus status
Status of the account.
Definition: acme_client.h:489
#define NetInterface
Definition: net.h:36
uint_t numContacts
Number of contact URLs.
Definition: acme_client.h:430
void * prngContext
Pseudo-random number generator context.
Definition: acme_client.h:560
HttpClientContext httpClientContext
HTTP client context.
Definition: acme_client.h:561
@ ACME_REASON_AA_COMPROMISE
Definition: acme_client.h:376
@ ACME_AUTH_STATUS_PENDING
Definition: acme_client.h:325
AcmeRequestState requestState
HTTP request state.
Definition: acme_client.h:556
error_t acmeClientUpdateAccount(AcmeClientContext *context, const AcmeAccountParams *params)
Account information update.
Definition: acme_client.c:536
AcmeChallengeType challengeType
Challenge type.
Definition: acme_client.h:448
EC private key.
Definition: ec.h:104
AcmeIdentifier identifiers[ACME_CLIENT_MAX_DOMAINS]
Array of identifiers objects.
Definition: acme_client.h:574
@ ACME_CHALLENGE_TYPE_NONE
Definition: acme_client.h:354
@ ACME_AUTH_STATUS_EXPIRED
Definition: acme_client.h:328
@ ACME_REQ_STATE_INIT
Definition: acme_client.h:277
@ ACME_CLIENT_STATE_CHALLENGE_READY
Definition: acme_client.h:261
#define ACME_CLIENT_MAX_URN_LEN
Definition: acme_client.h:187
Date and time representation.
Definition: date_time.h:47
#define ACME_CLIENT_MAX_URL_LEN
Definition: acme_client.h:180
EcPublicKey ecPublicKey
Definition: acme_client.h:413
@ ACME_REASON_CERTIFICATE_HOLD
Definition: acme_client.h:373
Public/private key pair.
Definition: acme_client.h:401
AcmeDirectory directory
Directory object.
Definition: acme_client.h:570
error_t(* AcmeClientCsrCallback)(AcmeClientContext *context, uint8_t *buffer, size_t size, size_t *length)
CSR generation callback function.
Definition: acme_client.h:392
AcmeClientState state
ACME client state.
Definition: acme_client.h:555
systime_t timeout
Timeout value.
Definition: acme_client.h:558
@ ACME_CLIENT_STATE_DISCONNECTED
Definition: acme_client.h:250
@ ACME_ACCOUNT_STATUS_REVOKED
Definition: acme_client.h:299
@ ACME_CLIENT_STATE_UPDATE_ACCOUNT
Definition: acme_client.h:256
Authorization object.
Definition: acme_client.h:523
@ ACME_ACCOUNT_STATUS_NONE
Definition: acme_client.h:296
uint_t statusCode
HTTP status code.
Definition: acme_client.h:583
@ ACME_ACCOUNT_STATUS_DEACTIVATED
Definition: acme_client.h:298
HTTP client (HyperText Transfer Protocol)
@ ACME_REQ_STATE_FORMAT_BODY
Definition: acme_client.h:280
const char_t * status
Status of the account.
Definition: acme_client.h:437
@ ACME_CLIENT_STATE_CHANGE_KEY
Definition: acme_client.h:257
@ ACME_CLIENT_STATE_REVOKE_CERT
Definition: acme_client.h:266
EdDSA private key.
Definition: eddsa.h:59
@ ACME_REQ_STATE_RECEIVE_HEADER
Definition: acme_client.h:282
AcmeAccountStatus
Account status.
Definition: acme_client.h:295
AcmeOrder order
Order object.
Definition: acme_client.h:572
@ ACME_ORDER_STATUS_PROCESSING
Definition: acme_client.h:312
uint32_t systime_t
System time.
@ ACME_AUTH_STATUS_VALID
Definition: acme_client.h:326
EC public key.
Definition: ec.h:94
uint_t numDomains
Number of domain names.
Definition: acme_client.h:458
@ ACME_REASON_SUPERSEDED
Definition: acme_client.h:371
char char_t
Definition: compiler_port.h:48
#define AcmeClientContext
Definition: acme_client.h:236
AcmeChallengeType
Challenge types.
Definition: acme_client.h:353
bool_t wildcard
Wildcard domain name.
Definition: acme_client.h:539
RSA private key.
Definition: rsa.h:61
size_t privateKeyLen
Length of the account private key, in bytes.
Definition: acme_client.h:436
void acmeClientDeinit(AcmeClientContext *context)
Release ACME client context.
Definition: acme_client.c:1767
error_t acmeClientDeactivateAccount(AcmeClientContext *context)
ACME account deactivation.
Definition: acme_client.c:769
@ ACME_CHALLENGE_TYPE_TLS_ALPN_01
Definition: acme_client.h:357
AcmeClientTlsInitCallback tlsInitCallback
TLS initialization callback function.
Definition: acme_client.h:562
size_t publicKeyLen
Length of the account public key, in bytes.
Definition: acme_client.h:434
@ ACME_CLIENT_STATE_DISCONNECTING
Definition: acme_client.h:267
@ ACME_ORDER_STATUS_READY
Definition: acme_client.h:311
@ ACME_REASON_UNSPECIFIED
Definition: acme_client.h:367
AcmeClientState
ACME client states.
Definition: acme_client.h:249
error_t acmeClientSetAccountKey(AcmeClientContext *context, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen)
Load account key pair.
