From aa692c0e702eac71874e70574a33118cd462498c Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 20 Feb 2016 23:58:36 +0800 Subject: [PATCH] Support FreeBSD --- le.sh | 70 ++++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 25 deletions(-) diff --git a/le.sh b/le.sh index 90f8335f..b327a2fb 100755 --- a/le.sh +++ b/le.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -VER=1.1.7 +VER=1.1.8 PROJECT="https://github.com/Neilpang/le" DEFAULT_CA="https://acme-v01.api.letsencrypt.org" @@ -180,7 +180,8 @@ createCSR() { alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" #multi _info "Multi domain" "$alt" - openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" -reqexts SAN -config <(printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\n[SAN]\nsubjectAltName=$alt") -out "$CSR_PATH" + printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\n[SAN]\nsubjectAltName=$alt" > "$DOMAIN_SSL_CONF" + openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" -reqexts SAN -config "$DOMAIN_SSL_CONF" -out "$CSR_PATH" fi } @@ -190,6 +191,19 @@ _b64() { echo $__n | tr '/+' '_-' | tr -d '= ' } +_time2str() { + #BSD + if date -u -d@$1 2>/dev/null ; then + return + fi + + #Linux + if date -u -r $1 2>/dev/null ; then + return + fi + +} + _send_signed_request() { url=$1 payload=$2 @@ -208,14 +222,14 @@ _send_signed_request() { _debug payload64 $payload64 nonceurl="$API/directory" - nonce=$($CURL -I $nonceurl | grep "^Replay-Nonce:" | sed s/\\r//|sed s/\\n//| cut -d ' ' -f 2) + nonce="$($CURL -I $nonceurl | grep -o "^Replay-Nonce:.*$" | tr -d "\r\n" | cut -d ' ' -f 2)" - _debug nonce $nonce + _debug nonce "$nonce" - protected=$(echo -n "$HEADERPLACE" | sed "s/NONCE/$nonce/" ) + protected="$(printf "$HEADERPLACE" | sed "s/NONCE/$nonce/" )" _debug protected "$protected" - protected64=$( echo -n $protected | _base64 | _b64) + protected64="$(printf "$protected" | _base64 | _b64)" _debug protected64 "$protected64" sig=$(echo -n "$protected64.$payload64" | openssl dgst -sha256 -sign $ACCOUNT_KEY_PATH | _base64 | _b64) @@ -230,11 +244,11 @@ _send_signed_request() { response="$($CURL -X POST --data "$body" $url)" fi - responseHeaders="$(sed 's/\r//g' $CURL_HEADER)" + responseHeaders="$(cat $CURL_HEADER)" _debug responseHeaders "$responseHeaders" _debug response "$response" - code="$(grep ^HTTP $CURL_HEADER | tail -1 | cut -d " " -f 2)" + code="$(grep ^HTTP $CURL_HEADER | tail -1 | cut -d " " -f 2 | tr -d "\r\n" )" _debug code $code } @@ -269,7 +283,8 @@ _setopt() { if [[ "$__val" == *"&"* ]] ; then __val="$(echo $__val | sed 's/&/\\&/g')" fi - sed -i "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" "$__conf" + text="$(cat $__conf)" + printf "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf" else _debug APP echo "$__opt$__sep$__val$__end" >> "$__conf" @@ -368,7 +383,11 @@ _initpath() { if [ -z "$DOMAIN_CONF" ] ; then DOMAIN_CONF="$domainhome/$Le_Domain.conf" fi - + + if [ -z "$DOMAIN_SSL_CONF" ] ; then + DOMAIN_SSL_CONF="$domainhome/$Le_Domain.ssl.conf" + fi + if [ -z "$CSR_PATH" ] ; then CSR_PATH="$domainhome/$domain.csr" fi @@ -386,8 +405,8 @@ _initpath() { _apachePath() { - httpdroot="$(apachectl -V | grep HTTPD_ROOT= | cut -d = -f 2 | sed s/\"//g)" - httpdconfname="$(apachectl -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | sed s/\"//g)" + httpdroot="$(apachectl -V | grep HTTPD_ROOT= | cut -d = -f 2 | tr -d '"' )" + httpdconfname="$(apachectl -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | tr -d '"' )" httpdconf="$httpdroot/$httpdconfname" if [ ! -f $httpdconf ] ; then _err "Apache