fix for shellcheck

acme.sh

@@ -306,7 +306,7 @@ _h2b() {
   _debug3 _URGLY_PRINTF "$_URGLY_PRINTF"
   while true; do
     if [ -z "$_URGLY_PRINTF" ]; then
-      h="$(printf $hex | cut -c $i-$j)"
+      h="$(printf "%s" "$hex" | cut -c $i-$j)"
       if [ -z "$h" ]; then
         break
       fi
@@ -479,7 +479,7 @@ _sign() {
     if ! _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)"; then
       _err "Sign failed: $_sign_openssl"
       _err "Key file: $keyfile"
-      _err "Key content:$(cat "$keyfile" | wc -l) lises"
+      _err "Key content:$(wc -l <"$keyfile") lises"
       return 1
     fi
     _debug3 "_signedECText" "$_signedECText"
@@ -516,7 +516,7 @@ _createkey() {
   f="$2"
   eccname="$length"
   if _startswith "$length" "ec-"; then
-    length=$(printf "$length" | cut -d '-' -f 2-100)
+    length=$(printf "%s" "$length" | cut -d '-' -f 2-100)
 
     if [ "$length" = "256" ]; then
       eccname="prime256v1"
@@ -608,10 +608,10 @@ _createcsr() {
     #single domain
     _info "Single domain" "$domain"
   else
-    domainlist="$(_idn $domainlist)"
+    domainlist="$(_idn "$domainlist")"
     _debug2 domainlist "$domainlist"
     if _contains "$domainlist" ","; then
-      alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")"
+      alt="DNS:$(echo "$domainlist" | sed "s/,/,DNS:/g")"
     else
       alt="DNS:$domainlist"
     fi
@@ -803,7 +803,7 @@ createDomainKey() {
     length="$DEFAULT_DOMAIN_KEY_LENGTH"
   fi
 
-  _initpath $domain "$length"
+  _initpath "$domain" "$length"
 
   if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]); then
     _createkey "$length" "$CERT_KEY_PATH"
@@ -849,18 +849,17 @@ createCSR() {
 }
 
 _urlencode() {
-  __n=$(cat)
-  echo $__n | tr '/+' '_-' | tr -d '= '
+  tr '/+' '_-' | tr -d '= '
 }
 
 _time2str() {
   #BSD
-  if date -u -d@$1 2>/dev/null; then
+  if date -u -d@"$1" 2>/dev/null; then
     return
   fi
 
   #Linux
-  if date -u -r $1 2>/dev/null; then
+  if date -u -r "$1" 2>/dev/null; then
     return
   fi
 
@@ -905,16 +904,16 @@ _calcjwk() {
   EC_SIGN=""
   if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then
     _debug "RSA key"
-    pub_exp=$(openssl rsa -in $keyfile -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1)
+    pub_exp=$(openssl rsa -in "$keyfile" -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1)
     if [ "${#pub_exp}" = "5" ]; then
       pub_exp=0$pub_exp
     fi
     _debug3 pub_exp "$pub_exp"
 
-    e=$(echo $pub_exp | _h2b | _base64)
+    e=$(echo "$pub_exp" | _h2b | _base64)
     _debug3 e "$e"
 
-    modulus=$(openssl rsa -in $keyfile -modulus -noout | cut -d '=' -f 2)
+    modulus=$(openssl rsa -in "$keyfile" -modulus -noout | cut -d '=' -f 2)
     _debug3 modulus "$modulus"
     n="$(printf "%s" "$modulus" | _h2b | _base64 | _urlencode)"
     jwk='{"e": "'$e'", "kty": "RSA", "n": "'$n'"}'
@@ -926,12 +925,12 @@ _calcjwk() {
   elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then
     _debug "EC key"
     EC_SIGN="1"
-    crv="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")"
+    crv="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")"
     _debug3 crv "$crv"
 
     if [ -z "$crv" ]; then
       _debug "Let's try ASN1 OID"
-      crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")"
+      crv_oid="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")"
       _debug3 crv_oid "$crv_oid"
       case "${crv_oid}" in
         "prime256v1")
@@ -951,15 +950,15 @@ _calcjwk() {
       _debug3 crv "$crv"
     fi
 
-    pubi="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)"
+    pubi="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)"
     pubi=$(_math $pubi + 1)
     _debug3 pubi "$pubi"
 
-    pubj="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)"
+    pubj="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)"
     pubj=$(_math $pubj - 1)
     _debug3 pubj "$pubj"
 
-    pubtext="$(openssl ec -in $keyfile -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")"
+    pubtext="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")"
     _debug3 pubtext "$pubtext"
 
     xlen="$(printf "%s" "$pubtext" | tr -d ':' | wc -c)"
@@ -967,14 +966,14 @@ _calcjwk() {
     _debug3 xlen "$xlen"
 
     xend=$(_math "$xlen" + 1)
-    x="$(printf "%s" "$pubtext" | cut -d : -f 2-$xend)"
+    x="$(printf "%s" "$pubtext" | cut -d : -f 2-"$xend")"
     _debug3 x "$x"
 
     x64="$(printf "%s" "$x" | tr -d : | _h2b | _base64 | _urlencode)"
     _debug3 x64 "$x64"
 
     xend=$(_math "$xend" + 1)
-    y="$(printf "%s" "$pubtext" | cut -d : -f $xend-10000)"
+    y="$(printf "%s" "$pubtext" | cut -d : -f "$xend"-10000)"
     _debug3 y "$y"
 
     y64="$(printf "%s" "$y" | tr -d : | _h2b | _base64 | _urlencode)"
@@ -1148,9 +1147,9 @@ _get() {
     fi
     _debug "_CURL" "$_CURL"
     if [ "$onlyheader" ]; then
-      $_CURL -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url
+      $_CURL -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url"
     else
-      $_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url
+      $_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url"
     fi
     ret=$?
     if [ "$ret" != "0" ]; then
@@ -1167,9 +1166,9 @@ _get() {
     fi
     _debug "_WGET" "$_WGET"
     if [ "$onlyheader" ]; then
-      $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null $url 2>&1 | sed 's/^[ ]*//g'
+      $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null "$url" 2>&1 | sed 's/^[ ]*//g'
     else
-      $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - $url
+      $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - "$url"
     fi
     ret=$?
     if [ "$_ret" = "8" ]; then
@@ -1192,9 +1191,9 @@ _head_n() {
 }
 
 _tail_n() {
-  if ! tail -n $1 2>/dev/null; then
+  if ! tail -n "$1" 2>/dev/null; then
     #fix for solaris
-    tail -$1
+    tail -"$1"
   fi
 }
 
@@ -1207,7 +1206,7 @@ _send_signed_request() {
   if [ -z "$keyfile" ]; then
     keyfile="$ACCOUNT_KEY_PATH"
   fi
-  _debug url $url
+  _debug url "$url"
   _debug payload "$payload"
 
   if ! _calcjwk "$keyfile"; then
@@ -1215,7 +1214,7 @@ _send_signed_request() {
   fi
 
   payload64=$(printf "%s" "$payload" | _base64 | _urlencode)
-  _debug3 payload64 $payload64
+  _debug3 payload64 "$payload64"
 
   if [ -z "$_CACHED_NONCE" ]; then
     _debug2 "Get nonce."
@@ -1255,7 +1254,7 @@ _send_signed_request() {
   body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
   _debug3 body "$body"
 
-  response="$(_post "$body" $url "$needbase64")"
+  response="$(_post "$body" "$url" "$needbase64")"
   _CACHED_NONCE=""
   if [ "$?" != "0" ]; then
     _err "Can not post to $url"