Browse Source

shellchecks cleared

pull/901/head
Rikard Gynnerstedt 7 years ago
parent
commit
9205c22bf6
  1. 83
      deploy/s3.sh

83
deploy/s3.sh

@ -1,10 +1,16 @@
#!/bin/sh #!/bin/sh
#Here is a sample custom api script.
#This file name is "myapi.sh"
#So, here must be a method myapi_deploy()
#Which will be called by acme.sh to deploy the cert
#returns 0 means success, otherwise error.
# This script deploys your cert to a s3 bucket.
# export S3_BUCKET=acme
# export S3_REGION=eu-central-1
# export AWS_PROFILE=default
# export AWS_ACCESS_KEY_ID=exampleid
# export AWS_SECRET_ACCESS_KEY=examplekey
#
# Checks to see if awscli present
# If not, use curl + aws v4 signature to upload object
# Make sure your keys have access to upload objects.
# Also make sure your default region is correct, otherwise, override with $S3_REGION
######## Public functions ##################### ######## Public functions #####################
@ -23,12 +29,17 @@ s3_deploy() {
return 1 return 1
fi fi
if [ -z "$AWS_PROFILE" ]; then
AWS_PROFILE="default"
fi
if ! _exists aws; then if ! _exists aws; then
_debug "AWS CLI not installed, defaulting to curl method" _debug "AWS CLI not installed, defaulting to curl method"
_aws_cli_installed=0 _aws_cli_installed=0
else else
_debug "AWS CLI installed, defaulting ignoring curl method" _debug "AWS CLI installed, defaulting ignoring curl method"
_aws_cli_installed=1 _aws_cli_installed=1
S3_REGION="$(aws configure get region --profile ${AWS_PROFILE})"
fi fi
if [ "$_aws_cli_installed" -eq "0" ] && ([ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]); then if [ "$_aws_cli_installed" -eq "0" ] && ([ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]); then
@ -44,6 +55,7 @@ s3_deploy() {
# Save s3 options if it's succesful (First run case) # Save s3 options if it's succesful (First run case)
_saveaccountconf S3_BUCKET "$S3_BUCKET" _saveaccountconf S3_BUCKET "$S3_BUCKET"
_saveaccountconf S3_REGION "$S3_REGION" _saveaccountconf S3_REGION "$S3_REGION"
_saveaccountconf AWS_PROFILE "$AWS_PROFILE"
_debug _cdomain "$_cdomain" _debug _cdomain "$_cdomain"
_debug _ckey "$_ckey" _debug _ckey "$_ckey"
@ -51,9 +63,13 @@ s3_deploy() {
_debug _cca "$_cca" _debug _cca "$_cca"
_debug _cfullchain "$_cfullchain" _debug _cfullchain "$_cfullchain"
_debug S3_BUCKET "$S3_BUCKET" _debug S3_BUCKET "$S3_BUCKET"
_debug AWS_PROFILE "$AWS_PROFILE"
_secure_debug AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID" _secure_debug AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID"
_secure_debug AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY" _secure_debug AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY"
# REMOVE BEFORE COMMIT, ONLY FOR DEBUGGING
_aws_cli_installed=1
_info "Deploying certificate to s3 bucket: $S3_BUCKET in $S3_REGION" _info "Deploying certificate to s3 bucket: $S3_BUCKET in $S3_REGION"
if [ "$_aws_cli_installed" -eq "0" ]; then if [ "$_aws_cli_installed" -eq "0" ]; then
@ -63,13 +79,13 @@ s3_deploy() {
fi fi
# private # private
_deploy_to_bucket $_ckey "$_cdomain/$_cdomain.key"
_deploy_to_bucket "$_ckey" "$_cdomain/$_cdomain.key"
# public # public
_deploy_to_bucket $_ccert "$_cdomain/$_cdomain.cer"
_deploy_to_bucket "$_ccert" "$_cdomain/$_cdomain.cer"
# ca # ca
_deploy_to_bucket $_cca "$_cdomain/ca.cer"
_deploy_to_bucket "$_cca" "$_cdomain/ca.cer"
# fullchain # fullchain
_deploy_to_bucket $_cfullchain "$_cdomain/fullchain.cer"
_deploy_to_bucket "$_cfullchain" "$_cdomain/fullchain.cer"
return 0 return 0
@ -79,19 +95,16 @@ s3_deploy() {
_deploy_to_bucket() { _deploy_to_bucket() {
if [ "$_aws_cli_installed" -eq "0" ]; then if [ "$_aws_cli_installed" -eq "0" ]; then
_deploy_with_curl $1 $2
_deploy_with_curl "$1" "$2"
else else
_deploy_with_awscli $1 $2
_deploy_with_awscli "$1" "$2"
fi fi
} }
_deploy_with_awscli() { _deploy_with_awscli() {
