acme_client.h
Go to the documentation of this file.
1 /**
2  * @file acme_client.h
3  * @brief ACME client (Automatic Certificate Management Environment)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2019-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneACME Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.0
29  **/
30 
31 #ifndef _ACME_CLIENT_H
32 #define _ACME_CLIENT_H
33 
34 //Dependencies
35 #include "acme_config.h"
36 #include "core/net.h"
37 #include "http/http_client.h"
38 #include "tls.h"
39 #include "pkix/x509_common.h"
40 
41 
42 /*
43  * CycloneACME Open is licensed under GPL version 2. In particular:
44  *
45  * - If you link your program to CycloneACME Open, the result is a derivative
46  * work that can only be distributed under the same GPL license terms.
47  *
48  * - If additions or changes to CycloneACME Open are made, the result is a
49  * derivative work that can only be distributed under the same license terms.
50  *
51  * - The GPL license requires that you make the source code available to
52  * whoever you make the binary available to.
53  *
54  * - If you sell or distribute a hardware product that runs CycloneACME Open,
55  * the GPL license requires you to provide public and full access to all
56  * source code on a nondiscriminatory basis.
57  *
58  * If you fully understand and accept the terms of the GPL license, then edit
59  * the os_port_config.h header and add the following directive:
60  *
61  * #define GPL_LICENSE_TERMS_ACCEPTED
62  */
63 
64 #ifndef GPL_LICENSE_TERMS_ACCEPTED
65  #error Before compiling CycloneACME Open, you must accept the terms of the GPL license
66 #endif
67 
68 //Version string
69 #define CYCLONE_ACME_VERSION_STRING "2.4.0"
70 //Major version
71 #define CYCLONE_ACME_MAJOR_VERSION 2
72 //Minor version
73 #define CYCLONE_ACME_MINOR_VERSION 4
74 //Revision number
75 #define CYCLONE_ACME_REV_NUMBER 0
76 
77 //ACME client support
78 #ifndef ACME_CLIENT_SUPPORT
79  #define ACME_CLIENT_SUPPORT ENABLED
80 #elif (ACME_CLIENT_SUPPORT != ENABLED && ACME_CLIENT_SUPPORT != DISABLED)
81  #error ACME_CLIENT_SUPPORT parameter is not valid
82 #endif
83 
84 //HTTP challenge support
85 #ifndef ACME_CLIENT_HTTP_CHALLENGE_SUPPORT
86  #define ACME_CLIENT_HTTP_CHALLENGE_SUPPORT ENABLED
87 #elif (ACME_CLIENT_HTTP_CHALLENGE_SUPPORT != ENABLED && \
88  ACME_CLIENT_HTTP_CHALLENGE_SUPPORT != DISABLED)
89  #error ACME_CLIENT_HTTP_CHALLENGE_SUPPORT is not valid
90 #endif
91 
92 //DNS challenge support
93 #ifndef ACME_CLIENT_DNS_CHALLENGE_SUPPORT
94  #define ACME_CLIENT_DNS_CHALLENGE_SUPPORT ENABLED
95 #elif (ACME_CLIENT_DNS_CHALLENGE_SUPPORT != ENABLED && \
96  ACME_CLIENT_DNS_CHALLENGE_SUPPORT != DISABLED)
97  #error ACME_CLIENT_DNS_CHALLENGE_SUPPORT is not valid
98 #endif
99 
100 //TLS-ALPN challenge support
101 #ifndef ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT
102  #define ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT DISABLED
103 #elif (ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT != ENABLED && \
104  ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT != DISABLED)
105  #error ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT is not valid
106 #endif
107 
108 //RSA key support
109 #ifndef ACME_CLIENT_RSA_SUPPORT
110  #define ACME_CLIENT_RSA_SUPPORT ENABLED
111 #elif (ACME_CLIENT_RSA_SUPPORT != ENABLED && ACME_CLIENT_RSA_SUPPORT != DISABLED)
112  #error ACME_CLIENT_RSA_SUPPORT parameter is not valid
113 #endif
114 
115 //ECDSA key support
116 #ifndef ACME_CLIENT_ECDSA_SUPPORT
117  #define ACME_CLIENT_ECDSA_SUPPORT ENABLED
118 #elif (ACME_CLIENT_ECDSA_SUPPORT != ENABLED && ACME_CLIENT_ECDSA_SUPPORT != DISABLED)
119  #error ACME_CLIENT_ECDSA_SUPPORT parameter is not valid
120 #endif
121 
122 //SM2 key support
123 #ifndef ACME_CLIENT_SM2_SUPPORT
124  #define ACME_CLIENT_SM2_SUPPORT DISABLED
125 #elif (ACME_CLIENT_SM2_SUPPORT != ENABLED && ACME_CLIENT_SM2_SUPPORT != DISABLED)
126  #error ACME_CLIENT_SM2_SUPPORT parameter is not valid
127 #endif
128 
129 //Ed25519 key support
130 #ifndef ACME_CLIENT_ED25519_SUPPORT
131  #define ACME_CLIENT_ED25519_SUPPORT DISABLED
132 #elif (ACME_CLIENT_ED25519_SUPPORT != ENABLED && ACME_CLIENT_ED25519_SUPPORT != DISABLED)
133  #error ACME_CLIENT_ED25519_SUPPORT parameter is not valid
134 #endif
135 
136 //Ed448 key support
