Merge pull request #568 from srvrco/fix-revoke-no-suffix

Fix revoke when no CA suffix is specified

getssl

@@ -1747,22 +1747,11 @@ json_get() { # get values from json
 
 obtain_ca_resource_locations()
 {
-  # Obtain CA resource locations
-  ca_all_loc=$(curl --user-agent "$CURL_USERAGENT" "${CA}" 2>/dev/null)
-  debug "ca_all_loc from ${CA} gives $ca_all_loc"
-  # APIv1
-  URL_new_reg=$(echo "$ca_all_loc" | grep "new-reg" | awk -F'"' '{print $4}')
-  URL_new_authz=$(echo "$ca_all_loc" | grep "new-authz" | awk -F'"' '{print $4}')
-  URL_new_cert=$(echo "$ca_all_loc" | grep "new-cert" | awk -F'"' '{print $4}')
-  #API v2
-  URL_newAccount=$(echo "$ca_all_loc" | grep "newAccount" | awk -F'"' '{print $4}')
-  URL_newNonce=$(echo "$ca_all_loc" | grep "newNonce" | awk -F'"' '{print $4}')
-  URL_newOrder=$(echo "$ca_all_loc" | grep "newOrder" | awk -F'"' '{print $4}')
-  URL_revoke=$(echo "$ca_all_loc" | grep "revokeCert" | awk -F'"' '{print $4}')
-
-  if [[ -z "$URL_new_reg" ]] && [[ -z "$URL_newAccount" ]]; then
-    ca_all_loc=$(curl --user-agent "$CURL_USERAGENT" "${CA}/directory" 2>/dev/null)
-    debug "ca_all_loc from ${CA}/directory gives $ca_all_loc"
+  for suffix in "" "/directory" "/dir";
+  do
+    # Obtain CA resource locations
+    ca_all_loc=$(curl --user-agent "$CURL_USERAGENT" "${CA}${suffix}" 2>/dev/null)
+    debug "ca_all_loc from ${CA}${suffix} gives $ca_all_loc"
     # APIv1
     URL_new_reg=$(echo "$ca_all_loc" | grep "new-reg" | awk -F'"' '{print $4}')
     URL_new_authz=$(echo "$ca_all_loc" | grep "new-authz" | awk -F'"' '{print $4}')
@@ -1771,15 +1760,19 @@ obtain_ca_resource_locations()
     URL_newAccount=$(echo "$ca_all_loc" | grep "newAccount" | awk -F'"' '{print $4}')
     URL_newNonce=$(echo "$ca_all_loc" | grep "newNonce" | awk -F'"' '{print $4}')
     URL_newOrder=$(echo "$ca_all_loc" | grep "newOrder" | awk -F'"' '{print $4}')
-  fi
+    URL_revoke=$(echo "$ca_all_loc" | grep "revokeCert" | awk -F'"' '{print $4}')
+
+    if [[ -n "$URL_new_reg" ]] || [[ -n "$URL_newAccount" ]]; then
+      break
+    fi
+  done
 
   if [[ -n "$URL_new_reg" ]]; then
     API=1
   elif [[ -n "$URL_newAccount" ]]; then
     API=2
   else
-    info "unknown API version"
-    graceful_exit
+    error_exit "unknown API version"
   fi
   debug "Using API v$API"
 }

test/15-test-revoke-no-suffix.bats

@@ -0,0 +1,42 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Create certificate to check revoke" {
+    if [ -n "$STAGING" ]; then
+        CONFIG_FILE="getssl-staging-dns01-no-suffix.cfg"
+    else
+        CONFIG_FILE="getssl-http01-no-suffix.cfg"
+    fi
+    . "${CODE_DIR}/test/test-config/${CONFIG_FILE}"
+    setup_environment
+    init_getssl
+    create_certificate
+    assert_success
+    check_output_for_errors
+}
+
+
+@test "Check we can revoke a certificate" {
+    if [ -n "$STAGING" ]; then
+        CONFIG_FILE="getssl-staging-dns01.cfg"
+    else
+        CONFIG_FILE="getssl-http01.cfg"
+    fi
+    . "${CODE_DIR}/test/test-config/${CONFIG_FILE}"
+    CERT=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt
+    KEY=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key
+
+    run ${CODE_DIR}/getssl -d --revoke $CERT $KEY $CA
+    assert_success
+    check_output_for_errors
+}

test/test-config/getssl-http01-no-suffix.cfg

@@ -0,0 +1,30 @@
+# Uncomment and modify any variables you need
+# see https://github.com/srvrco/getssl/wiki/Config-variables for details
+# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
+#
+CA="https://pebble:14000/dir"
+CA="https://pebble:14000"
+
+# Additional domains - this could be multiple domains / subdomains in a comma separated list
+SANS=""
+
+# Acme Challenge Location.
+ACL=('/var/www/html/.well-known/acme-challenge')
+
+#Set USE_SINGLE_ACL="true" to use a single ACL for all checks
+USE_SINGLE_ACL="false"
+
+# Location for all your certs, these can either be on the server (full path name)
+# or using ssh /sftp as for the ACL
+DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
+DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
+CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
+DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
+DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
+
+# The command needed to reload apache / nginx or whatever you use
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
+
+# Define the server type and confirm correct certificate is installed
+SERVER_TYPE="https"
+CHECK_REMOTE="true"

test/test-config/getssl-staging-dns01-no-suffix.cfg

@@ -0,0 +1,37 @@
+# Test that the script works with external dns provider and staging server
+#
+CA="https://acme-staging-v02.api.letsencrypt.org"
+
+VALIDATE_VIA_DNS=true
+DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_duckdns"
+DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns"
+PUBLIC_DNS_SERVER=ns2.duckdns.org
+CHECK_ALL_AUTH_DNS=true
+DNS_EXTRA_WAIT=60
+
+ACCOUNT_KEY_TYPE="rsa"
+PRIVATE_KEY_ALG="rsa"
+
+# Additional domains - this could be multiple domains / subdomains in a comma separated list
+SANS=""
+
+# Acme Challenge Location. The first line for the domain, the following ones for each additional domain.
+ACL=('/var/www/html/.well-known/acme-challenge')
+
+#Set USE_SINGLE_ACL="true" to use a single ACL for all checks
+USE_SINGLE_ACL="false"
+
+# Location for all your certs, these can either be on the server (full path name)
+# or using ssh /sftp as for the ACL
+DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
+DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
+CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
+DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
+DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
+
+# The command needed to reload apache / nginx or whatever you use
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
+
+# Define the server type and confirm correct certificate is installed (using a custom port)
+SERVER_TYPE="https"
+CHECK_REMOTE="true"