]>
Commit | Line | Data |
---|---|---|
e4e6173e JPB |
1 | #!/usr/bin/env sh |
2 | # Here is the script to deploy the cert to your CleverReach Account using the CleverReach REST API. | |
3 | # Your OAuth needs the right scope, please contact CleverReach support for that. | |
4 | # | |
e4e6173e JPB |
5 | # Written by Jan-Philipp Benecke <github@bnck.me> |
6 | # Public domain, 2020 | |
7 | # | |
8 | # Following environment variables must be set: | |
9 | # | |
10 | #export DEPLOY_CLEVERREACH_CLIENT_ID=myid | |
11 | #export DEPLOY_CLEVERREACH_CLIENT_SECRET=mysecret | |
12 | ||
13 | cleverreach_deploy() { | |
14 | _cdomain="$1" | |
15 | _ckey="$2" | |
16 | _ccert="$3" | |
17 | _cca="$4" | |
18 | _cfullchain="$5" | |
19 | ||
d853a9eb JPB |
20 | _rest_endpoint="https://rest.cleverreach.com" |
21 | ||
e4e6173e JPB |
22 | _debug _cdomain "$_cdomain" |
23 | _debug _ckey "$_ckey" | |
24 | _debug _ccert "$_ccert" | |
25 | _debug _cca "$_cca" | |
26 | _debug _cfullchain "$_cfullchain" | |
27 | ||
1db96336 JPB |
28 | _getdeployconf DEPLOY_CLEVERREACH_CLIENT_ID |
29 | _getdeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET | |
1530abbd | 30 | _getdeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID |
e4e6173e | 31 | |
1db96336 | 32 | if [ -z "${DEPLOY_CLEVERREACH_CLIENT_ID}" ]; then |
e4e6173e JPB |
33 | _err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID." |
34 | return 1 | |
35 | fi | |
1db96336 | 36 | if [ -z "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" ]; then |
e4e6173e JPB |
37 | _err "CleverReach client secret is not found, please define DEPLOY_CLEVERREACH_CLIENT_SECRET." |
38 | return 1 | |
39 | fi | |
40 | ||
1db96336 JPB |
41 | _savedeployconf DEPLOY_CLEVERREACH_CLIENT_ID "${DEPLOY_CLEVERREACH_CLIENT_ID}" |
42 | _savedeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" | |
1530abbd | 43 | _savedeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" |
e4e6173e JPB |
44 | |
45 | _info "Obtaining a CleverReach access token" | |
46 | ||
1db96336 | 47 | _data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${DEPLOY_CLEVERREACH_CLIENT_ID}\", \"client_secret\": \"${DEPLOY_CLEVERREACH_CLIENT_SECRET}\"}" |
d853a9eb | 48 | _auth_result="$(_post "$_data" "$_rest_endpoint/oauth/token.php" "" "POST" "application/json")" |
e4e6173e JPB |
49 | |
50 | _debug _data "$_data" | |
51 | _debug _auth_result "$_auth_result" | |
52 | ||
1db96336 JPB |
53 | _regex=".*\"access_token\":\"\([-._0-9A-Za-z]*\)\".*$" |
54 | _debug _regex "$_regex" | |
55 | _access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p") | |
e4e6173e | 56 | |
d853a9eb JPB |
57 | _debug _subclient "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" |
58 | ||
2867ec50 | 59 | if [ -n "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then |
d853a9eb | 60 | _info "Obtaining token for sub-client ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" |
1530abbd | 61 | export _H1="Authorization: Bearer ${_access_token}" |
d853a9eb JPB |
62 | _subclient_token_result="$(_get "$_rest_endpoint/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID/token")" |
63 | _access_token=$(echo "$_subclient_token_result" | sed -n "s/\"//p") | |
64 | ||
65 | _debug _subclient_token_result "$_access_token" | |
1530abbd | 66 | |
d853a9eb JPB |
67 | _info "Destroying parent token at CleverReach, as it not needed anymore" |
68 | _destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")" | |
69 | _debug _destroy_result "$_destroy_result" | |
1530abbd JPB |
70 | fi |
71 | ||
e4e6173e JPB |
72 | _info "Uploading certificate and key to CleverReach" |
73 | ||
2a9c56d9 | 74 | _certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}" |
e4e6173e | 75 | export _H1="Authorization: Bearer ${_access_token}" |
d853a9eb | 76 | _add_cert_result="$(_post "$_certData" "$_rest_endpoint/v3/ssl" "" "POST" "application/json")" |
e4e6173e | 77 | |
d853a9eb JPB |
78 | if [ -z "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then |
79 | _info "Destroying token at CleverReach, as it not needed anymore" | |
80 | _destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")" | |
81 | _debug _destroy_result "$_destroy_result" | |
1530abbd | 82 | fi |
e4e6173e JPB |
83 | |
84 | if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then | |
85 | _info "Uploaded certificate successfully" | |
86 | return 0 | |
87 | else | |
88 | _debug _add_cert_result "$_add_cert_result" | |
89 | _err "Unable to update certificate" | |
90 | return 1 | |
91 | fi | |
92 | } |