From 1699e94f0ffdd056cd58891dd43a4386b2246471 Mon Sep 17 00:00:00 2001
From: Geoffroi <ggenot@voxbone.com>
Date: Wed, 11 Jan 2017 14:09:58 +0100
Subject: [PATCH 1/5] Adding kong deploy script (https://getkong.org)

---
 deploy/kong.sh | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 deploy/kong.sh

diff --git a/deploy/kong.sh b/deploy/kong.sh
new file mode 100644
index 0000000..cd9de10
--- /dev/null
+++ b/deploy/kong.sh
@@ -0,0 +1,83 @@
+#!/usr/bin/env sh
+
+# This deploy hook will deploy ssl cert on kong proxy engine based on api request_host parameter.
+# Note that ssl plugin should be available on Kong instance
+# The hook will match cdomain to request_host, in case of multiple domain it will always take the first
+# one (acme.sh behaviour).
+# If ssl config already exist it will update only cert and key not touching other parameter
+# If ssl config doesn't exist it will only upload cert and key and not set other parameter
+# Not that we deploy full chain
+# See https://getkong.org/plugins/dynamic-ssl/ for other options
+# Written by Geoffroi Genot <ggenot@voxbone.com>
+
+########  Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+kong.sh_deploy() {
+  _cdomain="$1"
+  _ckey="$2"
+  _ccert="$3"
+  _cca="$4"
+  _cfullchain="$5"
+  _info "Deploying certificate on Kong instance"
+  if [ -z "$KONG_URL" ]
+  then
+      _debug "KONG_URL Not set, using default http://localhost:8001"
+      KONG_URL="http://localhost:8001"
+  fi
+
+  _debug _cdomain "$_cdomain"
+  _debug _ckey "$_ckey"
+  _debug _ccert "$_ccert"
+  _debug _cca "$_cca"
+  _debug _cfullchain "$_cfullchain"
+
+  #Get uuid linked to the domain
+  uuid=$( _get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' )
+  if [ "$uuid" = "" ]
+  then
+    _err "Unable to get Kong uuid for domain $_cdomain"
+    _err "Make sure that KONG_URL is correctly configured"
+    _err "Make sure that a Kong api request_host match the domain"
+    _err "Kong url: $KONG_URL"
+    return 1
+  fi
+  #Save kong url if it's succesful (First run case)
+  _saveaccountconf KONG_URL "$KONG_URL"
+  #Generate DEIM
+  delim="-----MultipartDelimeter$(date "+%s%N")"
+  nl=$( printf "\\r\\n" )
+  #Set Header
+  _H1="Content-Type: multipart/form-data; boundary=$delim"
+  #Generate data for request (Multipart/form-data with mixed content)
+  #set name to ssl
+  content="--$delim${nl}Content-Disposition: form-data; name=\"name\"${nl}${nl}ssl"
+  #add key
+  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
+  #Add cert
+  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
+  #Close multipart
+  content="$content${nl}--$delim--${nl}"
+  #DEBUG
+  _debug header "$_H1"
+  _debug content "$content"
+  #Check if ssl plugins is aready enabled (if not => POST else => PATCH)
+  ssl_uuid=$(_get $KONG_URL/apis/$uuid/plugins | _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' )
+  _debug ssl_uuid "$ssl_uuid"
+  if [ "$ssl_uuid" = "" ]
+  then
+    #Post certificate to Kong
+    response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST" )
+  else
+    #patch
+    response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH" )
+  fi
+  if ! [ "$( echo "$response" | _egrep_o "ssl" )" = "ssl" ]
+  then
+    _err "An error occured with cert upload. Check response:"
+    _err "$response"
+    return 1
+  fi
+  _debug response "$response"
+  _info "Certificate successfully deployed"
+}

From 07feb87deeab89fe55af42a532b463f1e3cc3ae8 Mon Sep 17 00:00:00 2001
From: Geoffroi <ggenot@voxbone.com>
Date: Wed, 11 Jan 2017 14:52:52 +0100
Subject: [PATCH 2/5] Travis fix

---
 deploy/kong.sh | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/deploy/kong.sh b/deploy/kong.sh
index cd9de10..0fa726a 100644
--- a/deploy/kong.sh
+++ b/deploy/kong.sh
@@ -20,8 +20,7 @@ kong.sh_deploy() {
   _cca="$4"
   _cfullchain="$5"
   _info "Deploying certificate on Kong instance"
-  if [ -z "$KONG_URL" ]
-  then
+  if [ -z "$KONG_URL" ]; then
       _debug "KONG_URL Not set, using default http://localhost:8001"
       KONG_URL="http://localhost:8001"
   fi
@@ -33,9 +32,8 @@ kong.sh_deploy() {
   _debug _cfullchain "$_cfullchain"
 
   #Get uuid linked to the domain
-  uuid=$( _get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' )
-  if [ "$uuid" = "" ]
-  then
+  uuid=$( _get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
+  if [ "$uuid" = "" ]; then
     _err "Unable to get Kong uuid for domain $_cdomain"
     _err "Make sure that KONG_URL is correctly configured"
     _err "Make sure that a Kong api request_host match the domain"
@@ -46,7 +44,7 @@ kong.sh_deploy() {
   _saveaccountconf KONG_URL "$KONG_URL"
   #Generate DEIM
   delim="-----MultipartDelimeter$(date "+%s%N")"
-  nl=$( printf "\\r\\n" )
+  nl=$(printf "\\r\\n")
   #Set Header
   _H1="Content-Type: multipart/form-data; boundary=$delim"
   #Generate data for request (Multipart/form-data with mixed content)
@@ -62,18 +60,17 @@ kong.sh_deploy() {
   _debug header "$_H1"
   _debug content "$content"
   #Check if ssl plugins is aready enabled (if not => POST else => PATCH)
-  ssl_uuid=$(_get $KONG_URL/apis/$uuid/plugins | _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' )
+  ssl_uuid=$(_get "$KONG_URL/apis/$uuid/plugins" | _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
   _debug ssl_uuid "$ssl_uuid"
   if [ "$ssl_uuid" = "" ]
   then
     #Post certificate to Kong
-    response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST" )
+    response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST")
   else
     #patch
-    response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH" )
+    response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH")
   fi
-  if ! [ "$( echo "$response" | _egrep_o "ssl" )" = "ssl" ]
-  then
+  if ! [ "$( echo "$response" | _egrep_o "ssl" )" = "ssl" ]; then
     _err "An error occured with cert upload. Check response:"
     _err "$response"
     return 1