137 #ifndef ACME_CLIENT_ED448_SUPPORT
138  #define ACME_CLIENT_ED448_SUPPORT DISABLED
139 #elif (ACME_CLIENT_ED448_SUPPORT != ENABLED && ACME_CLIENT_ED448_SUPPORT != DISABLED)
140  #error ACME_CLIENT_ED448_SUPPORT parameter is not valid
141 #endif
142 
143 //Default timeout
144 #ifndef ACME_CLIENT_DEFAULT_TIMEOUT
145  #define ACME_CLIENT_DEFAULT_TIMEOUT 20000
146 #elif (ACME_CLIENT_DEFAULT_TIMEOUT < 1000)
147  #error ACME_CLIENT_DEFAULT_TIMEOUT parameter is not valid
148 #endif
149 
150 //Maximum number of contacts per account
151 #ifndef ACME_CLIENT_MAX_CONTACTS
152  #define ACME_CLIENT_MAX_CONTACTS 4
153 #elif (ACME_CLIENT_MAX_CONTACTS < 1)
154  #error ACME_CLIENT_MAX_CONTACTS parameter is not valid
155 #endif
156 
157 //Maximum number of domains per certificate order
158 #ifndef ACME_CLIENT_MAX_DOMAINS
159  #define ACME_CLIENT_MAX_DOMAINS 2
160 #elif (ACME_CLIENT_MAX_DOMAINS < 1)
161  #error ACME_CLIENT_MAX_DOMAINS parameter is not valid
162 #endif
163 
164 //Size of the buffer for input/output operations
165 #ifndef ACME_CLIENT_BUFFER_SIZE
166  #define ACME_CLIENT_BUFFER_SIZE 6144
167 #elif (ACME_CLIENT_BUFFER_SIZE < 2048)
168  #error ACME_CLIENT_BUFFER_SIZE parameter is not valid
169 #endif
170 
171 //Maximum length of domain names
172 #ifndef ACME_CLIENT_MAX_NAME_LEN
173  #define ACME_CLIENT_MAX_NAME_LEN 64
174 #elif (ACME_CLIENT_MAX_NAME_LEN < 1)
175  #error ACME_CLIENT_MAX_NAME_LEN parameter is not valid
176 #endif
177 
178 //Maximum length of URIs
179 #ifndef ACME_CLIENT_MAX_URI_LEN
180  #define ACME_CLIENT_MAX_URI_LEN 32
181 #elif (ACME_CLIENT_MAX_URI_LEN < 1)
182  #error ACME_CLIENT_MAX_URI_LEN parameter is not valid
183 #endif
184 
185 //Maximum length of URLs
186 #ifndef ACME_CLIENT_MAX_URL_LEN
187  #define ACME_CLIENT_MAX_URL_LEN 128
188 #elif (ACME_CLIENT_MAX_URL_LEN < 1)
189  #error ACME_CLIENT_MAX_URL_LEN parameter is not valid
190 #endif
191 
192 //Maximum length of URNs
193 #ifndef ACME_CLIENT_MAX_URN_LEN
194  #define ACME_CLIENT_MAX_URN_LEN 64
195 #elif (ACME_CLIENT_MAX_URN_LEN < 1)
196  #error ACME_CLIENT_MAX_URN_LEN parameter is not valid
197 #endif
198 
199 //Maximum length of nonces
200 #ifndef ACME_CLIENT_MAX_NONCE_LEN
201  #define ACME_CLIENT_MAX_NONCE_LEN 64
202 #elif (ACME_CLIENT_MAX_NONCE_LEN < 1)
203  #error ACME_CLIENT_MAX_NONCE_LEN parameter is not valid
204 #endif
205 
206 //Maximum length of tokens
207 #ifndef ACME_CLIENT_MAX_TOKEN_LEN
208  #define ACME_CLIENT_MAX_TOKEN_LEN 64
209 #elif (ACME_CLIENT_MAX_TOKEN_LEN < 1)
210  #error ACME_CLIENT_MAX_TOKEN_LEN parameter is not valid
211 #endif
212 
213 //Maximum length of key authorizations
214 #ifndef ACME_CLIENT_MAX_KEY_AUTH_LEN
215  #define ACME_CLIENT_MAX_KEY_AUTH_LEN 128
216 #elif (ACME_CLIENT_MAX_KEY_AUTH_LEN < 1)
217  #error ACME_CLIENT_MAX_KEY_AUTH_LEN parameter is not valid
218 #endif
219 
220 //Maximum length of TLS-ALPN certificates
221 #ifndef ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN
222  #define ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN 1536
223 #elif (ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN < 1)
224  #error ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN parameter is not valid
225 #endif
226 
227 //Maximum length of media types
228 #ifndef ACME_CLIENT_MAX_CONTENT_TYPE_LEN
229  #define ACME_CLIENT_MAX_CONTENT_TYPE_LEN 40
230 #elif (ACME_CLIENT_MAX_CONTENT_TYPE_LEN < 1)
231  #error ACME_CLIENT_MAX_CONTENT_TYPE_LEN parameter is not valid
232 #endif
233 
234 //Maximum number of bad nonce errors
235 #ifndef ACME_CLIENT_MAX_BAD_NONCE_ERRORS
236  #define ACME_CLIENT_MAX_BAD_NONCE_ERRORS 5
237 #elif (ACME_CLIENT_MAX_BAD_NONCE_ERRORS < 0)
238  #error ACME_CLIENT_MAX_BAD_NONCE_ERRORS parameter is not valid
239 #endif
240 
241 //Application specific context
242 #ifndef ACME_CLIENT_PRIVATE_CONTEXT
243  #define ACME_CLIENT_PRIVATE_CONTEXT
244 #endif
245 
246 //Forward declaration of AcmeClientContext structure
247 struct _AcmeClientContext;
248 #define AcmeClientContext struct _AcmeClientContext
249 
250 //C++ guard
251 #ifdef __cplusplus
252 extern "C" {
253 #endif
254 
255 
256 /**
257  * @brief ACME client states
258  **/
259 
260 typedef enum
261 {
281 
282 
283 /**
284  * @brief HTTP request states
285  */
286 
287 typedef enum
288 {
300 
301 
302 /**
303  * @brief Account status
304  **/
