xref: /third_party/libwebsockets/plugins/acme-client/protocol_lws_acme_client.c

113 	 * But ac is only allocated when we are doing the server auth.
115 	struct acme_connection *ac;
137 	struct acme_connection *ac = lws_vhost_user(vhost);
145 			    ac->key_auth);
160 		n = (int)strlen(ac->key_auth);
183 		p += lws_snprintf((char *)p, lws_ptr_diff_size_t(end, p), "%s", ac->key_auth);
353 		s->len = sizeof(s->ac->urls[0]) - 1;
354 		s->dest = s->ac->urls[ctx->path_match - 1];
626 	if (vhd->ac) {
627 		if (vhd->ac->vhost)
628 			lws_vhost_destroy(vhd->ac->vhost);
629 		if (vhd->ac->alloc_privkey_pem)
630 			free(vhd->ac->alloc_privkey_pem);
631 		free(vhd->ac);
637 	vhd->ac = NULL;
706 	vhd->ac = malloc(sizeof(*vhd->ac));
707 	memset(vhd->ac, 0, sizeof(*vhd->ac));
725 	if (!vhd->ac->urls[0][0]) {
726 		vhd->ac->state = ACME_STATE_DIRECTORY;
730 		vhd->ac->state = ACME_STATE_NEW_ACCOUNT;
732 				vhd->ac->urls[JAD_NEW_ACCOUNT_URL]);
735 	vhd->ac->real_vh_port = lws_get_vhost_port(vhd->vhost);
736 	vhd->ac->real_vh_name = lws_get_vhost_name(vhd->vhost);
737 	vhd->ac->real_vh_iface = lws_get_vhost_iface(vhd->vhost);
751 				&vhd->ac->cwsi, &vhd->ac->i, buf, "GET"))
757 	free(vhd->ac);
758 	vhd->ac = NULL;
775 	struct acme_connection *ac = NULL;
783 		ac = vhd->ac;
936 		if (!ac)
939 		ac->resp = (int)lws_http_client_http_response(wsi);
943 				lws_hdr_copy(wsi, ac->replay_nonce,
944 					sizeof(ac->replay_nonce),
951 		switch (ac->state) {
953 			lejp_construct(&ac->jctx, cb_dir, vhd, jdir_tok,
964 			ac->state = ACME_STATE_NEW_ACCOUNT;
967 			strcpy(buf, ac->urls[JAD_NEW_ACCOUNT_URL]);
969 					&ac->cwsi, &ac->i, buf, "POST");
984 			if (lws_hdr_copy(wsi, ac->acct_id, sizeof(ac->acct_id),
990 			ac->kid = ac->acct_id;
992 			lwsl_vhost_notice(vhd->vhost, "Location: %s", ac->acct_id);
996 			if (lws_hdr_copy(wsi, ac->order_url,
997 					 sizeof(ac->order_url),
1004 			lejp_construct(&ac->jctx, cb_order, ac, jorder_tok,
1009 			lejp_construct(&ac->jctx, cb_authz, ac, jauthz_tok,
1014 			lejp_construct(&ac->jctx, cb_chac, ac, jchac_tok,
1020 			lejp_construct(&ac->jctx, cb_order, ac, jorder_tok,
1025 			ac->cpos = 0;
1034 		if (!ac)
1037 		switch (ac->state) {
1048 			strcpy(ac->active_url, ac->urls[JAD_NEW_ACCOUNT_URL]);
1052 				ac->len = 0;
1058 			ac->len = jws_create_packet(&jwe,
1060 					ac->replay_nonce,
1061 					ac->active_url,
1062 					ac->kid,
1063 					&ac->buf[LWS_PRE],
1064 					sizeof(ac->buf) - LWS_PRE,
1066 			if (ac->len < 0) {
1067 				ac->len = 0;
1075 			ac->pos = 0;
1086 			n = sprintf(buf, "%d", ac->len);
1108 			strcpy(ac->active_url, ac->urls[JAD_NEW_ORDER_URL]);
1112 			strcpy(ac->active_url, ac->authz_url);
1120 			strcpy(ac->active_url, ac->challenge_uri);
1124 			strcpy(ac->active_url, ac->order_url);
1128 			if (ac->goes_around)
1135 					&ac->alloc_privkey_pem,
1136 					&ac->len_privkey_pem);
1143 			strcpy(ac->active_url, ac->finalize_url);
1147 			strcpy(ac->active_url, ac->cert_url);
1158 		if (!ac)
1161 		if (ac->pos == ac->len)
1164 		ac->buf[LWS_PRE + ac->len] = '\0';
1165 		if (lws_write(wsi, (uint8_t *)ac->buf + LWS_PRE,
1166 					(size_t)ac->len, LWS_WRITE_HTTP_FINAL) < 0)
1169 		ac->pos = ac->len;
1175 		if (!ac)
1178 		switch (ac->state) {
1186 			m = lejp_parse(&ac->jctx, (uint8_t *)in, (int)len);
1201 			if ((unsigned int)ac->cpos + len > sizeof(ac->buf))
1202 				len = sizeof(ac->buf) - (unsigned int)ac->cpos;
1205 				memcpy(&ac->buf[ac->cpos], in, len);
1206 				ac->cpos += (int)len;
1216 		if (!ac)
1219 		switch (ac->state) {
1235 		if (!ac)
1238 		switch (ac->state) {
1240 			lejp_destruct(&ac->jctx);
1245 				lwsl_notice("   %d: %s\n", n, ac->urls[n]);
1247 			ac->state = ACME_STATE_NEW_NONCE;
