mirror of
https://github.com/plantroon/acme.sh.git
synced 2025-01-26 05:29:48 +00:00
secure debug message
This commit is contained in:
parent
52765466c1
commit
e6e85b0c55
68
acme.sh
68
acme.sh
@ -71,6 +71,8 @@ DEBUG_LEVEL_3=3
|
|||||||
DEBUG_LEVEL_DEFAULT=$DEBUG_LEVEL_1
|
DEBUG_LEVEL_DEFAULT=$DEBUG_LEVEL_1
|
||||||
DEBUG_LEVEL_NONE=0
|
DEBUG_LEVEL_NONE=0
|
||||||
|
|
||||||
|
HIDDEN_VALUE="[hidden](please add '--output-insecure' to see this value)"
|
||||||
|
|
||||||
SYSLOG_ERROR="user.error"
|
SYSLOG_ERROR="user.error"
|
||||||
SYSLOG_INFO="user.info"
|
SYSLOG_INFO="user.info"
|
||||||
SYSLOG_DEBUG="user.debug"
|
SYSLOG_DEBUG="user.debug"
|
||||||
@ -212,6 +214,27 @@ _debug() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#output the sensitive messages
|
||||||
|
_secure_debug() {
|
||||||
|
if [ "${LOG_LEVEL:-$DEFAULT_LOG_LEVEL}" -ge "$LOG_LEVEL_1" ]; then
|
||||||
|
if [ "$OUTPUT_INSECURE" = "1" ]; then
|
||||||
|
_log "$@"
|
||||||
|
else
|
||||||
|
_log "$1" "$HIDDEN_VALUE"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "${SYS_LOG:-$SYSLOG_LEVEL_NONE}" -ge "$SYSLOG_LEVEL_DEBUG" ]; then
|
||||||
|
_syslog "$SYSLOG_DEBUG" "$1" "$HIDDEN_VALUE"
|
||||||
|
fi
|
||||||
|
if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_1" ]; then
|
||||||
|
if [ "$OUTPUT_INSECURE" = "1" ]; then
|
||||||
|
_printargs "$@" >&2
|
||||||
|
else
|
||||||
|
_printargs "$1" "$HIDDEN_VALUE" >&2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
_debug2() {
|
_debug2() {
|
||||||
if [ "${LOG_LEVEL:-$DEFAULT_LOG_LEVEL}" -ge "$LOG_LEVEL_2" ]; then
|
if [ "${LOG_LEVEL:-$DEFAULT_LOG_LEVEL}" -ge "$LOG_LEVEL_2" ]; then
|
||||||
_log "$@"
|
_log "$@"
|
||||||
@ -224,6 +247,26 @@ _debug2() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_secure_debug2() {
|
||||||
|
if [ "${LOG_LEVEL:-$DEFAULT_LOG_LEVEL}" -ge "$LOG_LEVEL_2" ]; then
|
||||||
|
if [ "$OUTPUT_INSECURE" = "1" ]; then
|
||||||
|
_log "$@"
|
||||||
|
else
|
||||||
|
_log "$1" "$HIDDEN_VALUE"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "${SYS_LOG:-$SYSLOG_LEVEL_NONE}" -ge "$SYSLOG_LEVEL_DEBUG_2" ]; then
|
||||||
|
_syslog "$SYSLOG_DEBUG" "$1" "$HIDDEN_VALUE"
|
||||||
|
fi
|
||||||
|
if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then
|
||||||
|
if [ "$OUTPUT_INSECURE" = "1" ]; then
|
||||||
|
_printargs "$@" >&2
|
||||||
|
else
|
||||||
|
_printargs "$1" "$HIDDEN_VALUE" >&2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
_debug3() {
|
_debug3() {
|
||||||
if [ "${LOG_LEVEL:-$DEFAULT_LOG_LEVEL}" -ge "$LOG_LEVEL_3" ]; then
|
if [ "${LOG_LEVEL:-$DEFAULT_LOG_LEVEL}" -ge "$LOG_LEVEL_3" ]; then
|
||||||
_log "$@"
|
_log "$@"
|
||||||
@ -236,6 +279,26 @@ _debug3() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_secure_debug3() {
|
||||||
|
if [ "${LOG_LEVEL:-$DEFAULT_LOG_LEVEL}" -ge "$LOG_LEVEL_3" ]; then
|
||||||
|
if [ "$OUTPUT_INSECURE" = "1" ]; then
|
||||||
|
_log "$@"
|
||||||
|
else
|
||||||
|
_log "$1" "$HIDDEN_VALUE"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "${SYS_LOG:-$SYSLOG_LEVEL_NONE}" -ge "$SYSLOG_LEVEL_DEBUG_3" ]; then
|
||||||
|
_syslog "$SYSLOG_DEBUG" "$1" "$HIDDEN_VALUE"
|
||||||
|
fi
|
||||||
|
if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_3" ]; then
|
||||||
|
if [ "$OUTPUT_INSECURE" = "1" ]; then
|
||||||
|
_printargs "$@" >&2
|
||||||
|
else
|
||||||
|
_printargs "$1" "$HIDDEN_VALUE" >&2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
_startswith() {
|
_startswith() {
|
||||||
_str="$1"
|
_str="$1"
|
||||||
_sub="$2"
|
_sub="$2"
|
||||||
@ -4583,7 +4646,7 @@ Parameters:
|
|||||||
--force, -f Used to force to install or force to renew a cert immediately.
