vesta/bin/v-add-letsencrypt-user
2019-09-24 01:08:17 +03:00

142 lines
3.8 KiB
Bash
Executable File

#!/bin/bash
# info: register letsencrypt user account
# options: USER
#
# The function creates and register LetsEncript account
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
# LE API
API='https://acme-v02.api.letsencrypt.org'
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
# encode base64
encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
# Let's Encrypt v2 curl function
query_le_v2() {
protected='{"nonce": "'$3'",'
protected=''$protected' "url": "'$1'",'
protected=''$protected' "alg": "RS256", "jwk": '$jwk'}'
content="Content-Type: application/jose+json"
payload_=$(echo -n "$2" |encode_base64)
protected_=$(echo -n "$protected" |encode_base64)
signature_=$(printf "%s" "$protected_.$payload_" |\
openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
encode_base64)
post_data='{"protected":"'"$protected_"'",'
post_data=$post_data'"payload":"'"$payload_"'",'
post_data=$post_data'"signature":"'"$signature_"'"}'
curl -s -i -d "$post_data" "$1" -H "$content"
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'USER'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"
if [ -e "$USER_DATA/ssl/le.conf" ]; then
source "$USER_DATA/ssl/le.conf"
fi
if [ ! -z "$KID" ]; then
exit
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Defining user email
if [[ -z "$EMAIL" ]]; then
EMAIL=$(get_user_value '$CONTACT')
fi
# Defining user agreement
agreement=''
# Generating user key
KEY="$USER_DATA/ssl/user.key"
if [ ! -e "$KEY" ]; then
openssl genrsa -out $KEY 4096 >/dev/null 2>&1
chmod 600 $KEY
fi
# Defining key exponent
if [ -z "$EXPONENT" ]; then
EXPONENT=$(openssl pkey -inform pem -in "$KEY" -noout -text_pub |\
grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
xxd -r -p |encode_base64)
fi
# Defining key modulus
if [ -z "$MODULUS" ]; then
MODULUS=$(openssl rsa -in "$KEY" -modulus -noout |\
sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
fi
# Defining JWK
jwk='{"e":"'$EXPONENT'","kty":"RSA","n":"'"$MODULUS"'"}'
# Defining key thumbnail
if [ -z "$THUMB" ]; then
THUMB="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)"
fi
# Requesting ACME nonce
nonce=$(curl -s -I "$API/directory" |grep -i nonce |cut -f2 -d\ |tr -d '\r\n')
# Creating ACME account
url="$API/acme/new-acct"
payload='{"termsOfServiceAgreed": true}'
answer=$(query_le_v2 "$url" "$payload" "$nonce")
kid=$(echo "$answer" |grep -i location: |cut -f2 -d ' '|tr -d '\r')
# Checking answer status
status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
if [[ "${status:0:2}" -ne "20" ]]; then
check_result $E_CONNECT "Let's Encrypt acc registration failed $status"
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Adding le.conf
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
echo "EXPONENT='$EXPONENT'" > $USER_DATA/ssl/le.conf
echo "MODULUS='$MODULUS'" >> $USER_DATA/ssl/le.conf
echo "THUMB='$THUMB'" >> $USER_DATA/ssl/le.conf
echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
chmod 660 $USER_DATA/ssl/le.conf
else
sed -i '/^KID=/d' $USER_DATA/ssl/le.conf
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit