starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-03-31 06:03:04 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Move from account ID to account URL

Browse Source 
We store the account URL on account creation in the account_id.json file.

When reading the file, if the attribute is missing, we retrieve the account URL
from the CA ( https://tools.ietf.org/html/rfc8555#section-7.3.1 ) and edit the
file.

Per https://tools.ietf.org/html/rfc8555#section-7.3
> The server returns this account object in a 201 (Created) response, with the
> account URL in a Location header field.  The account URL is used as the "kid"
> value in the JWS authenticating subsequent requests by this account (see
> Section 6.2).  The account URL is also used for requests for management
> actions on this account, as described below.
This commit is contained in:
Rogdham
2020-03-30 22:14:07 +02:00
parent fcfb077a95
commit dbb0ef1ce1
1 changed files with 11 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
dehydrated
View File

@@ -408,17 +408,17 @@ init_system() {
ACCOUNT_URL="${CA_REG}/${ACCOUNT_ID}" ACCOUNT_URL="${CA_REG}/${ACCOUNT_ID}"
else else
if [[ -e "${ACCOUNT_ID_JSON}" ]]; then if [[ -e "${ACCOUNT_ID_JSON}" ]]; then
ACCOUNT_ID="$(cat "${ACCOUNT_ID_JSON}" | get_json_string_value id)" ACCOUNT_URL="$(cat "${ACCOUNT_ID_JSON}" | get_json_string_value url)"
else fi
echo "+ Fetching account ID..." # if account URL is not storred, fetch it from the CA
if [[ -z "${ACCOUNT_URL:-}" ]]; then
echo "+ Fetching account URL..."
ACCOUNT_URL="$(signed_request "${CA_NEW_ACCOUNT}" '{"onlyReturnExisting": true}' 4>&1 | grep -i ^Location: | awk '{print $2}' | tr -d '\r\n')" ACCOUNT_URL="$(signed_request "${CA_NEW_ACCOUNT}" '{"onlyReturnExisting": true}' 4>&1 | grep -i ^Location: | awk '{print $2}' | tr -d '\r\n')"
ACCOUNT_ID="${ACCOUNT_URL##*/}" if [[ -z "${ACCOUNT_URL}" ]]; then
if [[ -z "${ACCOUNT_ID}" ]]; then
_exiterr "Unknown error on fetching account information" _exiterr "Unknown error on fetching account information"
fi fi
echo '{"id": "'"${ACCOUNT_ID}"'"}' > "${ACCOUNT_ID_JSON}" echo '{"url":"'"${ACCOUNT_URL}"'"}' > "${ACCOUNT_ID_JSON}" # store the URL for next time
fi fi
ACCOUNT_URL="${CA_ACCOUNT}/${ACCOUNT_ID}"
fi fi
else else
echo "Fetching missing account information from CA..." echo "Fetching missing account information from CA..."
@@ -428,7 +428,6 @@ init_system() {
ACCOUNT_URL="$(signed_request "${CA_NEW_ACCOUNT}" '{"onlyReturnExisting": true}' 4>&1 | grep -i ^Location: | awk '{print $2}' | tr -d '\r\n')" ACCOUNT_URL="$(signed_request "${CA_NEW_ACCOUNT}" '{"onlyReturnExisting": true}' 4>&1 | grep -i ^Location: | awk '{print $2}' | tr -d '\r\n')"
ACCOUNT_INFO="$(signed_request "${ACCOUNT_URL}" '{}')" ACCOUNT_INFO="$(signed_request "${ACCOUNT_URL}" '{}')"
fi fi
ACCOUNT_ID="${ACCOUNT_URL##*/}"
echo "${ACCOUNT_INFO}" > "${ACCOUNT_KEY_JSON}" echo "${ACCOUNT_INFO}" > "${ACCOUNT_KEY_JSON}"
fi fi
} }
@@ -1155,12 +1154,12 @@ command_account() {
NEW_ACCOUNT_KEY_JSON="$(_mktemp)" NEW_ACCOUNT_KEY_JSON="$(_mktemp)"
# Check if we have the registration id # Check if we have the registration url
if [[ -z "${ACCOUNT_ID}" ]]; then if [[ -z "${ACCOUNT_URL}" ]]; then
_exiterr "Error retrieving registration id." _exiterr "Error retrieving registration url."
fi fi
echo "+ Updating registration id: ${ACCOUNT_ID} contact information..." echo "+ Updating registration url: ${ACCOUNT_URL} contact information..."
if [[ ${API} -eq 1 ]]; then if [[ ${API} -eq 1 ]]; then
# If an email for the contact has been provided then adding it to the registered account # If an email for the contact has been provided then adding it to the registered account
if [[ -n "${CONTACT_EMAIL}" ]]; then if [[ -n "${CONTACT_EMAIL}" ]]; then