|
--force, -f Used to force to install or force to renew a cert immediately.
|
||||||
--staging, --test Use staging server, just for test.
|
--staging, --test Use staging server, just for test.
|
||||||
--debug Output debug info.
|
--debug Output debug info.
|
||||||
|
--output-insecure Output all the sensitive messages. By default all the credentials/sensitive messages are hidden from the output/debug/log for secure.
|
||||||
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
|
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
|
||||||
--standalone Use standalone mode.
|
--standalone Use standalone mode.
|
||||||
--stateless Use stateless mode, see: $_STATELESS_WIKI
|
--stateless Use stateless mode, see: $_STATELESS_WIKI
|
||||||
@ -4877,6 +4940,9 @@ _process() {
|
|||||||
shift
|
shift
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
--output-insecure)
|
||||||
|
export OUTPUT_INSECURE=1
|
||||||
|
;;
|
||||||
--webroot | -w)
|
--webroot | -w)
|
||||||
wvalue="$2"
|
wvalue="$2"
|
||||||
if [ -z "$_webroot" ]; then
|
if [ -z "$_webroot" ]; then
|
||||||
|
@ -181,10 +181,10 @@ aws_rest() {
|
|||||||
|
|
||||||
#kSecret="wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY" ############################
|
#kSecret="wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY" ############################
|
||||||
|
|
||||||
_debug2 kSecret "$kSecret"
|
_secure_debug2 kSecret "$kSecret"
|
||||||
|
|
||||||
kSecretH="$(printf "%s" "$kSecret" | _hex_dump | tr -d " ")"
|
kSecretH="$(printf "%s" "$kSecret" | _hex_dump | tr -d " ")"
|
||||||
_debug2 kSecretH "$kSecretH"
|
_secure_debug2 kSecretH "$kSecretH"
|
||||||
|
|
||||||
kDateH="$(printf "$RequestDateOnly%s" | _hmac "$Hash" "$kSecretH" hex)"
|
kDateH="$(printf "$RequestDateOnly%s" | _hmac "$Hash" "$kSecretH" hex)"
|
||||||
_debug2 kDateH "$kDateH"
|
_debug2 kDateH "$kDateH"
|
||||||
|
@ -34,7 +34,7 @@ dns_lexicon_add() {
|
|||||||
# shellcheck disable=SC2018,SC2019
|
# shellcheck disable=SC2018,SC2019
|
||||||
Lx_name=$(echo LEXICON_"${PROVIDER}"_USERNAME | tr 'a-z' 'A-Z')
|
Lx_name=$(echo LEXICON_"${PROVIDER}"_USERNAME | tr 'a-z' 'A-Z')
|
||||||
Lx_name_v=$(eval echo \$"$Lx_name")
|
Lx_name_v=$(eval echo \$"$Lx_name")
|
||||||
_debug "$Lx_name" "$Lx_name_v"
|
_secure_debug "$Lx_name" "$Lx_name_v"
|
||||||
if [ "$Lx_name_v" ]; then
|
if [ "$Lx_name_v" ]; then
|
||||||
_saveaccountconf "$Lx_name" "$Lx_name_v"
|
_saveaccountconf "$Lx_name" "$Lx_name_v"
|
||||||
eval export "$Lx_name"
|
eval export "$Lx_name"
|
||||||
@ -43,7 +43,7 @@ dns_lexicon_add() {
|
|||||||
# shellcheck disable=SC2018,SC2019
|
# shellcheck disable=SC2018,SC2019
|
||||||
Lx_token=$(echo LEXICON_"${PROVIDER}"_TOKEN | tr 'a-z' 'A-Z')
|
Lx_token=$(echo LEXICON_"${PROVIDER}"_TOKEN | tr 'a-z' 'A-Z')
|
||||||
Lx_token_v=$(eval echo \$"$Lx_token")
|
