Home Explore Project
Register Sign In
linux
/
acme.sh
3
0
Fork 0
Files Issues 2 Pull Requests 0 Wiki
Browse Source

Peb (#2126)

* support pebble
* support async finalize order
neil 6 years ago
parent
ec54074392
commit
e7f7e96d58
1 changed files with 74 additions and 14 deletions
Unified View Show Diff Stats
  1. 74 14
      acme.sh

+ 74 - 14
acme.sh
View File 

@@ -1827,23 +1827,29 @@ _send_signed_request() {
 
         nonceurl="$ACME_NEW_NONCE"
 
         nonceurl="$ACME_NEW_NONCE"
 
         if _post "" "$nonceurl" "" "HEAD" "$__request_conent_type"; then
 
         if _post "" "$nonceurl" "" "HEAD" "$__request_conent_type"; then
 
           _headers="$(cat "$HTTP_HEADER")"
 
           _headers="$(cat "$HTTP_HEADER")"
 
+          _debug2 _headers "$_headers"
 
+          _CACHED_NONCE="$(echo "$_headers" | grep -i "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
 
         fi
 
         fi
 
       fi
 
       fi
 
-      if [ -z "$_headers" ]; then
 
+      if [ -z "$_CACHED_NONCE" ]; then
 
         _debug2 "Get nonce with GET. ACME_DIRECTORY" "$ACME_DIRECTORY"
 
         _debug2 "Get nonce with GET. ACME_DIRECTORY" "$ACME_DIRECTORY"
 
         nonceurl="$ACME_DIRECTORY"
 
         nonceurl="$ACME_DIRECTORY"
 
         _headers="$(_get "$nonceurl" "onlyheader")"
 
         _headers="$(_get "$nonceurl" "onlyheader")"
 
+        _debug2 _headers "$_headers"
 
+        _CACHED_NONCE="$(echo "$_headers" | grep -i "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
 
       fi
 
       fi
 
-
 
+      if [ -z "$_CACHED_NONCE" ] && [ "$ACME_NEW_NONCE" ]; then
 
+        _debug2 "Get nonce with GET. ACME_NEW_NONCE" "$ACME_NEW_NONCE"
 
+        nonceurl="$ACME_NEW_NONCE"
 
+        _headers="$(_get "$nonceurl" "onlyheader")"
 
+        _debug2 _headers "$_headers"
 
+        _CACHED_NONCE="$(echo "$_headers" | grep -i "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
 
+      fi
 
+      _debug2 _CACHED_NONCE "$_CACHED_NONCE"
 
       if [ "$?" != "0" ]; then
 
       if [ "$?" != "0" ]; then
 
         _err "Can not connect to $nonceurl to get nonce."
 
         _err "Can not connect to $nonceurl to get nonce."
 
         return 1
 
         return 1
 
       fi
 
       fi
 
-
 
-      _debug2 _headers "$_headers"
 
-
 
-      _CACHED_NONCE="$(echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
 
-      _debug2 _CACHED_NONCE "$_CACHED_NONCE"
 
     else
 
     else
 
       _debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE"
 
       _debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE"
 
     fi
 
     fi
 
@@ -2060,6 +2066,7 @@ _clearcaconf() {
 
 _startserver() {
 
 _startserver() {
 
   content="$1"
 
   content="$1"
 
   ncaddr="$2"
 
   ncaddr="$2"
 
+  _debug "content" "$content"
 
   _debug "ncaddr" "$ncaddr"
 
   _debug "ncaddr" "$ncaddr"
 
 
 
   _debug "startserver: $$"
 
   _debug "startserver: $$"
 
@@ -2086,8 +2093,14 @@ _startserver() {
 
     SOCAT_OPTIONS="$SOCAT_OPTIONS,bind=${ncaddr}"
 
     SOCAT_OPTIONS="$SOCAT_OPTIONS,bind=${ncaddr}"
 
   fi
 
   fi
 
 
 
