|
@ -58,6 +58,10 @@ _h2b() { |
|
|
done |
|
|
done |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
_base64() { |
|
|
|
|
|
openssl base64 -e | tr -d '\n' |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
#domain [2048] |
|
|
#domain [2048] |
|
|
createAccountKey() { |
|
|
createAccountKey() { |
|
|
if [ -z "$1" ] ; then |
|
|
if [ -z "$1" ] ; then |
|
@ -162,7 +166,7 @@ _send_signed_request() { |
|
|
if [ "$DEBUG" ] ; then |
|
|
if [ "$DEBUG" ] ; then |
|
|
CURL="$CURL --trace-ascii $dp " |
|
|
CURL="$CURL --trace-ascii $dp " |
|
|
fi |
|
|
fi |
|
|
payload64=$(echo -n $payload | base64 -w 0 | _b64) |
|
|
|
|
|
|
|
|
payload64=$(echo -n $payload | _base64 | _b64) |
|
|
_debug payload64 $payload64 |
|
|
_debug payload64 $payload64 |
|
|
|
|
|
|
|
|
nonceurl="$API/directory" |
|
|
nonceurl="$API/directory" |
|
@ -173,17 +177,17 @@ _send_signed_request() { |
|
|
protected=$(echo -n "$HEADERPLACE" | sed "s/NONCE/$nonce/" ) |
|
|
protected=$(echo -n "$HEADERPLACE" | sed "s/NONCE/$nonce/" ) |
|
|
_debug protected "$protected" |
|
|
_debug protected "$protected" |
|
|
|
|
|
|
|
|
protected64=$( echo -n $protected | base64 -w 0 | _b64) |
|
|
|
|
|
|
|
|
protected64=$( echo -n $protected | _base64 | _b64) |
|
|
_debug protected64 "$protected64" |
|
|
_debug protected64 "$protected64" |
|
|
|
|
|
|
|
|
sig=$(echo -n "$protected64.$payload64" | openssl dgst -sha256 -sign $ACCOUNT_KEY_PATH | base64 -w 0 | _b64) |
|
|
|
|
|
|
|
|
sig=$(echo -n "$protected64.$payload64" | openssl dgst -sha256 -sign $ACCOUNT_KEY_PATH | _base64 | _b64) |
|
|
_debug sig "$sig" |
|
|
_debug sig "$sig" |
|
|
|
|
|
|
|
|
body="{\"header\": $HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" |
|
|
body="{\"header\": $HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" |
|
|
_debug body "$body" |
|
|
_debug body "$body" |
|
|
|
|
|
|
|
|
if [ "$needbase64" ] ; then |
|
|
if [ "$needbase64" ] ; then |
|
|
response="$($CURL -X POST --data "$body" $url | base64 -w 0)" |
|
|
|
|
|
|
|
|
response="$($CURL -X POST --data "$body" $url | _base64)" |
|
|
else |
|
|
else |
|
|
response="$($CURL -X POST --data "$body" $url)" |
|
|
response="$($CURL -X POST --data "$body" $url)" |
|
|
fi |
|
|
fi |
|
@ -521,11 +525,11 @@ issue() { |
|
|
fi |
|
|
fi |
|
|
_debug pub_exp "$pub_exp" |
|
|
_debug pub_exp "$pub_exp" |
|
|
|
|
|
|
|
|
e=$(echo $pub_exp | _h2b | base64) |
|
|
|
|
|
|
|
|
e=$(echo $pub_exp | _h2b | _base64) |
|
|
_debug e "$e" |
|
|
_debug e "$e" |
|
|
|
|
|
|
|
|
modulus=$(openssl rsa -in $ACCOUNT_KEY_PATH -modulus -noout | cut -d '=' -f 2 ) |
|
|
modulus=$(openssl rsa -in $ACCOUNT_KEY_PATH -modulus -noout | cut -d '=' -f 2 ) |
|
|
n=$(echo $modulus| _h2b | base64 -w 0 | _b64 ) |
|
|
|
|
|
|
|
|
n=$(echo $modulus| _h2b | _base64 | _b64 ) |
|
|
|
|
|
|
|
|
jwk='{"e": "'$e'", "kty": "RSA", "n": "'$n'"}' |
|
|
jwk='{"e": "'$e'", "kty": "RSA", "n": "'$n'"}' |
|
|
|
|
|
|
|
@ -534,7 +538,7 @@ issue() { |
|
|
_debug HEADER "$HEADER" |
|
|
_debug HEADER "$HEADER" |
|
|
|
|
|
|
|
|
accountkey_json=$(echo -n "$jwk" | sed "s/ //g") |
|
|
