Browse Source

refactor parameters

cron
neilpang 8 years ago
parent
commit
85e1f4ea13
  1. 227
      acme.sh

227
acme.sh

@ -2710,12 +2710,14 @@ _on_before_issue() {
_chk_web_roots="$1"
_chk_main_domain="$2"
_chk_alt_domains="$3"
_chk_pre_hook="$4"
_chk_local_addr="$5"
_debug _on_before_issue
#run pre hook
if [ "$Le_PreHook" ]; then
_info "Run pre hook:'$Le_PreHook'"
if [ "$_chk_pre_hook" ]; then
_info "Run pre hook:'$_chk_pre_hook'"
if ! (
cd "$DOMAIN_PATH" && eval "$Le_PreHook"
cd "$DOMAIN_PATH" && eval "$_chk_pre_hook"
); then
_err "Error when run pre hook."
return 1
@ -2729,7 +2731,7 @@ _on_before_issue() {
fi
fi
_debug Le_LocalAddress "$Le_LocalAddress"
_debug Le_LocalAddress "$_chk_local_addr"
alldomains=$(echo "$_chk_main_domain,$_chk_alt_domains" | tr ',' ' ')
_index=1
@ -2761,7 +2763,7 @@ _on_before_issue() {
if [ "$_checkport" ]; then
_debug _checkport "$_checkport"
_checkaddr="$(_getfield "$Le_LocalAddress" $_addrIndex)"
_checkaddr="$(_getfield "$_chk_local_addr" $_addrIndex)"
_debug _checkaddr "$_checkaddr"
_addrIndex="$(_math $_addrIndex + 1)"
@ -2792,6 +2794,7 @@ _on_before_issue() {
}
_on_issue_err() {
_chk_post_hook="$1"
_debug _on_issue_err
if [ "$LOG_FILE" ]; then
_err "Please check log file for more details: $LOG_FILE"
@ -2805,10 +2808,10 @@ _on_issue_err() {
fi
#run the post hook
if [ "$Le_PostHook" ]; then
_info "Run post hook:'$Le_PostHook'"
if [ "$_chk_post_hook" ]; then
_info "Run post hook:'$_chk_post_hook'"
if ! (
cd "$DOMAIN_PATH" && eval "$Le_PostHook"
cd "$DOMAIN_PATH" && eval "$_chk_post_hook"
); then
_err "Error when run post hook."
return 1
@ -2817,12 +2820,14 @@ _on_issue_err() {
}
_on_issue_success() {
_chk_post_hook="$1"
_chk_renew_hook="$2"
_debug _on_issue_success
#run the post hook
if [ "$Le_PostHook" ]; then
_info "Run post hook:'$Le_PostHook'"
if [ "$_chk_post_hook" ]; then
_info "Run post hook:'$_chk_post_hook'"
if ! (
cd "$DOMAIN_PATH" && eval "$Le_PostHook"
cd "$DOMAIN_PATH" && eval "$_chk_post_hook"
); then
_err "Error when run post hook."
return 1
@ -2830,10 +2835,10 @@ _on_issue_success() {
fi
#run renew hook
if [ "$IS_RENEW" ] && [ "$Le_RenewHook" ]; then
_info "Run renew hook:'$Le_RenewHook'"
if [ "$IS_RENEW" ] && [ "$_chk_renew_hook" ]; then
_info "Run renew hook:'$_chk_renew_hook'"
if ! (
cd "$DOMAIN_PATH" && eval "$Le_RenewHook"
cd "$DOMAIN_PATH" && eval "$_chk_renew_hook"
); then
_err "Error when run renew hook."
return 1
@ -3038,15 +3043,15 @@ issue() {
_alt_domains=$(echo "$2,$3" | cut -d , -f 2- | sed "s/,${NO_VALUE}$//")
fi
_key_length="$4"
Le_RealCertPath="$5"
Le_RealKeyPath="$6"
Le_RealCACertPath="$7"
Le_ReloadCmd="$8"
Le_RealFullChainPath="$9"
Le_PreHook="${10}"
Le_PostHook="${11}"
Le_RenewHook="${12}"
Le_LocalAddress="${13}"
_real_cert="$5"
_real_key="$6"
_real_ca="$7"
_reload_cmd="$8"
_real_fullchain="$9"
_pre_hook="${10}"
_post_hook="${11}"
_renew_hook="${12}"
_local_addr="${13}"
#remove these later.
