RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Fix --revoke

pull/565/head
Tim Kimber 6 years ago
parent
2287057e38
commit
db316d0d16
No known key found for this signature in database GPG Key ID: 3E1804964E76BD18
1 changed files with 53 additions and 40 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +53
    -40
      getssl

+ 53
- 40
getssl View File

@ -1743,6 +1743,45 @@ json_get() { # get values from json
fi fi
} }
obtain_ca_resource_locations()
{
# Obtain CA resource locations
ca_all_loc=$(curl --user-agent "$CURL_USERAGENT" "${CA}" 2>/dev/null)
debug "ca_all_loc from ${CA} gives $ca_all_loc"
# APIv1
URL_new_reg=$(echo "$ca_all_loc" | grep "new-reg" | awk -F'"' '{print $4}')
URL_new_authz=$(echo "$ca_all_loc" | grep "new-authz" | awk -F'"' '{print $4}')
URL_new_cert=$(echo "$ca_all_loc" | grep "new-cert" | awk -F'"' '{print $4}')
#API v2
URL_newAccount=$(echo "$ca_all_loc" | grep "newAccount" | awk -F'"' '{print $4}')
URL_newNonce=$(echo "$ca_all_loc" | grep "newNonce" | awk -F'"' '{print $4}')
URL_newOrder=$(echo "$ca_all_loc" | grep "newOrder" | awk -F'"' '{print $4}')
URL_revoke=$(echo "$ca_all_loc" | grep "revokeCert" | awk -F'"' '{print $4}')
if [[ -z "$URL_new_reg" ]] && [[ -z "$URL_newAccount" ]]; then
ca_all_loc=$(curl --user-agent "$CURL_USERAGENT" "${CA}/directory" 2>/dev/null)
debug "ca_all_loc from ${CA}/directory gives $ca_all_loc"
# APIv1
URL_new_reg=$(echo "$ca_all_loc" | grep "new-reg" | awk -F'"' '{print $4}')
URL_new_authz=$(echo "$ca_all_loc" | grep "new-authz" | awk -F'"' '{print $4}')
URL_new_cert=$(echo "$ca_all_loc" | grep "new-cert" | awk -F'"' '{print $4}')
#API v2
URL_newAccount=$(echo "$ca_all_loc" | grep "newAccount" | awk -F'"' '{print $4}')
URL_newNonce=$(echo "$ca_all_loc" | grep "newNonce" | awk -F'"' '{print $4}')
URL_newOrder=$(echo "$ca_all_loc" | grep "newOrder" | awk -F'"' '{print $4}')
fi
if [[ -n "$URL_new_reg" ]]; then
API=1
elif [[ -n "$URL_newAccount" ]]; then
API=2
else
info "unknown API version"
graceful_exit
fi
debug "Using API v$API"
}
os_esed() { # Use different sed version for different os types (extended regex) os_esed() { # Use different sed version for different os types (extended regex)
if [[ "$os" == "bsd" ]]; then # BSD requires -E flag for extended regex if [[ "$os" == "bsd" ]]; then # BSD requires -E flag for extended regex
sed -E "${@}" sed -E "${@}"
@ -1807,9 +1846,9 @@ revoke_certificate() { # revoke a certificate
# need to set the revoke key as "account_key" since it's used in send_signed_request. # need to set the revoke key as "account_key" since it's used in send_signed_request.
get_signing_params "$REVOKE_KEY" get_signing_params "$REVOKE_KEY"
TEMP_DIR=$(mktemp -d 2>/dev/null || mktemp -d -t getssl) TEMP_DIR=$(mktemp -d 2>/dev/null || mktemp -d -t getssl)
debug "revoking from $CA"
rcertdata=$(openssl x509 -in "$REVOKE_CERT" -inform PEM -outform DER | urlbase64)
send_signed_request "$URL_revoke" "{\"resource\": \"revoke-cert\", \"certificate\": \"$rcertdata\"}"
debug "revoking from $URL_revoke"
rcertdata=$(sed '1d;$d' "$REVOKE_CERT" | tr -d "\r\n" | tr '/+' '_-' | tr -d '= ')
send_signed_request "$URL_revoke" "{\"certificate\": \"$rcertdata\",\"reason\": $REVOKE_REASON}"
if [[ $code -eq "200" ]]; then if [[ $code -eq "200" ]]; then
info "certificate revoked" info "certificate revoked"
else else
@ -1959,15 +1998,18 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p
while [[ "$code" -eq 500 ]]; do while [[ "$code" -eq 500 ]]; do
