[mirror_acme.sh.git] / deploy / qiniu.sh

#!/usr/bin/env sh

# Script to create certificate to qiniu.com
#
# This deployment required following variables
# export QINIU_AK="QINIUACCESSKEY"
# export QINIU_SK="QINIUSECRETKEY"
# export QINIU_CDN_DOMAIN="cdn.example.com"
# If you have more than one domain, just
# export QINIU_CDN_DOMAIN="cdn1.example.com cdn2.example.com"

QINIU_API_BASE="https://api.qiniu.com"

qiniu_deploy() {
  _cdomain="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"

  _debug _cdomain "$_cdomain"
  _debug _ckey "$_ckey"
  _debug _ccert "$_ccert"
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"

  if [ -z "$QINIU_AK" ]; then
    _err "QINIU_AK is not defined."
    return 1
  else
    _savedomainconf QINIU_AK "$QINIU_AK"
  fi

  if [ -z "$QINIU_SK" ]; then
    _err "QINIU_SK is not defined."
    return 1
  else
    _savedomainconf QINIU_SK "$QINIU_SK"
  fi

  if [ "$QINIU_CDN_DOMAIN" ]; then
    _savedomainconf QINIU_CDN_DOMAIN "$QINIU_CDN_DOMAIN"
  else
    QINIU_CDN_DOMAIN="$_cdomain"
  fi

  ## upload certificate
  string_fullchain=$(sed 's/$/\\n/' "$_cfullchain" | tr -d '\n')
  string_key=$(sed 's/$/\\n/' "$_ckey" | tr -d '\n')

  sslcert_path="/sslcert"
  sslcerl_body="{\"name\":\"$_cdomain\",\"common_name\":\"$QINIU_CDN_DOMAIN\",\"ca\":\"$string_fullchain\",\"pri\":\"$string_key\"}"
  sslcert_access_token="$(_make_access_token "$sslcert_path")"
  _debug sslcert_access_token "$sslcert_access_token"
  export _H1="Authorization: QBox $sslcert_access_token"
  sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64)

  if ! _contains "$sslcert_response" "certID"; then
    _err "Error in creating certificate:"
    _err "$sslcert_response"
    return 1
  fi

  _debug sslcert_response "$sslcert_response"
  _info "Certificate successfully uploaded, updating domain $_cdomain"

  ## extract certId
  _certId="$(printf "%s" "$sslcert_response" | _normalizeJson | _egrep_o "certID\": *\"[^\"]*\"" | cut -d : -f 2)"
  _debug certId "$_certId"

  ## update domain ssl config
  update_body="{\"certid\":$_certId,\"forceHttps\":false}"
  for domain in $QINIU_CDN_DOMAIN; do
    update_path="/domain/$domain/httpsconf"
    update_access_token="$(_make_access_token "$update_path")"
    _debug update_access_token "$update_access_token"
    export _H1="Authorization: QBox $update_access_token"
    update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64)

    if _contains "$update_response" "error"; then
      _err "Error in updating domain $domain httpsconf:"
      _err "$update_response"
      return 1
    fi

    _debug update_response "$update_response"
    _info "Domain $domain certificate has been deployed successfully"
  done