+  _content_len="$(printf "%s" "$content" | wc -c)"
 
+  _debug _content_len "$_content_len"
 
   _debug "_NC" "$_NC $SOCAT_OPTIONS"
 
   _debug "_NC" "$_NC $SOCAT_OPTIONS"
 
-  $_NC $SOCAT_OPTIONS SYSTEM:"sleep 1; echo HTTP/1.0 200 OK; echo ; echo  $content; echo;" &
 
+  $_NC $SOCAT_OPTIONS SYSTEM:"sleep 1; \
 
+echo 'HTTP/1.0 200 OK'; \
 
+echo 'Content-Length\: $_content_len'; \
 
+echo ''; \
 
+printf '$content';" &
 
   serverproc="$!"
 
   serverproc="$!"
 
 }
 
 }
 
 
 
@@ -3062,6 +3075,7 @@ _on_before_issue() {
 
       _info "Standalone mode."
 
       _info "Standalone mode."
 
       if [ -z "$Le_HTTPPort" ]; then
 
       if [ -z "$Le_HTTPPort" ]; then
 
         Le_HTTPPort=80
 
         Le_HTTPPort=80
 
+        _cleardomainconf "Le_HTTPPort"
 
       else
 
       else
 
         _savedomainconf "Le_HTTPPort" "$Le_HTTPPort"
 
         _savedomainconf "Le_HTTPPort" "$Le_HTTPPort"
 
       fi
 
       fi
 
@@ -3269,7 +3283,7 @@ _regAccount() {
 
   fi
 
   fi
 
 
 
   _debug2 responseHeaders "$responseHeaders"
 
   _debug2 responseHeaders "$responseHeaders"
 
-  _accUri="$(echo "$responseHeaders" | grep "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n")"
 
+  _accUri="$(echo "$responseHeaders" | grep -i "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n")"
 
   _debug "_accUri" "$_accUri"
 
   _debug "_accUri" "$_accUri"
 
   if [ -z "$_accUri" ]; then
 
   if [ -z "$_accUri" ]; then
 
     _err "Can not find account id url."
 
     _err "Can not find account id url."
 
@@ -3435,7 +3449,7 @@ __trigger_validation() {
 
   _t_vtype="$3"
 
   _t_vtype="$3"
 
   _debug2 _t_vtype "$_t_vtype"
 
   _debug2 _t_vtype "$_t_vtype"
 
   if [ "$ACME_VERSION" = "2" ]; then
 
   if [ "$ACME_VERSION" = "2" ]; then
 
-    _send_signed_request "$_t_url" "{\"keyAuthorization\": \"$_t_key_authz\"}"
 
+    _send_signed_request "$_t_url" "{}"
 
   else
 
   else
 
     _send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"type\": \"$_t_vtype\", \"keyAuthorization\": \"$_t_key_authz\"}"
 
     _send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"type\": \"$_t_vtype\", \"keyAuthorization\": \"$_t_key_authz\"}"
 
   fi
 
   fi
 
@@ -4205,20 +4219,66 @@ $_authorizations_map"
 
   der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)"
 
   der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)"
 
 
 
   if [ "$ACME_VERSION" = "2" ]; then
 
   if [ "$ACME_VERSION" = "2" ]; then
 
+    _info "Lets finalize the order, Le_OrderFinalize: $Le_OrderFinalize"
 
     if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then
 
     if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then
 
       _err "Sign failed."
 
       _err "Sign failed."
 
       _on_issue_err "$_post_hook"
 
       _on_issue_err "$_post_hook"
 
       return 1
 
       return 1
 
     fi
 
     fi
 
     if [ "$code" != "200" ]; then
 
     if [ "$code" != "200" ]; then
 
-      _err "Sign failed, code is not 200."
 
+      _err "Sign failed, finalize code is not 200."
 