Lx_token_v=$(eval echo \$"$Lx_token")
|
||||||
_debug "$Lx_token" "$Lx_token_v"
|
_secure_debug "$Lx_token" "$Lx_token_v"
|
||||||
if [ "$Lx_token_v" ]; then
|
if [ "$Lx_token_v" ]; then
|
||||||
_saveaccountconf "$Lx_token" "$Lx_token_v"
|
_saveaccountconf "$Lx_token" "$Lx_token_v"
|
||||||
eval export "$Lx_token"
|
eval export "$Lx_token"
|
||||||
@ -52,7 +52,7 @@ dns_lexicon_add() {
|
|||||||
# shellcheck disable=SC2018,SC2019
|
# shellcheck disable=SC2018,SC2019
|
||||||
Lx_password=$(echo LEXICON_"${PROVIDER}"_PASSWORD | tr 'a-z' 'A-Z')
|
Lx_password=$(echo LEXICON_"${PROVIDER}"_PASSWORD | tr 'a-z' 'A-Z')
|
||||||
Lx_password_v=$(eval echo \$"$Lx_password")
|
Lx_password_v=$(eval echo \$"$Lx_password")
|
||||||
_debug "$Lx_password" "$Lx_password_v"
|
_secure_debug "$Lx_password" "$Lx_password_v"
|
||||||
if [ "$Lx_password_v" ]; then
|
if [ "$Lx_password_v" ]; then
|
||||||
_saveaccountconf "$Lx_password" "$Lx_password_v"
|
_saveaccountconf "$Lx_password" "$Lx_password_v"
|
||||||
eval export "$Lx_password"
|
eval export "$Lx_password"
|
||||||
@ -61,7 +61,7 @@ dns_lexicon_add() {
|
|||||||
# shellcheck disable=SC2018,SC2019
|
# shellcheck disable=SC2018,SC2019
|
||||||
Lx_domaintoken=$(echo LEXICON_"${PROVIDER}"_DOMAINTOKEN | tr 'a-z' 'A-Z')
|
Lx_domaintoken=$(echo LEXICON_"${PROVIDER}"_DOMAINTOKEN | tr 'a-z' 'A-Z')
|
||||||
Lx_domaintoken_v=$(eval echo \$"$Lx_domaintoken")
|
Lx_domaintoken_v=$(eval echo \$"$Lx_domaintoken")
|
||||||
_debug "$Lx_domaintoken" "$Lx_domaintoken_v"
|
_secure_debug "$Lx_domaintoken" "$Lx_domaintoken_v"
|
||||||
if [ "$Lx_domaintoken_v" ]; then
|
if [ "$Lx_domaintoken_v" ]; then
|
||||||
eval export "$Lx_domaintoken"
|
eval export "$Lx_domaintoken"
|
||||||
_saveaccountconf "$Lx_domaintoken" "$Lx_domaintoken_v"
|
_saveaccountconf "$Lx_domaintoken" "$Lx_domaintoken_v"
|
||||||
|
@ -207,7 +207,7 @@ _ovh_authentication() {
|
|||||||
_err "Unable to get consumerKey"
|
_err "Unable to get consumerKey"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
_debug consumerKey "$consumerKey"
|
_secure_debug consumerKey "$consumerKey"
|
||||||
|
|
||||||
OVH_CK="$consumerKey"
|
OVH_CK="$consumerKey"
|
||||||
_saveaccountconf OVH_CK "$OVH_CK"
|
_saveaccountconf OVH_CK "$OVH_CK"
|
||||||
@ -269,7 +269,7 @@ _ovh_rest() {
|
|||||||
_ovh_t="$(_ovh_timestamp)"
|
_ovh_t="$(_ovh_timestamp)"
|
||||||
_debug2 _ovh_t "$_ovh_t"
|
_debug2 _ovh_t "$_ovh_t"
|
||||||
_ovh_p="$OVH_AS+$OVH_CK+$m+$_ovh_url+$data+$_ovh_t"
|
_ovh_p="$OVH_AS+$OVH_CK+$m+$_ovh_url+$data+$_ovh_t"
|
||||||
_debug _ovh_p "$_ovh_p"
|
_secure_debug _ovh_p "$_ovh_p"
|
||||||
_ovh_hex="$(printf "%s" "$_ovh_p" | _digest sha1 hex)"
|
_ovh_hex="$(printf "%s" "$_ovh_p" | _digest sha1 hex)"
|
||||||
_debug2 _ovh_hex "$_ovh_hex"
|
_debug2 _ovh_hex "$_ovh_hex"
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user