]>
Commit | Line | Data |
---|---|---|
228c8354 | 1 | #!/usr/bin/env sh |
2 | ||
95cdb4b2 | 3 | # Here is the script to deploy the cert to G-Core CDN service (https://gcorelabs.com/ru/) using the G-Core Labs API (https://docs.gcorelabs.com/cdn/). |
228c8354 | 4 | # Returns 0 when success. |
5 | # | |
6 | # Written by temoffey <temofffey@gmail.com> | |
7 | # Public domain, 2019 | |
8 | ||
9 | #export DEPLOY_GCORE_CDN_USERNAME=myusername | |
10 | #export DEPLOY_GCORE_CDN_PASSWORD=mypassword | |
11 | ||
12 | ######## Public functions ##################### | |
13 | ||
14 | #domain keyfile certfile cafile fullchain | |
15 | ||
16 | gcore_cdn_deploy() { | |
17 | _cdomain="$1" | |
18 | _ckey="$2" | |
19 | _ccert="$3" | |
20 | _cca="$4" | |
21 | _cfullchain="$5" | |
22 | ||
23 | _debug _cdomain "$_cdomain" | |
24 | _debug _ckey "$_ckey" | |
25 | _debug _ccert "$_ccert" | |
26 | _debug _cca "$_cca" | |
27 | _debug _cfullchain "$_cfullchain" | |
28 | ||
63407041 ТЯ |
29 | _fullchain=$(tr '\r\n' '*#' <"$_cfullchain" | sed 's/*#/#/g;s/##/#/g;s/#/\\n/g') |
30 | _key=$(tr '\r\n' '*#' <"$_ckey" | sed 's/*#/#/g;s/#/\\n/g') | |
228c8354 | 31 | |
32 | _debug _fullchain "$_fullchain" | |
33 | _debug _key "$_key" | |
34 | ||
35 | if [ -z "$DEPLOY_GCORE_CDN_USERNAME" ]; then | |
36 | if [ -z "$Le_Deploy_gcore_cdn_username" ]; then | |
37 | _err "Please define the target username: export DEPLOY_GCORE_CDN_USERNAME=username" | |
38 | return 1 | |
228c8354 | 39 | fi |
40 | else | |
95cdb4b2 | 41 | Le_Deploy_gcore_cdn_username="$DEPLOY_GCORE_CDN_USERNAME" |
42 | _savedomainconf Le_Deploy_gcore_cdn_username "$Le_Deploy_gcore_cdn_username" | |
228c8354 | 43 | fi |
44 | ||
45 | if [ -z "$DEPLOY_GCORE_CDN_PASSWORD" ]; then | |
46 | if [ -z "$Le_Deploy_gcore_cdn_password" ]; then | |
47 | _err "Please define the target password: export DEPLOY_GCORE_CDN_PASSWORD=password" | |
48 | return 1 | |
228c8354 | 49 | fi |
50 | else | |
95cdb4b2 | 51 | Le_Deploy_gcore_cdn_password="$DEPLOY_GCORE_CDN_PASSWORD" |
52 | _savedomainconf Le_Deploy_gcore_cdn_password "$Le_Deploy_gcore_cdn_password" | |
228c8354 | 53 | fi |
54 | ||
228c8354 | 55 | _info "Get authorization token" |
4b6e7e6c | 56 | _request="{\"username\":\"$Le_Deploy_gcore_cdn_username\",\"password\":\"$Le_Deploy_gcore_cdn_password\"}" |
228c8354 | 57 | _debug _request "$_request" |
8896642e | 58 | export _H1="Content-Type:application/json" |
1fff8dd3 | 59 | _response=$(_post "$_request" "https://api.gcdn.co/auth/jwt/login") |
228c8354 | 60 | _debug _response "$_response" |
1fff8dd3 | 61 | _regex=".*\"access\":\"\([-._0-9A-Za-z]*\)\".*$" |
b8489464 | 62 | _debug _regex "$_regex" |
4b6e7e6c | 63 | _token=$(echo "$_response" | sed -n "s/$_regex/\1/p") |
228c8354 | 64 | _debug _token "$_token" |
89989adc | 65 | |
b8489464 | 66 | if [ -z "$_token" ]; then |
228c8354 | 67 | _err "Error G-Core Labs API authorization" |
68 | return 1 | |
69 | fi | |
70 | ||
71 | _info "Find CDN resource with cname $_cdomain" | |
8896642e | 72 | export _H2="Authorization:Token $_token" |
73 | _response=$(_get "https://api.gcdn.co/resources") | |
228c8354 | 74 | _debug _response "$_response" |
1eaf7c89 | 75 | _regex="\"primary_resource\":null}," |
