Update Qiniu's domain settings after uploading certificate

This commit is contained in:
shonenada 2019-01-11 19:19:07 +08:00
parent e19809d5b5
commit 3bc6628227
No known key found for this signature in database
GPG Key ID: 76A1B4666B0495CB
2 changed files with 33 additions and 10 deletions

View File

@ -1580,7 +1580,7 @@ _inithttp() {
fi fi
if [ -z "$_ACME_CURL" ] && _exists "curl"; then if [ -z "$_ACME_CURL" ] && _exists "curl"; then
_ACME_CURL="curl -L --dump-header $HTTP_HEADER " _ACME_CURL="curl -L --silent --dump-header $HTTP_HEADER "
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
_CURL_DUMP="$(_mktemp)" _CURL_DUMP="$(_mktemp)"
_ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP " _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP "

View File

@ -44,30 +44,53 @@ qiniu_deploy() {
string_fullchain=$(awk '{printf "%s\\n", $0}' "$_cfullchain") string_fullchain=$(awk '{printf "%s\\n", $0}' "$_cfullchain")
string_key=$(awk '{printf "%s\\n", $0}' "$_ckey") string_key=$(awk '{printf "%s\\n", $0}' "$_ckey")
body="{\"name\":\"$_cdomain\",\"common_name\":\"$_cdomain\",\"ca\":\""$string_fullchain"\",\"pri\":\"$string_key\"}" sslcerl_body="{\"name\":\"$_cdomain\",\"common_name\":\"$_cdomain\",\"ca\":\""$string_fullchain"\",\"pri\":\"$string_key\"}"
create_ssl_url="$QINIU_API_BASE/sslcert" create_ssl_url="$QINIU_API_BASE/sslcert"
ACCESSTOKEN="$(_make_sslcreate_access_token)" sslcert_access_token="$(_make_sslcreate_access_token "/sslcert\\n")"
export _H1="Authorization: QBox $ACCESSTOKEN" _debug sslcert_access_token "$sslcert_access_token"
export _H1="Authorization: QBox $sslcert_access_token"
_response=$(_post "$body" "$create_ssl_url" 0 "POST" "application/json" | _dbase64 "multiline") sslcert_response=$(_post "$sslcerl_body" "$create_ssl_url" 0 "POST" "application/json" | _dbase64 "multiline")
success_response="certID" success_response="certID"
if test "${_response#*$success_response}" == "$_response"; then if test "${sslcert_response#*$success_response}" == "$sslcert_response"; then
_err "Error in deploying certificate:" _err "Error in creating certificate:"
_err "$_response" _err "$sslcert_response"
return 1 return 1
fi fi
_debug response "$_response" _debug sslcert_response "$sslcert_response"
_info "Certificate successfully uploaded, updating domain $_cdomain"
_certId=$(printf "%s" $sslcert_response | sed -e "s/^.*certID\":\"//" -e "s/\"\}$//")
_debug certId "$_certId"
update_path="/domain/$_cdomain/httpsconf"
update_url="$QINIU_API_BASE$update_path"
update_body="{\"certid\":\""$_certId"\",\"forceHttps\":true}"
update_access_token="$(_make_sslcreate_access_token "$update_path\\n")"
_debug update_access_token "$update_access_token"
export _H1="Authorization: QBox $update_access_token"
update_response=$(_post "$update_body" "$update_url" 0 "PUT" "application/json" | _dbase64 "multiline")
err_response="error"
if test "${update_response#*$err_response}" != "$update_response"; then
_err "Error in updating domain:"
_err "$update_response"
return 1
fi
_debug update_response "$update_response"
_info "Certificate successfully deployed" _info "Certificate successfully deployed"
return 0 return 0
} }
_make_sslcreate_access_token() { _make_sslcreate_access_token() {
_data="/sslcert\\n" _data="$1"
_token="$(printf "$_data" | openssl sha1 -hmac $Le_Deploy_Qiniu_SK -binary | openssl base64 -e)" _token="$(printf "$_data" | openssl sha1 -hmac $Le_Deploy_Qiniu_SK -binary | openssl base64 -e)"
echo "$Le_Deploy_Qiniu_AK:$_token" echo "$Le_Deploy_Qiniu_AK:$_token"
} }