Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1475 Commits
9 Branches
44 Tags
32 MiB
Tree: 2f61a597c6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2f61a597c6'
${ noResults }
acme.sh/deploy/s3.sh

169 lines
4.8 KiB
Raw Normal View History

Add s3 upload deploy-hook
8 years ago
added secure debug, use global functions, removed local variables
8 years ago
added comment about openssl on mac
8 years ago
Add s3 upload deploy-hook
8 years ago
added secure debug, use global functions, removed local variables
8 years ago
Add s3 upload deploy-hook
8 years ago
added secure debug, use global functions, removed local variables
8 years ago
Add s3 upload deploy-hook
8 years ago
added secure debug, use global functions, removed local variables
8 years ago
Add s3 upload deploy-hook
8 years ago
added secure debug, use global functions, removed local variables
8 years ago
Add s3 upload deploy-hook
8 years ago
added secure debug, use global functions, removed local variables
8 years ago
Add s3 upload deploy-hook
8 years ago
added secure debug, use global functions, removed local variables
8 years ago
Add s3 upload deploy-hook
8 years ago
added secure debug, use global functions, removed local variables
8 years ago
  1. #!/bin/bash
  3. #Here is a sample custom api script.
  4. #This file name is "myapi.sh"
  5. #So, here must be a method myapi_deploy()
  6. #Which will be called by acme.sh to deploy the cert
  7. #returns 0 means success, otherwise error.
  9. ######## Public functions #####################
  11. #domain keyfile certfile cafile fullchain
  12. s3_deploy() {
  13. _cdomain="$1"
  14. _ckey="$2"
  15. _ccert="$3"
  16. _cca="$4"
  17. _cfullchain="$5"
  19. if [ -z "$S3_BUCKET" ] ; then
  20. _err "You haven't specified the bucket name yet."
  21. _err "Please set it via export and try again."
  22. _err "e.g. export S3_BUCKET=acme"
  23. return 1
  24. fi
  26. if ! _exists aws; then
  27. _debug "AWS CLI not installed, defaulting to curl method"
  28. _aws_cli_installed=0
  29. else
  30. _debug "AWS CLI installed, defaulting ignoring curl method"
  31. _aws_cli_installed=1
  32. fi
  34. if [ "$_aws_cli_installed" -eq "0" ] && ([ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]); then
  35. _err "AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY not set."
  36. _err "Please set them via export, or use the aws-cli."
  37. return 1
  38. fi
  40. if [ -z "$S3_REGION" ]; then
  41. S3_REGION="us-east-1"
  42. fi
  44. # Save s3 options if it's succesful (First run case)
  45. _saveaccountconf S3_BUCKET "$S3_BUCKET"
  46. _saveaccountconf S3_REGION "$S3_REGION"
  48. _debug _cdomain "$_cdomain"
  49. _debug _ckey "$_ckey"
  50. _debug _ccert "$_ccert"
  51. _debug _cca "$_cca"
  52. _debug _cfullchain "$_cfullchain"
  53. _debug S3_BUCKET "$S3_BUCKET"
  54. _secure_debug AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID"
  55. _secure_debug AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY"
  57. _info "Deploying certificate to s3 bucket: $S3_BUCKET in $S3_REGION"
  59. if [ "$_aws_cli_installed" -eq "0" ]; then
  60. _debug "deploying with curl method"
  61. else
  62. _debug "deploying with aws cli method"
  63. fi
  65. # private
  66. _deploy_to_bucket $_ckey "$_cdomain/$_cdomain.key"
  67. # public
  68. _deploy_to_bucket $_ccert "$_cdomain/$_cdomain.cer"
  69. # ca
