mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-25 22:51:39 +00:00
Fetch agreement tos dynamically, fix https://github.com/Neilpang/acme.sh/issues/253
This commit is contained in:
parent
86c017ec9d
commit
d404e92d16
160
acme.sh
160
acme.sh
@ -48,9 +48,6 @@ RENEW_SKIP=2
|
||||
ECC_SEP="_"
|
||||
ECC_SUFFIX="${ECC_SEP}ecc"
|
||||
|
||||
if [ -z "$AGREEMENT" ] ; then
|
||||
AGREEMENT="$DEFAULT_AGREEMENT"
|
||||
fi
|
||||
|
||||
__INTERACTIVE=""
|
||||
if [ -t 1 ] ; then
|
||||
@ -1767,6 +1764,93 @@ _on_issue_success() {
|
||||
}
|
||||
|
||||
|
||||
|
||||
_regAccount() {
|
||||
_initpath
|
||||
if [ ! -f "$ACCOUNT_KEY_PATH" ] ; then
|
||||
_acck="no"
|
||||
if [ "$Le_Keylength" ] ; then
|
||||
_acck="$Le_Keylength"
|
||||
fi
|
||||
if ! createAccountKey "$_acck" ; then
|
||||
_err "Create account key error."
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if ! _calcjwk "$ACCOUNT_KEY_PATH" ; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
_updateTos=""
|
||||
_reg_res="new-reg"
|
||||
while true ;
|
||||
do
|
||||
_debug AGREEMENT "$AGREEMENT"
|
||||
accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' )
|
||||
thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode)
|
||||
|
||||
regjson='{"resource": "'$_reg_res'", "agreement": "'$AGREEMENT'"}'
|
||||
|
||||
if [ "$ACCOUNT_EMAIL" ] ; then
|
||||
regjson='{"resource": "'$_reg_res'", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "'$AGREEMENT'"}'
|
||||
fi
|
||||
|
||||
if [ -z "$_updateTos" ] ; then
|
||||
_info "Registering account"
|
||||
|
||||
if ! _send_signed_request "$API/acme/new-reg" "$regjson" ; then
|
||||
_err "Register account Error: $response"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ "$code" = "" ] || [ "$code" = '201' ] ; then
|
||||
echo "$response" > $LE_WORKING_DIR/account.json
|
||||
_info "Registered"
|
||||
elif [ "$code" = '409' ] ; then
|
||||
_info "Already registered"
|
||||
else
|
||||
_err "Register account Error: $response"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_accUri="$(echo "$responseHeaders" | grep "^Location:" | cut -d ' ' -f 2| tr -d "\r\n")"
|
||||
_debug "_accUri" "$_accUri"
|
||||
ACCOUNT_URL="$_accUri"
|
||||
_saveaccountconf ACCOUNT_URL "$ACCOUNT_URL"
|
||||
|
||||
_tos="$(echo "$responseHeaders" | grep "^Link:.*rel=\"terms-of-service\"" | _egrep_o "<.*>" | tr -d '<>')"
|
||||
_debug "_tos" "$_tos"
|
||||
if [ -z "$_tos" ] ; then
|
||||
_debug "Use default tos: $DEFAULT_AGREEMENT"
|
||||
_tos="$DEFAULT_AGREEMENT"
|
||||
fi
|
||||
if [ "$_tos" != "$AGREEMENT" ]; then
|
||||
_updateTos=1
|
||||
AGREEMENT="$_tos"
|
||||
_reg_res="reg"
|
||||
continue
|
||||
fi
|
||||
|
||||
else
|
||||
_debug "Update tos: $_tos"
|
||||
if ! _send_signed_request "$_accUri" "$regjson" ; then
|
||||
_err "Update tos error."
|
||||
return 1
|
||||
fi
|
||||
if [ "$code" = '202' ] ; then
|
||||
_debug "Update tos success."
|
||||
else
|
||||
_err "Update tos error."
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
return 0
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
|
||||
#webroot, domain domainlist keylength
|
||||
issue() {
|
||||
if [ -z "$2" ] ; then
|
||||
@ -1826,67 +1910,19 @@ issue() {
|
||||
Le_Alt=""
|
||||
fi
|
||||
|
||||
if [ "$Le_Keylength" = "$NO_VALUE" ] ; then
|
||||
Le_Keylength=""
|
||||
fi
|
||||
|
||||
if ! _on_before_issue ; then
|
||||
_err "_on_before_issue."