file="$1" file="$1"
bucket="$S3_BUCKET"
prefix="$2" prefix="$2"
region="$S3_REGION"
aws s3 cp "$file" s3://"$bucket"/"$prefix" --region "$region"
aws s3 cp "$file" s3://"$S3_BUCKET"/"$prefix" --region "$S3_REGION" --profile "$AWS_PROFILE"
} }
_deploy_with_curl() { _deploy_with_curl() {
@ -104,7 +117,7 @@ _deploy_with_curl() {
timestamp="$(date -u "+%Y-%m-%d %H:%M:%S")" timestamp="$(date -u "+%Y-%m-%d %H:%M:%S")"
signed_headers="date;host;x-amz-acl;x-amz-content-sha256;x-amz-date" signed_headers="date;host;x-amz-acl;x-amz-content-sha256;x-amz-date"
if [[ $(uname) == "Darwin" ]]; then
if [ "$(uname)" = "Darwin" ]; then
iso_timestamp=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%Y%m%dT%H%M%SZ") iso_timestamp=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%Y%m%dT%H%M%SZ")
date_scope=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%Y%m%d") date_scope=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%Y%m%d")
date_header=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%a, %d %h %Y %T %Z") date_header=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%a, %d %h %Y %T %Z")
@ -116,16 +129,23 @@ _deploy_with_curl() {
_info "Uploading $S3_BUCKET/$prefix" _info "Uploading $S3_BUCKET/$prefix"
export _H1="Authorization: AWS4-HMAC-SHA256 Credential=${AWS_ACCESS_KEY_ID}/${date_scope}/${region}/s3/aws4_request,SignedHeaders=${signed_headers},Signature=$(_signature)"
export _H2="Date:${date_header}"
export _H3="x-amz-acl:${acl}"
export _H4="x-amz-content-sha256:$(_payload_hash)"
export _H5="x-amz-date:${iso_timestamp}"
export _H1
export _H2
export _H3
export _H4
export _H5
response=$(_post "${file}" "https://${bucket}.s3.${region}.amazonaws.com/${prefix}")
_debug2 response
_H1="Authorization: AWS4-HMAC-SHA256 Credential=${AWS_ACCESS_KEY_ID}/${date_scope}/${region}/s3/aws4_request,SignedHeaders=${signed_headers},Signature=$(_signature)"
_H2="Date:${date_header}"
_H3="x-amz-acl:${acl}"
_H4="x-amz-content-sha256:$(_payload_hash)"
_H5="x-amz-date:${iso_timestamp}"
_debug2 "$(_post "${file}" "https://$bucket.s3.$region.amazonaws.com/$prefix")"
} }
#################### Private functions below ##################################
_payload_hash() { _payload_hash() {
echo "$(shasum -ba 256 "$file")%% *" echo "$(shasum -ba 256 "$file")%% *"
} }
@ -141,7 +161,8 @@ _canonical_request() {
echo "x-amz-date:${iso_timestamp}" echo "x-amz-date:${iso_timestamp}"
echo "" echo ""
echo "${signed_headers}" echo "${signed_headers}"
printf "$(_payload_hash)"
_payload_hash
} }
_canonical_request_hash() { _canonical_request_hash() {
@ -152,17 +173,17 @@ _string_to_sign() {
echo "AWS4-HMAC-SHA256" echo "AWS4-HMAC-SHA256"
echo "${iso_timestamp}" echo "${iso_timestamp}"
echo "${date_scope}/${region}/s3/aws4_request" echo "${date_scope}/${region}/s3/aws4_request"
printf "$(_canonical_request_hash)"
_canonical_request_hash
} }
_signature_key() { _signature_key() {
secret_key=$(printf "AWS4${AWS_SECRET_ACCESS_KEY?}" | _hex_dump)
date_key=$(printf ${date_scope} | _hmac "sha256" "${secret_key}" | _hex_dump)
region_key=$(printf ${region} | _hmac "sha256" "${date_key}" | _hex_dump)
service_key=$(printf "s3" | _hmac "sha256" "${region_key}" | _hex_dump)
printf "aws4_request" | _hmac "sha256" "${service_key}" | _hex_dump
secret_key=$(echo "AWS4${AWS_SECRET_ACCESS_KEY?}" | _hex_dump)
date_key=$(echo "${date_scope}" | _hmac "sha256" "${secret_key}" hex | _hex_dump)
region_key=$(echo "${region}" | _hmac "sha256" "${date_key}" hex | _hex_dump)
service_key=$(echo "s3" | _hmac "sha256" "${region_key}" hex | _hex_dump)
printf "aws4_request" | _hmac "sha256" "${service_key}" hex | _hex_dump
} }
_signature() { _signature() {
_string_to_sign | _hmac "sha256" $(_signature_key) | _hex_dump | sed "s/^.* //"
_string_to_sign | _hmac "sha256" "$(_signature_key)" | _hex_dump | sed "s/^.* //"
} }
Loading…
Cancel
Save