       _err "$response"
 
       _err "$response"
 
       _on_issue_err "$_post_hook"
 
       _on_issue_err "$_post_hook"
 
       return 1
 
       return 1
 
     fi
 
     fi
 
-    Le_LinkCert="$(echo "$response" | tr -d '\r\n' | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)"
 
+    Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n" | cut -d " " -f 2)"
 
+    if [ -z "$Le_LinkOrder" ]; then
 
+      _err "Sign error, can not get order link location header"
 
+      _err "responseHeaders" "$responseHeaders"
 
+      _on_issue_err "$_post_hook"
 
+      return 1
 
+    fi
 
+    _savedomainconf "Le_LinkOrder" "$Le_LinkOrder"
 
+
 
+    _link_cert_retry=0
 
+    _MAX_CERT_RETRY=5
 
+    while [ -z "$Le_LinkCert" ] && [ "$_link_cert_retry" -lt "$_MAX_CERT_RETRY" ]; do
 
+      if _contains "$response" "\"status\":\"valid\""; then
 
+        _debug "Order status is valid."
 
+        Le_LinkCert="$(echo "$response" | tr -d '\r\n' | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)"
 
+        _debug Le_LinkCert "$Le_LinkCert"
 
+        if [ -z "$Le_LinkCert" ]; then
 
+          _err "Sign error, can not find Le_LinkCert"
 
+          _err "$response"
 
+          _on_issue_err "$_post_hook"
 
+          return 1
 
+        fi
 
+        break
 
+      elif _contains "$response" "\"processing\""; then
 
+        _info "Order status is processing, lets sleep and retry."
 
+        _sleep 2
 
+      else
 
+        _err "Sign error, wrong status"
 
+        _err "$response"
 
+        _on_issue_err "$_post_hook"
 
+        return 1
 
+      fi
 
+      if ! _send_signed_request "$Le_LinkOrder"; then
 
+        _err "Sign failed, can not post to Le_LinkOrder cert:$Le_LinkOrder."
 
+        _err "$response"
 
+        _on_issue_err "$_post_hook"
 
+        return 1
 
+      fi
 
+      _link_cert_retry="$(_math $_link_cert_retry + 1)"
 
+    done
 
 
 
-    _tempSignedResponse="$response"
 
+    if [ -z "$Le_LinkCert" ]; then
 
+      _err "Sign failed, can not get Le_LinkCert, retry time limit."
 
+      _err "$response"
 
+      _on_issue_err "$_post_hook"
 
+      return 1
 
+    fi
 
+    _info "Download cert, Le_LinkCert: $Le_LinkCert"
 
     if ! _send_signed_request "$Le_LinkCert"; then
 
     if ! _send_signed_request "$Le_LinkCert"; then
 
       _err "Sign failed, can not download cert:$Le_LinkCert."
 
       _err "Sign failed, can not download cert:$Le_LinkCert."
 
       _err "$response"
 
       _err "$response"
 
@@ -4237,7 +4297,7 @@ $_authorizations_map"
 
       _end_n="$(_math $_end_n + 1)"
 
       _end_n="$(_math $_end_n + 1)"
 
       sed -n "${_end_n},9999p" "$CERT_FULLCHAIN_PATH" >"$CA_CERT_PATH"
 
       sed -n "${_end_n},9999p" "$CERT_FULLCHAIN_PATH" >"$CA_CERT_PATH"
 
     fi
 
     fi
 
-    response="$_tempSignedResponse"
 
+
 
   else
 
   else
 
     if ! _send_signed_request "${ACME_NEW_ORDER}" "{\"resource\": \"$ACME_NEW_ORDER_RES\", \"csr\": \"$der\"}" "needbase64"; then
 
     if ! _send_signed_request "${ACME_NEW_ORDER}" "{\"resource\": \"$ACME_NEW_ORDER_RES\", \"csr\": \"$der\"}" "needbase64"; then
 
       _err "Sign failed. $response"
 
       _err "Sign failed. $response"