projects / mirror_acme.sh.git / blame
| Commit | Line | Data |
|---|---|---|
| 824ffa24 | 1 | #!/usr/bin/env sh |
| eca57bee TG |
2 | # If certificate already exists it will update only cert and key, not touching other parameters |
| 3 | # If certificate doesn't exist it will only upload cert and key, and not set other parameters | |
| 1231b712 | 4 | # Note that we deploy full chain |
| 1699e94f G |
5 | # Written by Geoffroi Genot <ggenot@voxbone.com> |
| 6 | ||
| 7 | ######## Public functions ##################### | |
| 8 | ||
| 9 | #domain keyfile certfile cafile fullchain | |
| e2cc350f | 10 | kong_deploy() { |
| 1699e94f G |
11 | _cdomain="$1" |
| 12 | _ckey="$2" | |
| 13 | _ccert="$3" | |
| 14 | _cca="$4" | |
| 15 | _cfullchain="$5" | |
| 16 | _info "Deploying certificate on Kong instance" | |
| 07feb87d | 17 | if [ -z "$KONG_URL" ]; then |
| 753d0e7d G |
18 | _debug "KONG_URL Not set, using default http://localhost:8001" |
| 19 | KONG_URL="http://localhost:8001" | |
| 1699e94f G |
20 | fi |
| 21 | ||
| 22 | _debug _cdomain "$_cdomain" | |
| 23 | _debug _ckey "$_ckey" | |
| 24 | _debug _ccert "$_ccert" | |
| 25 | _debug _cca "$_cca" | |
| 26 | _debug _cfullchain "$_cfullchain" | |
| 27 | ||
| 0138e167 | 28 | #Get ssl_uuid linked to the domain |
| 29 | ssl_uuid=$(_get "$KONG_URL/certificates/$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}') | |
| 30 | if [ -z "$ssl_uuid" ]; then | |
| 31 | _debug "Unable to get Kong ssl_uuid for domain $_cdomain" | |
| 32 | _debug "Make sure that KONG_URL is correctly configured" | |
| 33 | _debug "Make sure that a Kong certificate match the sni" | |
| 34 | _debug "Kong url: $KONG_URL" | |
| 35 | _info "No existing certificate, creating..." | |
| 36 | #return 1 | |
| 1699e94f G |
37 | fi |
| 38 | #Save kong url if it's succesful (First run case) | |
| 39 | _saveaccountconf KONG_URL "$KONG_URL" | |
| 40 | #Generate DEIM | |
| 4cedbf80 | 41 | delim="-----MultipartDelimiter$(date "+%s%N")" |
| 5fe91d65 | 42 | nl="\015\012" |
| 1699e94f G |
43 | #Set Header |
| 44 | _H1="Content-Type: multipart/form-data; boundary=$delim" | |
| 45 | #Generate data for request (Multipart/form-data with mixed content) | |
| 0138e167 | 46 | if [ -z "$ssl_uuid" ]; then |
| 47 | #set sni to domain | |
| 2447fccf | 48 | content="--$delim${nl}Content-Disposition: form-data; name=\"snis[]\"${nl}${nl}$_cdomain" |
| 0138e167 | 49 | fi |
| 1699e94f | 50 | #add key |
| 0138e167 | 51 | content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")" |
| 1699e94f | 52 | #Add cert |
| 0138e167 | 53 | content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")" |
| 1699e94f G |
54 | #Close multipart |
| 55 | content="$content${nl}--$delim--${nl}" | |
| 5fe91d65 G |
56 | #Convert CRLF |
| 57 | content=$(printf %b "$content") | |
| 1699e94f G |
58 | #DEBUG |
| 59 | _debug header "$_H1" | |
| 60 | _debug content "$content" | |
| 0138e167 | 61 | #Check if sslcreated (if not => POST else => PATCH) |
| 62 | ||
| c140fe9b | 63 | if [ -z "$ssl_uuid" ]; then |
| 1699e94f | 64 | #Post certificate to Kong |
| 0138e167 | 65 | response=$(_post "$content" "$KONG_URL/certificates" "" "POST") |
| 1699e94f G |
66 | else |
| 67 | #patch | |
| 0138e167 | 68 | response=$(_post "$content" "$KONG_URL/certificates/$ssl_uuid" "" "PATCH") |
| 1699e94f | 69 | fi |
| 0138e167 | 70 | if ! [ "$(echo "$response" | _egrep_o "created_at")" = "created_at" ]; then |
| 00b34eb2 | 71 | _err "An error occurred with cert upload. Check response:" |
| 1699e94f G |
72 | _err "$response" |
| 73 | return 1 | |
| 74 | fi | |
| 75 | _debug response "$response" | |
| 76 | _info "Certificate successfully deployed" | |
| 77 | } |