From 9205c22bf64fead9618fc6139fcf372cc4a5adbc Mon Sep 17 00:00:00 2001
From: Rikard Gynnerstedt <rikard.gynnerstedt@gmail.com>
Date: Tue, 27 Jun 2017 10:26:43 +0200
Subject: [PATCH] shellchecks cleared

---
 deploy/s3.sh | 83 ++++++++++++++++++++++++++++++++--------------------
 1 file changed, 52 insertions(+), 31 deletions(-)

diff --git a/deploy/s3.sh b/deploy/s3.sh
index 5b1e2523..685af5ac 100644
--- a/deploy/s3.sh
+++ b/deploy/s3.sh
@@ -1,10 +1,16 @@
 #!/bin/sh
 
-#Here is a sample custom api script.
-#This file name is "myapi.sh"
-#So, here must be a method   myapi_deploy()
-#Which will be called by acme.sh to deploy the cert
-#returns 0 means success, otherwise error.
+# This script deploys your cert to a s3 bucket.
+# export S3_BUCKET=acme
+# export S3_REGION=eu-central-1
+# export AWS_PROFILE=default
+# export AWS_ACCESS_KEY_ID=exampleid
+# export AWS_SECRET_ACCESS_KEY=examplekey
+# 
+# Checks to see if awscli present
+# If not, use curl + aws v4 signature to upload object
+# Make sure your keys have access to upload objects.
+# Also make sure your default region is correct, otherwise, override with $S3_REGION
 
 ########  Public functions #####################
 
@@ -23,12 +29,17 @@ s3_deploy() {
     return 1
   fi
 
+  if [ -z "$AWS_PROFILE" ]; then
+    AWS_PROFILE="default"
+  fi
+
   if ! _exists aws; then
     _debug "AWS CLI not installed, defaulting to curl method"
     _aws_cli_installed=0
   else
     _debug "AWS CLI installed, defaulting ignoring curl method"
     _aws_cli_installed=1
+    S3_REGION="$(aws configure get region --profile ${AWS_PROFILE})"
   fi
 
   if [ "$_aws_cli_installed" -eq "0" ] && ([ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]); then
@@ -44,6 +55,7 @@ s3_deploy() {
   # Save s3 options if it's succesful (First run case)
   _saveaccountconf S3_BUCKET "$S3_BUCKET"
   _saveaccountconf S3_REGION "$S3_REGION"
+  _saveaccountconf AWS_PROFILE "$AWS_PROFILE"
 
   _debug _cdomain "$_cdomain"
   _debug _ckey "$_ckey"
@@ -51,9 +63,13 @@ s3_deploy() {
   _debug _cca "$_cca"
   _debug _cfullchain "$_cfullchain"
   _debug S3_BUCKET "$S3_BUCKET"
+  _debug AWS_PROFILE "$AWS_PROFILE"
   _secure_debug AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID"
   _secure_debug AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY"
   
+  # REMOVE BEFORE COMMIT, ONLY FOR DEBUGGING
+  _aws_cli_installed=1
+
   _info "Deploying certificate to s3 bucket: $S3_BUCKET in $S3_REGION"
   
   if [ "$_aws_cli_installed" -eq "0" ]; then
@@ -63,13 +79,13 @@ s3_deploy() {
   fi
 
   # private
-  _deploy_to_bucket $_ckey "$_cdomain/$_cdomain.key"
+  _deploy_to_bucket "$_ckey" "$_cdomain/$_cdomain.key"
   # public
-  _deploy_to_bucket $_ccert "$_cdomain/$_cdomain.cer"
+  _deploy_to_bucket "$_ccert" "$_cdomain/$_cdomain.cer"
   # ca
-  _deploy_to_bucket $_cca "$_cdomain/ca.cer"
+  _deploy_to_bucket "$_cca" "$_cdomain/ca.cer"
   # fullchain
-  _deploy_to_bucket $_cfullchain "$_cdomain/fullchain.cer"
+  _deploy_to_bucket "$_cfullchain" "$_cdomain/fullchain.cer"
 
   return 0
 
@@ -79,19 +95,16 @@ s3_deploy() {
 
 _deploy_to_bucket() {
   if [ "$_aws_cli_installed" -eq "0" ]; then
-    _deploy_with_curl $1 $2
+    _deploy_with_curl "$1" "$2"
   else
-    _deploy_with_awscli $1 $2
+    _deploy_with_awscli "$1" "$2"
   fi
 }
 
