|
@ -868,7 +868,7 @@ createCSR() { |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
_urlencode() { |
|
|
|
|
|
|
|
|
_url_replace() { |
|
|
tr '/+' '_-' | tr -d '= ' |
|
|
tr '/+' '_-' | tr -d '= ' |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
@ -935,7 +935,7 @@ _calcjwk() { |
|
|
|
|
|
|
|
|
modulus=$($OPENSSL_BIN rsa -in "$keyfile" -modulus -noout | cut -d '=' -f 2) |
|
|
modulus=$($OPENSSL_BIN rsa -in "$keyfile" -modulus -noout | cut -d '=' -f 2) |
|
|
_debug3 modulus "$modulus" |
|
|
_debug3 modulus "$modulus" |
|
|
n="$(printf "%s" "$modulus" | _h2b | _base64 | _urlencode)" |
|
|
|
|
|
|
|
|
n="$(printf "%s" "$modulus" | _h2b | _base64 | _url_replace)" |
|
|
_debug3 n "$n" |
|
|
_debug3 n "$n" |
|
|
|
|
|
|
|
|
jwk='{"e": "'$e'", "kty": "RSA", "n": "'$n'"}' |
|
|
jwk='{"e": "'$e'", "kty": "RSA", "n": "'$n'"}' |
|
@ -990,14 +990,14 @@ _calcjwk() { |
|
|
x="$(printf "%s" "$pubtext" | cut -d : -f 2-"$xend")" |
|
|
x="$(printf "%s" "$pubtext" | cut -d : -f 2-"$xend")" |
|
|
_debug3 x "$x" |
|
|
_debug3 x "$x" |
|
|
|
|
|
|
|
|
x64="$(printf "%s" "$x" | tr -d : | _h2b | _base64 | _urlencode)" |
|
|
|
|
|
|
|
|
x64="$(printf "%s" "$x" | tr -d : | _h2b | _base64 | _url_replace)" |
|
|
_debug3 x64 "$x64" |
|
|
_debug3 x64 "$x64" |
|
|
|
|
|
|
|
|
xend=$(_math "$xend" + 1) |
|
|
xend=$(_math "$xend" + 1) |
|
|
y="$(printf "%s" "$pubtext" | cut -d : -f "$xend"-10000)" |
|
|
y="$(printf "%s" "$pubtext" | cut -d : -f "$xend"-10000)" |
|
|
_debug3 y "$y" |
|
|
_debug3 y "$y" |
|
|
|
|
|
|
|
|
y64="$(printf "%s" "$y" | tr -d : | _h2b | _base64 | _urlencode)" |
|
|
|
|
|
|
|
|
y64="$(printf "%s" "$y" | tr -d : | _h2b | _base64 | _url_replace)" |
|
|
_debug3 y64 "$y64" |
|
|
_debug3 y64 "$y64" |
|
|
|
|
|
|
|
|
jwk='{"crv": "'$crv'", "kty": "EC", "x": "'$x64'", "y": "'$y64'"}' |
|
|
jwk='{"crv": "'$crv'", "kty": "EC", "x": "'$x64'", "y": "'$y64'"}' |
|
@ -1241,7 +1241,7 @@ _send_signed_request() { |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
payload64=$(printf "%s" "$payload" | _base64 | _urlencode) |
|
|
|
|
|
|
|
|
payload64=$(printf "%s" "$payload" | _base64 | _url_replace) |
|
|
_debug3 payload64 "$payload64" |
|
|
_debug3 payload64 "$payload64" |
|
|
|
|
|
|
|
|
if [ -z "$_CACHED_NONCE" ]; then |
|
|
if [ -z "$_CACHED_NONCE" ]; then |
|
@ -1267,7 +1267,7 @@ _send_signed_request() { |
|
|
protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2" |
|
|
protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2" |
|
|
_debug3 protected "$protected" |
|
|
_debug3 protected "$protected" |
|
|
|
|
|
|
|
|
protected64="$(printf "%s" "$protected" | _base64 | _urlencode)" |
|
|
|
|
|
|
|
|
protected64="$(printf "%s" "$protected" | _base64 | _url_replace)" |
|
|
_debug3 protected64 "$protected64" |
|
|
_debug3 protected64 "$protected64" |
|
|
|
|
|
|
|
|
if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")"; then |
|
|
if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")"; then |
|
@ -1276,7 +1276,7 @@ _send_signed_request() { |
|
|
fi |
|
|
fi |
|
|
_debug3 _sig_t "$_sig_t" |
|
|
_debug3 _sig_t "$_sig_t" |
|
|
|
|
|
|
|
|
sig="$(printf "%s" "$_sig_t" | _urlencode)" |