if [ "$_web_roots" = "dns-cf" ]; then
@ -3088,12 +3093,12 @@ issue() {
_savedomainconf "Le_Alt" "$_alt_domains"
_savedomainconf "Le_Webroot" "$_web_roots"
_savedomainconf "Le_PreHook" "$Le_PreHook"
_savedomainconf "Le_PostHook" "$Le_PostHook"
_savedomainconf "Le_RenewHook" "$Le_RenewHook"
_savedomainconf "Le_PreHook" "$_pre_hook"
_savedomainconf "Le_PostHook" "$_post_hook"
_savedomainconf "Le_RenewHook" "$_renew_hook"
if [ "$Le_LocalAddress" ]; then
_savedomainconf "Le_LocalAddress" "$Le_LocalAddress"
if [ "$_local_addr" ]; then
_savedomainconf "Le_LocalAddress" "$_local_addr"
else
_cleardomainconf "Le_LocalAddress"
fi
@ -3109,7 +3114,7 @@ issue() {
_key_length=""
fi
if ! _on_before_issue "$_web_roots" "$_main_domain" "$_alt_domains"; then
if ! _on_before_issue "$_web_roots" "$_main_domain" "$_alt_domains" "$_pre_hook" "$_local_addr"; then
_err "_on_before_issue."
return 1
fi
@ -3119,7 +3124,7 @@ issue() {
if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ]; then
if ! _regAccount "$_accountkeylength"; then
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
else
@ -3135,7 +3140,7 @@ issue() {
if ! createDomainKey "$_main_domain" "$_key_length"; then
_err "Create domain key error."
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
fi
@ -3143,7 +3148,7 @@ issue() {
if ! _createcsr "$_main_domain" "$_alt_domains" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"; then
_err "Create CSR error."
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
fi
@ -3180,7 +3185,7 @@ issue() {
if ! __get_domain_new_authz "$d"; then
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
@ -3193,7 +3198,7 @@ issue() {
if [ -z "$entry" ]; then
_err "Error, can not get domain token $d"
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
token="$(printf "%s\n" "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')"
@ -3274,7 +3279,7 @@ issue() {
if [ "$?" != "0" ]; then
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
dnsadded='1'
@ -3286,7 +3291,7 @@ issue() {
_debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit."
_err "Please add the TXT records to the domains, and retry again."
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
@ -3332,12 +3337,12 @@ issue() {
if [ "$vtype" = "$VTYPE_HTTP" ]; then
if [ "$_currentRoot" = "$NO_VALUE" ]; then
_info "Standalone mode server"
_ncaddr="$(_getfield "$Le_LocalAddress" "$_ncIndex")"
_ncaddr="$(_getfield "$_local_addr" "$_ncIndex")"
_ncIndex="$(_math $_ncIndex + 1)"
_startserver "$keyauthorization" "$_ncaddr" &
if [ "$?" != "0" ]; then
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
serverproc="$!"
@ -3353,7 +3358,7 @@ issue() {
BACKUP_NGINX_CONF=""
if ! _setNginx "$d" "$_currentRoot" "$thumbprint"; then
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
@ -3388,7 +3393,7 @@ issue() {
_err "$d:Can not write token to file : $wellknown_path/$token"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
@ -3427,13 +3432,13 @@ issue() {
_SAN_B="$_x.$_y.acme.invalid"
_debug2 _SAN_B "$_SAN_B"
_ncaddr="$(_getfield "$Le_LocalAddress" "$_ncIndex")"
_ncaddr="$(_getfield "$_local_addr" "$_ncIndex")"
_ncIndex="$(_math "$_ncIndex" + 1)"
if ! _starttlsserver "$_SAN_B" "$_SAN_A" "$Le_TLSPort" "$keyauthorization" "$_ncaddr"; then
_err "Start tls server error."
