mirror of
https://github.com/dehydrated-io/dehydrated.git
synced 2026-07-08 05:55:18 +02:00
use more {} thingies around variables
This commit is contained in:
+22
-21
@@ -224,12 +224,12 @@ _openssl() {
|
|||||||
out="$(openssl "${@}" 2>&1)"
|
out="$(openssl "${@}" 2>&1)"
|
||||||
res=$?
|
res=$?
|
||||||
set -e
|
set -e
|
||||||
if [[ $res -ne 0 ]]; then
|
if [[ ${res} -ne 0 ]]; then
|
||||||
echo " + ERROR: failed to run $* (Exitcode: $res)" >&2
|
echo " + ERROR: failed to run $* (Exitcode: ${res})" >&2
|
||||||
echo >&2
|
echo >&2
|
||||||
echo "Details:" >&2
|
echo "Details:" >&2
|
||||||
echo "$out" >&2
|
echo "${out}" >&2
|
||||||
exit $res
|
exit ${res}
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -302,7 +302,7 @@ extract_altnames() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
reqtext="$( <<<"${csr}" openssl req -noout -text )"
|
reqtext="$( <<<"${csr}" openssl req -noout -text )"
|
||||||
if <<<"$reqtext" grep -q '^[[:space:]]*X509v3 Subject Alternative Name:[[:space:]]*$'; then
|
if <<<"${reqtext}" grep -q '^[[:space:]]*X509v3 Subject Alternative Name:[[:space:]]*$'; then
|
||||||
# SANs used, extract these
|
# SANs used, extract these
|
||||||
altnames="$( <<<"${reqtext}" grep -A1 '^[[:space:]]*X509v3 Subject Alternative Name:[[:space:]]*$' | tail -n1 )"
|
altnames="$( <<<"${reqtext}" grep -A1 '^[[:space:]]*X509v3 Subject Alternative Name:[[:space:]]*$' | tail -n1 )"
|
||||||
# split to one per line:
|
# split to one per line:
|
||||||
@@ -313,12 +313,12 @@ extract_altnames() {
|
|||||||
fi
|
fi
|
||||||
# strip away the DNS: prefix
|
# strip away the DNS: prefix
|
||||||
altnames="$( <<<"${altnames}" _sed -e 's/^DNS://' )"
|
altnames="$( <<<"${altnames}" _sed -e 's/^DNS://' )"
|
||||||
echo "$altnames"
|
echo "${altnames}"
|
||||||
|
|
||||||
else
|
else
|
||||||
# No SANs, extract CN
|
# No SANs, extract CN
|
||||||
altnames="$( <<<"${reqtext}" grep '^[[:space:]]*Subject:' | _sed -e 's/.* CN=([^ /,]*).*/\1/' )"
|
altnames="$( <<<"${reqtext}" grep '^[[:space:]]*Subject:' | _sed -e 's/.* CN=([^ /,]*).*/\1/' )"
|
||||||
echo "$altnames"
|
echo "${altnames}"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -334,8 +334,8 @@ sign_csr() {
|
|||||||
|
|
||||||
shift 1 || true
|
shift 1 || true
|
||||||
altnames="${*:-}"
|
altnames="${*:-}"
|
||||||
if [ -z "$altnames" ]; then
|
if [ -z "${altnames}" ]; then
|
||||||
altnames="$( extract_altnames "$csr" )"
|
altnames="$( extract_altnames "${csr}" )"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -z "${CA_NEW_AUTHZ}" ]] || [[ -z "${CA_NEW_CERT}" ]]; then
|
if [[ -z "${CA_NEW_AUTHZ}" ]] || [[ -z "${CA_NEW_CERT}" ]]; then
|
||||||
@@ -348,6 +348,7 @@ sign_csr() {
|
|||||||
else
|
else
|
||||||
local -a challenge_uris challenge_tokens keyauths deploy_args
|
local -a challenge_uris challenge_tokens keyauths deploy_args
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Request challenges
|
# Request challenges
|
||||||
for altname in ${altnames}; do
|
for altname in ${altnames}; do
|
||||||
# Ask the acme-server for new challenge token and extract them from the resulting json block
|
# Ask the acme-server for new challenge token and extract them from the resulting json block
|
||||||
@@ -380,11 +381,11 @@ sign_csr() {
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
challenge_uris[$idx]="${challenge_uri}"
|
challenge_uris[${idx}]="${challenge_uri}"
|
||||||
keyauths[$idx]="${keyauth}"
|
keyauths[${idx}]="${keyauth}"
|
||||||
challenge_tokens[$idx]="${challenge_token}"
|
challenge_tokens[${idx}]="${challenge_token}"
