path: root/init.sh.in

# This source code is released into the public domain.

_PROGNAME="${0##*/}"

trap 'exit 1' TERM

_fatal() {
	local _fmt=$1; shift
	local _msg="$(printf "$_fmt" "$@")"
	printf >&2 '%s: FATAL: %s\n' "$_PROGNAME" "$_msg"
	kill $$
}

_error() {
	local _fmt=$1; shift
	local _msg="$(printf "$_fmt" "$@")"
	printf >&2 '%s: ERROR: %s\n' "$_PROGNAME" "$_msg"
}

_warn() {
	local _fmt=$1; shift
	local _msg="$(printf "$_fmt" "$@")"
	printf >&2 '%s: WARNING: %s\n' "$_PROGNAME" "$_msg"
}

_info() {
	local _fmt=$1; shift
	local _msg="$(printf "$_fmt" "$@")"
	printf '%s: %s\n' "$_PROGNAME" "$_msg"
}

_verbose() {
	if [ -z "$LFACME_VERBOSE" ]; then
		return
	fi

	local _fmt=$1; shift
	local _msg="$(printf "$_fmt" "$@")"
	printf '%s: %s\n' "$_PROGNAME" "$_msg"
}

# The prefix we're installed in.
_BASEDIR="__PREFIX__"
# Where the internal scripts are.
_SHARE="${_BASEDIR}/share/lfacme"
_CHALLENGE="${_SHARE}/challenge"

# Our configuration directory.  If $LFACME_CONFDIR is already set, it came from
# the environment or a command line option, so keep the existing value.
if [ -z "$LFACME_CONFDIR" ]; then
	LFACME_CONFDIR="__CONFDIR__"
fi
# Export this so it's available to hooks.
export LFACME_CONFDIR

# Our configuration file.
_CONFIG="${LFACME_CONFDIR}/acme.conf"

# Read and validate the configuration file.

if [ -f "$_CONFIG" ]; then
	. "$_CONFIG"
fi

if [ -z "$LFACME_URL" ]; then
	_fatal "missing configuration setting: LFACME_URL"
fi

if [ -z "$LFACME_DATADIR" ]; then
	LFACME_DATADIR="/var/db/lfacme"
fi

if [ -z "$LFACME_HOOKDIR" ]; then
	LFACME_HOOKDIR="${LFACME_CONFDIR}/hooks"
fi

# Create our data directory.
if [ ! -d "$LFACME_DATADIR" ]; then
	_info "creating directory %s" "$LFACME_DATADIR"
	mkdir -p "$LFACME_DATADIR"
	if [ "$?" -ne 0 ]; then
		exit 1
	fi
fi

# The domains.conf file.
_DOMAINS="${LFACME_CONFDIR}/domains.conf"

# Find a program based on $PATH, or return the second argument if specified.
# If the program isn't found, print an error and exit.
_findbin() {
	local cmd="$1"
	local force="$2"

	if ! [ -z "$force" ]; then
		if ! [ -x "$force" ]; then
			_fatal "not found or not executable: %s" "$force"
		fi

		echo $force
		return 0
	fi

	local oIFS="$IFS"
	local IFS=:
	for dir in $PATH; do
		local _bin="${dir}/${cmd}"

		if ! [ -x "$_bin" ]; then
			continue
		fi

		echo $_bin
		return 0
	done
	IFS="$oIFS"

	_fatal "required command '%s' not found" "$cmd"
}

# uacme's base directory; this is where it puts certificates.
_UACME_DIR="${LFACME_DATADIR}/certs"

# The uacme executable.
_UACME="$(_findbin uacme $LFACME_UACME)"

_LFACME_UACME_FLAGS=""
if ! [ -z "$LFACME_VERBOSE" ]; then
	_LFACME_UACME_FLAGS="$_LFACME_UACME_FLAGS -v"
fi

_uacme() {
	env	"LFACME_VERBOSE=${LFACME_VERBOSE}"	\
		"$_UACME" $_LFACME_UACME_FLAGS 		\
		-a "$LFACME_URL" -c "$_UACME_DIR" "$@"
}

# Find a challenge script and make sure it's valid.  If the challenge name
# begins with a '/' it's a full path, otherwise we search $_CHALLENGE and
# $LFACME_CONFDIR/challenge.
_findchallenge() {
	local identifier="$1"
	local challenge="$2"
	local path=""

	if [ "${challenge#/*}" != "$challenge" ]; then
		path="${challenge}"
	elif [ -f "${_CHALLENGE}/${challenge}" ]; then
		path="${_CHALLENGE}/${challenge}"
	elif [ -f "${LFACME_CONFDIR}/challenge/${challenge}" ]; then
		path="${LFACME_CONFDIR}/challenge/${challenge}"
	else
		_error "%s: could not find challenge script '%s'" \
			"$identifier" "$challenge"
		return 1
	fi

	if ! [ -x "$path" ]; then
		_error "%s: challenge is not executable: %s" \
			"$identifier" "$path"
		return 1
	fi

	echo "$path"
}

# Find a hook script and make sure it's valid.  If the hook name begins with a
# '/' it's a full path, otherwise it's relative to LFACME_HOOKDIR.
_findhook() {
	local identifier="$1"
	local hook="$2"

	if [ "${hook#/*}" = "$hook" ]; then
		hook="${LFACME_HOOKDIR}/$hook"
	fi

	if ! [ -f "$hook" ]; then
		_error "%s: hook does not exist: %s" \
			"$identifier" "$hook"
		return 1
	fi

	if ! [ -x "$hook" ]; then
		_error "%s: hook is not executable: %s" \
			"$identifier" "$hook"
		return 1
	fi

	echo "$hook"
}