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
fi
@ -3442,7 +3447,7 @@ issue() {
_err "$d:Can not get challenge: $response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
@ -3450,7 +3455,7 @@ issue() {
_err "$d:Challenge error: $response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
@ -3477,7 +3482,7 @@ issue() {
_err "$d:Verify error:$response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
_debug2 original "$response"
@ -3512,7 +3517,7 @@ issue() {
fi
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
@ -3522,7 +3527,7 @@ issue() {
_err "$d:Verify error:$response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
@ -3536,7 +3541,7 @@ issue() {
if ! _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64"; then
_err "Sign failed."
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
@ -3578,7 +3583,7 @@ issue() {
if [ -z "$Le_LinkCert" ]; then
response="$(echo "$response" | _dbase64 "multiline" | _normalizeJson)"
_err "Sign failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')"
_on_issue_err
_on_issue_err "$_post_hook"
return 1
fi
@ -3640,10 +3645,15 @@ issue() {
Le_NextRenewTime=$(_math "$Le_NextRenewTime" - 86400)
_savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime"
_on_issue_success
_on_issue_success "$_post_hook" "$_renew_hook"
if [ "$Le_RealCertPath$Le_RealKeyPath$Le_RealCACertPath$Le_ReloadCmd$Le_RealFullChainPath" ]; then
_installcert
if [ "$_real_cert$_real_key$_real_ca$_reload_cmd$_real_fullchain" ]; then
_savedomainconf "Le_RealCertPath" "$_real_cert"
_savedomainconf "Le_RealCACertPath" "$_real_ca"
_savedomainconf "Le_RealKeyPath" "$_real_key"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd"
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
_installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain"
fi
}
@ -3929,104 +3939,107 @@ deploy() {
}
installcert() {
Le_Domain="$1"
if [ -z "$Le_Domain" ]; then
_main_domain="$1"
if [ -z "$_main_domain" ]; then
_usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc] [--certpath cert-file-path] [--keypath key-file-path] [--capath ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchainpath fullchain-path]"
return 1
fi
Le_RealCertPath="$2"
Le_RealKeyPath="$3"
Le_RealCACertPath="$4"
Le_ReloadCmd="$5"
Le_RealFullChainPath="$6"
_real_cert="$2"
_real_key="$3"
_real_ca="$4"
_reload_cmd="$5"
_real_fullchain="$6"
_isEcc="$7"
_initpath "$Le_Domain" "$_isEcc"
_initpath "$_main_domain" "$_isEcc"
if [ ! -d "$DOMAIN_PATH" ]; then
_err "Domain is not valid:'$Le_Domain'"
_err "Domain is not valid:'$_main_domain'"
return 1
fi
_installcert
_savedomainconf "Le_RealCertPath" "$_real_cert"
_savedomainconf "Le_RealCACertPath" "$_real_ca"
_savedomainconf "Le_RealKeyPath" "$_real_key"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd"
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
_installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain"
}
_installcert() {
_savedomainconf "Le_RealCertPath" "$Le_RealCertPath"
_savedomainconf "Le_RealCACertPath" "$Le_RealCACertPath"
_savedomainconf "Le_RealKeyPath" "$Le_RealKeyPath"
_savedomainconf "Le_ReloadCmd" "$Le_ReloadCmd"
_savedomainconf "Le_RealFullChainPath" "$Le_RealFullChainPath"
_main_domain="$1"
_real_cert="$2"
_real_key="$3"