Definition: acme_client.c:397
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
Definition: acme_client.h:559
@ ACME_REQ_STATE_SEND_HEADER
Definition: acme_client.h:279
error_t acmeClientSetHost(AcmeClientContext *context, const char_t *host)
Set the domain name of the ACME server.
Definition: acme_client.c:198
TLS (Transport Layer Security)
const char_t * privateKey
Account private key.
Definition: acme_client.h:435
AcmeAccount account
Account object.
Definition: acme_client.h:571
@ ACME_REQ_STATE_PARSE_HEADER
Definition: acme_client.h:283
@ ACME_CHALLENGE_STATUS_VALID
Definition: acme_client.h:343
uint_t badNonceErrors
Number of consecutive bad nonce errors.
Definition: acme_client.h:586
error_t acmeClientSetDirectoryUri(AcmeClientContext *context, const char_t *directoryUri)
Set the URI of the directory object.
Definition: acme_client.c:223
AcmeRequestState
HTTP request states.
Definition: acme_client.h:276
AcmeOrderStatus status
Status of the order.
Definition: acme_client.h:511
const char_t * acmeClientGetTlsAlpnCertificate(AcmeClientContext *context, const char_t *identifier)
Get the self-certificate that matches a given identifier (TLS-ALPN challenge)
Definition: acme_client.c:1153
uint_t numChallenges
Number of challenges.
Definition: acme_client.h:577
@ ACME_CLIENT_STATE_POLL_STATUS_1
Definition: acme_client.h:262
const char_t * publicKey
Certificate public key.
Definition: acme_client.h:462
AcmeAuthStatus status
Status of the authorization.
Definition: acme_client.h:524
@ ACME_ORDER_STATUS_PENDING
Definition: acme_client.h:310
@ ACME_CLIENT_STATE_DIRECTORY
Definition: acme_client.h:253
error_t(* AcmeClientTlsInitCallback)(HttpClientContext *context, TlsContext *tlsContext)
TLS initialization callback function.
Definition: acme_client.h:384
#define ACME_CLIENT_MAX_CONTACTS
Definition: acme_client.h:145
@ ACME_ORDER_STATUS_INVALID
Definition: acme_client.h:314
#define ACME_CLIENT_MAX_DOMAINS
Definition: acme_client.h:152
char_t serverName[ACME_CLIENT_MAX_NAME_LEN+1]
Host name of the ACME server.
Definition: acme_client.h:566
@ ACME_CLIENT_STATE_NEW_NONCE
Definition: acme_client.h:254
@ ACME_REQ_STATE_RECEIVE_BODY
Definition: acme_client.h:284
AcmeChallengeType type
Challenge type.
Definition: acme_client.h:536
char_t nonce[ACME_CLIENT_MAX_NONCE_LEN+1]
Value of the Replay-Nonce header field.
Definition: acme_client.h:569
unsigned int uint_t
Definition: compiler_port.h:50
error_t acmeClientChangeAccountKey(AcmeClientContext *context, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen)
Account key rollover.
Definition: acme_client.c:652
TCP/IP stack core.
bool_t termsOfServiceAgreed
Indicates the client's agreement with the terms of service.
Definition: acme_client.h:432
@ ACME_CHALLENGE_STATUS_NONE
Definition: acme_client.h:340
error_t acmeClientRevokeCertificate(AcmeClientContext *context, const char_t *cert, size_t certLen, const char_t *privateKey, size_t privateKeyLen, AcmeReasonCode reason)
Certificate revocation.
Definition: acme_client.c:1574
@ ACME_ACCOUNT_STATUS_VALID
Definition: acme_client.h:297
@ ACME_REQ_STATE_SEND_BODY
Definition: acme_client.h:281
X509KeyType
Public Key types.
Definition: x509_common.h:495
const void * privateKey
Definition: acme_client.h:406
@ ACME_ORDER_STATUS_NONE
Definition: acme_client.h:309
Identifier object.
Definition: acme_client.h:499
@ ACME_AUTH_STATUS_NONE
Definition: acme_client.h:324
char_t buffer[ACME_CLIENT_BUFFER_SIZE+1]
Memory buffer for input/output operations.
Definition: acme_client.h:580
uint_t numAuthorizations
Number of authorizations.
Definition: acme_client.h:575
RsaPublicKey rsaPublicKey
Definition: acme_client.h:408
error_t acmeClientCreateOrder(AcmeClientContext *context, const AcmeOrderParams *params)
Begin the certificate issuance process.
Definition: acme_client.c:881
@ ACME_REMOVE_FROM_CRL
Definition: acme_client.h:374
X509KeyType type
Definition: acme_client.h:402
#define ACME_CLIENT_MAX_CONTENT_TYPE_LEN
Definition: acme_client.h:222
bool_t wildcard
Wildcard domain name.
Definition: acme_client.h:526
@ ACME_CLIENT_STATE_DOWNLOAD_CERT
Definition: acme_client.h:265
@ ACME_CLIENT_STATE_POLL_STATUS_2
Definition: acme_client.h:264
#define ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN
Definition: acme_client.h:215
uint_t index
Current index.
Definition: acme_client.h:578
@ ACME_REASON_KEY_COMPROMISE
Definition: acme_client.h:368
Order object.
Definition: acme_client.h:510
Domain parameters.
Definition: acme_client.h:446
uint8_t token[]
Definition: coap_common.h:179
@ ACME_CLIENT_STATE_DEACTIVATE_ACCOUNT
Definition: acme_client.h:258
@ ACME_REASON_CESSATION_OF_OPERATION
Definition: acme_client.h:372