115 	struct acme_connection *ac;  member
137 	struct acme_connection *ac = lws_vhost_user(vhost);  in callback_chall_http01()  local
145 			    __func__, ac->key_auth);  in callback_chall_http01()
160 		n = strlen(ac->key_auth);  in callback_chall_http01()
185 		p += lws_snprintf((char *)p, end - p, "%s", ac->key_auth);  in callback_chall_http01()
355 		s->len = sizeof(s->ac->urls[0]) - 1;  in cb_dir()
356 		s->dest = s->ac->urls[ctx->path_match - 1];  in cb_dir()
628 	if (vhd->ac) {  in lws_acme_finished()
629 		if (vhd->ac->vhost)  in lws_acme_finished()
630 			lws_vhost_destroy(vhd->ac->vhost);  in lws_acme_finished()
631 		if (vhd->ac->alloc_privkey_pem)  in lws_acme_finished()
632 			free(vhd->ac->alloc_privkey_pem);  in lws_acme_finished()
633 		free(vhd->ac);  in lws_acme_finished()
639 	vhd->ac = NULL;  in lws_acme_finished()
708 	vhd->ac = malloc(sizeof(*vhd->ac));  in lws_acme_start_acquisition()
709 	memset(vhd->ac, 0, sizeof(*vhd->ac));  in lws_acme_start_acquisition()
727 	if (!vhd->ac->urls[0][0]) {  in lws_acme_start_acquisition()
728 		vhd->ac->state = ACME_STATE_DIRECTORY;  in lws_acme_start_acquisition()
732 		vhd->ac->state = ACME_STATE_NEW_ACCOUNT;  in lws_acme_start_acquisition()
734 				vhd->ac->urls[JAD_NEW_ACCOUNT_URL]);  in lws_acme_start_acquisition()
737 	vhd->ac->real_vh_port = lws_get_vhost_port(vhd->vhost);  in lws_acme_start_acquisition()
738 	vhd->ac->real_vh_name = lws_get_vhost_name(vhd->vhost);  in lws_acme_start_acquisition()
739 	vhd->ac->real_vh_iface = lws_get_vhost_iface(vhd->vhost);  in lws_acme_start_acquisition()
753 				&vhd->ac->cwsi, &vhd->ac->i, buf, "GET"))  in lws_acme_start_acquisition()
759 	free(vhd->ac);  in lws_acme_start_acquisition()
760 	vhd->ac = NULL;  in lws_acme_start_acquisition()
777 	struct acme_connection *ac = NULL;  in callback_acme_client()  local
785 		ac = vhd->ac;  in callback_acme_client()
941 				ac->state, lws_http_client_http_response(wsi));  in callback_acme_client()
942 		if (!ac)  in callback_acme_client()
944 		ac->resp = lws_http_client_http_response(wsi);  in callback_acme_client()
947 				lws_hdr_copy(wsi, ac->replay_nonce,  in callback_acme_client()
948 					sizeof(ac->replay_nonce),  in callback_acme_client()
955 		switch (ac->state) {  in callback_acme_client()
957 			lejp_construct(&ac->jctx, cb_dir, vhd, jdir_tok,  in callback_acme_client()
967 			ac->state = ACME_STATE_NEW_ACCOUNT;  in callback_acme_client()
970 			strcpy(buf, ac->urls[JAD_NEW_ACCOUNT_URL]);  in callback_acme_client()
972 					&ac->cwsi, &ac->i, buf, "POST");  in callback_acme_client()
988 			if (lws_hdr_copy(wsi, ac->acct_id, sizeof(ac->acct_id),  in callback_acme_client()
995 			ac->kid = ac->acct_id;  in callback_acme_client()
997 			lwsl_notice("Location: %s\n", ac->acct_id);  in callback_acme_client()
1001 			if (lws_hdr_copy(wsi, ac->order_url,  in callback_acme_client()
1002 					 sizeof(ac->order_url),  in callback_acme_client()
1010 			lejp_construct(&ac->jctx, cb_order, ac, jorder_tok,  in callback_acme_client()
1015 			lejp_construct(&ac->jctx, cb_authz, ac, jauthz_tok,  in callback_acme_client()
1020 			lejp_construct(&ac->jctx, cb_chac, ac, jchac_tok,  in callback_acme_client()
1026 			lejp_construct(&ac->jctx, cb_order, ac, jorder_tok,  in callback_acme_client()
1031 			ac->cpos = 0;  in callback_acme_client()
1040 		if (!ac)  in callback_acme_client()
1043 		switch (ac->state) {  in callback_acme_client()
1055 			strcpy(ac->active_url, ac->urls[JAD_NEW_ACCOUNT_URL]);  in callback_acme_client()
1059 				ac->len = 0;  in callback_acme_client()
1065 			ac->len = jws_create_packet(&jwe,  in callback_acme_client()
1067 					ac->replay_nonce,  in callback_acme_client()
1068 					ac->active_url,  in callback_acme_client()
1069 					ac->kid,  in callback_acme_client()
1070 					&ac->buf[LWS_PRE],  in callback_acme_client()