305 
306 typedef enum
307 {
313 
314 
315 /**
316  * @brief Order status
317  **/
318 
319 typedef enum
320 {
328 
329 
330 /**
331  * @brief Authorization status
332  **/
333 
334 typedef enum
335 {
344 
345 
346 /**
347  * @brief Challenge status
348  **/
349 
350 typedef enum
351 {
358 
359 
360 /**
361  * @brief Challenge types
362  **/
363 
364 typedef enum
365 {
371 
372 
373 /**
374  * @brief Revocation reason codes
375  **/
376 
377 typedef enum
378 {
390 
391 
392 /**
393  * @brief TLS initialization callback function
394  **/
395 
397  TlsContext *tlsContext);
398 
399 
400 /**
401  * @brief CSR generation callback function
402  **/
403 
405  uint8_t *buffer, size_t size, size_t *length);
406 
407 
408 /**
409  * @brief Public/private key pair
410  **/
411 
412 typedef struct
413 {
415  char_t alg[8];
416  char_t crv[8];
417  const void *publicKey;
418  const void *privateKey;
419 #if (ACME_CLIENT_RSA_SUPPORT == ENABLED)
422 #endif
423 #if (ACME_CLIENT_ECDSA_SUPPORT == ENABLED)
427 #endif
428 #if (ACME_CLIENT_ED25519_SUPPORT == ENABLED || \
429  ACME_CLIENT_ED448_SUPPORT == ENABLED)
432 #endif
433 } AcmeKeyPair;
434 
435 
436 /**
437  * @brief ACME account creation parameters
438  **/
439 
440 typedef struct
441 {
442  uint_t numContacts; ///<Number of contact URLs
443  const char_t *contacts[ACME_CLIENT_MAX_CONTACTS]; ///<Array of URLs that the server can use to contact the client
444  bool_t termsOfServiceAgreed; ///<Indicates the client's agreement with the terms of service
445  const char_t *publicKey; ///<Account public key
446  size_t publicKeyLen; ///<Length of the account public key, in bytes
447  const char_t *privateKey; ///<Account private key
448  size_t privateKeyLen; ///<Length of the account private key, in bytes
449  const char_t *status; ///<Status of the account
451 
452 
453 /**
454  * @brief Domain parameters
455  **/
456 
457 typedef struct
458 {
459  const char_t *name; ///<Domain name
460  AcmeChallengeType challengeType; ///<Challenge type
462 
463 
464 /**
465  * @brief Certificate order parameters
466  **/
467 
468 typedef struct
469 {
470  uint_t numDomains; ///<Number of domain names
471  AcmeDomainParams domains[ACME_CLIENT_MAX_DOMAINS]; ///<Domain names that the client wishes to submit an order for
472  DateTime notBefore; ///<The requested value of the notBefore field in the certificate
473  DateTime notAfter; ///<The requested value of the notAfter field in the certificate
474  const char_t *publicKey; ///<Certificate public key
475  size_t publicKeyLen; ///<Length of the certificate public key, in bytes
476  const char_t *privateKey; ///<Certificate private key
477  size_t privateKeyLen; ///<Length of the certificate private key, in bytes
479 
480 
481 /**
482  * @brief Directory object
483  **/
484 
485 typedef struct
486 {
487  char_t newNonce[ACME_CLIENT_MAX_URL_LEN + 1]; ///<New nonce
488  char_t newAccount[ACME_CLIENT_MAX_URL_LEN + 1]; ///<New account
489  char_t newOrder[ACME_CLIENT_MAX_URL_LEN + 1]; ///<New order
490  char_t revokeCert[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Revoke certificate
491  char_t keyChange[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Key change
492 } AcmeDirectory;
493 
494 
495 /**
496  * @brief Account object
497  **/
498 
499 typedef struct
500 {
501  AcmeAccountStatus status; ///<Status of the account
502  char_t url[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Account URL
503 } AcmeAccount;
504 
505 
506 /**
507  * @brief Identifier object
508  **/
509 
510 typedef struct
511 {
512  char_t value[ACME_CLIENT_MAX_NAME_LEN + 1]; ///<Domain name
513  AcmeChallengeType challengeType; ///<Challenge type
515 
516 
517 /**
518  * @brief Order object
519  **/
520 
521 typedef struct
522 {
523  AcmeOrderStatus status; ///<Status of the order
524  char_t url[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Order URL
525  char_t finalize[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Finalize URL
526  char_t certificate[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Certificate URL
527 } AcmeOrder;
528 
529 
530 /**
531  * @brief Authorization object
532  **/
533 
534 typedef struct
535 {
536  AcmeAuthStatus status; ///<Status of the authorization
537  char_t url[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Authorization URL
