echo "+ Account already registered!"
exit 0
fi
+
+ # Read account information or request from CA if missing
+ if [[ -e "${ACCOUNT_KEY_JSON}" ]]; then
+ ACCOUNT_ID="$(cat "${ACCOUNT_KEY_JSON}" | get_json_int_value id)"
+ if [[ ${API} -eq 1 ]]; then
+ ACCOUNT_URL="${CA_REG}/${ACCOUNT_ID}"
+ else
+ ACCOUNT_URL="${CA_ACCOUNT}/${ACCOUNT_ID}"
+ fi
+ else
+ echo "Fetching missing account information from CA..."
+ if [[ ${API} -eq 1 ]]; then
+ ACCOUNT_URL="$(signed_request "${CA_NEW_REG}" '{"resource": "new-reg", "onlyReturnExisting": true}' 4>&1 | grep ^Location: | awk '{print $2}' | tr -d '\r\n')"
+ ACCOUNT_INFO="$(signed_request "${ACCOUNT_URL}" '{"resource": "reg"}')"
+ else
+ ACCOUNT_URL="$(signed_request "${CA_NEW_ACCOUNT}" '{"only-return-existing": true}' 4>&1 | grep ^Location: | awk '{print $2}' | tr -d '\r\n')"
+ ACCOUNT_INFO="$(signed_request "${ACCOUNT_URL}" '{}')"
+ fi
+ ACCOUNT_ID="${ACCOUNT_URL##*/}"
+ echo "${ACCOUNT_INFO}" > "${ACCOUNT_KEY_JSON}"
+ fi
}
# Different sed version for different os types...
fi
if [[ ! "${statuscode:0:1}" = "2" ]]; then
- if [[ -n "${CA_REVOKE_CERT:-}" ]] && [[ "${2}" = "${CA_REVOKE_CERT:-}" ]] && [[ "${statuscode}" = "409" ]]; then
+ # check for existing registration warning
+ if [[ ${API} -eq 1 ]] && [[ -n "${CA_NEW_REG:-}" ]] && [[ "${2}" = "${CA_NEW_REG:-}" ]] && [[ "${statuscode}" = "409" ]] && grep -q "Registration key is already in use" "${tempcont}"; then
+ # do nothing
+ :
+ # check for already-revoked warning
+ elif [[ -n "${CA_REVOKE_CERT:-}" ]] && [[ "${2}" = "${CA_REVOKE_CERT:-}" ]] && [[ "${statuscode}" = "409" ]]; then
grep -q "Certificate already revoked" "${tempcont}" && return
+ # check for redirects on license
elif [[ -n "${CA_TERMS:-}" ]] && [[ "${2}" = "${CA_TERMS:-}" ]] && [[ "${statuscode:0:1}" = "3" ]]; then
# do nothing
:
protected64="$(printf '%s' "${protected}" | urlbase64)"
else
# Build another header which also contains the previously received nonce and url and encode it as urlbase64
- if [[ -e "${ACCOUNT_KEY_JSON}" ]] && [[ -n "$(cat "${ACCOUNT_KEY_JSON}" | get_json_int_value id)" ]]; then
- REG_ID="$(cat "${ACCOUNT_KEY_JSON}" | get_json_int_value id)"
- protected='{"alg": "RS256", "kid": "'"${CA_ACCOUNT}/${REG_ID}"'", "url": "'"${1}"'", "nonce": "'"${nonce}"'"}'
+ if [[ -n "${ACCOUNT_URL:-}" ]]; then
+ protected='{"alg": "RS256", "kid": "'"${ACCOUNT_URL}"'", "url": "'"${1}"'", "nonce": "'"${nonce}"'"}'
else
protected='{"alg": "RS256", "jwk": {"e": "'"${pubExponent64}"'", "kty": "RSA", "n": "'"${pubMod64}"'"}, "url": "'"${1}"'", "nonce": "'"${nonce}"'"}'
fi
FAILED=false
NEW_ACCOUNT_KEY_JSON="$(_mktemp)"
- REG_ID=$(cat "${ACCOUNT_KEY_JSON}" | get_json_int_value id)
# Check if we have the registration id
- if [[ -z "${REG_ID}" ]]; then
+ if [[ -z "${ACCOUNT_ID}" ]]; then
_exiterr "Error retrieving registration id."
fi
- echo "+ Updating registration id: ${REG_ID} contact information..."
+ echo "+ Updating registration id: ${ACCOUNT_ID} contact information..."
if [[ ${API} -eq 1 ]]; then
# If an email for the contact has been provided then adding it to the registered account
if [[ -n "${CONTACT_EMAIL}" ]]; then
- (signed_request "${CA_REG}"/"${REG_ID}" '{"resource": "reg", "contact":["mailto:'"${CONTACT_EMAIL}"'"]}' > "${NEW_ACCOUNT_KEY_JSON}") || FAILED=true
+ (signed_request "${ACCOUNT_URL}" '{"resource": "reg", "contact":["mailto:'"${CONTACT_EMAIL}"'"]}' > "${NEW_ACCOUNT_KEY_JSON}") || FAILED=true
else
- (signed_request "${CA_REG}"/"${REG_ID}" '{"resource": "reg", "contact":[]}' > "${NEW_ACCOUNT_KEY_JSON}") || FAILED=true
+ (signed_request "${ACCOUNT_URL}" '{"resource": "reg", "contact":[]}' > "${NEW_ACCOUNT_KEY_JSON}") || FAILED=true
fi
else
# If an email for the contact has been provided then adding it to the registered account
if [[ -n "${CONTACT_EMAIL}" ]]; then
- (signed_request "${CA_ACCOUNT}"/"${REG_ID}" '{"contact":["mailto:'"${CONTACT_EMAIL}"'"]}' > "${NEW_ACCOUNT_KEY_JSON}") || FAILED=true
+ (signed_request "${ACCOUNT_URL}" '{"contact":["mailto:'"${CONTACT_EMAIL}"'"]}' > "${NEW_ACCOUNT_KEY_JSON}") || FAILED=true
else
- (signed_request "${CA_ACCOUNT}"/"${REG_ID}" '{"contact":[]}' > "${NEW_ACCOUNT_KEY_JSON}") || FAILED=true
+ (signed_request "${ACCOUNT_URL}" '{"contact":[]}' > "${NEW_ACCOUNT_KEY_JSON}") || FAILED=true
fi
fi
projects / thirdparty / dehydrated.git / commitdiff
