From c60883ef927a785286ca856550784bed5f11007d Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 19 Mar 2016 18:18:34 +0800 Subject: [PATCH] Use 'wget' instead, if 'curl' is not installed. --- le.sh | 205 +++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 130 insertions(+), 75 deletions(-) diff --git a/le.sh b/le.sh index 2f9585a..79bc274 100755 --- a/le.sh +++ b/le.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -VER=1.1.9 +VER=1.2.0 PROJECT="https://github.com/Neilpang/le" DEFAULT_CA="https://acme-v01.api.letsencrypt.org" @@ -20,18 +20,6 @@ if [ -z "$AGREEMENT" ] ; then AGREEMENT="$DEFAULT_AGREEMENT" fi -_debug() { - - if [ -z "$DEBUG" ] ; then - return - fi - - if [ -z "$2" ] ; then - echo $1 - else - echo "$1"="$2" - fi -} _info() { if [ -z "$2" ] ; then @@ -50,6 +38,26 @@ _err() { return 1 } +_debug() { + if [ -z "$DEBUG" ] ; then + return + fi + _err "$1" "$2" + return 0 +} + +_exists() { + cmd="$1" + if [ -z "$cmd" ] ; then + _err "Usage: _exists cmd" + return 1 + fi + command -v $cmd >/dev/null 2>&1 + ret="$?" + _debug "$cmd exists=$ret" + return $ret +} + _h2b() { hex=$(cat) i=1 @@ -65,6 +73,25 @@ _h2b() { done } +#options file +_sed_i() { + options="$1" + filename="$2" + if [ -z "$filename" ] ; then + _err "Usage:_sed_i options filename" + return 1 + fi + + if sed -h 2>&1 | grep "\-i[SUFFIX]" ; then + _debug "Using sed -i" + sed -i "" + else + _debug "No -i support in sed" + text="$(cat $filename)" + echo "$text" | sed "$options" > "$filename" + fi +} + #Usage: file startline endline _getfile() { filename="$1" @@ -393,6 +420,57 @@ _calcjwk() { _debug HEADER "$HEADER" } +# body url [needbase64] +_post() { + body="$1" + url="$2" + needbase64="$3" + + if _exists "curl" ; then + dp="$LE_WORKING_DIR/curl.dump" + CURL="curl --silent --dump-header $HTTP_HEADER " + if [ "$DEBUG" ] ; then + CURL="$CURL --trace-ascii $dp " + fi + + if [ "$needbase64" ] ; then + response="$($CURL -X POST --data "$body" $url | _base64)" + else + response="$($CURL -X POST --data "$body" $url)" + fi + else + if [ "$needbase64" ] ; then + response="$(wget -q -S -O - --post-data="$body" $url 2>"$HTTP_HEADER" | _base64)" + else + response="$(wget -q -S -O - --post-data="$body" $url 2>"$HTTP_HEADER")" + fi + _sed_i "s/^ *//g" "$HTTP_HEADER" + fi + echo -n "$response" + +} + +# url getheader +_get() { + url="$1" + onlyheader="$2" + _debug url $url + if _exists "curl" ; then + if [ "$onlyheader" ] ; then + curl -I --silent $url + else + curl --silent $url + fi + else + if [ "$onlyheader" ] ; then + wget -S -q -O /dev/null $url 2>&1 | sed "s/^[ ]*//g" + else + wget -q -O - $url + fi + fi + ret=$? + return $ret +} # url payload needbase64 keyfile _send_signed_request() { @@ -409,18 +487,12 @@ _send_signed_request() { if ! _calcjwk "$keyfile" ; then return 1 fi - - CURL_HEADER="$LE_WORKING_DIR/curl.header" - dp="$LE_WORKING_DIR/curl.dump" - CURL="curl --silent --dump-header $CURL_HEADER " - if [ "$DEBUG" ] ; then - CURL="$CURL --trace-ascii $dp " - fi + payload64=$(echo -n $payload | _base64 | _urlencode) _debug payload64 $payload64 nonceurl="$API/directory" - nonce="$($CURL -I $nonceurl | grep -o "^Replay-Nonce:.*$" | tr -d "\r\n" | cut -d ' ' -f 2)" + nonce="$(_get $nonceurl "onlyheader" | grep -o "Replay-Nonce:.*$" | tr -d "\r\n" | cut -d ' ' -f 2)" _debug nonce "$nonce" @@ -436,31 +508,18 @@ _send_signed_request() { body="{\"header\": $HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" _debug body "$body" - if [ "$needbase64" ] ; then - response="$($CURL -X POST --data "$body" $url | _base64)" - else - response="$($CURL -X POST --data "$body" $url)" - fi + HTTP_HEADER="$LE_WORKING_DIR/http.header" + response="$(_post "$body" $url "$needbase64" )" - responseHeaders="$(cat $CURL_HEADER)" + responseHeaders="$(cat $HTTP_HEADER)" _debug responseHeaders "$responseHeaders" _debug response "$response" - code="$(grep ^HTTP $CURL_HEADER | tail -1 | cut -d " " -f 2 | tr -d "\r\n" )" + code="$(grep "^HTTP" $HTTP_HEADER | tail -1 | cut -d " " -f 2 | tr -d "\r\n" )" _debug code $code } -_get() { - url="$1" - _debug url $url - response="$(curl --silent $url)" - ret=$? - _debug response "$response" - code="$(echo $response | grep -o '"status":[0-9]\+' | cut -d : -f 2)" - _debug code $code - return $ret -} #setopt "file" "opt" "=" "value" [";"] _setopt() { @@ -1040,7 +1099,7 @@ issue() { _send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}" if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then - _err "$d:Challenge error: $resource" + _err "$d:Challenge error: $response" _clearupwebbroot "$Le_Webroot" "$removelevel" "$token" _clearup return 1 @@ -1050,9 +1109,9 @@ issue() { _debug "sleep 5 secs to verify" sleep 5 _debug "checking" - - if ! _get $uri ; then - _err "$d:Verify error:$resource" + response="$(_get $uri)" + if [ "$?" != "0" ] ; then + _err "$d:Verify error:$response" _clearupwebbroot "$Le_Webroot" "$removelevel" "$token" _clearup return 1 @@ -1094,12 +1153,12 @@ issue() { _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64" - Le_LinkCert="$(grep -i -o '^Location.*$' $CURL_HEADER | tr -d "\r\n" | cut -d " " -f 2)" + Le_LinkCert="$(grep -i -o '^Location.*$' $HTTP_HEADER | tr -d "\r\n" | cut -d " " -f 2)" _setopt "$DOMAIN_CONF" "Le_LinkCert" "=" "$Le_LinkCert" if [ "$Le_LinkCert" ] ; then echo "$BEGIN_CERT" > "$CERT_PATH" - curl --silent "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" + _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" echo "$END_CERT" >> "$CERT_PATH" _info "Cert success." cat "$CERT_PATH" @@ -1117,12 +1176,12 @@ issue() { _setopt "$DOMAIN_CONF" 'Le_Vlist' '=' "\"\"" - Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | tr -d '<>' ) + Le_LinkIssuer=$(grep -i '^Link' $HTTP_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | tr -d '<>' ) _setopt "$DOMAIN_CONF" "Le_LinkIssuer" "=" "$Le_LinkIssuer" if [ "$Le_LinkIssuer" ] ; then echo "$BEGIN_CERT" > "$CA_CERT_PATH" - curl --silent "$Le_LinkIssuer" | _base64 "multiline" >> "$CA_CERT_PATH" + _get "$Le_LinkIssuer" | _base64 "multiline" >> "$CA_CERT_PATH" echo "$END_CERT" >> "$CA_CERT_PATH" _info "The intermediate CA cert is in $CA_CERT_PATH" cat "$CA_CERT_PATH" >> "$CERT_FULLCHAIN_PATH" @@ -1389,48 +1448,44 @@ _initconf() { fi } -install() { - if ! _initpath ; then - _err "Install failed." +_precheck() { + if ! _exists "curl" && ! _exists "wget"; then + _err "Please install curl or wget first, we need to access http resources." return 1 fi - #check if there is sudo installed, AND if the current user is a sudoer. - if command -v sudo > /dev/null ; then - if [ "$(sudo -n uptime 2>&1|grep "load"|wc -l)" != "0" ] ; then - SUDO=sudo - fi + if ! _exists "crontab" ; then + _err "Please install crontab first. try to install 'cron, crontab, crontabs or vixie-cron'." + _err "We need to set cron job to renew the certs automatically." + return 1 fi - if command -v yum > /dev/null ; then - YUM="1" - INSTALL="$SUDO yum install -y " - elif command -v apt-get > /dev/null ; then - INSTALL="$SUDO apt-get install -y " - fi - - if ! command -v "curl" > /dev/null ; then - _err "Please install curl first." - _err "$INSTALL curl" + if ! _exists "openssl" ; then + _err "Please install openssl first." + _err "We need openssl to generate keys." return 1 fi - if ! command -v "crontab" > /dev/null ; then - _err "Please install crontab first." - if [ "$YUM" ] ; then - _err "$INSTALL crontabs" - else - _err "$INSTALL crontab" - fi + if ! _exists "nc" ; then + _err "It is recommended to install nc first, try to install 'nc' or 'netcat'." + _err "We use nc for standalone server if you use standalone mode." + _err "If you don't use standalone mode, just ignore this warning." + fi + + return 0 +} + +install() { + if ! _initpath ; then + _err "Install failed." return 1 fi - if ! command -v "openssl" > /dev/null ; then - _err "Please install openssl first." - _err "$INSTALL openssl" + if ! _precheck ; then + _err "Pre-check failed, can not install." return 1 fi - + _info "Installing to $LE_WORKING_DIR" cp le.sh "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/le.sh"