From 3bc6628227dcebc1b788ed0676d51b992ee202cc Mon Sep 17 00:00:00 2001
From: shonenada <shonenada@gmail.com>
Date: Fri, 11 Jan 2019 19:19:07 +0800
Subject: [PATCH] Update Qiniu's domain settings after uploading certificate

---
 acme.sh         |  2 +-
 deploy/qiniu.sh | 41 ++++++++++++++++++++++++++++++++---------
 2 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/acme.sh b/acme.sh
index 86b555a3..872529f7 100755
--- a/acme.sh
+++ b/acme.sh
@@ -1580,7 +1580,7 @@ _inithttp() {
   fi
 
   if [ -z "$_ACME_CURL" ] && _exists "curl"; then
-    _ACME_CURL="curl -L --dump-header $HTTP_HEADER "
+    _ACME_CURL="curl -L --silent --dump-header $HTTP_HEADER "
     if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
       _CURL_DUMP="$(_mktemp)"
       _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP "
diff --git a/deploy/qiniu.sh b/deploy/qiniu.sh
index 4fa66ee6..070b7f69 100644
--- a/deploy/qiniu.sh
+++ b/deploy/qiniu.sh
@@ -44,30 +44,53 @@ qiniu_deploy() {
   string_fullchain=$(awk '{printf "%s\\n", $0}' "$_cfullchain")
   string_key=$(awk '{printf "%s\\n", $0}' "$_ckey")
 
-  body="{\"name\":\"$_cdomain\",\"common_name\":\"$_cdomain\",\"ca\":\""$string_fullchain"\",\"pri\":\"$string_key\"}"
+  sslcerl_body="{\"name\":\"$_cdomain\",\"common_name\":\"$_cdomain\",\"ca\":\""$string_fullchain"\",\"pri\":\"$string_key\"}"
 
   create_ssl_url="$QINIU_API_BASE/sslcert"
 
-  ACCESSTOKEN="$(_make_sslcreate_access_token)"
-  export _H1="Authorization: QBox $ACCESSTOKEN"
+  sslcert_access_token="$(_make_sslcreate_access_token "/sslcert\\n")"
+  _debug sslcert_access_token "$sslcert_access_token"
+  export _H1="Authorization: QBox $sslcert_access_token"
 
-  _response=$(_post "$body" "$create_ssl_url" 0 "POST" "application/json" | _dbase64 "multiline")
+  sslcert_response=$(_post "$sslcerl_body" "$create_ssl_url" 0 "POST" "application/json" | _dbase64 "multiline")
 
   success_response="certID"
-  if test "${_response#*$success_response}" == "$_response"; then
-    _err "Error in deploying certificate:"
-    _err "$_response"
+  if test "${sslcert_response#*$success_response}" == "$sslcert_response"; then
+    _err "Error in creating certificate:"
+    _err "$sslcert_response"
     return 1
   fi
 
-  _debug response "$_response"
+  _debug sslcert_response "$sslcert_response"
+  _info "Certificate successfully uploaded, updating domain $_cdomain"
+
+  _certId=$(printf "%s" $sslcert_response | sed -e "s/^.*certID\":\"//" -e "s/\"\}$//")
+  _debug certId "$_certId"
+
+  update_path="/domain/$_cdomain/httpsconf"
+  update_url="$QINIU_API_BASE$update_path"
+  update_body="{\"certid\":\""$_certId"\",\"forceHttps\":true}"
+
+  update_access_token="$(_make_sslcreate_access_token "$update_path\\n")"
+  _debug update_access_token "$update_access_token"
+  export _H1="Authorization: QBox $update_access_token"
+  update_response=$(_post "$update_body" "$update_url" 0 "PUT" "application/json" | _dbase64 "multiline")
+
+  err_response="error"
+  if test "${update_response#*$err_response}" != "$update_response"; then
+    _err "Error in updating domain:"
+    _err "$update_response"
+    return 1
+  fi
+
+  _debug update_response "$update_response"
   _info "Certificate successfully deployed"
 
   return 0
 }
 
 _make_sslcreate_access_token() {
-  _data="/sslcert\\n"
+  _data="$1"
   _token="$(printf "$_data" | openssl sha1 -hmac $Le_Deploy_Qiniu_SK -binary | openssl base64 -e)"
   echo "$Le_Deploy_Qiniu_AK:$_token"
 }