8 years ago · 0bc745f68f
--- a/acme.sh
+++ b/acme.sh
@@ -1530,62 +1530,75 @@ _send_signed_request() {
 
				   payload64=$(printf "%s" "$payload" | _base64 | _url_replace)
			
 
				   _debug3 payload64 "$payload64"
			
 
				 
			
 
				-  if [ -z "$_CACHED_NONCE" ]; then
			
 
				-    _debug2 "Get nonce."
			
 
				-    nonceurl="$API/directory"
			
 
				-    _headers="$(_get "$nonceurl" "onlyheader")"
			
 
				+  MAX_REQUEST_RETRY_TIMES=5
			
 
				+  _request_retry_times=0
			
 
				+  while [ "${_request_retry_times}" -lt "$MAX_REQUEST_RETRY_TIMES" ]; do
			
 
				+    _debug3 _request_retry_times "$_request_retry_times" 
			
 
				+    if [ -z "$_CACHED_NONCE" ]; then
			
 
				+      _debug2 "Get nonce."
			
 
				+      nonceurl="$API/directory"
			
 
				+      _headers="$(_get "$nonceurl" "onlyheader")"
			
 
				 
			
 
				-    if [ "$?" != "0" ]; then
			
 
				-      _err "Can not connect to $nonceurl to get nonce."
			
 
				-      return 1
			
 
				-    fi
			
 
				+      if [ "$?" != "0" ]; then
			
 
				+        _err "Can not connect to $nonceurl to get nonce."
			
 
				+        return 1
			
 
				+      fi
			
 
				 
			
 
				-    _debug2 _headers "$_headers"
			
 
				+      _debug2 _headers "$_headers"
			
 
				 
			
 
				-    _CACHED_NONCE="$(echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
			
 
				-    _debug2 _CACHED_NONCE "$_CACHED_NONCE"
			
 
				-  else
			
 
				-    _debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE"
			
 
				-  fi
			
 
				-  nonce="$_CACHED_NONCE"
			
 
				-  _debug2 nonce "$nonce"
			
 
				+      _CACHED_NONCE="$(echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
			
 
				+      _debug2 _CACHED_NONCE "$_CACHED_NONCE"
			
 
				+    else
			
 
				+      _debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE"
			
 
				+    fi
			
 
				+    nonce="$_CACHED_NONCE"
			
 
				+    _debug2 nonce "$nonce"
			
 
				 
			
 
				-  protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2"
			
 
				-  _debug3 protected "$protected"
			
 
				+    protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2"
			
 
				+    _debug3 protected "$protected"
			
 
				 
			
 
				-  protected64="$(printf "%s" "$protected" | _base64 | _url_replace)"
			
 
				-  _debug3 protected64 "$protected64"
			
 
				+    protected64="$(printf "%s" "$protected" | _base64 | _url_replace)"
			
 
				+    _debug3 protected64 "$protected64"
			
 
				 
			
 
				-  if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")"; then
			
 
				-    _err "Sign request failed."
			
 
				-    return 1
			
 
				-  fi
			
 
				-  _debug3 _sig_t "$_sig_t"
			
 
				+    if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")"; then
			
 
				+      _err "Sign request failed."
			
 
				+      return 1
			
 
				+    fi
			
 
				+    _debug3 _sig_t "$_sig_t"
			
 
				 
			
 
				-  sig="$(printf "%s" "$_sig_t" | _url_replace)"
			
 
				-  _debug3 sig "$sig"
			
 
				+    sig="$(printf "%s" "$_sig_t" | _url_replace)"
			
 
				+    _debug3 sig "$sig"
			
 
				 
			
 
				-  body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
			
 
				-  _debug3 body "$body"
			
 
				+    body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
			
 
				+    _debug3 body "$body"
			
 
				 
			
 
				-  response="$(_post "$body" "$url" "$needbase64")"
			
 
				-  _CACHED_NONCE=""
			
 
				-  if [ "$?" != "0" ]; then
			
 
				-    _err "Can not post to $url"
			
 
				-    return 1
			
 
				-  fi
			
 
				-  _debug2 original "$response"
			
 
				+    response="$(_post "$body" "$url" "$needbase64")"
			
 
				+    _CACHED_NONCE=""
			
 
				+
			
 
				+    if [ "$?" != "0" ]; then
			
 
				+      _err "Can not post to $url"
			
 
				+      return 1
			
 
				+    fi
			
 
				+    _debug2 original "$response"
			
 
				+    response="$(echo "$response" | _normalizeJson)"
			
 
				 
			
 
				-  response="$(echo "$response" | _normalizeJson)"
			
 
				+    responseHeaders="$(< "$HTTP_HEADER")"
			
 
				 
			
 
				-  responseHeaders="$(cat "$HTTP_HEADER")"
			
 
				+    _debug2 responseHeaders "$responseHeaders"
			
 
				+    _debug2 response "$response"
			
 
				+    code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")"
			
 
				+    _debug code "$code"
			
 
				 
			
 
				-  _debug2 responseHeaders "$responseHeaders"
			
 
				-  _debug2 response "$response"
			
 
				-  code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")"
			
 
				-  _debug code "$code"
			
 
				+    _CACHED_NONCE="$(echo "$responseHeaders" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
			
 
				 
			
 
				-  _CACHED_NONCE="$(echo "$responseHeaders" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
			
 
				+    if _contains "$response" "JWS has invalid anti-replay nonce"; then
			
 
				+      _info "It seems the CA server is busy now, let's wait and retry."
			
 
				+      _request_retry_times=$(_math "$_request_retry_times" + 1)
			
 
				+      _sleep 5
			
 
				+      continue
			
 
				+    fi
			
 
				+    break;
			
 
				+  done
			
 
				 
			
 
				 }