Config file not found" $httpdconf @@ -606,7 +625,7 @@ issue() { HEADERPLACE='{"nonce": "NONCE", "alg": "RS256", "jwk": '$jwk'}' _debug HEADER "$HEADER" - accountkey_json=$(echo -n "$jwk" | sed "s/ //g") + accountkey_json=$(echo -n "$jwk" | tr -d ' ' ) thumbprint=$(echo -n "$accountkey_json" | openssl dgst -sha256 -binary | _base64 | _b64) @@ -638,7 +657,7 @@ issue() { _info "Verify each domain" sep='#' if [ -z "$vlist" ] ; then - alldomains=$(echo "$Le_Domain,$Le_Alt" | sed "s/,/ /g") + alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ' ) for d in $alldomains do _info "Geting token for domain" $d @@ -649,13 +668,13 @@ issue() { return 1 fi - entry=$(echo $response | egrep -o '{[^{]*"type":"'$vtype'"[^}]*') + entry="$(printf $response | egrep -o '{[^{]*"type":"'$vtype'"[^}]*')" _debug entry "$entry" - token=$(echo "$entry" | sed 's/,/\n'/g| grep '"token":'| cut -d : -f 2|sed 's/"//g') + token="$(printf "$entry" | egrep -o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')" _debug token $token - uri=$(echo "$entry" | sed 's/,/\n'/g| grep '"uri":'| cut -d : -f 2,3|sed 's/"//g') + uri="$(printf "$entry" | egrep -o '"uri":"[^"]*'| cut -d : -f 2,3 | tr -d '"' )" _debug uri $uri keyauthorization="$token.$thumbprint" @@ -670,7 +689,7 @@ issue() { #add entry dnsadded="" - ventries=$(echo "$vlist" | sed "s/,/ /g") + ventries=$(echo "$vlist" | tr ',' ' ' ) for ventry in $ventries do d=$(echo $ventry | cut -d $sep -f 1) @@ -745,7 +764,7 @@ issue() { fi _debug "ok, let's start to verify" - ventries=$(echo "$vlist" | sed "s/,/ /g") + ventries=$(echo "$vlist" | tr ',' ' ' ) for ventry in $ventries do d=$(echo $ventry | cut -d $sep -f 1) @@ -812,7 +831,7 @@ issue() { return 1 fi - status=$(echo $response | egrep -o '"status":"[^"]+"' | cut -d : -f 2 | sed 's/"//g') + status=$(echo $response | egrep -o '"status":"[^"]+"' | cut -d : -f 2 | tr -d '"') if [ "$status" == "valid" ] ; then _info "Success" _stopserver $serverproc @@ -848,7 +867,7 @@ issue() { _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64" - Le_LinkCert="$(grep -i -o '^Location.*' $CURL_HEADER |sed 's/\r//g'| cut -d " " -f 2)" + Le_LinkCert="$(grep -i -o '^Location.*$' $CURL_HEADER | tr -d "\r\n" | cut -d " " -f 2)" _setopt "$DOMAIN_CONF" "Le_LinkCert" "=" "$Le_LinkCert" if [ "$Le_LinkCert" ] ; then @@ -870,7 +889,7 @@ issue() { _setopt "$DOMAIN_CONF" 'Le_Vlist' '=' "\"\"" - Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | sed 's///g') + Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | tr -d '<>' ) _setopt "$DOMAIN_CONF" "Le_LinkIssuer" "=" "$Le_LinkIssuer" if [ "$Le_LinkIssuer" ] ; then @@ -883,7 +902,7 @@ issue() { Le_CertCreateTime=$(date -u "+%s") _setopt "$DOMAIN_CONF" "Le_CertCreateTime" "=" "$Le_CertCreateTime" - Le_CertCreateTimeStr=$(date -u "+%Y-%m-%d %H:%M:%S UTC") + Le_CertCreateTimeStr=$(date -u ) _setopt "$DOMAIN_CONF" "Le_CertCreateTimeStr" "=" "\"$Le_CertCreateTimeStr\"" if [ ! "$Le_RenewalDays" ] ; then @@ -892,10 +911,10 @@ issue() { _setopt "$DOMAIN_CONF" "Le_RenewalDays" "=" "$Le_RenewalDays" - Le_NextRenewTime=$(date -u -d "+$Le_RenewalDays day" "+%s") + let "Le_NextRenewTime=Le_CertCreateTime+Le_RenewalDays*24*60*60" _setopt "$DOMAIN_CONF" "Le_NextRenewTime" "=" "$Le_NextRenewTime" - Le_NextRenewTimeStr=$(date -u -d "+$Le_RenewalDays day" "+%Y-%m-%d %H:%M:%S UTC") + Le_NextRenewTimeStr=$( _time2str $Le_NextRenewTime ) _setopt "$DOMAIN_CONF" "Le_NextRenewTimeStr" "=" "\"$Le_NextRenewTimeStr\"" @@ -960,6 +979,7 @@ renewAll() { Le_ReloadCmd="" DOMAIN_CONF="" + DOMAIN_SSL_CONF="" CSR_PATH="" CERT_KEY_PATH="" CERT_PATH=""