You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

92 lines
3.4 KiB

4 years ago
  1. #!/usr/bin/env sh
  2. # Here is the script to deploy the cert to your CleverReach Account using the CleverReach REST API.
  3. # Your OAuth needs the right scope, please contact CleverReach support for that.
  4. #
  5. # Written by Jan-Philipp Benecke <github@bnck.me>
  6. # Public domain, 2020
  7. #
  8. # Following environment variables must be set:
  9. #
  10. #export DEPLOY_CLEVERREACH_CLIENT_ID=myid
  11. #export DEPLOY_CLEVERREACH_CLIENT_SECRET=mysecret
  12. cleverreach_deploy() {
  13. _cdomain="$1"
  14. _ckey="$2"
  15. _ccert="$3"
  16. _cca="$4"
  17. _cfullchain="$5"
  18. _rest_endpoint="https://rest.cleverreach.com"
  19. _debug _cdomain "$_cdomain"
  20. _debug _ckey "$_ckey"
  21. _debug _ccert "$_ccert"
  22. _debug _cca "$_cca"
  23. _debug _cfullchain "$_cfullchain"
  24. _getdeployconf DEPLOY_CLEVERREACH_CLIENT_ID
  25. _getdeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET
  26. _getdeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID
  27. if [ -z "${DEPLOY_CLEVERREACH_CLIENT_ID}" ]; then
  28. _err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID."
  29. return 1
  30. fi
  31. if [ -z "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" ]; then
  32. _err "CleverReach client secret is not found, please define DEPLOY_CLEVERREACH_CLIENT_SECRET."
  33. return 1
  34. fi
  35. _savedeployconf DEPLOY_CLEVERREACH_CLIENT_ID "${DEPLOY_CLEVERREACH_CLIENT_ID}"
  36. _savedeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${DEPLOY_CLEVERREACH_CLIENT_SECRET}"
  37. _savedeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
  38. _info "Obtaining a CleverReach access token"
  39. _data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${DEPLOY_CLEVERREACH_CLIENT_ID}\", \"client_secret\": \"${DEPLOY_CLEVERREACH_CLIENT_SECRET}\"}"
  40. _auth_result="$(_post "$_data" "$_rest_endpoint/oauth/token.php" "" "POST" "application/json")"
  41. _debug _data "$_data"
  42. _debug _auth_result "$_auth_result"
  43. _regex=".*\"access_token\":\"\([-._0-9A-Za-z]*\)\".*$"
  44. _debug _regex "$_regex"
  45. _access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p")
  46. _debug _subclient "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
  47. if [ -n "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then
  48. _info "Obtaining token for sub-client ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
  49. export _H1="Authorization: Bearer ${_access_token}"
  50. _subclient_token_result="$(_get "$_rest_endpoint/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID/token")"
  51. _access_token=$(echo "$_subclient_token_result" | sed -n "s/\"//p")
  52. _debug _subclient_token_result "$_access_token"
  53. _info "Destroying parent token at CleverReach, as it not needed anymore"
  54. _destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")"
  55. _debug _destroy_result "$_destroy_result"
  56. fi
  57. _info "Uploading certificate and key to CleverReach"
  58. _certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}"
  59. export _H1="Authorization: Bearer ${_access_token}"
  60. _add_cert_result="$(_post "$_certData" "$_rest_endpoint/v3/ssl" "" "POST" "application/json")"
  61. if [ -z "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then
  62. _info "Destroying token at CleverReach, as it not needed anymore"
  63. _destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")"
  64. _debug _destroy_result "$_destroy_result"
  65. fi
  66. if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then
  67. _info "Uploaded certificate successfully"
  68. return 0
  69. else
  70. _debug _add_cert_result "$_add_cert_result"
  71. _err "Unable to update certificate"
  72. return 1
  73. fi
  74. }