diff --git a/acme.sh b/acme.sh index cba4905..16fb1b0 100755 --- a/acme.sh +++ b/acme.sh @@ -306,7 +306,7 @@ _h2b() { _debug3 _URGLY_PRINTF "$_URGLY_PRINTF" while true; do if [ -z "$_URGLY_PRINTF" ]; then - h="$(printf $hex | cut -c $i-$j)" + h="$(printf "%s" "$hex" | cut -c $i-$j)" if [ -z "$h" ]; then break fi @@ -479,7 +479,7 @@ _sign() { if ! _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)"; then _err "Sign failed: $_sign_openssl" _err "Key file: $keyfile" - _err "Key content:$(cat "$keyfile" | wc -l) lises" + _err "Key content:$(wc -l <"$keyfile") lises" return 1 fi _debug3 "_signedECText" "$_signedECText" @@ -516,7 +516,7 @@ _createkey() { f="$2" eccname="$length" if _startswith "$length" "ec-"; then - length=$(printf "$length" | cut -d '-' -f 2-100) + length=$(printf "%s" "$length" | cut -d '-' -f 2-100) if [ "$length" = "256" ]; then eccname="prime256v1" @@ -608,10 +608,10 @@ _createcsr() { #single domain _info "Single domain" "$domain" else - domainlist="$(_idn $domainlist)" + domainlist="$(_idn "$domainlist")" _debug2 domainlist "$domainlist" if _contains "$domainlist" ","; then - alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" + alt="DNS:$(echo "$domainlist" | sed "s/,/,DNS:/g")" else alt="DNS:$domainlist" fi @@ -803,7 +803,7 @@ createDomainKey() { length="$DEFAULT_DOMAIN_KEY_LENGTH" fi - _initpath $domain "$length" + _initpath "$domain" "$length" if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]); then _createkey "$length" "$CERT_KEY_PATH" @@ -849,18 +849,17 @@ createCSR() { } _urlencode() { - __n=$(cat) - echo $__n | tr '/+' '_-' | tr -d '= ' + tr '/+' '_-' | tr -d '= ' } _time2str() { #BSD - if date -u -d@$1 2>/dev/null; then + if date -u -d@"$1" 2>/dev/null; then return fi #Linux - if date -u -r $1 2>/dev/null; then + if date -u -r "$1" 2>/dev/null; then return fi @@ -905,16 +904,16 @@ _calcjwk() { EC_SIGN="" if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then _debug "RSA key" - pub_exp=$(openssl rsa -in $keyfile -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) + pub_exp=$(openssl rsa -in "$keyfile" -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) if [ "${#pub_exp}" = "5" ]; then pub_exp=0$pub_exp fi _debug3 pub_exp "$pub_exp" - e=$(echo $pub_exp | _h2b | _base64) + e=$(echo "$pub_exp" | _h2b | _base64) _debug3 e "$e" - modulus=$(openssl rsa -in $keyfile -modulus -noout | cut -d '=' -f 2) + modulus=$(openssl rsa -in "$keyfile" -modulus -noout | cut -d '=' -f 2) _debug3 modulus "$modulus" n="$(printf "%s" "$modulus" | _h2b | _base64 | _urlencode)" jwk='{"e": "'$e'", "kty": "RSA", "n": "'$n'"}' @@ -926,12 +925,12 @@ _calcjwk() { elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then _debug "EC key" EC_SIGN="1" - crv="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" + crv="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" _debug3 crv "$crv" if [ -z "$crv" ]; then _debug "Let's try ASN1 OID" - crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" + crv_oid="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" _debug3 crv_oid "$crv_oid" case "${crv_oid}" in "prime256v1") @@ -951,15 +950,15 @@ _calcjwk() { _debug3 crv "$crv" fi - pubi="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" + pubi="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" pubi=$(_math $pubi + 1) _debug3 pubi "$pubi" - pubj="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)" + pubj="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)" pubj=$(_math $pubj - 1) _debug3 pubj "$pubj" - pubtext="$(openssl ec -in $keyfile -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" + pubtext="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" _debug3 pubtext "$pubtext" xlen="$(printf "%s" "$pubtext" | tr -d ':' | wc -c)" @@ -967,14 +966,14 @@ _calcjwk() { _debug3 xlen "$xlen" xend=$(_math "$xlen" + 1) - x="$(printf "%s" "$pubtext" | cut -d : -f 2-$xend)" + x="$(printf "%s" "$pubtext" | cut -d : -f 2-"$xend")" _debug3 x "$x" x64="$(printf "%s" "$x" | tr -d : | _h2b | _base64 | _urlencode)" _debug3 x64 "$x64" xend=$(_math "$xend" + 1) - y="$(printf "%s" "$pubtext" | cut -d : -f $xend-10000)" + y="$(printf "%s" "$pubtext" | cut -d : -f "$xend"-10000)" _debug3 y "$y" y64="$(printf "%s" "$y" | tr -d : | _h2b | _base64 | _urlencode)" @@ -1148,9 +1147,9 @@ _get() { fi _debug "_CURL" "$_CURL" if [ "$onlyheader" ]; then - $_CURL -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url + $_CURL -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url" else - $_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url + $_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url" fi ret=$? if [ "$ret" != "0" ]; then @@ -1167,9 +1166,9 @@ _get() { fi _debug "_WGET" "$_WGET" if [ "$onlyheader" ]; then - $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null $url 2>&1 | sed 's/^[ ]*//g' + $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null "$url" 2>&1 | sed 's/^[ ]*//g' else - $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - $url + $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - "$url" fi ret=$? if [ "$_ret" = "8" ]; then @@ -1192,9 +1191,9 @@ _head_n() { } _tail_n() { - if ! tail -n $1 2>/dev/null; then + if ! tail -n "$1" 2>/dev/null; then #fix for solaris - tail -$1 + tail -"$1" fi } @@ -1207,7 +1206,7 @@ _send_signed_request() { if [ -z "$keyfile" ]; then keyfile="$ACCOUNT_KEY_PATH" fi - _debug url $url + _debug url "$url" _debug payload "$payload" if ! _calcjwk "$keyfile"; then @@ -1215,7 +1214,7 @@ _send_signed_request() { fi payload64=$(printf "%s" "$payload" | _base64 | _urlencode) - _debug3 payload64 $payload64 + _debug3 payload64 "$payload64" if [ -z "$_CACHED_NONCE" ]; then _debug2 "Get nonce." @@ -1255,7 +1254,7 @@ _send_signed_request() { body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" _debug3 body "$body" - response="$(_post "$body" $url "$needbase64")" + response="$(_post "$body" "$url" "$needbase64")" _CACHED_NONCE="" if [ "$?" != "0" ]; then _err "Can not post to $url"