538  bool_t wildcard; ///<Wildcard domain name
540 
541 
542 /**
543  * @brief Challenge object
544  **/
545 
546 typedef struct
547 {
548  AcmeChallengeType type; ///<Challenge type
549  AcmeChallengeStatus status; ///<Status of the challenge
551  bool_t wildcard; ///<Wildcard domain name
552  char_t url[ACME_CLIENT_MAX_URL_LEN + 1]; ///<Challenge URL
553  char_t token[ACME_CLIENT_MAX_TOKEN_LEN + 1]; ///<Token value
554  char_t keyAuth[ACME_CLIENT_MAX_KEY_AUTH_LEN + 1]; ///<Key authorization
555 #if (ACME_CLIENT_TLS_ALPN_CHALLENGE_SUPPORT == ENABLED)
556  char_t cert[ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN + 1]; ///<TLS-ALPN certificate
557 #endif
558 } AcmeChallenge;
559 
560 
561 /**
562  * @brief ACME client context
563  **/
564 
566 {
567  AcmeClientState state; ///<ACME client state
568  AcmeRequestState requestState; ///<HTTP request state
569  NetInterface *interface; ///<Underlying network interface
570  systime_t timeout; ///<Timeout value
571  const PrngAlgo *prngAlgo; ///<Pseudo-random number generator to be used
572  void *prngContext; ///<Pseudo-random number generator context
573  HttpClientContext httpClientContext; ///<HTTP client context
574  AcmeClientTlsInitCallback tlsInitCallback; ///<TLS initialization callback function
575  AcmeClientCsrCallback csrCallback; ///<CSR generation callback function
576  AcmeKeyPair accountKey; ///<ACME account key
577  AcmeKeyPair certKey; ///<Certificate key
578  char_t serverName[ACME_CLIENT_MAX_NAME_LEN + 1]; ///<Host name of the ACME server
579  uint16_t serverPort; ///<TCP port number
581  char_t nonce[ACME_CLIENT_MAX_NONCE_LEN + 1]; ///<Value of the Replay-Nonce header field
582  AcmeDirectory directory; ///<Directory object
583  AcmeAccount account; ///<Account object
584  AcmeOrder order; ///<Order object
585  uint_t numIdentifiers; ///<Number of identifiers
586  AcmeIdentifier identifiers[ACME_CLIENT_MAX_DOMAINS]; ///<Array of identifiers objects
587  uint_t numAuthorizations; ///<Number of authorizations
588  AcmeAuthorization authorizations[ACME_CLIENT_MAX_DOMAINS]; ///<Array of authorization objects
589  uint_t numChallenges; ///<Number of challenges
590  uint_t index; ///<Current index
591  AcmeChallenge challenges[ACME_CLIENT_MAX_DOMAINS]; ///<Array of challenge objects
592  char_t buffer[ACME_CLIENT_BUFFER_SIZE + 1]; ///<Memory buffer for input/output operations
593  size_t bufferLen; ///<Length of the buffer, in bytes
594  size_t bufferPos; ///<Current position in the buffer
595  uint_t statusCode; ///<HTTP status code
596  char_t contentType[ACME_CLIENT_MAX_CONTENT_TYPE_LEN + 1]; ///<Content type of the response
597  char_t errorType[ACME_CLIENT_MAX_URN_LEN + 1]; ///<ACME error type
598  uint_t badNonceErrors; ///<Number of consecutive bad nonce errors
599  ACME_CLIENT_PRIVATE_CONTEXT ///<Application specific context
600 };
601 
602 
603 //ACME client related functions
605 
607  AcmeClientTlsInitCallback callback);
608 
610  AcmeClientCsrCallback callback);
611 
612 error_t acmeClientSetPrng(AcmeClientContext *context, const PrngAlgo *prngAlgo,
613  void *prngContext);
614 
616 error_t acmeClientSetHost(AcmeClientContext *context, const char_t *host);
617 
619  const char_t *directoryUri);
620 
622  NetInterface *interface);
623 
625  const IpAddr *serverIpAddr, uint16_t serverPort);
626 
628  const char_t *publicKey, size_t publicKeyLen,
629  const char_t *privateKey, size_t privateKeyLen);
630 
632  const AcmeAccountParams *params);
633 
635  const AcmeAccountParams *params);
636 
638  const char_t *publicKey, size_t publicKeyLen,
639  const char_t *privateKey, size_t privateKeyLen);
640 
642 
644  const AcmeOrderParams *params);
645 
647  const char_t *token);
648 
650  const char_t *identifier);
651 
653  const char_t *identifier);
654 
656  AcmeOrderStatus *orderStatus);
657 
659  char_t *buffer, size_t size, size_t *length);
660 
662  const char_t *cert, size_t certLen, const char_t *privateKey,
663  size_t privateKeyLen, AcmeReasonCode reason);
664 
667 
668 void acmeClientDeinit(AcmeClientContext *context);
669 
670 //C++ guard
671 #ifdef __cplusplus
672 }
673 #endif
674 
675 #endif
error_t acmeClientDownloadCertificate(AcmeClientContext *context, char_t *buffer, size_t size, size_t *length)
Download the certificate.
