From 5b5f1b13a5fe5a75a9d9d8131353cadb27d7252f Mon Sep 17 00:00:00 2001
From: Thomas Parisot <thomas.parisot@bbc.co.uk>
Date: Wed, 5 Oct 2016 17:26:37 +0100
Subject: [PATCH] Enable cert creation

Rename command

Update TOS sha256 refs kuba/simp_le#114
---
 README.md                                     | 18 +++++++++++++--
 VERSION                                       |  2 +-
 ...ate-certificate => letsencrypt-alwaysdata} | 23 ++++++++++++++++---
 3 files changed, 37 insertions(+), 6 deletions(-)
 rename bin/{update-certificate => letsencrypt-alwaysdata} (78%)

diff --git a/README.md b/README.md
index 65ad38f..8ee54a7 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # letsencrypt-alwaysdata
 
-> Update your SSL certs on alwaysdata shared hosting via their REST API.
+> Create or update your SSL certs on alwaysdata shared hosting via their REST API.
 
 # Install
 
@@ -83,7 +83,21 @@ TBD.
 ```bash
 source /home/$USER/.profile
 
-update-certificate \
+letsencrypt-alwaysdata \
+  --cert-name example.com \
+  --site-dir /home/$USER/www \
+  --letsencrypt-options "-d example.com -d www.example.com"
+```
+
+## `--create`
+
+Optionally you can create a certificate from scratch. The value of the first `-d` will become your certificate name on alwaysdata.
+
+```bash
+source /home/$USER/.profile
+
+letsencrypt-alwaysdata \
+  --create
   --cert-name example.com \
   --site-dir /home/$USER/www \
   --letsencrypt-options "-d example.com -d www.example.com"
diff --git a/VERSION b/VERSION
index 3a6a8d0..89a6e74 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-v1.1
+v1.2
diff --git a/bin/update-certificate b/bin/letsencrypt-alwaysdata
similarity index 78%
rename from bin/update-certificate
rename to bin/letsencrypt-alwaysdata
index 40455aa..49c14e3 100755
--- a/bin/update-certificate
+++ b/bin/letsencrypt-alwaysdata
@@ -3,6 +3,7 @@
 CURRENT_DIRECTORY=$(dirname $(readlink -f $0))
 SIMP_LE="python2.7 -m simp_le"
 JQ="$CURRENT_DIRECTORY/../vendor/jq"
+ACTION="update"
 
 set -e
 
@@ -12,11 +13,14 @@ set -e
 # some arguments don't have a corresponding value to go with it such
 # as in the --default example).
 # note: if this is set to > 0 the /etc/hosts part is not recognized ( may be a bug )
-while [[ $# > 1 ]]
+while [[ $# > 0 ]]
 do
 key="$1"
 
 case $key in
+    --create)
+    ACTION="create"
+    ;;
     -c|--cert-name)
     CERTIFICATE_NAME="$2"
     shift # past argument
@@ -55,11 +59,24 @@ $JQ -r --arg name $1 '.[] | if .name == $name then .id else empty end')
 # > 1442
 function generate_certificate {
   STDOUT=$($SIMP_LE --email abuse@alwaysdata.com -f account_key.json -f fullchain.pem -f key.pem \
+  --tos_sha256 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221 \
 	--default_root $SITE_DIR $LETSENCRYPT_OPTIONS)
 
   STDOUT=$(openssl pkcs8 -topk8 -inform pem -in key.pem -outform pem -nocrypt -out private-key.pem)
 }
 
+function create_certificate {
+  PAYLOAD=$($JQ -n -c -r \
+    --arg certificate "$(<fullchain.pem)" \
+    --arg key "$(<private-key.pem)" \
+    --arg id "$1" '{ key: $key, certificate: $certificate }')
+
+  STDOUT=$(curl -v -X POST -sS --basic --user "$ALWAYSDATA_API_AUTH" \
+                -H 'Content-Type: application/json' \
+                -d "$PAYLOAD" \
+                https://api.alwaysdata.com/v1/ssl/$1/)
+}
+
 function update_certificate {
   PAYLOAD=$($JQ -n -c -r \
     --arg certificate "$(<fullchain.pem)" \
@@ -95,7 +112,7 @@ function run_pretests {
   fi
 
   # check existence of certificate
-  if [ "$(get_certificate_id $CERTIFICATE_NAME)" == "" ]; then
+  if [ $ACTION == "update" -a "$(get_certificate_id $CERTIFICATE_NAME)" == "" ]; then
     echo "Could not find certificate for $CERTIFICATE_NAME."
     exit 78
   fi
@@ -109,4 +126,4 @@ run_pretests
 CERTIFICATE_ID=$(get_certificate_id $CERTIFICATE_NAME)
 
 generate_certificate
-update_certificate $CERTIFICATE_ID
+${ACTION}_certificate $CERTIFICATE_ID