31 #ifndef _ACME_CLIENT_H
32 #define _ACME_CLIENT_H
35 #include "acme_config.h"
64 #ifndef GPL_LICENSE_TERMS_ACCEPTED
65 #error Before compiling CycloneACME Open, you must accept the terms of the GPL license
69 #define CYCLONE_ACME_VERSION_STRING "2.4.0"
71 #define CYCLONE_ACME_MAJOR_VERSION 2
73 #define CYCLONE_ACME_MINOR_VERSION 4
75 #define CYCLONE_ACME_REV_NUMBER 0
78 #ifndef ACME_CLIENT_SUPPORT
79 #define ACME_CLIENT_SUPPORT ENABLED
80 #elif (ACME_CLIENT_SUPPORT != ENABLED && ACME_CLIENT_SUPPORT != DISABLED)
81 #error ACME_CLIENT_SUPPORT parameter is not valid
85 #ifndef ACME_CLIENT_HTTP_CHALLENGE_SUPPORT
86 #define ACME_CLIENT_HTTP_CHALLENGE_SUPPORT ENABLED
87 #elif (ACME_CLIENT_HTTP_CHALLENGE_SUPPORT != ENABLED && \
88 ACME_CLIENT_HTTP_CHALLENGE_SUPPORT != DISABLED)
89 #error ACME_CLIENT_HTTP_CHALLENGE_SUPPORT is not valid
93 #ifndef ACME_CLIENT_DNS_CHALLENGE_SUPPORT
94 #define ACME_CLIENT_DNS_CHALLENGE_SUPPORT ENABLED
95 #elif (ACME_CLIENT_DNS_CHALLENGE_SUPPORT != ENABLED && \
96 ACME_CLIENT_DNS_CHALLENGE_SUPPORT != DISABLED)
97 #error ACME_CLIENT_DNS_CHALLENGE_SUPPORT is not valid
101 #ifndef ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT
102 #define ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT DISABLED
103 #elif (ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT != ENABLED && \
104 ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT != DISABLED)
105 #error ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT is not valid
109 #ifndef ACME_CLIENT_RSA_SUPPORT
110 #define ACME_CLIENT_RSA_SUPPORT ENABLED
111 #elif (ACME_CLIENT_RSA_SUPPORT != ENABLED && ACME_CLIENT_RSA_SUPPORT != DISABLED)
112 #error ACME_CLIENT_RSA_SUPPORT parameter is not valid
116 #ifndef ACME_CLIENT_ECDSA_SUPPORT
117 #define ACME_CLIENT_ECDSA_SUPPORT ENABLED
118 #elif (ACME_CLIENT_ECDSA_SUPPORT != ENABLED && ACME_CLIENT_ECDSA_SUPPORT != DISABLED)
119 #error ACME_CLIENT_ECDSA_SUPPORT parameter is not valid
123 #ifndef ACME_CLIENT_SM2_SUPPORT
124 #define ACME_CLIENT_SM2_SUPPORT DISABLED
125 #elif (ACME_CLIENT_SM2_SUPPORT != ENABLED && ACME_CLIENT_SM2_SUPPORT != DISABLED)
126 #error ACME_CLIENT_SM2_SUPPORT parameter is not valid
130 #ifndef ACME_CLIENT_ED25519_SUPPORT
131 #define ACME_CLIENT_ED25519_SUPPORT DISABLED
132 #elif (ACME_CLIENT_ED25519_SUPPORT != ENABLED && ACME_CLIENT_ED25519_SUPPORT != DISABLED)
133 #error ACME_CLIENT_ED25519_SUPPORT parameter is not valid
137 #ifndef ACME_CLIENT_ED448_SUPPORT
138 #define ACME_CLIENT_ED448_SUPPORT DISABLED
139 #elif (ACME_CLIENT_ED448_SUPPORT != ENABLED && ACME_CLIENT_ED448_SUPPORT != DISABLED)
140 #error ACME_CLIENT_ED448_SUPPORT parameter is not valid
144 #ifndef ACME_CLIENT_DEFAULT_TIMEOUT
145 #define ACME_CLIENT_DEFAULT_TIMEOUT 20000
146 #elif (ACME_CLIENT_DEFAULT_TIMEOUT < 1000)
147 #error ACME_CLIENT_DEFAULT_TIMEOUT parameter is not valid
151 #ifndef ACME_CLIENT_MAX_CONTACTS
152 #define ACME_CLIENT_MAX_CONTACTS 4
153 #elif (ACME_CLIENT_MAX_CONTACTS < 1)
154 #error ACME_CLIENT_MAX_CONTACTS parameter is not valid
158 #ifndef ACME_CLIENT_MAX_DOMAINS
159 #define ACME_CLIENT_MAX_DOMAINS 2
160 #elif (ACME_CLIENT_MAX_DOMAINS < 1)
