Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

shellchecks cleared

pull/901/head
Rikard Gynnerstedt 7 years ago
parent
6175b7e2d8
commit
9205c22bf6
1 changed files with 52 additions and 31 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 83
      deploy/s3.sh

83
deploy/s3.sh
View File

@ -1,10 +1,16 @@
#!/bin/sh
#Here is a sample custom api script.
#This file name is "myapi.sh"
#So, here must be a method myapi_deploy()
#Which will be called by acme.sh to deploy the cert
#returns 0 means success, otherwise error.
# This script deploys your cert to a s3 bucket.
# export S3_BUCKET=acme
# export S3_REGION=eu-central-1
# export AWS_PROFILE=default
# export AWS_ACCESS_KEY_ID=exampleid
# export AWS_SECRET_ACCESS_KEY=examplekey
#
# Checks to see if awscli present
# If not, use curl + aws v4 signature to upload object
# Make sure your keys have access to upload objects.
# Also make sure your default region is correct, otherwise, override with $S3_REGION
######## Public functions #####################
@ -23,12 +29,17 @@ s3_deploy() {
return 1
fi
if [ -z "$AWS_PROFILE" ]; then
AWS_PROFILE="default"
fi
if ! _exists aws; then
_debug "AWS CLI not installed, defaulting to curl method"
_aws_cli_installed=0
else
_debug "AWS CLI installed, defaulting ignoring curl method"
_aws_cli_installed=1
S3_REGION="$(aws configure get region --profile ${AWS_PROFILE})"
fi
if [ "$_aws_cli_installed" -eq "0" ] && ([ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]); then
@ -44,6 +55,7 @@ s3_deploy() {
# Save s3 options if it's succesful (First run case)
_saveaccountconf S3_BUCKET "$S3_BUCKET"
_saveaccountconf S3_REGION "$S3_REGION"
_saveaccountconf AWS_PROFILE "$AWS_PROFILE"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
@ -51,9 +63,13 @@ s3_deploy() {
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
_debug S3_BUCKET "$S3_BUCKET"
_debug AWS_PROFILE "$AWS_PROFILE"
_secure_debug AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID"
_secure_debug AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY"
# REMOVE BEFORE COMMIT, ONLY FOR DEBUGGING
_aws_cli_installed=1
_info "Deploying certificate to s3 bucket: $S3_BUCKET in $S3_REGION"
if [ "$_aws_cli_installed" -eq "0" ]; then
@ -63,13 +79,13 @@ s3_deploy() {
fi
# private
_deploy_to_bucket $_ckey "$_cdomain/$_cdomain.key"
_deploy_to_bucket "$_ckey" "$_cdomain/$_cdomain.key"
# public
_deploy_to_bucket $_ccert "$_cdomain/$_cdomain.cer"
_deploy_to_bucket "$_ccert" "$_cdomain/$_cdomain.cer"
# ca
_deploy_to_bucket $_cca "$_cdomain/ca.cer"
_deploy_to_bucket "$_cca" "$_cdomain/ca.cer"
# fullchain
_deploy_to_bucket $_cfullchain "$_cdomain/fullchain.cer"
_deploy_to_bucket "$_cfullchain" "$_cdomain/fullchain.cer"
return 0
@ -79,19 +95,16 @@ s3_deploy() {
_deploy_to_bucket() {
if [ "$_aws_cli_installed" -eq "0" ]; then
_deploy_with_curl $1 $2
_deploy_with_curl "$1" "$2"
else
_deploy_with_awscli $1 $2
_deploy_with_awscli "$1" "$2"
fi
}
_deploy_with_awscli() {
file="$1"
bucket="$S3_BUCKET"
prefix="$2"
region="$S3_REGION"