accountkey_json=$(echo -n "$jwk" | sed "s/ //g") |
|
|
thumbprint=$(echo -n "$accountkey_json" | sha256sum | _h2b | base64 -w 0 | _b64) |
|
|
|
|
|
|
|
|
thumbprint=$(echo -n "$accountkey_json" | openssl sha -sha256 -binary | _base64 | _b64) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_info "Registering account" |
|
|
_info "Registering account" |
|
@ -607,7 +611,7 @@ issue() { |
|
|
dnsadded='0' |
|
|
dnsadded='0' |
|
|
txtdomain="_acme-challenge.$d" |
|
|
txtdomain="_acme-challenge.$d" |
|
|
_debug txtdomain "$txtdomain" |
|
|
_debug txtdomain "$txtdomain" |
|
|
txt="$(echo -e -n $keyauthorization | sha256sum | _h2b | base64 -w 0 | _b64)" |
|
|
|
|
|
|
|
|
txt="$(echo -e -n $keyauthorization | openssl sha -sha256 -binary | _base64 | _b64)" |
|
|
_debug txt "$txt" |
|
|
_debug txt "$txt" |
|
|
#dns |
|
|
#dns |
|
|
#1. check use api |
|
|
#1. check use api |
|
@ -728,7 +732,7 @@ issue() { |
|
|
|
|
|
|
|
|
_clearup |
|
|
_clearup |
|
|
_info "Verify finished, start to sign." |
|
|
_info "Verify finished, start to sign." |
|
|
der="$(openssl req -in $CSR_PATH -outform DER | base64 -w 0 | _b64)" |
|
|
|
|
|
|
|
|
der="$(openssl req -in $CSR_PATH -outform DER | _base64 | _b64)" |
|
|
_send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64" |
|
|
_send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64" |
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -737,7 +741,7 @@ issue() { |
|
|
|
|
|
|
|
|
if [ "$Le_LinkCert" ] ; then |
|
|
if [ "$Le_LinkCert" ] ; then |
|
|
echo -----BEGIN CERTIFICATE----- > "$CERT_PATH" |
|
|
echo -----BEGIN CERTIFICATE----- > "$CERT_PATH" |
|
|
curl --silent "$Le_LinkCert" | base64 >> "$CERT_PATH" |
|
|
|
|
|
|
|
|
curl --silent "$Le_LinkCert" | openssl base64 -e >> "$CERT_PATH" |
|
|
echo -----END CERTIFICATE----- >> "$CERT_PATH" |
|
|
echo -----END CERTIFICATE----- >> "$CERT_PATH" |
|
|
_info "Cert success." |
|
|
_info "Cert success." |
|
|
cat "$CERT_PATH" |
|
|
cat "$CERT_PATH" |
|
@ -747,7 +751,7 @@ issue() { |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ -z "$Le_LinkCert" ] ; then |
|
|
if [ -z "$Le_LinkCert" ] ; then |
|
|
response="$(echo $response | base64 -d)" |
|
|
|
|
|
|
|
|
response="$(echo $response | openssl base64 -d)" |
|
|
_err "Sign failed: $(echo "$response" | grep -o '"detail":"[^"]*"')" |
|
|
_err "Sign failed: $(echo "$response" | grep -o '"detail":"[^"]*"')" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
@ -759,7 +763,7 @@ issue() { |
|
|
|
|
|
|
|
|
if [ "$Le_LinkIssuer" ] ; then |
|
|
if [ "$Le_LinkIssuer" ] ; then |
|
|
echo -----BEGIN CERTIFICATE----- > "$CA_CERT_PATH" |
|
|
echo -----BEGIN CERTIFICATE----- > "$CA_CERT_PATH" |
|
|
curl --silent "$Le_LinkIssuer" | base64 >> "$CA_CERT_PATH" |
|
|
|
|
|
|
|
|
curl --silent "$Le_LinkIssuer" | openssl base64 -e >> "$CA_CERT_PATH" |
|
|
echo -----END CERTIFICATE----- >> "$CA_CERT_PATH" |
|
|
echo -----END CERTIFICATE----- >> "$CA_CERT_PATH" |
|
|
_info "The intermediate CA cert is in $CA_CERT_PATH" |
|
|
_info "The intermediate CA cert is in $CA_CERT_PATH" |
|
|
fi |
|
|
fi |
|
|