]>
Commit | Line | Data |
---|---|---|
e19809d5 | 1 | #!/usr/bin/env sh |
2 | ||
ac9f6e3a | 3 | # Script to create certificate to qiniu.com |
e19809d5 | 4 | # |
5 | # This deployment required following variables | |
6 | # export QINIU_AK="QINIUACCESSKEY" | |
7 | # export QINIU_SK="QINIUSECRETKEY" | |
3c6b7073 | 8 | # export QINIU_CDN_DOMAIN="cdn.example.com" |
6132af8e | 9 | # If you have more than one domain, just |
10 | # export QINIU_CDN_DOMAIN="cdn1.example.com cdn2.example.com" | |
e19809d5 | 11 | |
12 | QINIU_API_BASE="https://api.qiniu.com" | |
13 | ||
14 | qiniu_deploy() { | |
15 | _cdomain="$1" | |
16 | _ckey="$2" | |
17 | _ccert="$3" | |
18 | _cca="$4" | |
19 | _cfullchain="$5" | |
20 | ||
21 | _debug _cdomain "$_cdomain" | |
22 | _debug _ckey "$_ckey" | |
23 | _debug _ccert "$_ccert" | |
24 | _debug _cca "$_cca" | |
25 | _debug _cfullchain "$_cfullchain" | |
26 | ||
27 | if [ -z "$QINIU_AK" ]; then | |
afdb9a63 | 28 | _err "QINIU_AK is not defined." |
29 | return 1 | |
e19809d5 | 30 | else |
afdb9a63 | 31 | _savedomainconf QINIU_AK "$QINIU_AK" |
e19809d5 | 32 | fi |
33 | ||
34 | if [ -z "$QINIU_SK" ]; then | |
afdb9a63 | 35 | _err "QINIU_SK is not defined." |
36 | return 1 | |
e19809d5 | 37 | else |
afdb9a63 | 38 | _savedomainconf QINIU_SK "$QINIU_SK" |
e19809d5 | 39 | fi |
40 | ||
dd6fa4af | 41 | if [ "$QINIU_CDN_DOMAIN" ]; then |
c445e70c | 42 | _savedomainconf QINIU_CDN_DOMAIN "$QINIU_CDN_DOMAIN" |
dd6fa4af | 43 | else |
c445e70c | 44 | QINIU_CDN_DOMAIN="$_cdomain" |
4c1fa9c2 | 45 | fi |
46 | ||
d2a60f3c | 47 | ## upload certificate |
82b11da4 | 48 | string_fullchain=$(sed 's/$/\\n/' "$_cfullchain" | tr -d '\n') |
49 | string_key=$(sed 's/$/\\n/' "$_ckey" | tr -d '\n') | |
e19809d5 | 50 | |
d2a60f3c | 51 | sslcert_path="/sslcert" |
afdb9a63 | 52 | sslcerl_body="{\"name\":\"$_cdomain\",\"common_name\":\"$QINIU_CDN_DOMAIN\",\"ca\":\"$string_fullchain\",\"pri\":\"$string_key\"}" |
4c1fa9c2 | 53 | sslcert_access_token="$(_make_access_token "$sslcert_path")" |
3bc66282 | 54 | _debug sslcert_access_token "$sslcert_access_token" |
55 | export _H1="Authorization: QBox $sslcert_access_token" | |
b169a5c7 | 56 | sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64) |
e19809d5 | 57 | |
96efc8c7 | 58 | if ! _contains "$sslcert_response" "certID"; then |
3bc66282 | 59 | _err "Error in creating certificate:" |
60 | _err "$sslcert_response" | |
e19809d5 | 61 | return 1 |
62 | fi | |
63 | ||
3bc66282 | 64 | _debug sslcert_response "$sslcert_response" |
65 | _info "Certificate successfully uploaded, updating domain $_cdomain" | |
66 | ||
d2a60f3c | 67 | ## extract certId |
96efc8c7 | 68 | _certId="$(printf "%s" "$sslcert_response" | _normalizeJson | _egrep_o "certID\": *\"[^\"]*\"" | cut -d : -f 2)" |
3bc66282 | 69 | _debug certId "$_certId" |
70 | ||
d2a60f3c | 71 | ## update domain ssl config |
4c1fa9c2 | 72 | update_body="{\"certid\":$_certId,\"forceHttps\":false}" |
6132af8e | 73 | for domain in $QINIU_CDN_DOMAIN; do |
74 | update_path="/domain/$domain/httpsconf" | |
75 | update_access_token="$(_make_access_token "$update_path")" | |
76 | _debug update_access_token "$update_access_token" | |
77 | export _H1="Authorization: QBox $update_access_token" | |
b169a5c7 | 78 | update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64) |
6132af8e | 79 | |
80 | if _contains "$update_response" "error"; then | |
81 | _err "Error in updating domain $domain httpsconf:" | |
82 | _err "$update_response" | |
83 | return 1 | |
84 | fi | |
85 | ||
86 | _debug update_response "$update_response" | |
87 | _info "Domain $domain certificate has been deployed successfully" | |
88 | done | |
e19809d5 | 89 | |
90 | return 0 | |
91 | } | |
92 | ||
4c1fa9c2 | 93 | _make_access_token() { |
af5f7a77 | 94 | _token="$(printf "%s\n" "$1" | _hmac "sha1" "$(printf "%s" "$QINIU_SK" | _hex_dump | tr -d " ")" | _base64 | tr -- '+/' '-_')" |
afdb9a63 | 95 | echo "$QINIU_AK:$_token" |
e19809d5 | 96 | } |