Definition: acme_client.c:1454
#define ACME_CLIENT_PRIVATE_CONTEXT
Definition: acme_client.h:243
const char_t * acmeClientGetDnsKeyAuthorization(AcmeClientContext *context, const char_t *identifier)
Get the key authorization digest that matches a given identifier (DNS challenge)
Definition: acme_client.c:1084
const char_t * acmeClientGetHttpKeyAuthorization(AcmeClientContext *context, const char_t *token)
Get the key authorization that matches a given token (HTTP challenge)
Definition: acme_client.c:1033
#define ACME_CLIENT_MAX_NONCE_LEN
Definition: acme_client.h:201
error_t acmeClientRevokeCertificate(AcmeClientContext *context, const char_t *cert, size_t certLen, const char_t *privateKey, size_t privateKeyLen, AcmeReasonCode reason)
Certificate revocation.
Definition: acme_client.c:1574
const char_t * acmeClientGetTlsAlpnCertificate(AcmeClientContext *context, const char_t *identifier)
Get the self-certificate that matches a given identifier (TLS-ALPN challenge)
Definition: acme_client.c:1153
#define ACME_CLIENT_MAX_DOMAINS
Definition: acme_client.h:159
error_t(* AcmeClientCsrCallback)(AcmeClientContext *context, uint8_t *buffer, size_t size, size_t *length)
CSR generation callback function.
Definition: acme_client.h:404
#define ACME_CLIENT_BUFFER_SIZE
Definition: acme_client.h:166
error_t acmeClientRegisterCsrCallback(AcmeClientContext *context, AcmeClientCsrCallback callback)
Register CSR generation callback function.
Definition: acme_client.c:130
error_t acmeClientSetHost(AcmeClientContext *context, const char_t *host)
Set the domain name of the ACME server.
Definition: acme_client.c:198
#define ACME_CLIENT_MAX_URN_LEN
Definition: acme_client.h:194
error_t acmeClientChangeAccountKey(AcmeClientContext *context, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen)
Account key rollover.
Definition: acme_client.c:652
#define ACME_CLIENT_MAX_NAME_LEN
Definition: acme_client.h:173
error_t acmeClientDisconnect(AcmeClientContext *context)
Gracefully disconnect from the ACME server.
Definition: acme_client.c:1680
error_t acmeClientUpdateAccount(AcmeClientContext *context, const AcmeAccountParams *params)
Account information update.
Definition: acme_client.c:536
AcmeRequestState
HTTP request states.
Definition: acme_client.h:288
@ ACME_REQ_STATE_FORMAT_BODY
Definition: acme_client.h:292
@ ACME_REQ_STATE_PARSE_BODY
Definition: acme_client.h:297
@ ACME_REQ_STATE_RECEIVE_BODY
Definition: acme_client.h:296
@ ACME_REQ_STATE_CLOSE_BODY
Definition: acme_client.h:298
@ ACME_REQ_STATE_INIT
Definition: acme_client.h:289
@ ACME_REQ_STATE_RECEIVE_HEADER
Definition: acme_client.h:294
@ ACME_REQ_STATE_SEND_HEADER
Definition: acme_client.h:291
@ ACME_REQ_STATE_FORMAT_HEADER
Definition: acme_client.h:290
@ ACME_REQ_STATE_PARSE_HEADER
Definition: acme_client.h:295
@ ACME_REQ_STATE_SEND_BODY
Definition: acme_client.h:293
#define ACME_CLIENT_MAX_URL_LEN
Definition: acme_client.h:187
AcmeAccountStatus
Account status.
Definition: acme_client.h:307
@ ACME_ACCOUNT_STATUS_REVOKED
Definition: acme_client.h:311
@ ACME_ACCOUNT_STATUS_NONE
Definition: acme_client.h:308
@ ACME_ACCOUNT_STATUS_DEACTIVATED
Definition: acme_client.h:310
@ ACME_ACCOUNT_STATUS_VALID
Definition: acme_client.h:309
AcmeReasonCode
Revocation reason codes.