From e2cc350fbc90c18e5574361d15ce57f600eaa42c Mon Sep 17 00:00:00 2001
From: Geoffroi <ggenot@voxbone.com>
Date: Wed, 11 Jan 2017 14:54:52 +0100
Subject: [PATCH 3/5] Fix function name

---
 deploy/kong.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/kong.sh b/deploy/kong.sh
index 0fa726a..86a1835 100644
--- a/deploy/kong.sh
+++ b/deploy/kong.sh
@@ -13,7 +13,7 @@
 ########  Public functions #####################
 
 #domain keyfile certfile cafile fullchain
-kong.sh_deploy() {
+kong_deploy() {
   _cdomain="$1"
   _ckey="$2"
   _ccert="$3"

From 753d0e7df77b9dcf261da4547c679fec49df0961 Mon Sep 17 00:00:00 2001
From: Geoffroi <ggenot@voxbone.com>
Date: Wed, 11 Jan 2017 15:05:26 +0100
Subject: [PATCH 4/5] Syntax fix part 2

---
 deploy/kong.sh | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/deploy/kong.sh b/deploy/kong.sh
index 86a1835..2eab3d4 100644
--- a/deploy/kong.sh
+++ b/deploy/kong.sh
@@ -21,8 +21,8 @@ kong_deploy() {
   _cfullchain="$5"
   _info "Deploying certificate on Kong instance"
   if [ -z "$KONG_URL" ]; then
-      _debug "KONG_URL Not set, using default http://localhost:8001"
-      KONG_URL="http://localhost:8001"
+    _debug "KONG_URL Not set, using default http://localhost:8001"
+    KONG_URL="http://localhost:8001"
   fi
 
   _debug _cdomain "$_cdomain"
@@ -32,7 +32,7 @@ kong_deploy() {
   _debug _cfullchain "$_cfullchain"
 
   #Get uuid linked to the domain
-  uuid=$( _get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
+  uuid=$(_get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
   if [ "$uuid" = "" ]; then
     _err "Unable to get Kong uuid for domain $_cdomain"
     _err "Make sure that KONG_URL is correctly configured"
@@ -62,15 +62,14 @@ kong_deploy() {
   #Check if ssl plugins is aready enabled (if not => POST else => PATCH)
   ssl_uuid=$(_get "$KONG_URL/apis/$uuid/plugins" | _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
   _debug ssl_uuid "$ssl_uuid"
-  if [ "$ssl_uuid" = "" ]
-  then
+  if [ "$ssl_uuid" = "" ]; then
     #Post certificate to Kong
     response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST")
   else
     #patch
     response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH")
   fi
-  if ! [ "$( echo "$response" | _egrep_o "ssl" )" = "ssl" ]; then
+  if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then
     _err "An error occured with cert upload. Check response:"
     _err "$response"
     return 1

From 5fe91d65770d84e6de633384f94fcdcd5a9e6039 Mon Sep 17 00:00:00 2001
From: Geoffroi <ggenot@voxbone.com>
Date: Wed, 11 Jan 2017 16:17:16 +0100
Subject: [PATCH 5/5] Correction of test from comment of Neilpang + Correction
 of CRLF with sh not working correctly

---
 deploy/kong.sh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/deploy/kong.sh b/deploy/kong.sh
index 2eab3d4..3b9c5c7 100644
--- a/deploy/kong.sh
+++ b/deploy/kong.sh
@@ -33,7 +33,7 @@ kong_deploy() {
 
   #Get uuid linked to the domain
   uuid=$(_get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
-  if [ "$uuid" = "" ]; then
+  if [ -z "$uuid" ]; then
     _err "Unable to get Kong uuid for domain $_cdomain"
     _err "Make sure that KONG_URL is correctly configured"
     _err "Make sure that a Kong api request_host match the domain"
@@ -44,7 +44,7 @@ kong_deploy() {
   _saveaccountconf KONG_URL "$KONG_URL"
   #Generate DEIM
   delim="-----MultipartDelimeter$(date "+%s%N")"
-  nl=$(printf "\\r\\n")
+  nl="\015\012"
   #Set Header
   _H1="Content-Type: multipart/form-data; boundary=$delim"
   #Generate data for request (Multipart/form-data with mixed content)
@@ -56,13 +56,15 @@ kong_deploy() {
   content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
   #Close multipart
   content="$content${nl}--$delim--${nl}"
+  #Convert CRLF
+  content=$(printf %b "$content")
   #DEBUG
   _debug header "$_H1"
   _debug content "$content"
   #Check if ssl plugins is aready enabled (if not => POST else => PATCH)
   ssl_uuid=$(_get "$KONG_URL/apis/$uuid/plugins" | _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
   _debug ssl_uuid "$ssl_uuid"
-  if [ "$ssl_uuid" = "" ]; then
+  if [ -z "$ssl_uuid" ]; then
     #Post certificate to Kong
     response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST")
   else