yosoyhendrix
/
vesta


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112
							#!/bin/bash
# info: register letsencrypt user account
# options: USER [EMAIL]
#
# The function creates and register LetsEncript account key


#----------------------------------------------------------#
#                    Variable&Function                     #
#----------------------------------------------------------#

# Argument definition
user=$1
email=$2
key_size=4096

# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf

# encode base64
encode_base64() {
    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}


#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

check_args '1' "$#" 'USER [EMAIL]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"
if [ -e "$USER_DATA/ssl/le.conf" ]; then
    exit
fi


#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

api='https://acme-v01.api.letsencrypt.org'
if [ -z "$email" ]; then
    email=$(get_user_value '$CONTACT')
fi

agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n')

# Generating key
key="$USER_DATA/ssl/user.key"
if [ ! -e "$key" ]; then
    openssl genrsa -out $key $key_size >/dev/null 2>&1
    chmod 600 $key
fi

# Defining key exponent
exponent=$(openssl pkey -inform perm -in "$key" -noout -text_pub |\
    grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
    xxd -r -p |encode_base64)

# Defining key modulus
modulus=$(openssl rsa -in "$key" -modulus -noout |\
    sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)

# Defining key thumb
thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)"

# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'

# Requesting nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)

# Defining registration query
query='{"resource":"new-reg","contact":["mailto:'"$email"'"],'
query=$query'"agreement":"'$agreement'"}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'

# Sending request to LetsEncrypt API
answer=$(curl -s -i -d "$data" "$api/acme/new-reg")
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')

# Checking http answer status
if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then
    check_result $E_CONNECT "LetsEncrypt account registration $status"
fi


#----------------------------------------------------------#
#                       Vesta                              #
#----------------------------------------------------------#

# Adding le.conf
echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf
echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf
echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf
echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf
chmod 660  $USER_DATA/ssl/le.conf


# Logging
log_event "$OK" "$ARGUMENTS"

exit