|
|
@@ -5804,7 +5804,7 @@ list() {
|
|
|
_sep="|"
|
|
|
if [ "$_raw" ]; then
|
|
|
if [ -z "$_domain" ]; then
|
|
|
- printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}CA${_sep}Created${_sep}Renew"
|
|
|
+ printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Profile${_sep}CA${_sep}Created${_sep}Renew"
|
|
|
fi
|
|
|
for di in "${CERT_HOME}"/*.*/; do
|
|
|
d=$(basename "$di")
|
|
|
@@ -5819,7 +5819,7 @@ list() {
|
|
|
. "$DOMAIN_CONF"
|
|
|
_ca="$(_getCAShortName "$Le_API")"
|
|
|
if [ -z "$_domain" ]; then
|
|
|
- printf "%s\n" "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$_ca${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr"
|
|
|
+ printf "%s\n" "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$Le_Certificate_Profile${_sep}$_ca${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr"
|
|
|
else
|
|
|
if [ "$_domain" = "$d" ]; then
|
|
|
cat "$DOMAIN_CONF"
|
|
|
@@ -5838,6 +5838,48 @@ list() {
|
|
|
|
|
|
}
|
|
|
|
|
|
+list_profiles() {
|
|
|
+ _initpath
|
|
|
+ _initAPI
|
|
|
+
|
|
|
+ _l_server_url="$ACME_DIRECTORY"
|
|
|
+ _l_server_name="$(_getCAShortName "$_l_server_url")"
|
|
|
+ _info "Fetching profiles from $_l_server_name ($_l_server_url)..."
|
|
|
+
|
|
|
+ response=$(_get "$_l_server_url" "" 10)
|
|
|
+ if [ "$?" != "0" ]; then
|
|
|
+ _err "Failed to connect to CA directory: $_l_server_url"
|
|
|
+ return 1
|
|
|
+ fi
|
|
|
+
|
|
|
+ normalized_response=$(echo "$response" | _normalizeJson)
|
|
|
+ profiles_json=$(echo "$normalized_response" | _egrep_o '"profiles" *: *\{[^\}]*\}')
|
|
|
+
|
|
|
+ if [ -z "$profiles_json" ]; then
|
|
|
+ _info "The CA '$_l_server_name' does not publish certificate profiles via its directory endpoint."
|
|
|
+ return 0
|
|
|
+ fi
|
|
|
+
|
|
|
+ # Strip the outer layer to get the key-value pairs
|
|
|
+ profiles_kv=$(echo "$profiles_json" | sed 's/"profiles" *: *{//' | sed 's/}$//' | tr ',' '\n')
|
|
|
+
|
|
|
+ printf "\n%-15s %s\n" "name" "info"
|
|
|
+ printf -- "--------------------------------------------------------------------\n"
|
|
|
+
|
|
|
+ _old_IFS="$IFS"
|
|
|
+ IFS='
|
|
|
+'
|
|
|
+ for pair in $profiles_kv; do
|
|
|
+ # Trim quotes and whitespace
|
|
|
+ _name=$(echo "$pair" | cut -d: -f1 | tr -d '" \t')
|
|
|
+ _info_url=$(echo "$pair" | cut -d: -f2- | sed 's/^ *//' | tr -d '"')
|
|
|
+ printf "%-15s %s\n" "$_name" "$_info_url"
|
|
|
+ done
|
|
|
+ IFS="$_old_IFS"
|
|
|
+
|
|
|
+ return 0
|
|
|
+}
|
|
|
+
|
|
|
_deploy() {
|
|
|
_d="$1"
|
|
|
_hooks="$2"
|
|
|
@@ -7498,6 +7540,9 @@ _process() {
|
|
|
--set-default-chain)
|
|
|
_CMD="setdefaultchain"
|
|
|
;;
|
|
|
+ --list-profiles)
|
|
|
+ _CMD="list_profiles"
|
|
|
+ ;;
|
|
|
-d | --domain)
|
|
|
_dvalue="$2"
|
|
|
|
|
|
@@ -8063,6 +8108,9 @@ _process() {
|
|
|
setdefaultchain)
|
|
|
setdefaultchain "$_preferred_chain"
|
|
|
;;
|
|
|
+ list_profiles)
|
|
|
+ list_profiles
|
|
|
+ ;;
|
|
|
*)
|
|
|
if [ "$_CMD" ]; then
|
|
|
_err "Invalid command: $_CMD"
|
neil