1071 					sizeof(ac->buf) - LWS_PRE,  in callback_acme_client()
1073 			if (ac->len < 0) {  in callback_acme_client()
1074 				ac->len = 0;  in callback_acme_client()
1082 			ac->pos = 0;  in callback_acme_client()
1093 			n = sprintf(buf, "%d", ac->len);  in callback_acme_client()
1116 			strcpy(ac->active_url, ac->urls[JAD_NEW_ORDER_URL]);  in callback_acme_client()
1121 			strcpy(ac->active_url, ac->authz_url);  in callback_acme_client()
1130 			strcpy(ac->active_url, ac->challenge_uri);  in callback_acme_client()
1134 			strcpy(ac->active_url, ac->order_url);  in callback_acme_client()
1138 			if (ac->goes_around)  in callback_acme_client()
1145 					&ac->alloc_privkey_pem,  in callback_acme_client()
1146 					&ac->len_privkey_pem);  in callback_acme_client()
1154 			strcpy(ac->active_url, ac->finalize_url);  in callback_acme_client()
1158 			strcpy(ac->active_url, ac->cert_url);  in callback_acme_client()
1170 		if (!ac)  in callback_acme_client()
1173 		if (ac->pos == ac->len)  in callback_acme_client()
1176 		ac->buf[LWS_PRE + ac->len] = '\0';  in callback_acme_client()
1177 		if (lws_write(wsi, (uint8_t *)ac->buf + LWS_PRE,  in callback_acme_client()
1178 					ac->len, LWS_WRITE_HTTP_FINAL) < 0)  in callback_acme_client()
1180 		lwsl_notice("wrote %d\n", ac->len);  in callback_acme_client()
1181 		ac->pos = ac->len;  in callback_acme_client()
1187 		if (!ac)  in callback_acme_client()
1190 		switch (ac->state) {  in callback_acme_client()
1199 			m = (int)(signed char)lejp_parse(&ac->jctx,  in callback_acme_client()
1214 			if (ac->cpos + len > sizeof(ac->buf)) {  in callback_acme_client()
1218 			memcpy(&ac->buf[ac->cpos], in, len);  in callback_acme_client()
1219 			ac->cpos += len;  in callback_acme_client()
1229 		if (!ac)  in callback_acme_client()
1231 		switch (ac->state) {  in callback_acme_client()
1248 		if (!ac)  in callback_acme_client()
1251 		switch (ac->state) {  in callback_acme_client()
1253 			lejp_destruct(&ac->jctx);  in callback_acme_client()
1258 				lwsl_notice("   %d: %s\n", n, ac->urls[n]);  in callback_acme_client()
1260 			ac->state = ACME_STATE_NEW_NONCE;  in callback_acme_client()
1262 			strcpy(buf, ac->urls[JAD_NEW_NONCE_URL]);  in callback_acme_client()
1264 					&ac->cwsi, &ac->i, buf,  in callback_acme_client()
1274 			if ((ac->resp >= 200 && ac->resp < 299) ||  in callback_acme_client()
1275 					ac->resp == 409) {  in callback_acme_client()
1280 				ac->state = ACME_STATE_NEW_ORDER;  in callback_acme_client()
1282 				strcpy(buf, ac->urls[JAD_NEW_ORDER_URL]);  in callback_acme_client()
1284 						vhd->vhost, &ac->cwsi,  in callback_acme_client()
1285 						&ac->i, buf, "POST");  in callback_acme_client()
1294 						ac->resp);  in callback_acme_client()
1300 			lejp_destruct(&ac->jctx);  in callback_acme_client()
1301 			if (!ac->authz_url[0]) {  in callback_acme_client()
1309 			ac->state = ACME_STATE_AUTHZ;  in callback_acme_client()
1313 			strcpy(buf, ac->authz_url);  in callback_acme_client()
1315 					vhd->vhost, &ac->cwsi,  in callback_acme_client()
1316 					&ac->i, buf, "POST");  in callback_acme_client()
1324 			lejp_destruct(&ac->jctx);  in callback_acme_client()
1325 			if (ac->resp / 100 == 4) {  in callback_acme_client()
1327 						"Auth failed: %s", ac->detail);  in callback_acme_client()
1332 			lwsl_notice("chall: %s (%d)\n", ac->chall_token,  in callback_acme_client()
1333 					ac->resp);  in callback_acme_client()
1334 			if (!ac->chall_token[0]) {  in callback_acme_client()
1339 			ac->state = ACME_STATE_START_CHALL;  in callback_acme_client()
1343 			memset(&ac->ci, 0, sizeof(ac->ci));  in callback_acme_client()
1347 			p = ac->key_auth;  in callback_acme_client()
1348 			end = p + sizeof(ac->key_auth) - 1;  in callback_acme_client()
1350 			p += lws_snprintf(p, end - p, "%s.", ac->chall_token);  in callback_acme_client()