  return 0
}

_make_access_token() {
  _token="$(printf "%s\n" "$1" | _hmac "sha1" "$(printf "%s" "$QINIU_SK" | _hex_dump | tr -d " ")" | _base64 | tr -- '+/' '-_')"
  echo "$QINIU_AK:$_token"
}
Commit	Line	Data
e19809d5	1	#!/usr/bin/env sh
e19809d5	2
ac9f6e3a	3	# Script to create certificate to qiniu.com
e19809d5	4	#
	5	# This deployment required following variables
	6	# export QINIU_AK="QINIUACCESSKEY"
	7	# export QINIU_SK="QINIUSECRETKEY"
3c6b7073	8	# export QINIU_CDN_DOMAIN="cdn.example.com"
6132af8e	9	# If you have more than one domain, just
6132af8e	10	# export QINIU_CDN_DOMAIN="cdn1.example.com cdn2.example.com"
e19809d5	11
	12	QINIU_API_BASE="https://api.qiniu.com"
	13
	14	qiniu_deploy() {
	15	_cdomain="$1"
	16	_ckey="$2"
	17	_ccert="$3"
	18	_cca="$4"
	19	_cfullchain="$5"
	20
	21	_debug _cdomain "$_cdomain"
	22	_debug _ckey "$_ckey"
	23	_debug _ccert "$_ccert"
	24	_debug _cca "$_cca"
	25	_debug _cfullchain "$_cfullchain"
	26
	27	if [ -z "$QINIU_AK" ]; then
afdb9a63	28	_err "QINIU_AK is not defined."
afdb9a63	29	return 1
e19809d5	30	else
afdb9a63	31	_savedomainconf QINIU_AK "$QINIU_AK"
e19809d5	32	fi
	33
	34	if [ -z "$QINIU_SK" ]; then
afdb9a63	35	_err "QINIU_SK is not defined."
afdb9a63	36	return 1
e19809d5	37	else
afdb9a63	38	_savedomainconf QINIU_SK "$QINIU_SK"
e19809d5	39	fi
e19809d5	40
dd6fa4af	41	if [ "$QINIU_CDN_DOMAIN" ]; then
c445e70c	42	_savedomainconf QINIU_CDN_DOMAIN "$QINIU_CDN_DOMAIN"
dd6fa4af	43	else
c445e70c	44	QINIU_CDN_DOMAIN="$_cdomain"
4c1fa9c2	45	fi
4c1fa9c2	46
d2a60f3c	47	## upload certificate
82b11da4	48	string_fullchain=$(sed 's/$/\\n/' "$_cfullchain" \| tr -d '\n')
82b11da4	49	string_key=$(sed 's/$/\\n/' "$_ckey" \| tr -d '\n')
e19809d5	50
d2a60f3c	51	sslcert_path="/sslcert"
afdb9a63	52	sslcerl_body="{\"name\":\"$_cdomain\",\"common_name\":\"$QINIU_CDN_DOMAIN\",\"ca\":\"$string_fullchain\",\"pri\":\"$string_key\"}"
4c1fa9c2	53	sslcert_access_token="$(_make_access_token "$sslcert_path")"
3bc66282	54	_debug sslcert_access_token "$sslcert_access_token"
3bc66282	55	export _H1="Authorization: QBox $sslcert_access_token"
b169a5c7	56	sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" \| _dbase64)
e19809d5	57
96efc8c7	58	if ! _contains "$sslcert_response" "certID"; then
3bc66282	59	_err "Error in creating certificate:"
3bc66282	60	_err "$sslcert_response"
e19809d5	61	return 1
	62	fi
	63
3bc66282	64	_debug sslcert_response "$sslcert_response"
	65	_info "Certificate successfully uploaded, updating domain $_cdomain"
	66
d2a60f3c	67	## extract certId
96efc8c7	68	_certId="$(printf "%s" "$sslcert_response" \| _normalizeJson \| _egrep_o "certID\": \"[^\"]\"" \| cut -d : -f 2)"
3bc66282	69	_debug certId "$_certId"
3bc66282	70
d2a60f3c	71	## update domain ssl config
4c1fa9c2	72	update_body="{\"certid\":$_certId,\"forceHttps\":false}"
6132af8e	73	for domain in $QINIU_CDN_DOMAIN; do
	74	update_path="/domain/$domain/httpsconf"
	75	update_access_token="$(_make_access_token "$update_path")"
	76	_debug update_access_token "$update_access_token"
	77	export _H1="Authorization: QBox $update_access_token"
b169a5c7	78	update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" \| _dbase64)
6132af8e	79
	80	if _contains "$update_response" "error"; then
	81	_err "Error in updating domain $domain httpsconf:"
	82	_err "$update_response"
	83	return 1
	84	fi
	85
	86	_debug update_response "$update_response"
	87	_info "Domain $domain certificate has been deployed successfully"
	88	done
e19809d5	89
	90	return 0
	91	}
	92
4c1fa9c2	93	_make_access_token() {
af5f7a77	94	_token="$(printf "%s\n" "$1" \| _hmac "sha1" "$(printf "%s" "$QINIU_SK" \| _hex_dump \| tr -d " ")" \| _base64 \| tr -- '+/' '-_')"
afdb9a63	95	echo "$QINIU_AK:$_token"
e19809d5	96	}