diff --git a/deploy/sophosxg.sh b/deploy/sophosxg.sh
index a79f2743..2b86ee61 100644
--- a/deploy/sophosxg.sh
+++ b/deploy/sophosxg.sh
@@ -12,9 +12,6 @@
#action pfx user password name pfxpass host
sophosxg_do_req() {
-
- # does curl request to upload certificate to sophos appliance
-
# check number of args
[ $# -eq 7 ] || return 1
@@ -27,46 +24,48 @@ sophosxg_do_req() {
_do_req_pfxpass="$6"
_do_req_host="$7"
- # create temp file for xml
- _info "Creating request XML"
- _do_req_xml="$(_mktemp)"
- if [ ! -f "$_do_req_xml" ]; then
- _err "Error creating temp file for XML"
- return 1
- fi
+ # static values - as variables in case these need to change
+ _do_req_boundary="SOPHOSXGPOST"
+ _do_req_certfile="certificate.p12"
- # create xml request
- echo "
-
-
- ${_do_req_user}
- ${_do_req_password}
-
-
-
- UploadCertificate
- ${_do_req_name}
- ${_do_req_pfxpass}
- pkcs12
- certificate.p12
-
-
-
-
-" >"$_do_req_xml"
-
- # dont verify certificate if HTTPS_INSECURE was set
- if [ "$Le_Deploy_sophosxg_https_insecure" = "1" ] || [ "$HTTPS_INSECURE" ]; then
- _sophosxg_curl="$_sophosxg_curl --insecure"
+ # dont verify certs if config set
+ _do_req_old_HTTPS_INSECURE="${HTTPS_INSECURE}"
+ if [ "${Le_Deploy_sophosxg_https_insecure}" = "1" ]; then
+ HTTPS_INSECURE="1"
fi
- # do request with curl
- $_sophosxg_curl --silent -F "reqxml=<$_do_req_xml" -F "file=@$_do_req_pfx;filename=certificate.p12" "https://$_do_req_host/webconsole/APIController?" | grep -q ''
+ # build POST body
+ _do_req_post="$(printf '--%s\r\n' "${_do_req_post}" "${_do_req_boundary}")"
+ _do_req_post="$(printf '%sContent-Type: application/xml; charset=utf-8\r\n' "${_do_req_post}")"
+ _do_req_post="$(printf '%sContent-Disposition: form-data; name="reqxml"\r\n' "${_do_req_post}")"
+ _do_req_post="$(printf '%s\r\n' "${_do_req_post}")"
+ _do_req_post="$(printf '%s\r\n' "${_do_req_post}")"
+ _do_req_post="$(printf '%s%s%s\r\n' "${_do_req_post}" "${_do_req_user}" "${_do_req_password}")"
+ _do_req_post="$(printf '%s\r\n' "${_do_req_post}")"
+ _do_req_post="$(printf '%s\r\n' "${_do_req_post}" "${_do_req_action}")"
+ _do_req_post="$(printf '%s\r\n' "${_do_req_post}")"
+ _do_req_post="$(printf '%s%s\r\n' "${_do_req_post}" "${_do_req_name}")"
+ _do_req_post="$(printf '%sUploadCertificate\r\n' "${_do_req_post}")"
+ _do_req_post="$(printf '%spkcs12\r\n' "${_do_req_post}")"
+ _do_req_post="$(printf '%s%s\r\n' "${_do_req_post}" "${_do_req_pfxpass}")"
+ _do_req_post="$(printf '%s%s\r\n' "${_do_req_post}" "${_do_req_certfile}")"
+ _do_req_post="$(printf '%s\r\n' "${_do_req_post}")"
+ _do_req_post="$(printf '%s\r\n' "${_do_req_post}")"
+ _do_req_post="$(printf '%s\r\n' "${_do_req_post}")"
+ _do_req_post="$(printf '%s--%s\r\n' "${_do_req_post}" "${_do_req_boundary}")"
+ _do_req_post="$(printf '%sContent-Type: application/octet-stream\r\n' "${_do_req_post}")"
+ _do_req_post="$(printf '%sContent-Disposition: form-data; filename="%s"; name="file"\r\n' "${_do_req_post}" "${_do_req_certfile}")"
+ _do_req_post="$(printf '%s%s\r\n' "${_do_req_post}" "$(_base64 < "${_do_req_pfx}")")"
+ _do_req_post="$(printf '%s--%s--\r\n' "${_do_req_post}" "${_do_req_boundary}")"
+
+ # do POST
+ _post "${_do_req_post}" "https://${_do_req_host}/webconsole/APIController?" "" "POST" "multipart/form-data; boundary=${_do_req_boundary}"
ret=$?
- # remove xml file
- rm -f "$_do_req_xml"
+ # reset HTTP_INSECURE
+ HTTPS_INSECURE="${_do_req_old_HTTPS_INSECURE}"
+ # return result of POST
return $ret
}
@@ -78,14 +77,6 @@ sophosxg_deploy() {
_cca="$4"
_cfullchain="$5"
- # check for curl first
- if _exists "curl"; then
- _sophosxg_curl="curl --silent"
- else
- _err "curl is required"
- return 1
- fi
-
# Some defaults
DEFAULT_SOPHOSXG_PFX_PASSWORD="s0ph0sXG"
DEFAULT_SOPHOSXG_NAME="$_cdomain"
@@ -171,6 +162,36 @@ sophosxg_deploy() {
[ -f "$_import_pkcs12" ] && rm -f "$_import_pkcs12"
return 1
fi
+
+ # create post request
+ _deploy_post_body="$(_mktemp)"
+ if [ ! -f "$_deploy_post_body" ]; then
+ _err "Error creating temp file for HTTP POST"
+ return 1
+ fi
+
+ printf '--SOPHOSXGPOST\r\n' >> "$_deploy_post_body"
+ printf 'Content-Type: application/xml; charset=utf-8\r\n' >> "$_deploy_post_body"
+ printf 'Content-Disposition: form-data; name="reqxml"\r\n' >> "$_deploy_post_body"
+ printf '\r\n' >> "$_deploy_post_body"
+ printf '\r\n' >> "$_deploy_post_body"
+ printf '%s\r\n%s\r\n' "$Le_Deploy_sophosxg_user" "$Le_Deploy_sophosxg_password" >> "$_deploy_post_body"
+ printf '' >> "$_deploy_post_body"
+
+
+ %s
+ UploadCertificate
+ pkcs12
+ %s
+ certificate.p12
+
+
+
+--SOPHOSXGPOST
+Content-Type: application/octet-stream
+Content-Disposition: form-data; filename="certificate.p12"; name="file"
+%s
+--SOPHOSXGPOST--
# do upload of cert - attempt to "update" and on failure try "add"
_req_action_success="no"