Commit
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1530,62 +1530,75 @@ _send_signed_request() { | |
payload64=$(printf "%s" "$payload" | _base64 | _url_replace) | ||
_debug3 payload64 "$payload64" | ||
|
||
if [ -z "$_CACHED_NONCE" ]; then | ||
_debug2 "Get nonce." | ||
nonceurl="$API/directory" | ||
_headers="$(_get "$nonceurl" "onlyheader")" | ||
MAX_REQUEST_RETRY_TIMES=5 | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
Neilpang
Member
|
||
_request_retry_times=0 | ||
while [ "${_request_retry_times}" -lt "$MAX_REQUEST_RETRY_TIMES" ]; do | ||
_debug3 _request_retry_times "$_request_retry_times" | ||
if [ -z "$_CACHED_NONCE" ]; then | ||
_debug2 "Get nonce." | ||
nonceurl="$API/directory" | ||
_headers="$(_get "$nonceurl" "onlyheader")" | ||
|
||
if [ "$?" != "0" ]; then | ||
_err "Can not connect to $nonceurl to get nonce." | ||
return 1 | ||
fi | ||
if [ "$?" != "0" ]; then | ||
_err "Can not connect to $nonceurl to get nonce." | ||
return 1 | ||
fi | ||
|
||
_debug2 _headers "$_headers" | ||
_debug2 _headers "$_headers" | ||
|
||
_CACHED_NONCE="$(echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" | ||
_debug2 _CACHED_NONCE "$_CACHED_NONCE" | ||
else | ||
_debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE" | ||
fi | ||
nonce="$_CACHED_NONCE" | ||
_debug2 nonce "$nonce" | ||
_CACHED_NONCE="$(echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" | ||
_debug2 _CACHED_NONCE "$_CACHED_NONCE" | ||
else | ||
_debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE" | ||
fi | ||
nonce="$_CACHED_NONCE" | ||
_debug2 nonce "$nonce" | ||
|
||
protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2" | ||
_debug3 protected "$protected" | ||
protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2" | ||
_debug3 protected "$protected" | ||
|
||
protected64="$(printf "%s" "$protected" | _base64 | _url_replace)" | ||
_debug3 protected64 "$protected64" | ||
protected64="$(printf "%s" "$protected" | _base64 | _url_replace)" | ||
_debug3 protected64 "$protected64" | ||
|
||
if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")"; then | ||
_err "Sign request failed." | ||
return 1 | ||
fi | ||
_debug3 _sig_t "$_sig_t" | ||
if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")"; then | ||
_err "Sign request failed." | ||
return 1 | ||
fi | ||
_debug3 _sig_t "$_sig_t" | ||
|
||
sig="$(printf "%s" "$_sig_t" | _url_replace)" | ||
_debug3 sig "$sig" | ||
sig="$(printf "%s" "$_sig_t" | _url_replace)" | ||
_debug3 sig "$sig" | ||
|
||
body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" | ||
_debug3 body "$body" | ||
body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" | ||
_debug3 body "$body" | ||
|
||
response="$(_post "$body" "$url" "$needbase64")" | ||
_CACHED_NONCE="" | ||
if [ "$?" != "0" ]; then | ||
_err "Can not post to $url" | ||
return 1 | ||
fi | ||
_debug2 original "$response" | ||
response="$(_post "$body" "$url" "$needbase64")" | ||
_CACHED_NONCE="" | ||
|
||
if [ "$?" != "0" ]; then | ||
_err "Can not post to $url" | ||
return 1 | ||
fi | ||
_debug2 original "$response" | ||
response="$(echo "$response" | _normalizeJson)" | ||
|
||
response="$(echo "$response" | _normalizeJson)" | ||
responseHeaders="$(< "$HTTP_HEADER")" | ||
|
||
responseHeaders="$(cat "$HTTP_HEADER")" | ||
_debug2 responseHeaders "$responseHeaders" | ||
_debug2 response "$response" | ||
code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")" | ||
_debug code "$code" | ||
|
||
_debug2 responseHeaders "$responseHeaders" | ||
_debug2 response "$response" | ||
code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")" | ||
_debug code "$code" | ||
_CACHED_NONCE="$(echo "$responseHeaders" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" | ||
|
||
_CACHED_NONCE="$(echo "$responseHeaders" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" | ||
if _contains "$response" "JWS has invalid anti-replay nonce"; then | ||
_info "It seems the CA server is busy now, let's wait and retry." | ||
_request_retry_times=$(_math "$_request_retry_times" + 1) | ||
_sleep 5 | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
ppaeps
|
||
continue | ||
fi | ||
break; | ||
done | ||
|
||
} | ||
|
||
|
Perhaps make this configurable?