#!/usr/bin/env sh
-# Script to create certificate to qiniu.com
+# Script to create certificate to qiniu.com
#
# This deployment required following variables
# export QINIU_AK="QINIUACCESSKEY"
# export QINIU_SK="QINIUSECRETKEY"
+# export QINIU_CDN_DOMAIN="cdn.example.com"
+# If you have more than one domain, just
+# export QINIU_CDN_DOMAIN="cdn1.example.com cdn2.example.com"
QINIU_API_BASE="https://api.qiniu.com"
_debug _cfullchain "$_cfullchain"
if [ -z "$QINIU_AK" ]; then
- if [ -z "$Le_Deploy_Qiniu_AK" ]; then
- _err "QINIU_AK is not defined."
- return 1
- fi
+ _err "QINIU_AK is not defined."
+ return 1
else
- Le_Deploy_Qiniu_AK="$QINIU_AK"
- _savedomainconf Le_Deploy_Qiniu_AK "$Le_Deploy_Qiniu_AK"
+ _savedomainconf QINIU_AK "$QINIU_AK"
fi
if [ -z "$QINIU_SK" ]; then
- if [ -z "$Le_Deploy_Qiniu_SK" ]; then
- _err "QINIU_SK is not defined."
- return 1
- fi
+ _err "QINIU_SK is not defined."
+ return 1
else
- Le_Deploy_Qiniu_SK="$QINIU_SK"
- _savedomainconf Le_Deploy_Qiniu_SK "$Le_Deploy_Qiniu_SK"
+ _savedomainconf QINIU_SK "$QINIU_SK"
+ fi
+
+ if [ "$QINIU_CDN_DOMAIN" ]; then
+ _savedomainconf QINIU_CDN_DOMAIN "$QINIU_CDN_DOMAIN"
+ else
+ QINIU_CDN_DOMAIN="$_cdomain"
fi
## upload certificate
- string_fullchain=$(awk '{printf "%s\\n", $0}' "$_cfullchain")
- string_key=$(awk '{printf "%s\\n", $0}' "$_ckey")
+ string_fullchain=$(sed 's/$/\\n/' "$_cfullchain" | tr -d '\n')
+ string_key=$(sed 's/$/\\n/' "$_ckey" | tr -d '\n')
sslcert_path="/sslcert"
- sslcerl_body="{\"name\":\"$_cdomain\",\"common_name\":\"$_cdomain\",\"ca\":\"$string_fullchain\",\"pri\":\"$string_key\"}"
- sslcert_access_token="$(_make_sslcreate_access_token "$sslcert_path")"
+ sslcerl_body="{\"name\":\"$_cdomain\",\"common_name\":\"$QINIU_CDN_DOMAIN\",\"ca\":\"$string_fullchain\",\"pri\":\"$string_key\"}"
+ sslcert_access_token="$(_make_access_token "$sslcert_path")"
_debug sslcert_access_token "$sslcert_access_token"
export _H1="Authorization: QBox $sslcert_access_token"
- sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64 "multiline")
+ sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64)
- success_response="certID"
- if test "${sslcert_response#*$success_response}" == "$sslcert_response"; then
+ if ! _contains "$sslcert_response" "certID"; then
_err "Error in creating certificate:"
_err "$sslcert_response"
return 1
_info "Certificate successfully uploaded, updating domain $_cdomain"
## extract certId
- _certId=$(printf "%s" "$sslcert_response" | sed -e "s/^.*certID\":\"//" -e "s/\"\}$//")
+ _certId="$(printf "%s" "$sslcert_response" | _normalizeJson | _egrep_o "certID\": *\"[^\"]*\"" | cut -d : -f 2)"
_debug certId "$_certId"
## update domain ssl config
- update_path="/domain/$_cdomain/httpsconf"
- update_body="{\"certid\":\"$_certId\",\"forceHttps\":true}"
- update_access_token="$(_make_sslcreate_access_token "$update_path")"
- _debug update_access_token "$update_access_token"
- export _H1="Authorization: QBox $update_access_token"
- update_response=$(_post "$update_body" "$QINIU_API_BASE$update_body" 0 "PUT" "application/json" | _dbase64 "multiline")
-
- err_response="error"
- if test "${update_response#*$err_response}" != "$update_response"; then
- _err "Error in updating domain httpsconf:"
- _err "$update_response"
- return 1
- fi
+ update_body="{\"certid\":$_certId,\"forceHttps\":false}"
+ for domain in $QINIU_CDN_DOMAIN; do
+ update_path="/domain/$domain/httpsconf"
+ update_access_token="$(_make_access_token "$update_path")"
+ _debug update_access_token "$update_access_token"
+ export _H1="Authorization: QBox $update_access_token"
+ update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64)
+
+ if _contains "$update_response" "error"; then
+ _err "Error in updating domain $domain httpsconf:"
+ _err "$update_response"
+ return 1
+ fi
- _debug update_response "$update_response"
- _info "Certificate successfully deployed"
+ _debug update_response "$update_response"
+ _info "Domain $domain certificate has been deployed successfully"
+ done
return 0
}
-_make_sslcreate_access_token() {
- _data="$1\\n"
- _token="$(printf "%s" "$_data" | openssl sha1 -hmac "$Le_Deploy_Qiniu_SK" -binary | openssl base64 -e)"
- echo "$Le_Deploy_Qiniu_AK:$_token"
+_make_access_token() {
+ _token="$(printf "%s\n" "$1" | _hmac "sha1" "$(printf "%s" "$QINIU_SK" | _hex_dump | tr -d " ")" | _base64 | tr -- '+/' '-_')"
+ echo "$QINIU_AK:$_token"
}