Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fetch agreement tos dynamically, fix https://github.com/Neilpang/acme.sh/issues/253

pull/311/head
neil 8 years ago
parent
86c017ec9d
commit
d404e92d16
1 changed files with 102 additions and 58 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 160
      acme.sh

160
acme.sh
View File

@ -48,9 +48,6 @@ RENEW_SKIP=2
ECC_SEP="_" ECC_SEP="_"
ECC_SUFFIX="${ECC_SEP}ecc" ECC_SUFFIX="${ECC_SEP}ecc"
if [ -z "$AGREEMENT" ] ; then
AGREEMENT="$DEFAULT_AGREEMENT"
fi
__INTERACTIVE="" __INTERACTIVE=""
if [ -t 1 ] ; then if [ -t 1 ] ; then
@ -1767,6 +1764,93 @@ _on_issue_success() {
} }
_regAccount() {
_initpath
if [ ! -f "$ACCOUNT_KEY_PATH" ] ; then
_acck="no"
if [ "$Le_Keylength" ] ; then
_acck="$Le_Keylength"
fi
if ! createAccountKey "$_acck" ; then
_err "Create account key error."
return 1
fi
fi
if ! _calcjwk "$ACCOUNT_KEY_PATH" ; then
return 1
fi
_updateTos=""
_reg_res="new-reg"
while true ;
do
_debug AGREEMENT "$AGREEMENT"
accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' )
thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode)
regjson='{"resource": "'$_reg_res'", "agreement": "'$AGREEMENT'"}'
if [ "$ACCOUNT_EMAIL" ] ; then
regjson='{"resource": "'$_reg_res'", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "'$AGREEMENT'"}'
fi
if [ -z "$_updateTos" ] ; then
_info "Registering account"
if ! _send_signed_request "$API/acme/new-reg" "$regjson" ; then
_err "Register account Error: $response"
return 1
fi
if [ "$code" = "" ] || [ "$code" = '201' ] ; then
echo "$response" > $LE_WORKING_DIR/account.json
_info "Registered"
elif [ "$code" = '409' ] ; then
_info "Already registered"
else
_err "Register account Error: $response"
return 1
fi
_accUri="$(echo "$responseHeaders" | grep "^Location:" | cut -d ' ' -f 2| tr -d "\r\n")"
_debug "_accUri" "$_accUri"
ACCOUNT_URL="$_accUri"
_saveaccountconf ACCOUNT_URL "$ACCOUNT_URL"
_tos="$(echo "$responseHeaders" | grep "^Link:.*rel=\"terms-of-service\"" | _egrep_o "<.*>" | tr -d '<>')"
_debug "_tos" "$_tos"
if [ -z "$_tos" ] ; then
_debug "Use default tos: $DEFAULT_AGREEMENT"
_tos="$DEFAULT_AGREEMENT"
fi
if [ "$_tos" != "$AGREEMENT" ]; then
_updateTos=1
AGREEMENT="$_tos"
_reg_res="reg"
continue
fi
else
_debug "Update tos: $_tos"
if ! _send_signed_request "$_accUri" "$regjson" ; then
_err "Update tos error."
return 1
fi
if [ "$code" = '202' ] ; then
_debug "Update tos success."
else
_err "Update tos error."
return 1
fi
fi
return 0
done
}
#webroot, domain domainlist keylength #webroot, domain domainlist keylength
issue() { issue() {
if [ -z "$2" ] ; then if [ -z "$2" ] ; then
@ -1826,69 +1910,21 @@ issue() {
Le_Alt="" Le_Alt=""
fi fi
if [ "$Le_Keylength" = "$NO_VALUE" ] ; then
Le_Keylength=""
fi
if ! _on_before_issue ; then if ! _on_before_issue ; then
_err "_on_before_issue." _err "_on_before_issue."
return 1 return 1
fi fi
if [ ! -f "$ACCOUNT_KEY_PATH" ] ; then
_acck="$NO_VALUE"
if [ "$Le_Keylength" ] ; then
_acck="$Le_Keylength"
fi
if ! createAccountKey "$_acck" ; then
_err "Create account key error."
if [ "$usingApache" ] ; then
_restoreApache
fi
_on_issue_err
return 1
fi
fi
if ! _calcjwk "$ACCOUNT_KEY_PATH" ; then
if [ "$usingApache" ] ; then
_restoreApache
fi
if ! _regAccount ; then
_on_issue_err _on_issue_err
return 1 return 1
fi fi
accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' )
thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode)
regjson='{"resource": "new-reg", "agreement": "'$AGREEMENT'"}'
if [ "$ACCOUNT_EMAIL" ] ; then
regjson='{"resource": "new-reg", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "'$AGREEMENT'"}'
fi
accountkeyhash="$(cat "$ACCOUNT_KEY_PATH" | _digest "sha256" )"
accountkeyhash="$(echo $accountkeyhash$API$regjson | _digest "sha256" )"
if [ "$accountkeyhash" != "$ACCOUNT_KEY_HASH" ] ; then
_info "Registering account"
_send_signed_request "$API/acme/new-reg" "$regjson"
if [ "$code" = "" ] || [ "$code" = '201' ] ; then
_info "Registered"
echo "$response" > $LE_WORKING_DIR/account.json
elif [ "$code" = '409' ] ; then
_info "Already registered"
else
_err "Register account Error: $response"
_clearup
_on_issue_err
return 1
fi
ACCOUNT_KEY_HASH="$accountkeyhash"
_saveaccountconf "ACCOUNT_KEY_HASH" "$ACCOUNT_KEY_HASH"
else
_info "Skip register account key"
fi
if [ "$Le_Keylength" = "$NO_VALUE" ] ; then
Le_Keylength=""
fi
if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ] ; then if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ] ; then
_info "Signing from existing CSR." _info "Signing from existing CSR."
else else
@ -2301,13 +2337,18 @@ issue() {
return 1 return 1
fi fi
_rcert="$response"
Le_LinkCert="$(grep -i '^Location.*$' $HTTP_HEADER | head -1 | tr -d "\r\n" | cut -d " " -f 2)" Le_LinkCert="$(grep -i '^Location.*$' $HTTP_HEADER | head -1 | tr -d "\r\n" | cut -d " " -f 2)"
_savedomainconf "Le_LinkCert" "$Le_LinkCert" _savedomainconf "Le_LinkCert" "$Le_LinkCert"
if [ "$Le_LinkCert" ] ; then if [ "$Le_LinkCert" ] ; then
echo "$BEGIN_CERT" > "$CERT_PATH" echo "$BEGIN_CERT" > "$CERT_PATH"
_get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH"
if ! _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" ; then
_debug "Get cert failed. Let's try last response."
printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH"
fi
echo "$END_CERT" >> "$CERT_PATH" echo "$END_CERT" >> "$CERT_PATH"
_info "$(__green "Cert success.")" _info "$(__green "Cert success.")"
cat "$CERT_PATH" cat "$CERT_PATH"
@ -2918,6 +2959,9 @@ _initconf() {
#ACCOUNT_KEY_PATH=\"/path/to/account.key\" #ACCOUNT_KEY_PATH=\"/path/to/account.key\"
#CERT_HOME=\"/path/to/cert/home\" #CERT_HOME=\"/path/to/cert/home\"
#ACCOUNT_URL=\"\"
#LOG_FILE=\"$DEFAULT_LOG_FILE\" #LOG_FILE=\"$DEFAULT_LOG_FILE\"
#AUTO_UPGRADE=\"1\" #AUTO_UPGRADE=\"1\"

Write Preview
Loading…
Cancel
Save