From: sth Date: Sun, 18 Dec 2016 19:25:05 +0000 (+0100) Subject: Skip challenge for already validated domains (#293) X-Git-Tag: v0.4.0~30 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9729751d93b59d9bef2347406716e4a593cf8dee;p=thirdparty%2Fdehydrated.git Skip challenge for already validated domains (#293) * skip challenge for already validated domains * only call deploy_challenge hook if there is work No need to call the hook if there are no challenges to deploy --- diff --git a/dehydrated b/dehydrated index f740890..3413de2 100755 --- a/dehydrated +++ b/dehydrated @@ -306,6 +306,13 @@ get_json_string_value() { sed -n "${filter}" } +rm_json_arrays() { + local filter + filter='s/\[[^][]*\]/null/g' + # remove three levels of nested arrays + sed -e "${filter}" -e "${filter}" -e "${filter}" +} + # OpenSSL writes to stderr/stdout even when there are no errors. So just # display the output if the exit code was != 0 to simplify debugging. _openssl() { @@ -451,9 +458,9 @@ sign_csr() { local idx=0 if [[ -n "${ZSH_VERSION:-}" ]]; then - local -A challenge_uris challenge_tokens keyauths deploy_args + local -A challenge_altnames challenge_uris challenge_tokens keyauths deploy_args else - local -a challenge_uris challenge_tokens keyauths deploy_args + local -a challenge_altnames challenge_uris challenge_tokens keyauths deploy_args fi # Request challenges @@ -462,6 +469,12 @@ sign_csr() { echo " + Requesting challenge for ${altname}..." response="$(signed_request "${CA_NEW_AUTHZ}" '{"resource": "new-authz", "identifier": {"type": "dns", "value": "'"${altname}"'"}}' | clean_json)" + challenge_status="$(printf '%s' "${response}" | rm_json_arrays | get_json_string_value status)" + if [ "${challenge_status}" = "valid" ]; then + echo " + Already validated" + continue + fi + challenges="$(printf '%s\n' "${response}" | sed -n 's/.*\("challenges":[^\[]*\[[^]]*]\).*/\1/p')" repl=$'\n''{' # fix syntax highlighting in Vim challenge="$(printf "%s" "${challenges//\{/${repl}}" | grep \""${CHALLENGETYPE}"\")" @@ -488,6 +501,7 @@ sign_csr() { ;; esac + challenge_altnames[${idx}]="${altname}" challenge_uris[${idx}]="${challenge_uri}" keyauths[${idx}]="${keyauth}" challenge_tokens[${idx}]="${challenge_token}" @@ -497,12 +511,15 @@ sign_csr() { done # Wait for hook script to deploy the challenges if used - # shellcheck disable=SC2068 - [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" = "yes" ]] && "${HOOK}" "deploy_challenge" ${deploy_args[@]} + if [ ${#deploy_args[@]} -ne 0 ]; then + # shellcheck disable=SC2068 + [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" = "yes" ]] && "${HOOK}" "deploy_challenge" ${deploy_args[@]} + fi # Respond to challenges + reqstatus="valid" idx=0 - for altname in ${altnames}; do + for altname in "${challenge_altnames[@]:0}"; do challenge_token="${challenge_tokens[${idx}]}" keyauth="${keyauths[${idx}]}"