Merge pull request #75 from Neilpang/FreeBSD

Support FreeBSD
9 years ago · 32ab35024b
parent 0db15ce230 aa692c0e70
commit 32ab35024b
1 changed files with 45 additions and 25 deletions
--- a/le.sh
+++ b/le.sh
@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-VER=1.1.7
+VER=1.1.8
 PROJECT="https://github.com/Neilpang/le"

 DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
@ -180,7 +180,8 @@ createCSR() {
    alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")"
    #multi 
    _info "Multi domain" "$alt"
-    openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" -reqexts SAN -config <(printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\n[SAN]\nsubjectAltName=$alt") -out "$CSR_PATH"
+    printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\n[SAN]\nsubjectAltName=$alt" > "$DOMAIN_SSL_CONF"
+    openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" -reqexts SAN -config "$DOMAIN_SSL_CONF" -out "$CSR_PATH"
  fi

 }
@ -190,6 +191,19 @@ _b64() {
  echo $__n | tr '/+' '_-' | tr -d '= '
 }

+_time2str() {
+  #BSD
+  if date -u -d@$1 2>/dev/null ; then
+    return
+  fi
+  
+  #Linux
+  if date -u -r $1 2>/dev/null ; then
+    return
+  fi
+  
+}
+
 _send_signed_request() {
  url=$1
  payload=$2
@ -208,14 +222,14 @@ _send_signed_request() {
  _debug payload64 $payload64
  
  nonceurl="$API/directory"
-  nonce=$($CURL -I $nonceurl | grep "^Replay-Nonce:" | sed s/\\r//|sed s/\\n//| cut -d ' ' -f 2)
+  nonce="$($CURL -I $nonceurl | grep -o "^Replay-Nonce:.*$" | tr -d "\r\n" | cut -d ' ' -f 2)"

-  _debug nonce $nonce
+  _debug nonce "$nonce"
  
-  protected=$(echo -n "$HEADERPLACE" | sed "s/NONCE/$nonce/" )
+  protected="$(printf "$HEADERPLACE" | sed "s/NONCE/$nonce/" )"
  _debug protected "$protected"
  
-  protected64=$( echo -n $protected | _base64 | _b64)
+  protected64="$(printf "$protected" | _base64 | _b64)"
  _debug protected64 "$protected64"
  
  sig=$(echo -n "$protected64.$payload64" |  openssl   dgst   -sha256  -sign  $ACCOUNT_KEY_PATH | _base64 | _b64)
@ -230,11 +244,11 @@ _send_signed_request() {
    response="$($CURL -X POST --data "$body" $url)"
  fi

-  responseHeaders="$(sed 's/\r//g' $CURL_HEADER)"
+  responseHeaders="$(cat $CURL_HEADER)"
  
  _debug responseHeaders "$responseHeaders"
  _debug response  "$response"
-  code="$(grep ^HTTP $CURL_HEADER | tail -1 | cut -d " " -f 2)"
+  code="$(grep ^HTTP $CURL_HEADER | tail -1 | cut -d " " -f 2 | tr -d "\r\n" )"
  _debug code $code

 }
@ -269,7 +283,8 @@ _setopt() {
    if [[ "$__val" == *"&"* ]] ; then
      __val="$(echo $__val | sed 's/&/\\&/g')"
    fi
-    sed -i "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" "$__conf"
+    text="$(cat $__conf)"
+    printf "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf"
  else
    _debug APP
    echo "$__opt$__sep$__val$__end" >> "$__conf"
@ -368,7 +383,11 @@ _initpath() {
  if [ -z "$DOMAIN_CONF" ] ; then
    DOMAIN_CONF="$domainhome/$Le_Domain.conf"
  fi
-
+  
+  if [ -z "$DOMAIN_SSL_CONF" ] ; then
+    DOMAIN_SSL_CONF="$domainhome/$Le_Domain.ssl.conf"
+  fi
+  
  if [ -z "$CSR_PATH" ] ; then
    CSR_PATH="$domainhome/$domain.csr"
  fi
@ -386,8 +405,8 @@ _initpath() {


 _apachePath() {
-  httpdroot="$(apachectl -V | grep HTTPD_ROOT= | cut -d = -f 2 | sed s/\"//g)"
-  httpdconfname="$(apachectl -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | sed s/\"//g)"
+  httpdroot="$(apachectl -V | grep HTTPD_ROOT= | cut -d = -f 2 | tr -d '"' )"
+  httpdconfname="$(apachectl -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | tr -d '"' )"
  httpdconf="$httpdroot/$httpdconfname"
  if [ ! -f $httpdconf ] ; then
    _err "Apache Config file not found" $httpdconf
@ -606,7 +625,7 @@ issue() {
  HEADERPLACE='{"nonce": "NONCE", "alg": "RS256", "jwk": '$jwk'}'
  _debug HEADER "$HEADER"
  
-  accountkey_json=$(echo -n "$jwk" | sed "s/ //g")
+  accountkey_json=$(echo -n "$jwk" |  tr -d ' ' )
  thumbprint=$(echo -n "$accountkey_json" | openssl dgst -sha256 -binary | _base64 | _b64)
  
  
@ -638,7 +657,7 @@ issue() {
  _info "Verify each domain"
  sep='#'
  if [ -z "$vlist" ] ; then
-    alldomains=$(echo "$Le_Domain,$Le_Alt" | sed "s/,/ /g")
+    alldomains=$(echo "$Le_Domain,$Le_Alt" |  tr ',' ' ' )
    for d in $alldomains   
    do  
      _info "Geting token for domain" $d
@ -649,13 +668,13 @@ issue() {
        return 1
      fi

-      entry=$(echo $response | egrep -o  '{[^{]*"type":"'$vtype'"[^}]*')
+      entry="$(printf $response | egrep -o  '{[^{]*"type":"'$vtype'"[^}]*')"
      _debug entry "$entry"

-      token=$(echo "$entry" | sed 's/,/\n'/g| grep '"token":'| cut -d : -f 2|sed 's/"//g')
+      token="$(printf "$entry" | egrep -o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')"
      _debug token $token
      
-      uri=$(echo "$entry" | sed 's/,/\n'/g| grep '"uri":'| cut -d : -f 2,3|sed 's/"//g')
+      uri="$(printf "$entry" | egrep -o '"uri":"[^"]*'| cut -d : -f 2,3 | tr -d '"' )"
      _debug uri $uri
      
      keyauthorization="$token.$thumbprint"
@ -670,7 +689,7 @@ issue() {

    #add entry
    dnsadded=""
-    ventries=$(echo "$vlist" | sed "s/,/ /g")
+    ventries=$(echo "$vlist" |  tr ',' ' ' )
    for ventry in $ventries
    do
      d=$(echo $ventry | cut -d $sep -f 1)
@ -745,7 +764,7 @@ issue() {
  fi
  
  _debug "ok, let's start to verify"
-  ventries=$(echo "$vlist" | sed "s/,/ /g")
+  ventries=$(echo "$vlist" |  tr ',' ' ' )
  for ventry in $ventries
  do
    d=$(echo $ventry | cut -d $sep -f 1)
@ -812,7 +831,7 @@ issue() {
        return 1
      fi
      
-      status=$(echo $response | egrep -o  '"status":"[^"]+"' | cut -d : -f 2 | sed 's/"//g')
+      status=$(echo $response | egrep -o  '"status":"[^"]+"' | cut -d : -f 2 | tr -d '"')
      if [ "$status" == "valid" ] ; then
        _info "Success"
        _stopserver $serverproc
@ -848,7 +867,7 @@ issue() {
  _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64"
  
  
-  Le_LinkCert="$(grep -i -o '^Location.*' $CURL_HEADER |sed 's/\r//g'| cut -d " " -f 2)"
+  Le_LinkCert="$(grep -i -o '^Location.*$' $CURL_HEADER | tr -d "\r\n" | cut -d " " -f 2)"
  _setopt "$DOMAIN_CONF"  "Le_LinkCert"           "="  "$Le_LinkCert"

  if [ "$Le_LinkCert" ] ; then
@ -870,7 +889,7 @@ issue() {
  
  _setopt "$DOMAIN_CONF"  'Le_Vlist' '=' "\"\""
  
-  Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | sed 's/<//g' | sed 's/>//g')
+  Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | tr -d '<>' )
  _setopt "$DOMAIN_CONF"  "Le_LinkIssuer"         "="  "$Le_LinkIssuer"
  
  if [ "$Le_LinkIssuer" ] ; then
@ -883,7 +902,7 @@ issue() {
  Le_CertCreateTime=$(date -u "+%s")
  _setopt "$DOMAIN_CONF"  "Le_CertCreateTime"     "="  "$Le_CertCreateTime"
  
-  Le_CertCreateTimeStr=$(date -u "+%Y-%m-%d %H:%M:%S UTC")
+  Le_CertCreateTimeStr=$(date -u )
  _setopt "$DOMAIN_CONF"  "Le_CertCreateTimeStr"  "="  "\"$Le_CertCreateTimeStr\""
  
  if [ ! "$Le_RenewalDays" ] ; then
@ -892,10 +911,10 @@ issue() {
  
  _setopt "$DOMAIN_CONF"  "Le_RenewalDays"      "="  "$Le_RenewalDays"
  
-  Le_NextRenewTime=$(date -u -d "+$Le_RenewalDays day" "+%s")
+  let "Le_NextRenewTime=Le_CertCreateTime+Le_RenewalDays*24*60*60"
  _setopt "$DOMAIN_CONF"  "Le_NextRenewTime"      "="  "$Le_NextRenewTime"
  
-  Le_NextRenewTimeStr=$(date -u -d "+$Le_RenewalDays day" "+%Y-%m-%d %H:%M:%S UTC")
+  Le_NextRenewTimeStr=$( _time2str $Le_NextRenewTime )
  _setopt "$DOMAIN_CONF"  "Le_NextRenewTimeStr"      "="  "\"$Le_NextRenewTimeStr\""


@ -960,6 +979,7 @@ renewAll() {
    Le_ReloadCmd=""
    
    DOMAIN_CONF=""
+    DOMAIN_SSL_CONF=""
    CSR_PATH=""
    CERT_KEY_PATH=""
    CERT_PATH=""