1249 			strcpy(buf, ac->urls[JAD_NEW_NONCE_URL]);
1251 					&ac->cwsi, &ac->i, buf,
1261 			if ((ac->resp >= 200 && ac->resp < 299) ||
1262 			    ac->resp == 409) {
1267 				ac->state = ACME_STATE_NEW_ORDER;
1269 				strcpy(buf, ac->urls[JAD_NEW_ORDER_URL]);
1271 						vhd->vhost, &ac->cwsi,
1272 						&ac->i, buf, "POST");
1281 						ac->resp);
1287 			lejp_destruct(&ac->jctx);
1288 			if (!ac->authz_url[0]) {
1296 			ac->state = ACME_STATE_AUTHZ;
1300 			strcpy(buf, ac->authz_url);
1302 					vhd->vhost, &ac->cwsi,
1303 					&ac->i, buf, "POST");
1310 			lejp_destruct(&ac->jctx);
1311 			if (ac->resp / 100 == 4) {
1313 						"Auth failed: %s", ac->detail);
1318 			lwsl_vhost_info(vhd->vhost, "chall: %s (%d)\n", ac->chall_token, ac->resp);
1319 			if (!ac->chall_token[0]) {
1324 			ac->state = ACME_STATE_START_CHALL;
1328 			memset(&ac->ci, 0, sizeof(ac->ci));
1332 			p = ac->key_auth;
1333 			end = p + sizeof(ac->key_auth) - 1;
1335 			p += lws_snprintf(p, lws_ptr_diff_size_t(end, p), "%s.", ac->chall_token);
1341 			lwsl_vhost_notice(vhd->vhost, "key_auth: '%s'", ac->key_auth);
1343 			lws_snprintf(ac->http01_mountpoint,
1344 					sizeof(ac->http01_mountpoint),
1346 					ac->chall_token);
1348 			memset(&ac->mount, 0, sizeof (struct lws_http_mount));
1349 			ac->mount.protocol = "http";
1350 			ac->mount.mountpoint = ac->http01_mountpoint;
1351 			ac->mount.mountpoint_len = (unsigned char)
1352 				strlen(ac->http01_mountpoint);
1353 			ac->mount.origin_protocol = LWSMPRO_CALLBACK;
1355 			ac->ci.mounts = &ac->mount;
1358 			ac->ci.port = 80;
1361 			ac->ci.protocols = chall_http01_protocols;
1364 			 * vhost .user points to the ac associated with the
1367 			ac->ci.user = ac;
1369 			ac->vhost = lws_create_vhost(lws_get_context(wsi),
1370 					&ac->ci);
1371 			if (!ac->vhost)
1374 			lwsl_vhost_notice(vhd->vhost, "challenge_uri %s", ac->challenge_uri);
1380 			ac->goes_around = 0;
1382 						       &ac->cwsi, &ac->i,
1383 						       ac->challenge_uri,
1393 				          ac->challenge_uri);
1395 			ac->state = ACME_STATE_POLLING;
1399 			if (ac->goes_around++ == 20) {
1406 			strcpy(buf, ac->order_url);
1408 						       &ac->cwsi, &ac->i, buf,
1419 			if (ac->resp == 202 && strcmp(ac->status, "invalid") &&
1420 					       strcmp(ac->status, "valid"))
1423 			if (!strcmp(ac->status, "pending"))
1426 			if (!strcmp(ac->status, "invalid")) {
1430 						ac->detail);
1441 			if (ac->vhost)
1442 				lws_vhost_destroy(ac->vhost);
1443 			ac->vhost = NULL;
1451 			ac->state = ACME_STATE_POLLING_CSR;
1453 			ac->goes_around = 0;
1455 			strcpy(buf, ac->finalize_url);
1457 						       &ac->cwsi, &ac->i, buf,
1467 			if (ac->resp < 200 || ac->resp > 202) {
1469 						ac->resp);
1473 			if (ac->resp != 200) {
1474 				if (ac->goes_around++ == 30) {
1479 				strcpy(buf, ac->finalize_url);
1482 						&ac->cwsi, &ac->i, buf,
1494 			ac->state = ACME_STATE_DOWNLOAD_CERT;
1496 			strcpy(buf, ac->cert_url);
1498 						       &ac->cwsi, &ac->i, buf,
1509 			if (ac->resp != 200) {
1511 					    ac->resp);
1520 			 * ac->buf, length in ac->cpos; and the key in
1521 			 * ac->alloc_privkey_pem, length in
1522 			 * ac->len_privkey_pem.
1526 				char *end_cert = strstr(ac->buf, "END CERTIFICATE-----");
1529 					ac->cpos = (int)(lws_ptr_diff_size_t(end_cert, ac->buf) + sizeof("END CERTIFICATE-----") - 1);
1531 					ac->cpos = 0;
1538 					ac->buf,
1539 					(size_t)ac->cpos);
1551 						ac->alloc_privkey_pem,
1552 						ac->len_privkey_pem)) {
1571 						ac->buf, (size_t)ac->cpos,
1572 						ac->alloc_privkey_pem,
1573 						ac->len_privkey_pem)) {
1592 				&ac->cwsi, &ac->i,
1593 				ac->challenge_uri,

Indexes created Thu Nov 07 10:32:03 CST 2024