deploy/qiniu.sh

   1 #!/usr/bin/env sh
   2
   3 # Script to create certificate to qiniu.com
   4 #
   5 # This deployment required following variables
   6 # export QINIU_AK="QINIUACCESSKEY"
   7 # export QINIU_SK="QINIUSECRETKEY"
   8
   9 QINIU_API_BASE="https://api.qiniu.com"
  10
  11 qiniu_deploy() {
  12   _cdomain="$1"
  13   _ckey="$2"
  14   _ccert="$3"
  15   _cca="$4"
  16   _cfullchain="$5"
  17
  18   _debug _cdomain "$_cdomain"
  19   _debug _ckey "$_ckey"
  20   _debug _ccert "$_ccert"
  21   _debug _cca "$_cca"
  22   _debug _cfullchain "$_cfullchain"
  23
  24   if [ -z "$QINIU_AK" ]; then
  25     if [ -z "$Le_Deploy_Qiniu_AK" ]; then
  26       _err "QINIU_AK is not defined."
  27       return 1
  28     fi
  29   else
  30     Le_Deploy_Qiniu_AK="$QINIU_AK"
  31     _savedomainconf Le_Deploy_Qiniu_AK "$Le_Deploy_Qiniu_AK"
  32   fi
  33
  34   if [ -z "$QINIU_SK" ]; then
  35     if [ -z "$Le_Deploy_Qiniu_SK" ]; then
  36       _err "QINIU_SK is not defined."
  37       return 1
  38     fi
  39   else
  40     Le_Deploy_Qiniu_SK="$QINIU_SK"
  41     _savedomainconf Le_Deploy_Qiniu_SK "$Le_Deploy_Qiniu_SK"
  42   fi
  43
  44   ## upload certificate
  45   string_fullchain=$(awk '{printf "%s\\n", $0}' "$_cfullchain")
  46   string_key=$(awk '{printf "%s\\n", $0}' "$_ckey")
  47
  48   sslcert_path="/sslcert"
  49   sslcerl_body="{\"name\":\"$_cdomain\",\"common_name\":\"$_cdomain\",\"ca\":\"$string_fullchain\",\"pri\":\"$string_key\"}"
  50   sslcert_access_token="$(_make_sslcreate_access_token "$sslcert_path")"
  51   _debug sslcert_access_token "$sslcert_access_token"
  52   export _H1="Authorization: QBox $sslcert_access_token"
  53   sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64 "multiline")
  54
  55   success_response="certID"
  56   if test "${sslcert_response#*$success_response}" == "$sslcert_response"; then
  57     _err "Error in creating certificate:"
  58     _err "$sslcert_response"
  59     return 1
  60   fi
  61
  62   _debug sslcert_response "$sslcert_response"
  63   _info "Certificate successfully uploaded, updating domain $_cdomain"
  64
  65   ## extract certId
  66   _certId=$(printf "%s" "$sslcert_response" | sed -e "s/^.*certID\":\"//" -e "s/\"\}$//")
  67   _debug certId "$_certId"
  68
  69   ## update domain ssl config
  70   update_path="/domain/$_cdomain/httpsconf"
  71   update_body="{\"certid\":\"$_certId\",\"forceHttps\":true}"
  72   update_access_token="$(_make_sslcreate_access_token "$update_path")"
  73   _debug update_access_token "$update_access_token"
  74   export _H1="Authorization: QBox $update_access_token"
  75   update_response=$(_post "$update_body" "$QINIU_API_BASE$update_body" 0 "PUT" "application/json" | _dbase64 "multiline")
  76
  77   err_response="error"
  78   if test "${update_response#*$err_response}" != "$update_response"; then
  79     _err "Error in updating domain httpsconf:"
  80     _err "$update_response"
  81     return 1
  82   fi
  83
  84   _debug update_response "$update_response"
  85   _info "Certificate successfully deployed"
  86
  87   return 0
  88 }
  89
  90 _make_sslcreate_access_token() {
  91   _data="$1\\n"
  92   _token="$(printf "%s" "$_data" | openssl sha1 -hmac "$Le_Deploy_Qiniu_SK" -binary | openssl base64 -e)"
  93   echo "$Le_Deploy_Qiniu_AK:$_token"
  94 }