161 #error ACME_CLIENT_MAX_DOMAINS parameter is not valid
165 #ifndef ACME_CLIENT_BUFFER_SIZE
166 #define ACME_CLIENT_BUFFER_SIZE 6144
167 #elif (ACME_CLIENT_BUFFER_SIZE < 2048)
168 #error ACME_CLIENT_BUFFER_SIZE parameter is not valid
172 #ifndef ACME_CLIENT_MAX_NAME_LEN
173 #define ACME_CLIENT_MAX_NAME_LEN 64
174 #elif (ACME_CLIENT_MAX_NAME_LEN < 1)
175 #error ACME_CLIENT_MAX_NAME_LEN parameter is not valid
179 #ifndef ACME_CLIENT_MAX_URI_LEN
180 #define ACME_CLIENT_MAX_URI_LEN 32
181 #elif (ACME_CLIENT_MAX_URI_LEN < 1)
182 #error ACME_CLIENT_MAX_URI_LEN parameter is not valid
186 #ifndef ACME_CLIENT_MAX_URL_LEN
187 #define ACME_CLIENT_MAX_URL_LEN 128
188 #elif (ACME_CLIENT_MAX_URL_LEN < 1)
189 #error ACME_CLIENT_MAX_URL_LEN parameter is not valid
193 #ifndef ACME_CLIENT_MAX_URN_LEN
194 #define ACME_CLIENT_MAX_URN_LEN 64
195 #elif (ACME_CLIENT_MAX_URN_LEN < 1)
196 #error ACME_CLIENT_MAX_URN_LEN parameter is not valid
200 #ifndef ACME_CLIENT_MAX_NONCE_LEN
201 #define ACME_CLIENT_MAX_NONCE_LEN 64
202 #elif (ACME_CLIENT_MAX_NONCE_LEN < 1)
203 #error ACME_CLIENT_MAX_NONCE_LEN parameter is not valid
207 #ifndef ACME_CLIENT_MAX_TOKEN_LEN
208 #define ACME_CLIENT_MAX_TOKEN_LEN 64
209 #elif (ACME_CLIENT_MAX_TOKEN_LEN < 1)
210 #error ACME_CLIENT_MAX_TOKEN_LEN parameter is not valid
214 #ifndef ACME_CLIENT_MAX_KEY_AUTH_LEN
215 #define ACME_CLIENT_MAX_KEY_AUTH_LEN 128
216 #elif (ACME_CLIENT_MAX_KEY_AUTH_LEN < 1)
217 #error ACME_CLIENT_MAX_KEY_AUTH_LEN parameter is not valid
221 #ifndef ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN
222 #define ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN 1536
223 #elif (ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN < 1)
224 #error ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN parameter is not valid
228 #ifndef ACME_CLIENT_MAX_CONTENT_TYPE_LEN
229 #define ACME_CLIENT_MAX_CONTENT_TYPE_LEN 40
230 #elif (ACME_CLIENT_MAX_CONTENT_TYPE_LEN < 1)
231 #error ACME_CLIENT_MAX_CONTENT_TYPE_LEN parameter is not valid
235 #ifndef ACME_CLIENT_MAX_BAD_NONCE_ERRORS
236 #define ACME_CLIENT_MAX_BAD_NONCE_ERRORS 5
237 #elif (ACME_CLIENT_MAX_BAD_NONCE_ERRORS < 0)
238 #error ACME_CLIENT_MAX_BAD_NONCE_ERRORS parameter is not valid
242 #ifndef ACME_CLIENT_PRIVATE_CONTEXT
243 #define ACME_CLIENT_PRIVATE_CONTEXT
248 #define AcmeClientContext struct _AcmeClientContext
419 #if (ACME_CLIENT_RSA_SUPPORT == ENABLED)
423 #if (ACME_CLIENT_ECDSA_SUPPORT == ENABLED)
428 #if (ACME_CLIENT_ED25519_SUPPORT == ENABLED || \
429 ACME_CLIENT_ED448_SUPPORT == ENABLED)
555 #if (ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT == ENABLED)
619 const char_t *directoryUri);
625 const IpAddr *serverIpAddr, uint16_t serverPort);
628 const char_t *publicKey,
size_t publicKeyLen,
629 const char_t *privateKey,
size_t privateKeyLen);
638 const char_t *publicKey,
size_t publicKeyLen,
639 const char_t *privateKey,
size_t privateKeyLen);
662 const char_t *cert,
size_t certLen,
const char_t *privateKey,
error_t acmeClientDownloadCertificate(AcmeClientContext *context, char_t *buffer, size_t size, size_t *length)
Download the certificate.
