|
@ -91,6 +91,30 @@ _printargs() { |
|
|
printf "\n" |
|
|
printf "\n" |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
_dlg_versions() { |
|
|
|
|
|
echo "Diagnosis versions: " |
|
|
|
|
|
echo "openssl:" |
|
|
|
|
|
if _exists openssl ; then |
|
|
|
|
|
openssl version 2>&1 |
|
|
|
|
|
else |
|
|
|
|
|
echo "openssl doesn't exists." |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
echo "apache:" |
|
|
|
|
|
if [ "$_APACHECTL" ] && _exists "$_APACHECTL" ; then |
|
|
|
|
|
_APACHECTL -V 2>&1 |
|
|
|
|
|
else |
|
|
|
|
|
echo "apache doesn't exists." |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
echo "nc:" |
|
|
|
|
|
if _exists "nc" ; then |
|
|
|
|
|
nc -h 2>&1 |
|
|
|
|
|
else |
|
|
|
|
|
_debug "nc doesn't exists." |
|
|
|
|
|
fi |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_log() { |
|
|
_log() { |
|
|
[ -z "$LOG_FILE" ] && return |
|
|
[ -z "$LOG_FILE" ] && return |
|
@ -867,6 +891,28 @@ _calcjwk() { |
|
|
crv="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" |
|
|
crv="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" |
|
|
_debug3 crv "$crv" |
|
|
_debug3 crv "$crv" |
|
|
|
|
|
|
|
|
|
|
|
if [ -z "$crv" ] ; then |
|
|
|
|
|
_debug "Let's try ASN1 OID" |
|
|
|
|
|
crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" |
|
|
|
|
|
_debug3 crv_oid "$crv_oid" |
|
|
|
|
|
case "${crv_oid}" in |
|
|
|
|
|
"prime256v1") |
|
|
|
|
|
crv="P-256" |
|
|
|
|
|
;; |
|
|
|
|
|
"secp384r1") |
|
|
|
|
|
crv="P-384" |
|
|
|
|
|
;; |
|
|
|
|
|
"secp521r1") |
|
|
|
|
|
crv="P-521" |
|
|
|
|
|
;; |
|
|
|
|
|
*) |
|
|
|
|
|
_err "ECC oid : $crv_oid" |
|
|
|
|
|
return 1 |
|
|
|
|
|
;; |
|
|
|
|
|
esac |
|
|
|
|
|
_debug3 crv "$crv" |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
pubi="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" |
|
|
pubi="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" |
|
|
pubi=$(_math $pubi + 1) |
|
|
pubi=$(_math $pubi + 1) |
|
|
_debug3 pubi "$pubi" |
|
|
_debug3 pubi "$pubi" |
|
@ -1161,7 +1207,13 @@ _send_signed_request() { |
|
|
protected64="$(printf "$protected" | _base64 | _urlencode)" |
|
|
protected64="$(printf "$protected" | _base64 | _urlencode)" |
|
|
_debug3 protected64 "$protected64" |
|
|
_debug3 protected64 "$protected64" |
|
|
|
|
|
|
|
|
sig=$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256" | _urlencode) |
|
|
|
|
|
|
|
|
if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")" ; then |
|
|
|
|
|
_err "Sign request failed." |
|
|
|
|
|
return 1 |
|
|
|
|
|
fi |
|
|
|
|
|
_debug3 _sig_t "$_sig_t" |
|
|
|
|
|
|
|
|
|
|
|
sig="$(printf "%s" "$_sig_t" | _urlencode)" |
|
|
_debug3 sig "$sig" |
|
|
_debug3 sig "$sig" |
|
|
|
|
|
|
|
|
body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" |
|
|
body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" |
|
@ -2058,6 +2110,10 @@ _on_issue_err() { |
|
|
_err "See: $_DEBUG_WIKI" |
|
|
_err "See: $_DEBUG_WIKI" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
if [ "$DEBUG" ] && [ "$DEBUG" -gt "0" ] ; then |
|
|
|
|
|
_debug "$(_dlg_versions)" |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
#run the post hook |
|
|
#run the post hook |
|
|
if [ "$Le_PostHook" ] ; then |
|
|
if [ "$Le_PostHook" ] ; then |
|
|
_info "Run post hook:'$Le_PostHook'" |
|
|
_info "Run post hook:'$Le_PostHook'" |
|
@ -4358,7 +4414,9 @@ _process() { |
|
|
|
|
|
|
|
|
_processAccountConf |
|
|
_processAccountConf |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_debug2 LE_WORKING_DIR "$LE_WORKING_DIR" |
|
|
|
|
|
|
|
|
if [ "$DEBUG" ] ; then |
|
|
if [ "$DEBUG" ] ; then |
|
|
version |
|
|
version |
|
|
fi |
|
|
fi |
|
|