76 | _debug _regex "$_regex" | |
7ed7a57d | 77 | _response=$(echo "$_response" | sed "s/$_regex/$_regex\n/g") |
1eaf7c89 | 78 | _debug _response "$_response" |
bea52aa7 | 79 | _regex="^.*\"cname\":\"$_cdomain\".*$" |
b8489464 | 80 | _debug _regex "$_regex" |
1eaf7c89 | 81 | _resource=$(echo "$_response" | _egrep_o "$_regex") |
228c8354 | 82 | _debug _resource "$_resource" |
1eaf7c89 | 83 | _regex=".*\"id\":\([0-9]*\).*$" |
b8489464 | 84 | _debug _regex "$_regex" |
4b6e7e6c | 85 | _resourceId=$(echo "$_resource" | sed -n "s/$_regex/\1/p") |
228c8354 | 86 | _debug _resourceId "$_resourceId" |
252a21e2 | 87 | _regex=".*\"sslData\":\([0-9]*\).*$" |
b8489464 | 88 | _debug _regex "$_regex" |
4b6e7e6c | 89 | _sslDataOld=$(echo "$_resource" | sed -n "s/$_regex/\1/p") |
228c8354 | 90 | _debug _sslDataOld "$_sslDataOld" |
252a21e2 | 91 | _regex=".*\"originGroup\":\([0-9]*\).*$" |
b8489464 | 92 | _debug _regex "$_regex" |
4b6e7e6c | 93 | _originGroup=$(echo "$_resource" | sed -n "s/$_regex/\1/p") |
228c8354 | 94 | _debug _originGroup "$_originGroup" |
95 | ||
b8489464 | 96 | if [ -z "$_resourceId" ] || [ -z "$_originGroup" ]; then |
228c8354 | 97 | _err "Not found CDN resource with cname $_cdomain" |
98 | return 1 | |
99 | fi | |
100 | ||
101 | _info "Add new SSL certificate" | |
102 | _date=$(date "+%d.%m.%Y %H:%M:%S") | |
4b6e7e6c | 103 | _request="{\"name\":\"$_cdomain ($_date)\",\"sslCertificate\":\"$_fullchain\",\"sslPrivateKey\":\"$_key\"}" |
228c8354 | 104 | _debug _request "$_request" |
8896642e | 105 | _response=$(_post "$_request" "https://api.gcdn.co/sslData") |
228c8354 | 106 | _debug _response "$_response" |
252a21e2 | 107 | _regex=".*\"id\":\([0-9]*\).*$" |
b8489464 | 108 | _debug _regex "$_regex" |
4b6e7e6c | 109 | _sslDataAdd=$(echo "$_response" | sed -n "s/$_regex/\1/p") |
228c8354 | 110 | _debug _sslDataAdd "$_sslDataAdd" |
111 | ||
b8489464 | 112 | if [ -z "$_sslDataAdd" ]; then |
228c8354 | 113 | _err "Error new SSL certificate add" |
114 | return 1 | |
115 | fi | |
116 | ||
117 | _info "Update CDN resource" | |
4b6e7e6c | 118 | _request="{\"originGroup\":$_originGroup,\"sslData\":$_sslDataAdd}" |
228c8354 | 119 | _debug _request "$_request" |
8896642e | 120 | _response=$(_post "$_request" "https://api.gcdn.co/resources/$_resourceId" '' "PUT") |
228c8354 | 121 | _debug _response "$_response" |
ee38ccca | 122 | _regex=".*\"sslData\":\([0-9]*\).*$" |
b8489464 | 123 | _debug _regex "$_regex" |
4b6e7e6c | 124 | _sslDataNew=$(echo "$_response" | sed -n "s/$_regex/\1/p") |
228c8354 | 125 | _debug _sslDataNew "$_sslDataNew" |
126 | ||
127 | if [ "$_sslDataNew" != "$_sslDataAdd" ]; then | |
128 | _err "Error CDN resource update" | |
129 | return 1 | |
130 | fi | |
131 | ||
132 | if [ -z "$_sslDataOld" ] || [ "$_sslDataOld" = "null" ]; then | |
95cdb4b2 | 133 | _info "Not found old SSL certificate" |
228c8354 | 134 | else |
135 | _info "Delete old SSL certificate" | |
8896642e | 136 | _response=$(_post '' "https://api.gcdn.co/sslData/$_sslDataOld" '' "DELETE") |
228c8354 | 137 | _debug _response "$_response" |
138 | fi | |
139 | ||
140 | _info "Certificate successfully deployed" | |
141 | return 0 | |
95cdb4b2 | 142 | } |