#define ACME_CLIENT_PRIVATE_CONTEXT
const char_t * acmeClientGetDnsKeyAuthorization(AcmeClientContext *context, const char_t *identifier)
Get the key authorization digest that matches a given identifier (DNS challenge)
const char_t * acmeClientGetHttpKeyAuthorization(AcmeClientContext *context, const char_t *token)
Get the key authorization that matches a given token (HTTP challenge)
#define ACME_CLIENT_MAX_NONCE_LEN
error_t acmeClientRevokeCertificate(AcmeClientContext *context, const char_t *cert, size_t certLen, const char_t *privateKey, size_t privateKeyLen, AcmeReasonCode reason)
Certificate revocation.
const char_t * acmeClientGetTlsAlpnCertificate(AcmeClientContext *context, const char_t *identifier)
Get the self-certificate that matches a given identifier (TLS-ALPN challenge)
#define ACME_CLIENT_MAX_DOMAINS
error_t(* AcmeClientCsrCallback)(AcmeClientContext *context, uint8_t *buffer, size_t size, size_t *length)
CSR generation callback function.
#define ACME_CLIENT_BUFFER_SIZE
error_t acmeClientRegisterCsrCallback(AcmeClientContext *context, AcmeClientCsrCallback callback)
Register CSR generation callback function.
error_t acmeClientSetHost(AcmeClientContext *context, const char_t *host)
Set the domain name of the ACME server.
#define ACME_CLIENT_MAX_URN_LEN
error_t acmeClientChangeAccountKey(AcmeClientContext *context, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen)
Account key rollover.
#define ACME_CLIENT_MAX_NAME_LEN
error_t acmeClientDisconnect(AcmeClientContext *context)
Gracefully disconnect from the ACME server.
error_t acmeClientUpdateAccount(AcmeClientContext *context, const AcmeAccountParams *params)
Account information update.
AcmeRequestState
HTTP request states.
@ ACME_REQ_STATE_FORMAT_BODY
@ ACME_REQ_STATE_PARSE_BODY
@ ACME_REQ_STATE_RECEIVE_BODY
@ ACME_REQ_STATE_CLOSE_BODY
@ ACME_REQ_STATE_RECEIVE_HEADER
@ ACME_REQ_STATE_SEND_HEADER
@ ACME_REQ_STATE_FORMAT_HEADER
@ ACME_REQ_STATE_PARSE_HEADER
@ ACME_REQ_STATE_SEND_BODY
#define ACME_CLIENT_MAX_URL_LEN
AcmeAccountStatus
Account status.
@ ACME_ACCOUNT_STATUS_REVOKED
@ ACME_ACCOUNT_STATUS_NONE
@ ACME_ACCOUNT_STATUS_DEACTIVATED
@ ACME_ACCOUNT_STATUS_VALID
AcmeReasonCode
Revocation reason codes.
@ ACME_REASON_UNSPECIFIED
@ ACME_REASON_CESSATION_OF_OPERATION
@ ACME_REASON_AFFILIATION_CHANGED
@ ACME_REASON_PRIVILEGE_WITHDRAWN
@ ACME_REASON_CA_COMPROMISE
@ ACME_REASON_KEY_COMPROMISE
@ ACME_REASON_CERTIFICATE_HOLD
@ ACME_REASON_AA_COMPROMISE
AcmeChallengeStatus
Challenge status.