Definition: acme_client.h:378
@ ACME_REASON_UNSPECIFIED
Definition: acme_client.h:379
@ ACME_REASON_CESSATION_OF_OPERATION
Definition: acme_client.h:384
@ ACME_REASON_AFFILIATION_CHANGED
Definition: acme_client.h:382
@ ACME_REASON_PRIVILEGE_WITHDRAWN
Definition: acme_client.h:387
@ ACME_REMOVE_FROM_CRL
Definition: acme_client.h:386
@ ACME_REASON_SUPERSEDED
Definition: acme_client.h:383
@ ACME_REASON_CA_COMPROMISE
Definition: acme_client.h:381
@ ACME_REASON_KEY_COMPROMISE
Definition: acme_client.h:380
@ ACME_REASON_CERTIFICATE_HOLD
Definition: acme_client.h:385
@ ACME_REASON_AA_COMPROMISE
Definition: acme_client.h:388
AcmeChallengeStatus
Challenge status.
Definition: acme_client.h:351
@ ACME_CHALLENGE_STATUS_PENDING
Definition: acme_client.h:353
@ ACME_CHALLENGE_STATUS_PROCESSING
Definition: acme_client.h:354
@ ACME_CHALLENGE_STATUS_NONE
Definition: acme_client.h:352
@ ACME_CHALLENGE_STATUS_VALID
Definition: acme_client.h:355
@ ACME_CHALLENGE_STATUS_INVALID
Definition: acme_client.h:356
AcmeChallengeType
Challenge types.
Definition: acme_client.h:365
@ ACME_CHALLENGE_TYPE_TLS_ALPN_01
Definition: acme_client.h:369
@ ACME_CHALLENGE_TYPE_NONE
Definition: acme_client.h:366
@ ACME_CHALLENGE_TYPE_HTTP_01
Definition: acme_client.h:367
@ ACME_CHALLENGE_TYPE_DNS_01
Definition: acme_client.h:368
error_t acmeClientClose(AcmeClientContext *context)
Close the connection with the ACME server.
Definition: acme_client.c:1746
error_t acmeClientCreateAccount(AcmeClientContext *context, const AcmeAccountParams *params)
Account creation.
Definition: acme_client.c:424
error_t acmeClientCreateOrder(AcmeClientContext *context, const AcmeOrderParams *params)
Begin the certificate issuance process.
Definition: acme_client.c:881
error_t acmeClientConnect(AcmeClientContext *context, const IpAddr *serverIpAddr, uint16_t serverPort)
Establish a connection with the specified ACME server.
Definition: acme_client.c:272
#define ACME_CLIENT_MAX_URI_LEN
Definition: acme_client.h:180
error_t acmeClientDeactivateAccount(AcmeClientContext *context)
ACME account deactivation.
Definition: acme_client.c:769
error_t acmeClientRegisterTlsInitCallback(AcmeClientContext *context, AcmeClientTlsInitCallback callback)
Register TLS initialization callback function.
Definition: acme_client.c:108
#define ACME_CLIENT_MAX_CONTACTS
Definition: acme_client.h:152
void acmeClientDeinit(AcmeClientContext *context)
Release ACME client context.
Definition: acme_client.c:1767
error_t(* AcmeClientTlsInitCallback)(HttpClientContext *context, TlsContext *tlsContext)
TLS initialization callback function.
Definition: acme_client.h:396
#define AcmeClientContext
Definition: acme_client.h:248
AcmeAuthStatus
Authorization status.
Definition: acme_client.h:335
@ ACME_AUTH_STATUS_REVOKED
Definition: acme_client.h:342
@ ACME_AUTH_STATUS_INVALID
Definition: acme_client.h:339
@ ACME_AUTH_STATUS_NONE
Definition: acme_client.h:336
@ ACME_AUTH_STATUS_VALID
Definition: acme_client.h:338
@ ACME_AUTH_STATUS_EXPIRED
Definition: acme_client.h:340
@ ACME_AUTH_STATUS_DEACTIVATED
Definition: acme_client.h:341
@ ACME_AUTH_STATUS_PENDING
Definition: acme_client.h:337
AcmeClientState
ACME client states.
Definition: acme_client.h:261
@ ACME_CLIENT_STATE_DOWNLOAD_CERT
Definition: acme_client.h:277
@ ACME_CLIENT_STATE_DIRECTORY
Definition: acme_client.h:265
@ ACME_CLIENT_STATE_POLL_STATUS_2
Definition: acme_client.h:276
@ ACME_CLIENT_STATE_REVOKE_CERT
Definition: acme_client.h:278
@ ACME_CLIENT_STATE_CHALLENGE_READY
Definition: acme_client.h:273
@ ACME_CLIENT_STATE_NEW_ACCOUNT
Definition: acme_client.h:267
@ ACME_CLIENT_STATE_POLL_STATUS_1
Definition: acme_client.h:274
@ ACME_CLIENT_STATE_CONNECTED
Definition: acme_client.h:264
@ ACME_CLIENT_STATE_DISCONNECTED
Definition: acme_client.h:262
@ ACME_CLIENT_STATE_NEW_NONCE
Definition: acme_client.h:266
@ ACME_CLIENT_STATE_UPDATE_ACCOUNT
Definition: acme_client.h:268
@ ACME_CLIENT_STATE_NEW_ORDER
Definition: acme_client.h:271
@ ACME_CLIENT_STATE_AUTHORIZATION
Definition: acme_client.h:272
@ ACME_CLIENT_STATE_DISCONNECTING
Definition: acme_client.h:279
@ ACME_CLIENT_STATE_CONNECTING
Definition: acme_client.h:263
@ ACME_CLIENT_STATE_DEACTIVATE_ACCOUNT
Definition: acme_client.h:270
@ ACME_CLIENT_STATE_FINALIZE
Definition: acme_client.h:275
@ ACME_CLIENT_STATE_CHANGE_KEY
Definition: acme_client.h:269
error_t acmeClientInit(AcmeClientContext *context)
Initialize ACME client context.
