mirror of
https://github.com/dehydrated-io/dehydrated.git
synced 2026-03-24 10:01:01 +01:00
use more {} thingies around variables
This commit is contained in:
Lukas Schauer
@@ -224,12 +224,12 @@ _openssl() {
|
||||
out="$(openssl "${@}" 2>&1)"
|
||||
res=$?
|
||||
set -e
|
||||
if [[ $res -ne 0 ]]; then
|
||||
echo " + ERROR: failed to run $* (Exitcode: $res)" >&2
|
||||
if [[ ${res} -ne 0 ]]; then
|
||||
echo " + ERROR: failed to run $* (Exitcode: ${res})" >&2
|
||||
echo >&2
|
||||
echo "Details:" >&2
|
||||
echo "$out" >&2
|
||||
exit $res
|
||||
echo "${out}" >&2
|
||||
exit ${res}
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -302,7 +302,7 @@ extract_altnames() {
|
||||
fi
|
||||
|
||||
reqtext="$( <<<"${csr}" openssl req -noout -text )"
|
||||
if <<<"$reqtext" grep -q '^[[:space:]]*X509v3 Subject Alternative Name:[[:space:]]*$'; then
|
||||
if <<<"${reqtext}" grep -q '^[[:space:]]*X509v3 Subject Alternative Name:[[:space:]]*$'; then
|
||||
# SANs used, extract these
|
||||
altnames="$( <<<"${reqtext}" grep -A1 '^[[:space:]]*X509v3 Subject Alternative Name:[[:space:]]*$' | tail -n1 )"
|
||||
# split to one per line:
|
||||
@@ -313,12 +313,12 @@ extract_altnames() {
|
||||
fi
|
||||
# strip away the DNS: prefix
|
||||
altnames="$( <<<"${altnames}" _sed -e 's/^DNS://' )"
|
||||
echo "$altnames"
|
||||
echo "${altnames}"
|
||||
|
||||
else
|
||||
# No SANs, extract CN
|
||||
altnames="$( <<<"${reqtext}" grep '^[[:space:]]*Subject:' | _sed -e 's/.* CN=([^ /,]*).*/\1/' )"
|
||||
echo "$altnames"
|
||||
echo "${altnames}"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -334,8 +334,8 @@ sign_csr() {
|
||||
|
||||
shift 1 || true
|
||||
altnames="${*:-}"
|
||||
if [ -z "$altnames" ]; then
|
||||
altnames="$( extract_altnames "$csr" )"
|
||||
if [ -z "${altnames}" ]; then
|
||||
altnames="$( extract_altnames "${csr}" )"
|
||||
fi
|
||||
|
||||
if [[ -z "${CA_NEW_AUTHZ}" ]] || [[ -z "${CA_NEW_CERT}" ]]; then
|
||||
@@ -348,6 +348,7 @@ sign_csr() {
|
||||
else
|
||||
local -a challenge_uris challenge_tokens keyauths deploy_args
|
||||
fi
|
||||
|
||||
# Request challenges
|
||||
for altname in ${altnames}; do
|
||||
# Ask the acme-server for new challenge token and extract them from the resulting json block
|
||||
@@ -380,11 +381,11 @@ sign_csr() {
|
||||
;;
|
||||
esac
|
||||
|
||||
challenge_uris[$idx]="${challenge_uri}"
|
||||
keyauths[$idx]="${keyauth}"
|
||||
challenge_tokens[$idx]="${challenge_token}"
|
||||
challenge_uris[${idx}]="${challenge_uri}"
|
||||
keyauths[${idx}]="${keyauth}"
|
||||
challenge_tokens[${idx}]="${challenge_token}"
|
||||
# Note: assumes args will never have spaces!
|
||||
deploy_args[$idx]="${altname} ${challenge_token} ${keyauth_hook}"
|
||||
deploy_args[${idx}]="${altname} ${challenge_token} ${keyauth_hook}"
|
||||
idx=$((idx+1))
|
||||
done
|
||||
|
||||
@@ -394,21 +395,21 @@ sign_csr() {
|
||||
# Respond to challenges
|
||||
idx=0
|
||||
for altname in ${altnames}; do
|
||||
challenge_token="${challenge_tokens[$idx]}"
|
||||
keyauth="${keyauths[$idx]}"
|
||||
challenge_token="${challenge_tokens[${idx}]}"
|
||||
keyauth="${keyauths[${idx}]}"
|
||||
|
||||
# Wait for hook script to deploy the challenge if used
|
||||
[[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && ${HOOK} "deploy_challenge" ${deploy_args[$idx]} <&4 >&5 2>&6
|
||||
[[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && ${HOOK} "deploy_challenge" ${deploy_args[${idx}]} <&4 >&5 2>&6
|
||||
|
||||
# Ask the acme-server to verify our challenge and wait until it is no longer pending
|
||||
echo " + Responding to challenge for ${altname}..."
|
||||
result="$(signed_request "${challenge_uris[$idx]}" '{"resource": "challenge", "keyAuthorization": "'"${keyauth}"'"}')"
|
||||
result="$(signed_request "${challenge_uris[${idx}]}" '{"resource": "challenge", "keyAuthorization": "'"${keyauth}"'"}')"
|
||||
|
||||
reqstatus="$(printf '%s\n' "${result}" | get_json_string_value status)"
|
||||
|
||||
while [[ "${reqstatus}" = "pending" ]]; do
|
||||
sleep 1
|
||||
result="$(http_request get "${challenge_uris[$idx]}")"
|
||||
result="$(http_request get "${challenge_uris[${idx}]}")"
|
||||
reqstatus="$(printf '%s\n' "${result}" | get_json_string_value status)"
|
||||
done
|
||||
|
||||
@@ -416,7 +417,7 @@ sign_csr() {
|
||||
|
||||
# Wait for hook script to clean the challenge if used
|
||||
if [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && [[ -n "${challenge_token}" ]]; then
|
||||
${HOOK} "clean_challenge" ${deploy_args[$idx]} <&4 >&5 2>&6
|
||||
${HOOK} "clean_challenge" ${deploy_args[${idx}]} <&4 >&5 2>&6
|
||||
fi
|
||||
idx=$((idx+1))
|
||||
|
||||
@@ -433,8 +434,8 @@ sign_csr() {
|
||||
if [[ "${reqstatus}" != "valid" ]]; then
|
||||
# Clean up any remaining challenge_tokens if we stopped early
|
||||
if [[ "${CHALLENGETYPE}" = "http-01" ]]; then
|
||||
while [ $idx -lt ${#challenge_tokens[@]} ]; do
|
||||
rm -f "${WELLKNOWN}/${challenge_tokens[$idx]}"
|
||||
while [ ${idx} -lt ${#challenge_tokens[@]} ]; do
|
||||
rm -f "${WELLKNOWN}/${challenge_tokens[${idx}]}"
|
||||
idx=$((idx+1))
|
||||
done
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user