From d1bc3ad109a3000bda8a7876673ff9a0281e8c7b Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 26 Apr 2018 20:29:44 +0200 Subject: Use ACME v2 endpoints https://tools.ietf.org/html/draft-ietf-acme-acme-12 --- lacme | 51 +++++++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 24 deletions(-) (limited to 'lacme') diff --git a/lacme b/lacme index 2014f22..3e5347d 100755 --- a/lacme +++ b/lacme @@ -62,11 +62,11 @@ sub usage(;$$) { } exit $rv; } -usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s agreement-uri=s min-days=i quiet|q debug help|h/); +usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s register tos-agreed min-days=i quiet|q debug help|h/); usage(0) if $OPTS{help}; $COMMAND = shift(@ARGV) // usage(1, "Missing command"); -$COMMAND = $COMMAND =~ /\A(new-reg|reg=\p{Print}*|new-cert|revoke-cert)\z/ ? $1 +$COMMAND = $COMMAND =~ /\A(account|newOrder|new-cert|revokeCert|revoke-cert)\z/ ? $1 : usage(1, "Invalid command: $COMMAND"); # validate and untaint $COMMAND @ARGV = map { /\A(\p{Print}*)\z/ ? $1 : die } @ARGV; # untaint @ARGV @@ -556,7 +556,7 @@ sub spawn($@) { if (defined $args->{in}) { pipe $in_rd, $in_wd or die "pipe: $!"; } - if (defined $args->{out}) { + if (defined $args->{out} and ref $args->{out} ne 'GLOB') { pipe $out_rd, $out_wd or die "pipe: $!"; } @@ -570,11 +570,13 @@ sub spawn($@) { } else { open STDIN, '<', '/dev/null' or die "Can't open /dev/null: $!"; } - if (defined $args->{out}) { + if (!defined $args->{out}) { + open STDOUT, '>', '/dev/null' or die "Can't open /dev/null: $!"; + } elsif (ref $args->{out} ne 'GLOB') { close $out_rd or die "Can't close: $!"; open STDOUT, '>&', $out_wd or die "Can't dup: $!"; - } else { - open STDOUT, '>', '/dev/null' or die "Can't open /dev/null: $!"; + } elsif (fileno(STDOUT) != fileno($args->{out})) { + open STDOUT, '>&', $args->{out} or die "Can't dup: $!"; } exec { $exec[0] } @exec or die; } @@ -590,14 +592,18 @@ sub spawn($@) { $in_wd->print($args->{in}); $in_wd->close() or die "Can't close: $!"; } - if (defined $args->{out}) { + if (defined $args->{out} and ref $args->{out} ne 'GLOB') { $out_wd->close() or die "Can't close: $!"; - ${$args->{out}} = do { local $/ = undef; $out_rd->getline() }; + if (ref $args->{out} eq 'CODE') { + $args->{out}->($out_rd); + } elsif (ref $args->{out} eq 'SCALAR') { + ${$args->{out}} = do { local $/ = undef; $out_rd->getline() }; + } $out_rd->close() or die "Can't close: $!"; } waitpid $pid => 0; pop @CLEANUP; - undef ${$args->{out}} if defined $args->{out} and $? > 0; + undef ${$args->{out}} if defined $args->{out} and ref $args->{out} eq 'SCALAR' and $? > 0; return $? > 255 ? ($? >> 8) : $? > 0 ? 1 : 0; } @@ -638,25 +644,21 @@ sub install_cert($$;$) { ############################################################################# -# new-reg [--agreement-uri=URI] [CONTACT ..] -# reg=URI [--agreement-uri=URI] [CONTACT ..] +# account [--tos-agreed] [CONTACT ..] # -if ($COMMAND eq 'new-reg' or $COMMAND =~ /^reg=/) { - die "Invalid registration URI (use the 'new-reg' command to determine the URI)\n" - if $COMMAND eq 'reg='; - $OPTS{'agreement-uri'} = $OPTS{'agreement-uri'} =~ /\A(\p{Print}+)\z/ ? $1 - : die "Invalid value for --agreement-uri\n" - if defined $OPTS{'agreement-uri'}; - - unshift @ARGV, ($OPTS{'agreement-uri'} // ''); - exit acme_client({}, @ARGV); +if ($COMMAND eq 'account') { + my $flags = 0; + $flags |= 1 if $OPTS{'register'}; + $flags |= 2 if $OPTS{'tos-agreed'}; + exit acme_client({out => \*STDOUT}, $flags, @ARGV); } ############################################################################# -# new-cert [SECTION ..] +# newOrder [SECTION ..] # -elsif ($COMMAND eq 'new-cert') { +elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') { + $COMMAND = 'newOrder'; my $conffiles = defined $OPTS{'config-certs'} ? $OPTS{'config-certs'} : defined $CONFIG->{_}->{'config-certs'} ? [ split(/\s+/, $CONFIG->{_}->{'config-certs'}) ] : [ "$NAME-certs.conf", "$NAME-certs.conf.d/" ]; @@ -820,11 +822,12 @@ elsif ($COMMAND eq 'new-cert') { ############################################################################# -# revoke-cert FILE [FILE ..] +# revokeCert FILE [FILE ..] # -elsif ($COMMAND eq 'revoke-cert') { +elsif ($COMMAND eq 'revokeCert' or $COMMAND eq 'revoke-cert') { die "Nothing to revoke\n" unless @ARGV; my $rv = 0; + $COMMAND = 'revokeCert'; foreach my $filename (@ARGV) { print STDERR "Revoking $filename\n"; -- cgit v1.2.3