1356 			lwsl_notice("key_auth: '%s'\n", ac->key_auth);  in callback_acme_client()
1358 			lws_snprintf(ac->http01_mountpoint,  in callback_acme_client()
1359 					sizeof(ac->http01_mountpoint),  in callback_acme_client()
1361 					ac->chall_token);  in callback_acme_client()
1363 			memset(&ac->mount, 0, sizeof (struct lws_http_mount));  in callback_acme_client()
1364 			ac->mount.protocol = "http";  in callback_acme_client()
1365 			ac->mount.mountpoint = ac->http01_mountpoint;  in callback_acme_client()
1366 			ac->mount.mountpoint_len =  in callback_acme_client()
1367 				strlen(ac->http01_mountpoint);  in callback_acme_client()
1368 			ac->mount.origin_protocol = LWSMPRO_CALLBACK;  in callback_acme_client()
1370 			ac->ci.mounts = &ac->mount;  in callback_acme_client()
1374 			ac->ci.port = 80;  in callback_acme_client()
1377 			ac->ci.protocols = chall_http01_protocols;  in callback_acme_client()
1383 			ac->ci.user = ac;  in callback_acme_client()
1385 			ac->vhost = lws_create_vhost(lws_get_context(wsi),  in callback_acme_client()
1386 					&ac->ci);  in callback_acme_client()
1387 			if (!ac->vhost)  in callback_acme_client()
1390 			lwsl_notice("challenge_uri %s\n", ac->challenge_uri);  in callback_acme_client()
1396 			ac->goes_around = 0;  in callback_acme_client()
1398 						       &ac->cwsi, &ac->i,  in callback_acme_client()
1399 						       ac->challenge_uri,  in callback_acme_client()
1409 				    __func__, ac->challenge_uri);  in callback_acme_client()
1411 			ac->state = ACME_STATE_POLLING;  in callback_acme_client()
1415 			if (ac->goes_around++ == 20) {  in callback_acme_client()
1422 			strcpy(buf, ac->order_url);  in callback_acme_client()
1424 						       &ac->cwsi, &ac->i, buf,  in callback_acme_client()
1436 			if (ac->resp == 202 && strcmp(ac->status, "invalid") &&  in callback_acme_client()
1437 					       strcmp(ac->status, "valid")) {  in callback_acme_client()
1438 				lwsl_notice("status: %s\n", ac->status);  in callback_acme_client()
1442 			if (!strcmp(ac->status, "pending")) {  in callback_acme_client()
1443 				lwsl_notice("status: %s\n", ac->status);  in callback_acme_client()
1447 			if (!strcmp(ac->status, "invalid")) {  in callback_acme_client()
1451 						ac->detail);  in callback_acme_client()
1462 			if (ac->vhost)  in callback_acme_client()
1463 				lws_vhost_destroy(ac->vhost);  in callback_acme_client()
1464 			ac->vhost = NULL;  in callback_acme_client()
1472 			ac->state = ACME_STATE_POLLING_CSR;  in callback_acme_client()
1474 			ac->goes_around = 0;  in callback_acme_client()
1476 			strcpy(buf, ac->finalize_url);  in callback_acme_client()
1478 						       &ac->cwsi, &ac->i, buf,  in callback_acme_client()
1489 			if (ac->resp < 200 || ac->resp > 202) {  in callback_acme_client()
1491 						ac->resp);  in callback_acme_client()
1495 			if (ac->resp != 200) {  in callback_acme_client()
1496 				if (ac->goes_around++ == 30) {  in callback_acme_client()
1502 				strcpy(buf, ac->finalize_url);  in callback_acme_client()
1505 						&ac->cwsi, &ac->i, buf,  in callback_acme_client()
1518 			ac->state = ACME_STATE_DOWNLOAD_CERT;  in callback_acme_client()
1520 			strcpy(buf, ac->cert_url);  in callback_acme_client()
1522 						       &ac->cwsi, &ac->i, buf,  in callback_acme_client()
1534 			if (ac->resp != 200) {  in callback_acme_client()
1536 					    ac->resp);  in callback_acme_client()
1551 					ac->buf,  in callback_acme_client()
1552 					ac->cpos);  in callback_acme_client()
1564 						ac->alloc_privkey_pem,  in callback_acme_client()
1565 						ac->len_privkey_pem)) {  in callback_acme_client()
1584 						ac->buf, ac->cpos,  in callback_acme_client()
1585 						ac->alloc_privkey_pem,  in callback_acme_client()
1586 						ac->len_privkey_pem)) {  in callback_acme_client()
1605 				&ac->cwsi, &ac->i,  in callback_acme_client()
1606 				ac->challenge_uri,  in callback_acme_client()