|
||||||
# Note: assumes args will never have spaces!
|
# Note: assumes args will never have spaces!
|
||||||
deploy_args[$idx]="${altname} ${challenge_token} ${keyauth_hook}"
|
deploy_args[${idx}]="${altname} ${challenge_token} ${keyauth_hook}"
|
||||||
idx=$((idx+1))
|
idx=$((idx+1))
|
||||||
done
|
done
|
||||||
|
|
||||||
@@ -394,21 +395,21 @@ sign_csr() {
|
|||||||
# Respond to challenges
|
# Respond to challenges
|
||||||
idx=0
|
idx=0
|
||||||
for altname in ${altnames}; do
|
for altname in ${altnames}; do
|
||||||
challenge_token="${challenge_tokens[$idx]}"
|
challenge_token="${challenge_tokens[${idx}]}"
|
||||||
keyauth="${keyauths[$idx]}"
|
keyauth="${keyauths[${idx}]}"
|
||||||
|
|
||||||
# Wait for hook script to deploy the challenge if used
|
# Wait for hook script to deploy the challenge if used
|
||||||
[[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && ${HOOK} "deploy_challenge" ${deploy_args[$idx]} <&4 >&5 2>&6
|
[[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && ${HOOK} "deploy_challenge" ${deploy_args[${idx}]} <&4 >&5 2>&6
|
||||||
|
|
||||||
# Ask the acme-server to verify our challenge and wait until it is no longer pending
|
# Ask the acme-server to verify our challenge and wait until it is no longer pending
|
||||||
echo " + Responding to challenge for ${altname}..."
|
echo " + Responding to challenge for ${altname}..."
|
||||||
result="$(signed_request "${challenge_uris[$idx]}" '{"resource": "challenge", "keyAuthorization": "'"${keyauth}"'"}')"
|
result="$(signed_request "${challenge_uris[${idx}]}" '{"resource": "challenge", "keyAuthorization": "'"${keyauth}"'"}')"
|
||||||
|
|
||||||
reqstatus="$(printf '%s\n' "${result}" | get_json_string_value status)"
|
reqstatus="$(printf '%s\n' "${result}" | get_json_string_value status)"
|
||||||
|
|
||||||
while [[ "${reqstatus}" = "pending" ]]; do
|
while [[ "${reqstatus}" = "pending" ]]; do
|
||||||
sleep 1
|
sleep 1
|
||||||
result="$(http_request get "${challenge_uris[$idx]}")"
|
result="$(http_request get "${challenge_uris[${idx}]}")"
|
||||||
reqstatus="$(printf '%s\n' "${result}" | get_json_string_value status)"
|
reqstatus="$(printf '%s\n' "${result}" | get_json_string_value status)"
|
||||||
done
|
done
|
||||||
|
|
||||||
@@ -416,7 +417,7 @@ sign_csr() {
|
|||||||
|
|
||||||
# Wait for hook script to clean the challenge if used
|
# Wait for hook script to clean the challenge if used
|
||||||
if [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && [[ -n "${challenge_token}" ]]; then
|
if [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && [[ -n "${challenge_token}" ]]; then
|
||||||
${HOOK} "clean_challenge" ${deploy_args[$idx]} <&4 >&5 2>&6
|
${HOOK} "clean_challenge" ${deploy_args[${idx}]} <&4 >&5 2>&6
|
||||||
fi
|
fi
|
||||||
idx=$((idx+1))
|
idx=$((idx+1))
|
||||||
|
|
||||||
@@ -433,8 +434,8 @@ sign_csr() {
|
|||||||
if [[ "${reqstatus}" != "valid" ]]; then
|
if [[ "${reqstatus}" != "valid" ]]; then
|
||||||
# Clean up any remaining challenge_tokens if we stopped early
|
# Clean up any remaining challenge_tokens if we stopped early
|
||||||
if [[ "${CHALLENGETYPE}" = "http-01" ]]; then
|
if [[ "${CHALLENGETYPE}" = "http-01" ]]; then
|
||||||
while [ $idx -lt ${#challenge_tokens[@]} ]; do
|
while [ ${idx} -lt ${#challenge_tokens[@]} ]; do
|
||||||
rm -f "${WELLKNOWN}/${challenge_tokens[$idx]}"
|
rm -f "${WELLKNOWN}/${challenge_tokens[${idx}]}"
|
||||||
idx=$((idx+1))
|
idx=$((idx+1))
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user