Support Authorization deactivation

https://github.com/Neilpang/acme.sh/issues/291
8 years ago · 0c00e870c6
parent 7da50703fb
commit 0c00e870c6
1 changed files with 84 additions and 2 deletions
--- a/acme.sh
+++ b/acme.sh
@ -1883,7 +1883,7 @@ issue() {
        vtype="$VTYPE_TLS"
      fi
      
-      _info "Getting token for domain" $d
+      _info "Getting new-authz for domain" $d

      if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$d\"}}" ; then
        _err "Can not get domain token."
@ -2720,6 +2720,82 @@ revoke() {
  return 1
 }

+
+#domain vtype
+_deactivate() {
+  _d_domain="$1"
+  _d_type="$2"
+  _initpath
+  
+  _d_i=0
+  _d_max_retry=9
+  while [ "$_d_i" -lt "$_d_max_retry" ] ;
+  do
+    _d_i="$(_math $_d_i + 1)"
+    if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$_d_domain\"}}" ; then
+      _err "Can not get domain token."
+      return 1
+    fi
+    
+    authzUri="$(echo "$responseHeaders" | grep "^Location:" | cut -d ' ' -f 2)"
+    _info "authzUri" "$authzUri"
+
+    if [ ! -z "$code" ] && [ ! "$code" = '201' ] ; then
+      _err "new-authz error: $response"
+      return 1
+    fi
+    
+    entry="$(printf "%s\n" "$response" | _egrep_o  '[^{]*"status":"valid","uri"[^}]*')"
+    _debug entry "$entry"
+    
+    if [ -z "$entry" ] ; then
+      _info "No valid entry found."
+      break
+    fi
+    
+    _vtype="$(printf "%s\n" "$entry" | _egrep_o '"type": *"[^"]*"' | cut -d : -f 2 | tr -d '"')"
+    _debug _vtype $_vtype
+    _info "Found $_vtype"
+
+    
+    uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*'| cut -d : -f 2,3 | tr -d '"' )"
+    _debug uri $uri
+    
+    if [ "$_d_type" ] && [ "$_d_type" != "$_vtype" ] ; then
+      _info "Skip $_vtype"
+      continue
+    fi
+    
+    _info "Deactivate: $_vtype"
+    
+    if ! _send_signed_request "$authzUri" "{\"resource\": \"authz\", \"status\":\"deactivated\"}" ; then
+      _err "Can not deactivate $_vtype."
+      return 1
+    fi
+    
+  done
+  _debug "$_d_i"
+  if [ "$_d_i" -lt "$_d_max_retry" ] ; then
+    _info "Deactivated success!"
+  else
+    _err "Deactivate failed."
+  fi
+
+}
+
+deactivate() {
+  _d_domain="$1"
+  _d_type="$2"
+  _initpath
+  
+  if [ -z "$_d_domain" ] ; then
+    _usage "Usage: $PROJECT_ENTRY --deactivate -d domain.com"
+    return 1
+  fi
+  
+  _deactivate "$_d_domain" $_d_type
+}
+
 # Detect profile file if not specified as environment variable
 _detect_profile() {
  if [ -n "$PROFILE" -a -f "$PROFILE" ] ; then
@ -3093,6 +3169,7 @@ Commands:
  --createAccountKey, -cak Create an account private key, professional use.
  --createDomainKey, -cdk  Create an domain private key, professional use.
  --createCSR, -ccsr       Create CSR , professional use.
+  --deactivate             Deactivate the domain authz, professional use.
  
 Parameters:
  --domain, -d   domain.tld         Specifies a domain, used to issue, renew or revoke etc.
@ -3303,7 +3380,9 @@ _process() {
    --createCSR|--createcsr|-ccr)
        _CMD="createCSR"
        ;;
-
+    --deactivate)
+        _CMD="deactivate"
+        ;;
     
    --domain|-d)
        _dvalue="$2"
@ -3575,6 +3654,9 @@ _process() {
    revoke) 
      revoke "$_domain" "$_ecc"
      ;;
+    deactivate) 
+      deactivate "$_domain"
+      ;;      
    list) 
      list "$_listraw"
      ;;