  70. _deploy_to_bucket $_cca "$_cdomain/ca.cer"
  71. # fullchain
  72. _deploy_to_bucket $_cfullchain "$_cdomain/fullchain.cer"
  74. return 0
  76. }
  78. #################### Private functions below ##################################
  80. _deploy_to_bucket() {
  81. if [ "$_aws_cli_installed" -eq "0" ]; then
  82. _deploy_with_curl $1 $2
  83. else
  84. _deploy_with_awscli $1 $2
  85. fi
  86. }
  88. _deploy_with_awscli() {
  89. file="$1"
  90. bucket="$S3_BUCKET"
  91. prefix="$2"
  92. region="$S3_REGION"
  94. aws s3 cp "$file" s3://"$bucket"/"$prefix" --region "$region"
  95. }
  97. _deploy_with_curl() {
  99. file="${1}"
  100. bucket="${S3_BUCKET}"
  101. prefix="${2}"
  102. region="${S3_REGION}"
  103. acl="private"
  104. timestamp="$(date -u "+%Y-%m-%d %H:%M:%S")"
  105. signed_headers="date;host;x-amz-acl;x-amz-content-sha256;x-amz-date"
  107. if [[ $(uname) == "Darwin" ]]; then
  108. iso_timestamp=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%Y%m%dT%H%M%SZ")
  109. date_scope=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%Y%m%d")
  110. date_header=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%a, %d %h %Y %T %Z")
  111. else
  112. iso_timestamp=$(date -ud "${timestamp}" "+%Y%m%dT%H%M%SZ")
  113. date_scope=$(date -ud "${timestamp}" "+%Y%m%d")
  114. date_header=$(date -ud "${timestamp}" "+%a, %d %h %Y %T %Z")
  115. fi
  117. _info "Uploading $S3_BUCKET/$prefix"
  119. export _H1="Authorization: AWS4-HMAC-SHA256 Credential=${AWS_ACCESS_KEY_ID}/${date_scope}/${region}/s3/aws4_request,SignedHeaders=${signed_headers},Signature=$(_signature)"
  120. export _H2="Date:${date_header}"
  121. export _H3="x-amz-acl:${acl}"
  122. export _H4="x-amz-content-sha256:$(_payload_hash)"
  123. export _H5="x-amz-date:${iso_timestamp}"
  124. response=$(_post "${file}" "https://${bucket}.s3.${region}.amazonaws.com/${prefix}")
  125. _debug response
  126. }
  128. _payload_hash() {
  129. hash_output=$(shasum -ba 256 "$file")
  130. echo "${hash_output%% *}"
  131. }
  133. _canonical_request() {
  134. echo "PUT"
  135. echo "/${prefix}"
  136. echo ""
  137. echo "date:${date_header}"
  138. echo "host:${bucket}.s3.${region}.amazonaws.com"
  139. echo "x-amz-acl:${acl}"
  140. echo "x-amz-content-sha256:$(_payload_hash)"
  141. echo "x-amz-date:${iso_timestamp}"
  142. echo ""
  143. echo "${signed_headers}"
  144. printf "$(_payload_hash)"
  145. }
  147. _canonical_request_hash() {
  148. _canonical_request_output=$(_canonical_request | shasum -a 256)
  149. echo "${_canonical_request_output%% *}"
  150. }
  152. _string_to_sign() {
  153. echo "AWS4-HMAC-SHA256"
  154. echo "${iso_timestamp}"
  155. echo "${date_scope}/${region}/s3/aws4_request"
  156. printf "$(_canonical_request_hash)"
  157. }
  159. _signature_key() {
  160. secret_key=$(printf "AWS4${AWS_SECRET_ACCESS_KEY?}" | _hex_dump | tr -d " ")
  161. date_key=$(printf ${date_scope} | _hmac "sha256" "${secret_key}" | _hex_dump | tr -d " ")
  162. region_key=$(printf ${region} | _hmac "sha256" "${date_key}" | _hex_dump | tr -d " ")
  163. service_key=$(printf "s3" | _hmac "sha256" "${region_key}" | _hex_dump | tr -d " ")
  164. printf "aws4_request" | _hmac "sha256" "${service_key}" | _hex_dump | tr -d " "
  165. }
  167. _signature() {
  168. _string_to_sign | _hmac "sha256" $(_signature_key) | _hex_dump | tr -d " " | sed "s/^.* //"
  169. }