@ ACME_CHALLENGE_STATUS_PENDING
@ ACME_CHALLENGE_STATUS_PROCESSING
@ ACME_CHALLENGE_STATUS_NONE
@ ACME_CHALLENGE_STATUS_VALID
@ ACME_CHALLENGE_STATUS_INVALID
AcmeChallengeType
Challenge types.
@ ACME_CHALLENGE_TYPE_TLS_ALPN_01
@ ACME_CHALLENGE_TYPE_NONE
@ ACME_CHALLENGE_TYPE_HTTP_01
@ ACME_CHALLENGE_TYPE_DNS_01
error_t acmeClientClose(AcmeClientContext *context)
Close the connection with the ACME server.
error_t acmeClientCreateAccount(AcmeClientContext *context, const AcmeAccountParams *params)
Account creation.
error_t acmeClientCreateOrder(AcmeClientContext *context, const AcmeOrderParams *params)
Begin the certificate issuance process.
error_t acmeClientConnect(AcmeClientContext *context, const IpAddr *serverIpAddr, uint16_t serverPort)
Establish a connection with the specified ACME server.
#define ACME_CLIENT_MAX_URI_LEN
error_t acmeClientDeactivateAccount(AcmeClientContext *context)
ACME account deactivation.
error_t acmeClientRegisterTlsInitCallback(AcmeClientContext *context, AcmeClientTlsInitCallback callback)
Register TLS initialization callback function.
#define ACME_CLIENT_MAX_CONTACTS
void acmeClientDeinit(AcmeClientContext *context)
Release ACME client context.
error_t(* AcmeClientTlsInitCallback)(HttpClientContext *context, TlsContext *tlsContext)
TLS initialization callback function.
#define AcmeClientContext
AcmeAuthStatus
Authorization status.
@ ACME_AUTH_STATUS_REVOKED
@ ACME_AUTH_STATUS_INVALID
@ ACME_AUTH_STATUS_EXPIRED
@ ACME_AUTH_STATUS_DEACTIVATED
@ ACME_AUTH_STATUS_PENDING
AcmeClientState
ACME client states.
@ ACME_CLIENT_STATE_DOWNLOAD_CERT
@ ACME_CLIENT_STATE_DIRECTORY
@ ACME_CLIENT_STATE_POLL_STATUS_2
@ ACME_CLIENT_STATE_REVOKE_CERT
@ ACME_CLIENT_STATE_CHALLENGE_READY
@ ACME_CLIENT_STATE_NEW_ACCOUNT
@ ACME_CLIENT_STATE_POLL_STATUS_1
@ ACME_CLIENT_STATE_CONNECTED
@ ACME_CLIENT_STATE_DISCONNECTED
@ ACME_CLIENT_STATE_NEW_NONCE
@ ACME_CLIENT_STATE_UPDATE_ACCOUNT
@ ACME_CLIENT_STATE_NEW_ORDER
@ ACME_CLIENT_STATE_AUTHORIZATION
@ ACME_CLIENT_STATE_DISCONNECTING
@ ACME_CLIENT_STATE_CONNECTING
@ ACME_CLIENT_STATE_DEACTIVATE_ACCOUNT
@ ACME_CLIENT_STATE_FINALIZE
@ ACME_CLIENT_STATE_CHANGE_KEY
error_t acmeClientInit(AcmeClientContext *context)
Initialize ACME client context.
error_t acmeClientSetAccountKey(AcmeClientContext *context, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen)
Load account key pair.
AcmeOrderStatus
Order status.
@ ACME_ORDER_STATUS_PENDING
@ ACME_ORDER_STATUS_VALID
@ ACME_ORDER_STATUS_READY
@ ACME_ORDER_STATUS_PROCESSING
@ ACME_ORDER_STATUS_INVALID
#define ACME_CLIENT_MAX_TOKEN_LEN
error_t acmeClientSetTimeout(AcmeClientContext *context, systime_t timeout)
Set communication timeout.
#define ACME_CLIENT_MAX_CONTENT_TYPE_LEN
error_t acmeClientSetPrng(AcmeClientContext *context, const PrngAlgo *prngAlgo, void *prngContext)
Set the pseudo-random number generator to be used.
error_t acmeClientSetDirectoryUri(AcmeClientContext *context, const char_t *directoryUri)
Set the URI of the directory object.
error_t acmeClientBindToInterface(AcmeClientContext *context, NetInterface *interface)
Bind the ACME client to a particular network interface.
