revoke: follow symlink, exit with error on non-existing certificate file

c7018036 · Markus Germeier · Lukas Schauer · 0ed6a257 · c7018036 · c7018036
Commit c7018036 authored Dec 16, 2015 by Markus Germeier Committed by Lukas Schauer Dec 19, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 3 deletions

letsencrypt.sh letsencrypt.sh +14 -1

test.sh test.sh +3 -2

No files found.
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -481,8 +481,21 @@ command_sign_domains() {
 # Description: Revoke specified certificate
 command_revoke() {
  cert="${1}"
+  if [[ -L "${cert}" ]]; then
+    # follow symlink and use real certificate name (so we move the real file and not the symlink at the end)
+    local link_target="$(readlink -n "${cert}")"
+    if [[ "${link_target}" =~ "/" ]]; then
+      cert="${link_target}"
+    else
+      cert="$(dirname "${cert}")/${link_target}"
+    fi
+  fi
+  if [[ ! -f "${cert}" ]]; then
+    echo "ERROR: Could not find certificate ${cert}"
+    exit 1
+  fi
  echo "Revoking ${cert}"
-  if [ -z "${CA_REVOKE_CERT}" ]; then
+  if [[ -z "${CA_REVOKE_CERT}" ]]; then
    echo " + ERROR: Certificate authority doesn't allow certificate revocation." >&2
    exit 1
  fi

--- a/test.sh
+++ b/test.sh
@@ -182,9 +182,10 @@ _CHECK_ERRORLOG
 # Revoke certificate using certificate key
 _TEST "Revoking certificate..."
 ./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed"
-_CHECK_LOG "Revoking certs/${TMP_URL}/cert.pem"
+REAL_CERT="$(readlink -n "certs/${TMP_URL}/cert.pem")"
+_CHECK_LOG "Revoking certs/${TMP_URL}/${REAL_CERT}"
 _CHECK_LOG "SUCCESS"
-_CHECK_FILE "certs/${TMP_URL}/cert.pem-revoked"
+_CHECK_FILE "certs/${TMP_URL}/${REAL_CERT}-revoked"
 _CHECK_ERRORLOG
 # All done