|
@ -833,6 +833,13 @@ _calcjwk() { |
|
|
_usage "Usage: _calcjwk keyfile" |
|
|
_usage "Usage: _calcjwk keyfile" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
if [ "$JWK_HEADER" ] && [ "$__CACHED_JWK_KEY_FILE" = "$keyfile" ] ; then |
|
|
|
|
|
_debug2 "Use cached jwk for file: $__CACHED_JWK_KEY_FILE" |
|
|
|
|
|
return 0 |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EC_SIGN="" |
|
|
EC_SIGN="" |
|
|
if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then |
|
|
if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then |
|
|
_debug "RSA key" |
|
|
_debug "RSA key" |
|
@ -901,6 +908,7 @@ _calcjwk() { |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_debug3 JWK_HEADER "$JWK_HEADER" |
|
|
_debug3 JWK_HEADER "$JWK_HEADER" |
|
|
|
|
|
__CACHED_JWK_KEY_FILE="$keyfile" |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
_time() { |
|
|
_time() { |
|
@ -929,35 +937,44 @@ _inithttp() { |
|
|
HTTP_HEADER="$(_mktemp)" |
|
|
HTTP_HEADER="$(_mktemp)" |
|
|
_debug2 HTTP_HEADER "$HTTP_HEADER" |
|
|
_debug2 HTTP_HEADER "$HTTP_HEADER" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ -z "$CURL" ] ; then |
|
|
|
|
|
CURL="curl -L --silent --dump-header $HTTP_HEADER " |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$__HTTP_INITIALIZED" ] ; then |
|
|
|
|
|
if [ "$_ACME_CURL$_ACME_WGET" ] ; then |
|
|
|
|
|
_debug2 "Http already initialized." |
|
|
|
|
|
return 0 |
|
|
|
|
|
fi |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
if [ -z "$_ACME_CURL" ] && _exists "curl" ; then |
|
|
|
|
|
_ACME_CURL="curl -L --silent --dump-header $HTTP_HEADER " |
|
|
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then |
|
|
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then |
|
|
_CURL_DUMP="$(_mktemp)" |
|
|
_CURL_DUMP="$(_mktemp)" |
|
|
CURL="$CURL --trace-ascii $_CURL_DUMP " |
|
|
|
|
|
|
|
|
_ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP " |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$CA_BUNDLE" ] ; then |
|
|
if [ "$CA_BUNDLE" ] ; then |
|
|
CURL="$CURL --cacert $CA_BUNDLE " |
|
|
|
|
|
|
|
|
_ACME_CURL="$_ACME_CURL --cacert $CA_BUNDLE " |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$HTTPS_INSECURE" ] ; then |
|
|
if [ "$HTTPS_INSECURE" ] ; then |
|
|
CURL="$CURL --insecure " |
|
|
|
|
|
|
|
|
_ACME_CURL="$_ACME_CURL --insecure " |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ -z "$WGET" ] ; then |
|
|
|
|
|
WGET="wget -q" |
|
|
|
|
|
|
|
|
if [ -z "$_ACME_WGET" ] && _exists "wget"; then |
|
|
|
|
|
_ACME_WGET="wget -q" |
|
|
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then |
|
|
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then |
|
|
WGET="$WGET -d " |
|
|
|
|
|
|
|
|
_ACME_WGET="$_ACME_WGET -d " |
|
|
fi |
|
|
fi |
|
|
if [ "$CA_BUNDLE" ] ; then |
|
|
if [ "$CA_BUNDLE" ] ; then |
|
|
WGET="$WGET --ca-certificate $CA_BUNDLE " |
|
|
|
|
|
|
|
|
_ACME_WGET="$_ACME_WGET --ca-certificate $CA_BUNDLE " |
|
|
fi |
|
|
fi |
|
|
if [ "$HTTPS_INSECURE" ] ; then |
|
|
if [ "$HTTPS_INSECURE" ] ; then |
|
|
WGET="$WGET --no-check-certificate " |
|
|
|
|
|
|
|
|
_ACME_WGET="$_ACME_WGET --no-check-certificate " |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
__HTTP_INITIALIZED=1 |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
@ -978,8 +995,8 @@ _post() { |
|
|
|
|
|
|
|
|
_inithttp |
|
|
_inithttp |
|
|
|
|
|
|
|
|
if _exists "curl" ; then |
|
|
|
|
|
_CURL="$CURL" |
|
|
|
|
|
|
|
|
if [ "$_ACME_CURL" ] ; then |
|
|
|
|
|
_CURL="$_ACME_CURL" |
|
|
_debug "_CURL" "$_CURL" |
|
|
_debug "_CURL" "$_CURL" |
|
|
if [ "$needbase64" ] ; then |
|
|
if [ "$needbase64" ] ; then |
|
|
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$url" | _base64)" |