 _deploy_with_awscli() {
   file="$1"
-  bucket="$S3_BUCKET"
   prefix="$2"
-  region="$S3_REGION"
-
-  aws s3 cp "$file" s3://"$bucket"/"$prefix" --region "$region"
+  aws s3 cp "$file" s3://"$S3_BUCKET"/"$prefix" --region "$S3_REGION" --profile "$AWS_PROFILE"
 }
 
 _deploy_with_curl() {
@@ -104,7 +117,7 @@ _deploy_with_curl() {
   timestamp="$(date -u "+%Y-%m-%d %H:%M:%S")"
   signed_headers="date;host;x-amz-acl;x-amz-content-sha256;x-amz-date"
 
-  if [[ $(uname) == "Darwin" ]]; then
+  if [ "$(uname)" = "Darwin" ]; then
     iso_timestamp=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%Y%m%dT%H%M%SZ")
     date_scope=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%Y%m%d")
     date_header=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%a, %d %h %Y %T %Z")
@@ -116,16 +129,23 @@ _deploy_with_curl() {
 
   _info "Uploading $S3_BUCKET/$prefix"
 
-  export _H1="Authorization: AWS4-HMAC-SHA256 Credential=${AWS_ACCESS_KEY_ID}/${date_scope}/${region}/s3/aws4_request,SignedHeaders=${signed_headers},Signature=$(_signature)"
-  export _H2="Date:${date_header}"
-  export _H3="x-amz-acl:${acl}"
-  export _H4="x-amz-content-sha256:$(_payload_hash)"
-  export _H5="x-amz-date:${iso_timestamp}"
+  export _H1
+  export _H2
+  export _H3
+  export _H4
+  export _H5
   
-  response=$(_post "${file}" "https://${bucket}.s3.${region}.amazonaws.com/${prefix}")
-  _debug2 response
+  _H1="Authorization: AWS4-HMAC-SHA256 Credential=${AWS_ACCESS_KEY_ID}/${date_scope}/${region}/s3/aws4_request,SignedHeaders=${signed_headers},Signature=$(_signature)"
+  _H2="Date:${date_header}"
+  _H3="x-amz-acl:${acl}"
+  _H4="x-amz-content-sha256:$(_payload_hash)"
+  _H5="x-amz-date:${iso_timestamp}"
+
+  _debug2 "$(_post "${file}" "https://$bucket.s3.$region.amazonaws.com/$prefix")"
 }
 
+####################  Private functions below ##################################
+
 _payload_hash() {
   echo "$(shasum -ba 256 "$file")%% *"
 }
@@ -141,7 +161,8 @@ _canonical_request() {
   echo "x-amz-date:${iso_timestamp}"
   echo ""
   echo "${signed_headers}"
-  printf "$(_payload_hash)"
+
+  _payload_hash
 }
 
 _canonical_request_hash() {
@@ -152,17 +173,17 @@ _string_to_sign() {
   echo "AWS4-HMAC-SHA256"
   echo "${iso_timestamp}"
   echo "${date_scope}/${region}/s3/aws4_request"
-  printf "$(_canonical_request_hash)"
+  _canonical_request_hash
 }
 
 _signature_key() {
-  secret_key=$(printf "AWS4${AWS_SECRET_ACCESS_KEY?}" | _hex_dump)
-  date_key=$(printf ${date_scope} | _hmac "sha256" "${secret_key}" | _hex_dump)
-  region_key=$(printf ${region} | _hmac "sha256" "${date_key}" | _hex_dump)
-  service_key=$(printf "s3" | _hmac "sha256" "${region_key}" | _hex_dump)
-  printf "aws4_request" | _hmac "sha256" "${service_key}" | _hex_dump
+  secret_key=$(echo "AWS4${AWS_SECRET_ACCESS_KEY?}" | _hex_dump)
+  date_key=$(echo "${date_scope}" | _hmac "sha256" "${secret_key}" hex | _hex_dump)
+  region_key=$(echo "${region}" | _hmac "sha256" "${date_key}" hex | _hex_dump)
+  service_key=$(echo "s3" | _hmac "sha256" "${region_key}" hex | _hex_dump)
+  printf "aws4_request" | _hmac "sha256" "${service_key}" hex | _hex_dump
 }
 
 _signature() {
-  _string_to_sign | _hmac "sha256" $(_signature_key) | _hex_dump | sed "s/^.* //"
+  _string_to_sign | _hmac "sha256" "$(_signature_key)" | _hex_dump | sed "s/^.* //"
 }