Definition: acme_client.c:69
error_t acmeClientSetAccountKey(AcmeClientContext *context, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen)
Load account key pair.
Definition: acme_client.c:397
AcmeOrderStatus
Order status.
Definition: acme_client.h:320
@ ACME_ORDER_STATUS_PENDING
Definition: acme_client.h:322
@ ACME_ORDER_STATUS_VALID
Definition: acme_client.h:325
@ ACME_ORDER_STATUS_READY
Definition: acme_client.h:323
@ ACME_ORDER_STATUS_PROCESSING
Definition: acme_client.h:324
@ ACME_ORDER_STATUS_NONE
Definition: acme_client.h:321
@ ACME_ORDER_STATUS_INVALID
Definition: acme_client.h:326
#define ACME_CLIENT_MAX_TOKEN_LEN
Definition: acme_client.h:208
error_t acmeClientSetTimeout(AcmeClientContext *context, systime_t timeout)
Set communication timeout.
Definition: acme_client.c:177
#define ACME_CLIENT_MAX_CONTENT_TYPE_LEN
Definition: acme_client.h:229
error_t acmeClientSetPrng(AcmeClientContext *context, const PrngAlgo *prngAlgo, void *prngContext)
Set the pseudo-random number generator to be used.
Definition: acme_client.c:153
error_t acmeClientSetDirectoryUri(AcmeClientContext *context, const char_t *directoryUri)
Set the URI of the directory object.
Definition: acme_client.c:223
error_t acmeClientBindToInterface(AcmeClientContext *context, NetInterface *interface)
Bind the ACME client to a particular network interface.
Definition: acme_client.c:249
#define ACME_CLIENT_MAX_TLS_ALPN_CERT_LEN
Definition: acme_client.h:222
#define ACME_CLIENT_MAX_KEY_AUTH_LEN
Definition: acme_client.h:215
error_t acmeClientPollOrderStatus(AcmeClientContext *context, AcmeOrderStatus *orderStatus)
Poll for order status.
Definition: acme_client.c:1202
uint8_t token[]
Definition: coap_common.h:181
unsigned int uint_t
Definition: compiler_port.h:50
char char_t
Definition: compiler_port.h:48
int bool_t
Definition: compiler_port.h:53
#define PrngAlgo
Definition: crypto.h:917
uint8_t identifier[]
error_t
Error codes.
Definition: error.h:43
HTTP client (HyperText Transfer Protocol)
#define HttpClientContext
Definition: http_client.h:198
TCP/IP stack core.
#define NetInterface
Definition: net.h:36
uint32_t systime_t
System time.
ACME client context.
Definition: acme_client.h:566
AcmeKeyPair certKey
Certificate key.
Definition: acme_client.h:577
AcmeClientState state
ACME client state.
Definition: acme_client.h:567
HttpClientContext httpClientContext
HTTP client context.
Definition: acme_client.h:573
uint_t numAuthorizations
Number of authorizations.
Definition: acme_client.h:587
AcmeOrder order
Order object.
Definition: acme_client.h:584
AcmeKeyPair accountKey
ACME account key.
Definition: acme_client.h:576
char_t errorType[ACME_CLIENT_MAX_URN_LEN+1]
ACME error type.
Definition: acme_client.h:597
AcmeClientTlsInitCallback tlsInitCallback
TLS initialization callback function.
Definition: acme_client.h:574
AcmeIdentifier identifiers[ACME_CLIENT_MAX_DOMAINS]
Array of identifiers objects.
Definition: acme_client.h:586
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
Definition: acme_client.h:571
AcmeAccount account
Account object.
Definition: acme_client.h:583
size_t bufferPos
Current position in the buffer.
Definition: acme_client.h:594
AcmeClientCsrCallback csrCallback
CSR generation callback function.
Definition: acme_client.h:575
uint_t numChallenges
Number of challenges.
Definition: acme_client.h:589
char_t serverName[ACME_CLIENT_MAX_NAME_LEN+1]
Host name of the ACME server.
Definition: acme_client.h:578
uint16_t serverPort
TCP port number.
Definition: acme_client.h:579
char_t contentType[ACME_CLIENT_MAX_CONTENT_TYPE_LEN+1]
Content type of the response.
Definition: acme_client.h:596
size_t bufferLen
Length of the buffer, in bytes.
Definition: acme_client.h:593
char_t nonce[ACME_CLIENT_MAX_NONCE_LEN+1]
Value of the Replay-Nonce header field.
Definition: acme_client.h:581
AcmeDirectory directory
Directory object.
