From 0c00e870c6ab2455a3840d889441afc4a2ca0087 Mon Sep 17 00:00:00 2001
From: neil <pc@byneil.com>
Date: Thu, 22 Sep 2016 23:17:50 +0800
Subject: [PATCH] Support Authorization deactivation
 https://github.com/Neilpang/acme.sh/issues/291

---
 acme.sh | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 84 insertions(+), 2 deletions(-)

diff --git a/acme.sh b/acme.sh
index c18a7c35..60210c73 100755
--- a/acme.sh
+++ b/acme.sh
@@ -1883,7 +1883,7 @@ issue() {
         vtype="$VTYPE_TLS"
       fi
       
-      _info "Getting token for domain" $d
+      _info "Getting new-authz for domain" $d
 
       if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$d\"}}" ; then
         _err "Can not get domain token."
@@ -2720,6 +2720,82 @@ revoke() {
   return 1
 }
 
+
+#domain vtype
+_deactivate() {
+  _d_domain="$1"
+  _d_type="$2"
+  _initpath
+  
+  _d_i=0
+  _d_max_retry=9
+  while [ "$_d_i" -lt "$_d_max_retry" ] ;
+  do
+    _d_i="$(_math $_d_i + 1)"
+    if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$_d_domain\"}}" ; then
+      _err "Can not get domain token."
+      return 1
+    fi
+    
+    authzUri="$(echo "$responseHeaders" | grep "^Location:" | cut -d ' ' -f 2)"
+    _info "authzUri" "$authzUri"
+
+    if [ ! -z "$code" ] && [ ! "$code" = '201' ] ; then
+      _err "new-authz error: $response"
+      return 1
+    fi
+    
+    entry="$(printf "%s\n" "$response" | _egrep_o  '[^{]*"status":"valid","uri"[^}]*')"
+    _debug entry "$entry"
+    
+    if [ -z "$entry" ] ; then
+      _info "No valid entry found."
+      break
+    fi
+    
+    _vtype="$(printf "%s\n" "$entry" | _egrep_o '"type": *"[^"]*"' | cut -d : -f 2 | tr -d '"')"
+    _debug _vtype $_vtype
+    _info "Found $_vtype"
+
+    
+    uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*'| cut -d : -f 2,3 | tr -d '"' )"
+    _debug uri $uri
+    
+    if [ "$_d_type" ] && [ "$_d_type" != "$_vtype" ] ; then
+      _info "Skip $_vtype"
+      continue
+    fi
+    
+    _info "Deactivate: $_vtype"
+    
+    if ! _send_signed_request "$authzUri" "{\"resource\": \"authz\", \"status\":\"deactivated\"}" ; then
+      _err "Can not deactivate $_vtype."
+      return 1
+    fi
+    
+  done
+  _debug "$_d_i"
+  if [ "$_d_i" -lt "$_d_max_retry" ] ; then
+    _info "Deactivated success!"
+  else
+    _err "Deactivate failed."
+  fi
+
+}
+
+deactivate() {
+  _d_domain="$1"
+  _d_type="$2"
+  _initpath
+  
+  if [ -z "$_d_domain" ] ; then
+    _usage "Usage: $PROJECT_ENTRY --deactivate -d domain.com"
+    return 1
+  fi
+  
+  _deactivate "$_d_domain" $_d_type
+}
+
 # Detect profile file if not specified as environment variable
 _detect_profile() {
   if [ -n "$PROFILE" -a -f "$PROFILE" ] ; then
@@ -3093,6 +3169,7 @@ Commands:
   --createAccountKey, -cak Create an account private key, professional use.
   --createDomainKey, -cdk  Create an domain private key, professional use.
   --createCSR, -ccsr       Create CSR , professional use.
+  --deactivate             Deactivate the domain authz, professional use.
   
 Parameters:
   --domain, -d   domain.tld         Specifies a domain, used to issue, renew or revoke etc.
@@ -3303,7 +3380,9 @@ _process() {
     --createCSR|--createcsr|-ccr)
         _CMD="createCSR"
         ;;
-
+    --deactivate)
+        _CMD="deactivate"
+        ;;
      
     --domain|-d)
         _dvalue="$2"
@@ -3575,6 +3654,9 @@ _process() {
     revoke) 
       revoke "$_domain" "$_ecc"
       ;;
+    deactivate) 
+      deactivate "$_domain"
+      ;;      
     list) 
       list "$_listraw"
       ;;