aws s3 cp "$file" s3://"$bucket"/"$prefix" --region "$region"
aws s3 cp "$file" s3://"$S3_BUCKET"/"$prefix" --region "$S3_REGION" --profile "$AWS_PROFILE"
}
_deploy_with_curl() {
@ -104,7 +117,7 @@ _deploy_with_curl() {
timestamp="$(date -u "+%Y-%m-%d %H:%M:%S")"
signed_headers="date;host;x-amz-acl;x-amz-content-sha256;x-amz-date"
if [[ $(uname) == "Darwin" ]]; then
if [ "$(uname)" = "Darwin" ]; then
iso_timestamp=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%Y%m%dT%H%M%SZ")
date_scope=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%Y%m%d")
date_header=$(date -ujf "%Y-%m-%d %H:%M:%S" "${timestamp}" "+%a, %d %h %Y %T %Z")
@ -116,16 +129,23 @@ _deploy_with_curl() {
_info "Uploading $S3_BUCKET/$prefix"
export _H1="Authorization: AWS4-HMAC-SHA256 Credential=${AWS_ACCESS_KEY_ID}/${date_scope}/${region}/s3/aws4_request,SignedHeaders=${signed_headers},Signature=$(_signature)"
export _H2="Date:${date_header}"
export _H3="x-amz-acl:${acl}"
export _H4="x-amz-content-sha256:$(_payload_hash)"
export _H5="x-amz-date:${iso_timestamp}"
export _H1
export _H2
export _H3
export _H4
export _H5
response=$(_post "${file}" "https://${bucket}.s3.${region}.amazonaws.com/${prefix}")
_debug2 response
_H1="Authorization: AWS4-HMAC-SHA256 Credential=${AWS_ACCESS_KEY_ID}/${date_scope}/${region}/s3/aws4_request,SignedHeaders=${signed_headers},Signature=$(_signature)"
_H2="Date:${date_header}"
_H3="x-amz-acl:${acl}"
_H4="x-amz-content-sha256:$(_payload_hash)"
_H5="x-amz-date:${iso_timestamp}"
_debug2 "$(_post "${file}" "https://$bucket.s3.$region.amazonaws.com/$prefix")"
}
#################### Private functions below ##################################
_payload_hash() {
echo "$(shasum -ba 256 "$file")%% *"
}
@ -141,7 +161,8 @@ _canonical_request() {
echo "x-amz-date:${iso_timestamp}"
echo ""
echo "${signed_headers}"
printf "$(_payload_hash)"
_payload_hash
}
_canonical_request_hash() {
@ -152,17 +173,17 @@ _string_to_sign() {
echo "AWS4-HMAC-SHA256"
echo "${iso_timestamp}"
echo "${date_scope}/${region}/s3/aws4_request"
printf "$(_canonical_request_hash)"
_canonical_request_hash
}
_signature_key() {
secret_key=$(printf "AWS4${AWS_SECRET_ACCESS_KEY?}" | _hex_dump)
date_key=$(printf ${date_scope} | _hmac "sha256" "${secret_key}" | _hex_dump)
region_key=$(printf ${region} | _hmac "sha256" "${date_key}" | _hex_dump)
service_key=$(printf "s3" | _hmac "sha256" "${region_key}" | _hex_dump)
printf "aws4_request" | _hmac "sha256" "${service_key}" | _hex_dump
secret_key=$(echo "AWS4${AWS_SECRET_ACCESS_KEY?}" | _hex_dump)
date_key=$(echo "${date_scope}" | _hmac "sha256" "${secret_key}" hex | _hex_dump)
region_key=$(echo "${region}" | _hmac "sha256" "${date_key}" hex | _hex_dump)
service_key=$(echo "s3" | _hmac "sha256" "${region_key}" hex | _hex_dump)
printf "aws4_request" | _hmac "sha256" "${service_key}" hex | _hex_dump
}
_signature() {
_string_to_sign | _hmac "sha256" $(_signature_key) | _hex_dump | sed "s/^.* //"
_string_to_sign | _hmac "sha256" "$(_signature_key)" | _hex_dump | sed "s/^.* //"
}
Write Preview
Loading…
Cancel
Save