_real_ca="$4"
_reload_cmd="$5"
_real_fullchain="$6"
if [ "$Le_RealCertPath" = "$NO_VALUE" ]; then
Le_RealCertPath=""
if [ "$_real_cert" = "$NO_VALUE" ]; then
_real_cert=""
fi
if [ "$Le_RealKeyPath" = "$NO_VALUE" ]; then
Le_RealKeyPath=""
if [ "$_real_key" = "$NO_VALUE" ]; then
_real_key=""
fi
if [ "$Le_RealCACertPath" = "$NO_VALUE" ]; then
Le_RealCACertPath=""
if [ "$_real_ca" = "$NO_VALUE" ]; then
_real_ca=""
fi
if [ "$Le_ReloadCmd" = "$NO_VALUE" ]; then
Le_ReloadCmd=""
if [ "$_reload_cmd" = "$NO_VALUE" ]; then
_reload_cmd=""
fi
if [ "$Le_RealFullChainPath" = "$NO_VALUE" ]; then
Le_RealFullChainPath=""
if [ "$_real_fullchain" = "$NO_VALUE" ]; then
_real_fullchain=""
fi
if [ "$Le_RealCertPath" ]; then
_info "Installing cert to:$Le_RealCertPath"
if [ -f "$Le_RealCertPath" ] && [ ! "$IS_RENEW" ]; then
if [ "$_real_cert" ]; then
_info "Installing cert to:$_real_cert"
if [ -f "$_real_cert" ] && [ ! "$IS_RENEW" ]; then
mkdir -p "$DOMAIN_BACKUP_PATH"
cp "$Le_RealCertPath" "$DOMAIN_BACKUP_PATH/cert.bak"
cp "$_real_cert" "$DOMAIN_BACKUP_PATH/cert.bak"
fi
cat "$CERT_PATH" >"$Le_RealCertPath"
cat "$CERT_PATH" >"$_real_cert"
fi
if [ "$Le_RealCACertPath" ]; then
_info "Installing CA to:$Le_RealCACertPath"
if [ "$Le_RealCACertPath" = "$Le_RealCertPath" ]; then
echo "" >>"$Le_RealCACertPath"
cat "$CA_CERT_PATH" >>"$Le_RealCACertPath"
if [ "$_real_ca" ]; then
_info "Installing CA to:$_real_ca"
if [ "$_real_ca" = "$_real_cert" ]; then
echo "" >>"$_real_ca"
cat "$CA_CERT_PATH" >>"$_real_ca"
else
if [ -f "$Le_RealCACertPath" ] && [ ! "$IS_RENEW" ]; then
if [ -f "$_real_ca" ] && [ ! "$IS_RENEW" ]; then
mkdir -p "$DOMAIN_BACKUP_PATH"
cp "$Le_RealCACertPath" "$DOMAIN_BACKUP_PATH/ca.bak"
cp "$_real_ca" "$DOMAIN_BACKUP_PATH/ca.bak"
fi
cat "$CA_CERT_PATH" >"$Le_RealCACertPath"
cat "$CA_CERT_PATH" >"$_real_ca"
fi
fi
if [ "$Le_RealKeyPath" ]; then
_info "Installing key to:$Le_RealKeyPath"
if [ -f "$Le_RealKeyPath" ] && [ ! "$IS_RENEW" ]; then
if [ "$_real_key" ]; then
_info "Installing key to:$_real_key"
if [ -f "$_real_key" ] && [ ! "$IS_RENEW" ]; then
mkdir -p "$DOMAIN_BACKUP_PATH"
cp "$Le_RealKeyPath" "$DOMAIN_BACKUP_PATH/key.bak"
cp "$_real_key" "$DOMAIN_BACKUP_PATH/key.bak"
fi
cat "$CERT_KEY_PATH" >"$Le_RealKeyPath"
cat "$CERT_KEY_PATH" >"$_real_key"
fi
if [ "$Le_RealFullChainPath" ]; then
_info "Installing full chain to:$Le_RealFullChainPath"
if [ -f "$Le_RealFullChainPath" ] && [ ! "$IS_RENEW" ]; then
if [ "$_real_fullchain" ]; then
_info "Installing full chain to:$_real_fullchain"
if [ -f "$_real_fullchain" ] && [ ! "$IS_RENEW" ]; then
mkdir -p "$DOMAIN_BACKUP_PATH"
cp "$Le_RealFullChainPath" "$DOMAIN_BACKUP_PATH/fullchain.bak"
cp "$_real_fullchain" "$DOMAIN_BACKUP_PATH/fullchain.bak"
fi
cat "$CERT_FULLCHAIN_PATH" >"$Le_RealFullChainPath"
cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain"
fi
if [ "$Le_ReloadCmd" ]; then
_info "Run Le_ReloadCmd: $Le_ReloadCmd"
if [ "$_reload_cmd" ]; then
_info "Run reload cmd: $_reload_cmd"
if (
export CERT_PATH
export CERT_KEY_PATH
export CA_CERT_PATH
export CERT_FULLCHAIN_PATH
cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd"
cd "$DOMAIN_PATH" && eval "$_reload_cmd"
); then
_info "$(__green "Reload success")"
else

Loading…
Cancel
Save