#define ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN
#define ACME_CLIENT_MAX_KEY_AUTH_LEN
error_t acmeClientPollOrderStatus(AcmeClientContext *context, AcmeOrderStatus *orderStatus)
Poll for order status.
HTTP client (HyperText Transfer Protocol)
#define HttpClientContext
uint32_t systime_t
System time.
AcmeKeyPair certKey
Certificate key.
AcmeClientState state
ACME client state.
HttpClientContext httpClientContext
HTTP client context.
uint_t numAuthorizations
Number of authorizations.
AcmeOrder order
Order object.
AcmeKeyPair accountKey
ACME account key.
char_t errorType[ACME_CLIENT_MAX_URN_LEN+1]
ACME error type.
AcmeClientTlsInitCallback tlsInitCallback
TLS initialization callback function.
AcmeIdentifier identifiers[ACME_CLIENT_MAX_DOMAINS]
Array of identifiers objects.
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
AcmeAccount account
Account object.
size_t bufferPos
Current position in the buffer.
AcmeClientCsrCallback csrCallback
CSR generation callback function.
uint_t numChallenges
Number of challenges.
char_t serverName[ACME_CLIENT_MAX_NAME_LEN+1]
Host name of the ACME server.
uint16_t serverPort
TCP port number.
char_t contentType[ACME_CLIENT_MAX_CONTENT_TYPE_LEN+1]
Content type of the response.
size_t bufferLen
Length of the buffer, in bytes.
char_t nonce[ACME_CLIENT_MAX_NONCE_LEN+1]
Value of the Replay-Nonce header field.
AcmeDirectory directory
Directory object.
char_t directoryUri[ACME_CLIENT_MAX_URI_LEN+1]
Directory URI.
systime_t timeout
Timeout value.
char_t buffer[ACME_CLIENT_BUFFER_SIZE+1]
Memory buffer for input/output operations.
uint_t statusCode
HTTP status code.
uint_t numIdentifiers
Number of identifiers.
AcmeAuthorization authorizations[ACME_CLIENT_MAX_DOMAINS]
Array of authorization objects.
uint_t badNonceErrors
Number of consecutive bad nonce errors.
AcmeChallenge challenges[ACME_CLIENT_MAX_DOMAINS]
Array of challenge objects.
NetInterface * interface
Underlying network interface.
AcmeRequestState requestState
HTTP request state.
void * prngContext
Pseudo-random number generator context.
uint_t index
Current index.
AcmeAccountStatus status
Status of the account.
ACME account creation parameters.
const char_t * privateKey
Account private key.
bool_t termsOfServiceAgreed
Indicates the client's agreement with the terms of service.
const char_t * status
Status of the account.
const char_t * publicKey
Account public key.
uint_t numContacts
Number of contact URLs.
size_t publicKeyLen
Length of the account public key, in bytes.
size_t privateKeyLen
Length of the account private key, in bytes.
bool_t wildcard
Wildcard domain name.
AcmeAuthStatus status
Status of the authorization.
AcmeChallengeStatus status
Status of the challenge.
bool_t wildcard
Wildcard domain name.
AcmeChallengeType type
Challenge type.
AcmeChallengeType challengeType
Challenge type.
const char_t * name
Domain name.
AcmeChallengeType challengeType
Challenge type.
RsaPrivateKey rsaPrivateKey
EddsaPublicKey eddsaPublicKey
EddsaPrivateKey eddsaPrivateKey
RsaPublicKey rsaPublicKey
EcPrivateKey ecPrivateKey
EcDomainParameters ecParams
AcmeOrderStatus status
Status of the order.
Certificate order parameters.
const char_t * privateKey
Certificate private key.
DateTime notAfter
The requested value of the notAfter field in the certificate.
uint_t numDomains
Number of domain names.
const char_t * publicKey
Certificate public key.
size_t publicKeyLen
Length of the certificate public key, in bytes.
size_t privateKeyLen
Length of the certificate private key, in bytes.
DateTime notBefore
The requested value of the notBefore field in the certificate.
Date and time representation.
TLS (Transport Layer Security)
X.509 common definitions.
X509KeyType
Public Key types.