|
|
|
@ -1530,62 +1530,75 @@ _send_signed_request() {
|
|
|
|
payload64=$(printf "%s" "$payload" | _base64 | _url_replace)
|
|
|
|
payload64=$(printf "%s" "$payload" | _base64 | _url_replace)
|
|
|
|
_debug3 payload64 "$payload64"
|
|
|
|
_debug3 payload64 "$payload64"
|
|
|
|
|
|
|
|
|
|
|
|
if [ -z "$_CACHED_NONCE" ]; then
|
|
|
|
MAX_REQUEST_RETRY_TIMES=5
|
|
|
|
_debug2 "Get nonce."
|
|
|
|
_request_retry_times=0
|
|
|
|
nonceurl="$API/directory"
|
|
|
|
while [ "${_request_retry_times}" -lt "$MAX_REQUEST_RETRY_TIMES" ]; do
|
|
|
|
_headers="$(_get "$nonceurl" "onlyheader")"
|
|
|
|
_debug3 _request_retry_times "$_request_retry_times"
|
|
|
|
|
|
|
|
if [ -z "$_CACHED_NONCE" ]; then
|
|
|
|
|
|
|
|
_debug2 "Get nonce."
|
|
|
|
|
|
|
|
nonceurl="$API/directory"
|
|
|
|
|
|
|
|
_headers="$(_get "$nonceurl" "onlyheader")"
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$?" != "0" ]; then
|
|
|
|
if [ "$?" != "0" ]; then
|
|
|
|
_err "Can not connect to $nonceurl to get nonce."
|
|
|
|
_err "Can not connect to $nonceurl to get nonce."
|
|
|
|
return 1
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
_debug2 _headers "$_headers"
|
|
|
|
_debug2 _headers "$_headers"
|
|
|
|
|
|
|
|
|
|
|
|
_CACHED_NONCE="$(echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
|
|
|
|
_CACHED_NONCE="$(echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
|
|
|
|
_debug2 _CACHED_NONCE "$_CACHED_NONCE"
|
|
|
|
_debug2 _CACHED_NONCE "$_CACHED_NONCE"
|
|
|
|
else
|
|
|
|
else
|
|
|
|
_debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE"
|
|
|
|
_debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
nonce="$_CACHED_NONCE"
|
|
|
|
nonce="$_CACHED_NONCE"
|
|
|
|
_debug2 nonce "$nonce"
|
|
|
|
_debug2 nonce "$nonce"
|
|
|
|
|
|
|
|
|
|
|
|
protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2"
|
|
|
|
protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2"
|
|
|
|
_debug3 protected "$protected"
|
|
|
|
_debug3 protected "$protected"
|
|
|
|
|
|
|
|
|
|
|
|
protected64="$(printf "%s" "$protected" | _base64 | _url_replace)"
|
|
|
|
protected64="$(printf "%s" "$protected" | _base64 | _url_replace)"
|
|
|
|
_debug3 protected64 "$protected64"
|
|
|
|
_debug3 protected64 "$protected64"
|
|
|
|
|
|
|
|
|
|
|
|
if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")"; then
|
|
|
|
if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")"; then
|
|
|
|
_err "Sign request failed."
|
|
|
|
_err "Sign request failed."
|
|
|
|
return 1
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
_debug3 _sig_t "$_sig_t"
|
|
|
|
_debug3 _sig_t "$_sig_t"
|
|
|
|
|
|
|
|
|
|
|
|
sig="$(printf "%s" "$_sig_t" | _url_replace)"
|
|
|
|
sig="$(printf "%s" "$_sig_t" | _url_replace)"
|
|
|
|
_debug3 sig "$sig"
|
|
|
|
_debug3 sig "$sig"
|
|
|
|
|
|
|
|
|
|
|
|
body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
|
|
|
|
body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
|
|
|
|
_debug3 body "$body"
|
|
|
|
_debug3 body "$body"
|
|
|
|
|
|
|
|
|
|
|
|
response="$(_post "$body" "$url" "$needbase64")"
|
|
|
|
response="$(_post "$body" "$url" "$needbase64")"
|
|
|
|
_CACHED_NONCE=""
|
|
|
|
_CACHED_NONCE=""
|
|
|
|
if [ "$?" != "0" ]; then
|
|
|
|
|
|
|
|
_err "Can not post to $url"
|
|
|
|
if [ "$?" != "0" ]; then
|
|
|
|
return 1
|
|
|
|
_err "Can not post to $url"
|
|
|
|
fi
|
|
|
|
return 1
|
|
|
|
_debug2 original "$response"
|
|
|
|
fi
|
|
|
|
|
|
|
|
_debug2 original "$response"
|
|
|
|
|
|
|
|
response="$(echo "$response" | _normalizeJson)"
|
|
|
|
|
|
|
|
|
|
|
|
response="$(echo "$response" | _normalizeJson)"
|
|
|
|
responseHeaders="$(< "$HTTP_HEADER")"
|
|
|
|
|
|
|
|
|
|
|
|
responseHeaders="$(cat "$HTTP_HEADER")"
|
|
|
|
_debug2 responseHeaders "$responseHeaders"
|
|
|
|
|
|
|
|
_debug2 response "$response"
|
|
|
|
|
|
|
|
code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")"
|
|
|
|
|
|
|
|
_debug code "$code"
|
|
|
|
|
|
|
|
|
|
|
|
_debug2 responseHeaders "$responseHeaders"
|
|
|
|
_CACHED_NONCE="$(echo "$responseHeaders" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
|
|
|
|
_debug2 response "$response"
|
|
|
|
|
|
|
|
code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")"
|
|
|
|
|
|
|
|
_debug code "$code"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_CACHED_NONCE="$(echo "$responseHeaders" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
|
|
|
|
if _contains "$response" "JWS has invalid anti-replay nonce"; then
|
|
|
|
|
|
|
|
_info "It seems the CA server is busy now, let's wait and retry."
|
|
|
|
|
|
|
|
_request_retry_times=$(_math "$_request_retry_times" + 1)
|
|
|
|
|
|
|
|
_sleep 5
|
|
|
|
|
|
|
|
continue
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
neil
8 years ago