forked from jmccl/acme-lw
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathacme-lw.h
90 lines (67 loc) · 2.45 KB
/
acme-lw.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#pragma once
#include "acme-exception.h"
#include <list>
#include <memory>
namespace acme_lw
{
struct Certificate
{
std::string fullchain;
std::string privkey;
// Note that neither of the 'Expiry' calls below require 'privkey'
// to be set; they only rely on 'fullchain'.
/**
Returns the number of seconds since 1970, i.e., epoch time.
Due to openssl quirkiness there might be a little drift
from a strictly accurate result, but it should be close
enough for the purpose of determining whether the certificate
needs to be renewed.
*/
long getExpiry() const;
/**
Returns the 'Not After' result that openssl would display if
running the following command.
openssl x509 -noout -in fullchain.pem -text
For example:
May 6 21:15:03 2018 GMT
*/
std::string getExpiryDisplay() const;
};
struct AcmeClientImpl;
class AcmeClient
{
public:
/**
The signingKey is the Acme account private key used to sign
requests to the acme CA, in pem format.
*/
AcmeClient(const std::string& signingKey);
~AcmeClient();
/**
The implementation of this function allows Let's Encrypt to
verify that the requestor has control of the domain name.
The callback may be called once for each domain name in the
'issueCertificate' call. The callback should do whatever is
needed so that a GET on the url returns the 'keyAuthorization',
(which is what the Acme protocol calls the expected response.)
Note that this function may not be called in cases where
Let's Encrypt already believes the caller has control
of the domain name.
*/
typedef void (*Callback) ( const std::string& domainName,
const std::string& url,
const std::string& keyAuthorization);
/**
Issue a certificate for the domainNames. If there is more than one, the
first one will be the 'Subject' (CN) in the certificate.
throws std::exception, usually an instance of AcmeException
*/
Certificate issueCertificate(const std::list<std::string>& domainNames, Callback);
// Call once before instantiating AcmeClient. Not thread safe.
static void init();
// Call once before application shutdown. Not thread safe.
static void teardown();
private:
std::unique_ptr<AcmeClientImpl> impl_;
};
}