release 0.6.4 (fixed account id handling, again)

diff --git a/CHANGELOG b/CHANGELOG
index 24017e3494bd9241fd1d9a54a5d02be0173b1f07..f59cd048417e0e07bfe876ab9b8025593de9aca5 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,10 @@
 # Change Log
 This file contains a log of major changes in dehydrated
 
+## [0.6.4] - 2019-06-25
+## Changed
+- Fetch account ID from Location header instead of account json
+
 ## [0.6.3] - 2019-06-25
 ## Changed
 - OCSP refresh interval is now configurable

diff --git a/dehydrated b/dehydrated
index d4a74f1b00e1caadf30df109531aa5a58d09abad..52b2355dabcc727d8771153ce9f02127290ed511 100755 (executable)
--- a/dehydrated
+++ b/dehydrated
@@ -17,7 +17,7 @@ umask 077 # paranoid umask, we're creating private keys
 exec 3>&-
 exec 4>&-
 
-VERSION="0.6.3"
+VERSION="0.6.4"
 
 # Find directory in which this script is stored by traversing all symbolic links
 SOURCE="${0}"
@@ -246,6 +246,7 @@ load_config() {
   [[ -f "${ACCOUNTDIR}/${CAHASH}/config" ]] && . "${ACCOUNTDIR}/${CAHASH}/config"
   ACCOUNT_KEY="${ACCOUNTDIR}/${CAHASH}/account_key.pem"
   ACCOUNT_KEY_JSON="${ACCOUNTDIR}/${CAHASH}/registration_info.json"
+  ACCOUNT_ID_JSON="${ACCOUNTDIR}/${CAHASH}/account_id.json"
 
   if [[ -f "${BASEDIR}/private_key.pem" ]] && [[ ! -f "${ACCOUNT_KEY}" ]]; then
     echo "! Moving private_key.pem to ${ACCOUNT_KEY}"
@@ -333,6 +334,7 @@ init_system() {
     echo "Using private key ${PARAM_ACCOUNT_KEY} instead of account key"
     ACCOUNT_KEY="${PARAM_ACCOUNT_KEY}"
     ACCOUNT_KEY_JSON="${PARAM_ACCOUNT_KEY}.json"
+    ACCOUNT_ID_JSON="${PARAM_ACCOUNT_KEY}_id.json"
     [ "${COMMAND:-}" = "register" ] && register_new_key="yes"
   else
     # Check if private account key exists, if it doesn't exist yet generate a new one (rsa key)
@@ -401,13 +403,14 @@ init_system() {
 
   # Read account information or request from CA if missing
   if [[ -e "${ACCOUNT_KEY_JSON}" ]]; then
-    if [[ -z "$(cat "${ACCOUNT_KEY_JSON}" | get_json_int_value id)" ]]; then
-      echo "+ Fetching account information..."
+    if [[ ! -e "${ACCOUNT_ID_JSON}" ]]; then
+      echo "+ Fetching account ID..."
       ACCOUNT_URL="$(signed_request "${CA_NEW_ACCOUNT}" '{"onlyReturnExisting": true}' 4>&1 | grep -i ^Location: | awk '{print $2}' | tr -d '\r\n')"
-      ACCOUNT_INFO="$(signed_request "${ACCOUNT_URL}" '{}')"
-      echo "${ACCOUNT_INFO}" > "${ACCOUNT_KEY_JSON}"
+      ACCOUNT_ID="${ACCOUNT_URL##*/}"
+      echo '{"id": "'"${ACCOUNT_ID}"'"}' > "${ACCOUNT_ID_JSON}"
+    else
+      ACCOUNT_ID="$(cat "${ACCOUNT_ID_JSON}" | get_json_string_value id)"
     fi
-    ACCOUNT_ID="$(cat "${ACCOUNT_KEY_JSON}" | get_json_int_value id)"
     if [[ -z "${ACCOUNT_ID}" ]]; then
       _exiterr "Unknown error on fetching account information"
     fi
@@ -1562,7 +1565,7 @@ command_help() {
 command_env() {
   echo "# dehydrated configuration"
   load_config
-  typeset -p CA CERTDIR ALPNCERTDIR CHALLENGETYPE DOMAINS_D DOMAINS_TXT HOOK HOOK_CHAIN RENEW_DAYS ACCOUNT_KEY ACCOUNT_KEY_JSON KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE
+  typeset -p CA CERTDIR ALPNCERTDIR CHALLENGETYPE DOMAINS_D DOMAINS_TXT HOOK HOOK_CHAIN RENEW_DAYS ACCOUNT_KEY ACCOUNT_KEY_JSON ACCOUNT_ID_JSON KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE
 }
 
 # Main method (parses script arguments and calls command_* methods)