if [[ "$outfile" ]] ; then if [[ "$outfile" ]] ; then
$CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" > "$outfile" $CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" > "$outfile"
errcode=$?
response=$(cat "$outfile") response=$(cat "$outfile")
elif [[ "$needbase64" ]] ; then elif [[ "$needbase64" ]] ; then
response=$($CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" | urlbase64) response=$($CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" | urlbase64)
errcode=$?
else else
response=$($CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url") response=$($CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url")
errcode=$?
fi fi
if [[ "$response" == "" ]]; then
error_exit "ERROR curl \"$url\" returned nothing"
if [[ $errcode -gt 0 || ( "$response" == "" && $url != *"revoke"* ) ]]; then
error_exit "ERROR curl \"$url\" failed with $errcode and returned $response"
fi fi
responseHeaders=$(cat "$CURL_HEADER") responseHeaders=$(cat "$CURL_HEADER")
@ -2257,7 +2299,9 @@ while [[ -n ${1+defined} ]]; do
shift shift
REVOKE_KEY="$1" REVOKE_KEY="$1"
shift shift
REVOKE_CA="$1" ;;
CA="$1"
REVOKE_CA="$1"
REVOKE_REASON=0 ;;
-u | --upgrade) -u | --upgrade)
_UPGRADE=1 ;; _UPGRADE=1 ;;
-U | --nocheck) -U | --nocheck)
@ -2324,7 +2368,8 @@ if [[ $_REVOKE -eq 1 ]]; then
else else
CA=$REVOKE_CA CA=$REVOKE_CA
fi fi
URL_revoke=$(curl --user-agent "$CURL_USERAGENT" "${CA}/directory" 2>/dev/null | grep "revoke-cert" | awk -F'"' '{print $4}')
obtain_ca_resource_locations
revoke_certificate revoke_certificate
graceful_exit graceful_exit
fi fi
@ -2508,39 +2553,7 @@ if [[ -e "$DOMAIN_DIR/FORCE_RENEWAL" ]]; then
info "${DOMAIN}: forcing renewal (due to FORCE_RENEWAL file)" info "${DOMAIN}: forcing renewal (due to FORCE_RENEWAL file)"
fi fi
# Obtain CA resource locations
ca_all_loc=$(curl --user-agent "$CURL_USERAGENT" "${CA}" 2>/dev/null)
debug "ca_all_loc from ${CA} gives $ca_all_loc"
# APIv1
URL_new_reg=$(echo "$ca_all_loc" | grep "new-reg" | awk -F'"' '{print $4}')
URL_new_authz=$(echo "$ca_all_loc" | grep "new-authz" | awk -F'"' '{print $4}')
URL_new_cert=$(echo "$ca_all_loc" | grep "new-cert" | awk -F'"' '{print $4}')
#API v2
URL_newAccount=$(echo "$ca_all_loc" | grep "newAccount" | awk -F'"' '{print $4}')
URL_newNonce=$(echo "$ca_all_loc" | grep "newNonce" | awk -F'"' '{print $4}')
URL_newOrder=$(echo "$ca_all_loc" | grep "newOrder" | awk -F'"' '{print $4}')
if [[ -z "$URL_new_reg" ]] && [[ -z "$URL_newAccount" ]]; then
ca_all_loc=$(curl --user-agent "$CURL_USERAGENT" "${CA}/directory" 2>/dev/null)
debug "ca_all_loc from ${CA}/directory gives $ca_all_loc"
# APIv1
URL_new_reg=$(echo "$ca_all_loc" | grep "new-reg" | awk -F'"' '{print $4}')
URL_new_authz=$(echo "$ca_all_loc" | grep "new-authz" | awk -F'"' '{print $4}')
URL_new_cert=$(echo "$ca_all_loc" | grep "new-cert" | awk -F'"' '{print $4}')
#API v2
URL_newAccount=$(echo "$ca_all_loc" | grep "newAccount" | awk -F'"' '{print $4}')
URL_newNonce=$(echo "$ca_all_loc" | grep "newNonce" | awk -F'"' '{print $4}')
URL_newOrder=$(echo "$ca_all_loc" | grep "newOrder" | awk -F'"' '{print $4}')
fi
if [[ -n "$URL_new_reg" ]]; then
API=1
elif [[ -n "$URL_newAccount" ]]; then
API=2
else
info "unknown API version"
graceful_exit
fi
debug "Using API v$API"
obtain_ca_resource_locations
# Check if awk supports json_awk (required for ACMEv2) # Check if awk supports json_awk (required for ACMEv2)
if [[ $API -eq 2 ]]; then if [[ $API -eq 2 ]]; then


Write Preview
Loading…
Cancel
Save