Definition: acme_client.h:582
char_t directoryUri[ACME_CLIENT_MAX_URI_LEN+1]
Directory URI.
Definition: acme_client.h:580
systime_t timeout
Timeout value.
Definition: acme_client.h:570
char_t buffer[ACME_CLIENT_BUFFER_SIZE+1]
Memory buffer for input/output operations.
Definition: acme_client.h:592
uint_t statusCode
HTTP status code.
Definition: acme_client.h:595
uint_t numIdentifiers
Number of identifiers.
Definition: acme_client.h:585
AcmeAuthorization authorizations[ACME_CLIENT_MAX_DOMAINS]
Array of authorization objects.
Definition: acme_client.h:588
uint_t badNonceErrors
Number of consecutive bad nonce errors.
Definition: acme_client.h:598
AcmeChallenge challenges[ACME_CLIENT_MAX_DOMAINS]
Array of challenge objects.
Definition: acme_client.h:591
NetInterface * interface
Underlying network interface.
Definition: acme_client.h:569
AcmeRequestState requestState
HTTP request state.
Definition: acme_client.h:568
void * prngContext
Pseudo-random number generator context.
Definition: acme_client.h:572
uint_t index
Current index.
Definition: acme_client.h:590
Account object.
Definition: acme_client.h:500
AcmeAccountStatus status
Status of the account.
Definition: acme_client.h:501
ACME account creation parameters.
Definition: acme_client.h:441
const char_t * privateKey
Account private key.
Definition: acme_client.h:447
bool_t termsOfServiceAgreed
Indicates the client's agreement with the terms of service.
Definition: acme_client.h:444
const char_t * status
Status of the account.
Definition: acme_client.h:449
const char_t * publicKey
Account public key.
Definition: acme_client.h:445
uint_t numContacts
Number of contact URLs.
Definition: acme_client.h:442
size_t publicKeyLen
Length of the account public key, in bytes.
Definition: acme_client.h:446
size_t privateKeyLen
Length of the account private key, in bytes.
Definition: acme_client.h:448
Authorization object.
Definition: acme_client.h:535
bool_t wildcard
Wildcard domain name.
Definition: acme_client.h:538
AcmeAuthStatus status
Status of the authorization.
Definition: acme_client.h:536
Challenge object.
Definition: acme_client.h:547
AcmeChallengeStatus status
Status of the challenge.
Definition: acme_client.h:549
bool_t wildcard
Wildcard domain name.
Definition: acme_client.h:551
AcmeChallengeType type
Challenge type.
Definition: acme_client.h:548
Directory object.
Definition: acme_client.h:486
Domain parameters.
Definition: acme_client.h:458
AcmeChallengeType challengeType
Challenge type.
Definition: acme_client.h:460
const char_t * name
Domain name.
Definition: acme_client.h:459
Identifier object.
Definition: acme_client.h:511
AcmeChallengeType challengeType
Challenge type.
Definition: acme_client.h:513
Public/private key pair.
Definition: acme_client.h:413
RsaPrivateKey rsaPrivateKey
Definition: acme_client.h:421
EddsaPublicKey eddsaPublicKey
Definition: acme_client.h:430
EcPublicKey ecPublicKey
Definition: acme_client.h:425
X509KeyType type
Definition: acme_client.h:414
EddsaPrivateKey eddsaPrivateKey
Definition: acme_client.h:431
const void * privateKey
Definition: acme_client.h:418
const void * publicKey
Definition: acme_client.h:417
RsaPublicKey rsaPublicKey
Definition: acme_client.h:420
EcPrivateKey ecPrivateKey
Definition: acme_client.h:426
EcDomainParameters ecParams
Definition: acme_client.h:424
Order object.
Definition: acme_client.h:522
AcmeOrderStatus status
Status of the order.
Definition: acme_client.h:523
Certificate order parameters.
Definition: acme_client.h:469
const char_t * privateKey
Certificate private key.
Definition: acme_client.h:476
DateTime notAfter
The requested value of the notAfter field in the certificate.
Definition: acme_client.h:473
uint_t numDomains
Number of domain names.
Definition: acme_client.h:470
const char_t * publicKey
Certificate public key.
Definition: acme_client.h:474
size_t publicKeyLen
Length of the certificate public key, in bytes.
Definition: acme_client.h:475
size_t privateKeyLen
Length of the certificate private key, in bytes.
Definition: acme_client.h:477
DateTime notBefore
The requested value of the notBefore field in the certificate.
Definition: acme_client.h:472
Date and time representation.
Definition: date_time.h:47
EC domain parameters.
Definition: ec.h:76
EC private key.
Definition: ec.h:104
EC public key.
Definition: ec.h:94
EdDSA private key.
Definition: eddsa.h:59
EdDSA public key.
Definition: eddsa.h:49
IP network address.
Definition: ip.h:79
RSA private key.
Definition: rsa.h:68
RSA public key.
Definition: rsa.h:57
uint8_t length
Definition: tcp.h:368
uint8_t value[]
Definition: tcp.h:369
TLS (Transport Layer Security)
#define TlsContext
Definition: tls.h:36
X.509 common definitions.
X509KeyType
Public Key types.
Definition: x509_common.h:578