|
|
|
|
|
|
|
|
sig="$(printf "%s" "$_sig_t" | _url_replace)" |
|
|
_debug3 sig "$sig" |
|
|
_debug3 sig "$sig" |
|
|
|
|
|
|
|
|
body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" |
|
|
body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" |
|
@ -2005,7 +2005,7 @@ _clearupdns() { |
|
|
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2) |
|
|
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2) |
|
|
vtype=$(echo "$ventry" | cut -d "$sep" -f 4) |
|
|
vtype=$(echo "$ventry" | cut -d "$sep" -f 4) |
|
|
_currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5) |
|
|
_currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5) |
|
|
txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _urlencode)" |
|
|
|
|
|
|
|
|
txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)" |
|
|
_debug txt "$txt" |
|
|
_debug txt "$txt" |
|
|
if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then |
|
|
if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then |
|
|
_info "$d is already verified, skip $vtype." |
|
|
_info "$d is already verified, skip $vtype." |
|
@ -2549,7 +2549,7 @@ issue() { |
|
|
|
|
|
|
|
|
if [ -z "$thumbprint" ]; then |
|
|
if [ -z "$thumbprint" ]; then |
|
|
accountkey_json=$(printf "%s" "$jwk" | tr -d ' ') |
|
|
accountkey_json=$(printf "%s" "$jwk" | tr -d ' ') |
|
|
thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode) |
|
|
|
|
|
|
|
|
thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _url_replace) |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" |
|
|
entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" |
|
@ -2600,7 +2600,7 @@ issue() { |
|
|
dnsadded='0' |
|
|
dnsadded='0' |
|
|
txtdomain="_acme-challenge.$d" |
|
|
txtdomain="_acme-challenge.$d" |
|
|
_debug txtdomain "$txtdomain" |
|
|
_debug txtdomain "$txtdomain" |
|
|
txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _urlencode)" |
|
|
|
|
|
|
|
|
txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)" |
|
|
_debug txt "$txt" |
|
|
_debug txt "$txt" |
|
|
|
|
|
|
|
|
d_api="$(_findHook "$d" dnsapi "$_currentRoot")" |
|
|
d_api="$(_findHook "$d" dnsapi "$_currentRoot")" |
|
@ -2875,7 +2875,7 @@ issue() { |
|
|
|
|
|
|
|
|
_clearup |
|
|
_clearup |
|
|
_info "Verify finished, start to sign." |
|
|
_info "Verify finished, start to sign." |
|
|
der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _urlencode)" |
|
|
|
|
|
|
|
|
der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)" |
|
|
|
|
|
|
|
|
if ! _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64"; then |
|
|
if ! _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64"; then |
|
|
_err "Sign failed." |
|
|
_err "Sign failed." |
|
@ -3453,7 +3453,7 @@ revoke() { |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
cert="$(_getfile "${CERT_PATH}" "${BEGIN_CERT}" "${END_CERT}" | tr -d "\r\n" | _urlencode)" |
|
|
|
|
|
|
|
|
cert="$(_getfile "${CERT_PATH}" "${BEGIN_CERT}" "${END_CERT}" | tr -d "\r\n" | _url_replace)" |
|
|
|
|
|
|
|
|
if [ -z "$cert" ]; then |
|
|
if [ -z "$cert" ]; then |
|
|
_err "Cert for $Le_Domain is empty found, skip." |
|
|
_err "Cert for $Le_Domain is empty found, skip." |
|
|