|
|
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$url" | _base64)" |
|
@ -994,19 +1011,19 @@ _post() { |
|
|
_err "$(cat "$_CURL_DUMP")" |
|
|
_err "$(cat "$_CURL_DUMP")" |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
elif _exists "wget" ; then |
|
|
|
|
|
_debug "WGET" "$WGET" |
|
|
|
|
|
|
|
|
elif [ "$_ACME_WGET" ] ; then |
|
|
|
|
|
_debug "_ACME_WGET" "$_ACME_WGET" |
|
|
if [ "$needbase64" ] ; then |
|
|
if [ "$needbase64" ] ; then |
|
|
if [ "$httpmethod" = "POST" ] ; then |
|
|
if [ "$httpmethod" = "POST" ] ; then |
|
|
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" |
|
|
|
|
|
|
|
|
response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" |
|
|
else |
|
|
else |
|
|
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" |
|
|
|
|
|
|
|
|
response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" |
|
|
fi |
|
|
fi |
|
|
else |
|
|
else |
|
|
if [ "$httpmethod" = "POST" ] ; then |
|
|
if [ "$httpmethod" = "POST" ] ; then |
|
|
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER")" |
|
|
|
|
|
|
|
|
response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER")" |
|
|
else |
|
|
else |
|
|
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER")" |
|
|
|
|
|
|
|
|
response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER")" |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
_ret="$?" |
|
|
_ret="$?" |
|
@ -1039,8 +1056,8 @@ _get() { |
|
|
|
|
|
|
|
|
_inithttp |
|
|
_inithttp |
|
|
|
|
|
|
|
|
if _exists "curl" ; then |
|
|
|
|
|
_CURL="$CURL" |
|
|
|
|
|
|
|
|
if [ "$_ACME_CURL" ] ; then |
|
|
|
|
|
_CURL="$_ACME_CURL" |
|
|
if [ "$t" ] ; then |
|
|
if [ "$t" ] ; then |
|
|
_CURL="$_CURL --connect-timeout $t" |
|
|
_CURL="$_CURL --connect-timeout $t" |
|
|
fi |
|
|
fi |
|
@ -1058,8 +1075,8 @@ _get() { |
|
|
_err "$(cat "$_CURL_DUMP")" |
|
|
_err "$(cat "$_CURL_DUMP")" |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
elif _exists "wget" ; then |
|
|
|
|
|
_WGET="$WGET" |
|
|
|
|
|
|
|
|
elif [ "$_ACME_WGET" ] ; then |
|
|
|
|
|
_WGET="$_ACME_WGET" |
|
|
if [ "$t" ] ; then |
|
|
if [ "$t" ] ; then |
|
|
_WGET="$_WGET --timeout=$t" |
|
|
_WGET="$_WGET --timeout=$t" |
|
|
fi |
|
|
fi |
|
@ -3194,19 +3211,23 @@ revoke() { |
|
|
data="{\"resource\": \"revoke-cert\", \"certificate\": \"$cert\"}" |
|
|
data="{\"resource\": \"revoke-cert\", \"certificate\": \"$cert\"}" |
|
|
uri="$API/acme/revoke-cert" |
|
|
uri="$API/acme/revoke-cert" |
|
|
|
|
|
|
|
|
_info "Try domain key first." |
|
|
|
|
|
if _send_signed_request $uri "$data" "" "$CERT_KEY_PATH"; then |
|
|
|
|
|
if [ -z "$response" ] ; then |
|
|
|
|
|
_info "Revoke success." |
|
|
|
|
|
rm -f $CERT_PATH |
|
|
|
|
|
return 0 |
|
|
|
|
|
else |
|
|
|
|
|
_err "Revoke error by domain key." |
|
|
|
|
|
_err "$response" |
|
|
|
|
|
|
|
|
if [ -f "$CERT_KEY_PATH" ] ; then |
|
|
|
|
|
_info "Try domain key first." |
|
|
|
|
|
if _send_signed_request $uri "$data" "" "$CERT_KEY_PATH"; then |
|
|
|
|
|
if [ -z "$response" ] ; then |
|
|
|
|
|
_info "Revoke success." |
|
|
|
|
|
rm -f $CERT_PATH |
|
|
|
|
|
return 0 |
|
|
|
|
|
else |
|
|
|
|
|
_err "Revoke error by domain key." |
|
|
|
|
|
_err "$response" |
|
|
|
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
else |
|
|
|
|
|
_info "Domain key file doesn't exists." |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_info "Then try account key." |
|
|
|
|
|
|
|
|
_info "Try account key." |
|
|
|
|
|
|
|
|
if _send_signed_request $uri "$data" "" "$ACCOUNT_KEY_PATH" ; then |
|
|
if _send_signed_request $uri "$data" "" "$ACCOUNT_KEY_PATH" ; then |
|
|
if [ -z "$response" ] ; then |
|
|
if [ -z "$response" ] ; then |
|
|