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -f "$ACCOUNT_KEY_PATH" ] ; then
|
||||
_acck="$NO_VALUE"
|
||||
if [ "$Le_Keylength" ] ; then
|
||||
_acck="$Le_Keylength"
|
||||
fi
|
||||
if ! createAccountKey "$_acck" ; then
|
||||
_err "Create account key error."
|
||||
if [ "$usingApache" ] ; then
|
||||
_restoreApache
|
||||
fi
|
||||
if ! _regAccount ; then
|
||||
_on_issue_err
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if ! _calcjwk "$ACCOUNT_KEY_PATH" ; then
|
||||
if [ "$usingApache" ] ; then
|
||||
_restoreApache
|
||||
fi
|
||||
_on_issue_err
|
||||
return 1
|
||||
fi
|
||||
|
||||
accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' )
|
||||
thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode)
|
||||
|
||||
regjson='{"resource": "new-reg", "agreement": "'$AGREEMENT'"}'
|
||||
if [ "$ACCOUNT_EMAIL" ] ; then
|
||||
regjson='{"resource": "new-reg", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "'$AGREEMENT'"}'
|
||||
fi
|
||||
|
||||
accountkeyhash="$(cat "$ACCOUNT_KEY_PATH" | _digest "sha256" )"
|
||||
accountkeyhash="$(echo $accountkeyhash$API$regjson | _digest "sha256" )"
|
||||
if [ "$accountkeyhash" != "$ACCOUNT_KEY_HASH" ] ; then
|
||||
_info "Registering account"
|
||||
_send_signed_request "$API/acme/new-reg" "$regjson"
|
||||
if [ "$code" = "" ] || [ "$code" = '201' ] ; then
|
||||
_info "Registered"
|
||||
echo "$response" > $LE_WORKING_DIR/account.json
|
||||
elif [ "$code" = '409' ] ; then
|
||||
_info "Already registered"
|
||||
else
|
||||
_err "Register account Error: $response"
|
||||
_clearup
|
||||
_on_issue_err
|
||||
return 1
|
||||
fi
|
||||
ACCOUNT_KEY_HASH="$accountkeyhash"
|
||||
_saveaccountconf "ACCOUNT_KEY_HASH" "$ACCOUNT_KEY_HASH"
|
||||
else
|
||||
_info "Skip register account key"
|
||||
fi
|
||||
|
||||
if [ "$Le_Keylength" = "$NO_VALUE" ] ; then
|
||||
Le_Keylength=""
|
||||
fi
|
||||
|
||||
|
||||
if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ] ; then
|
||||
@ -2301,13 +2337,18 @@ issue() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
|
||||
_rcert="$response"
|
||||
Le_LinkCert="$(grep -i '^Location.*$' $HTTP_HEADER | head -1 | tr -d "\r\n" | cut -d " " -f 2)"
|
||||
_savedomainconf "Le_LinkCert" "$Le_LinkCert"
|
||||
|
||||
if [ "$Le_LinkCert" ] ; then
|
||||
echo "$BEGIN_CERT" > "$CERT_PATH"
|
||||
_get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH"
|
||||
|
||||
if ! _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" ; then
|
||||
_debug "Get cert failed. Let's try last response."
|
||||
printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH"
|
||||
fi
|
||||
|
||||
echo "$END_CERT" >> "$CERT_PATH"
|
||||
_info "$(__green "Cert success.")"
|
||||
cat "$CERT_PATH"
|
||||
@ -2918,6 +2959,9 @@ _initconf() {
|
||||
#ACCOUNT_KEY_PATH=\"/path/to/account.key\"
|
||||
#CERT_HOME=\"/path/to/cert/home\"
|
||||
|
||||
#ACCOUNT_URL=\"\"
|
||||
|
||||
|
||||
#LOG_FILE=\"$DEFAULT_LOG_FILE\"
|
||||
|
||||
#AUTO_UPGRADE=\"1\"
|
||||
|
Loading…
Reference in New Issue
Block a user