From 4f358e22f473e064e736db7a6f9d53a090eda2a9 Mon Sep 17 00:00:00 2001
From: Lukas Schauer <lukas@schauer.so>
Date: Tue, 25 Jun 2019 15:28:09 +0200
Subject: [PATCH] release 0.6.4 (fixed account id handling, again)

---
 CHANGELOG  |  4 ++++
 dehydrated | 17 ++++++++++-------
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 24017e34..f59cd048 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,10 @@
 # Change Log
 This file contains a log of major changes in dehydrated
 
+## [0.6.4] - 2019-06-25
+## Changed
+- Fetch account ID from Location header instead of account json
+
 ## [0.6.3] - 2019-06-25
 ## Changed
 - OCSP refresh interval is now configurable
diff --git a/dehydrated b/dehydrated
index d4a74f1b..52b2355d 100755
--- a/dehydrated
+++ b/dehydrated
@@ -17,7 +17,7 @@ umask 077 # paranoid umask, we're creating private keys
 exec 3>&-
 exec 4>&-
 
-VERSION="0.6.3"
+VERSION="0.6.4"
 
 # Find directory in which this script is stored by traversing all symbolic links
 SOURCE="${0}"
@@ -246,6 +246,7 @@ load_config() {
   [[ -f "${ACCOUNTDIR}/${CAHASH}/config" ]] && . "${ACCOUNTDIR}/${CAHASH}/config"
   ACCOUNT_KEY="${ACCOUNTDIR}/${CAHASH}/account_key.pem"
   ACCOUNT_KEY_JSON="${ACCOUNTDIR}/${CAHASH}/registration_info.json"
+  ACCOUNT_ID_JSON="${ACCOUNTDIR}/${CAHASH}/account_id.json"
 
   if [[ -f "${BASEDIR}/private_key.pem" ]] && [[ ! -f "${ACCOUNT_KEY}" ]]; then
     echo "! Moving private_key.pem to ${ACCOUNT_KEY}"
@@ -333,6 +334,7 @@ init_system() {
     echo "Using private key ${PARAM_ACCOUNT_KEY} instead of account key"
     ACCOUNT_KEY="${PARAM_ACCOUNT_KEY}"
     ACCOUNT_KEY_JSON="${PARAM_ACCOUNT_KEY}.json"
+    ACCOUNT_ID_JSON="${PARAM_ACCOUNT_KEY}_id.json"
     [ "${COMMAND:-}" = "register" ] && register_new_key="yes"
   else
     # Check if private account key exists, if it doesn't exist yet generate a new one (rsa key)
@@ -401,13 +403,14 @@ init_system() {
 
   # Read account information or request from CA if missing
   if [[ -e "${ACCOUNT_KEY_JSON}" ]]; then
-    if [[ -z "$(cat "${ACCOUNT_KEY_JSON}" | get_json_int_value id)" ]]; then
-      echo "+ Fetching account information..."
+    if [[ ! -e "${ACCOUNT_ID_JSON}" ]]; then
+      echo "+ Fetching account ID..."
       ACCOUNT_URL="$(signed_request "${CA_NEW_ACCOUNT}" '{"onlyReturnExisting": true}' 4>&1 | grep -i ^Location: | awk '{print $2}' | tr -d '\r\n')"
-      ACCOUNT_INFO="$(signed_request "${ACCOUNT_URL}" '{}')"
-      echo "${ACCOUNT_INFO}" > "${ACCOUNT_KEY_JSON}"
+      ACCOUNT_ID="${ACCOUNT_URL##*/}"
+      echo '{"id": "'"${ACCOUNT_ID}"'"}' > "${ACCOUNT_ID_JSON}"
+    else
+      ACCOUNT_ID="$(cat "${ACCOUNT_ID_JSON}" | get_json_string_value id)"
     fi
-    ACCOUNT_ID="$(cat "${ACCOUNT_KEY_JSON}" | get_json_int_value id)"
     if [[ -z "${ACCOUNT_ID}" ]]; then
       _exiterr "Unknown error on fetching account information"
     fi
@@ -1562,7 +1565,7 @@ command_help() {
 command_env() {
   echo "# dehydrated configuration"
   load_config
-  typeset -p CA CERTDIR ALPNCERTDIR CHALLENGETYPE DOMAINS_D DOMAINS_TXT HOOK HOOK_CHAIN RENEW_DAYS ACCOUNT_KEY ACCOUNT_KEY_JSON KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE
+  typeset -p CA CERTDIR ALPNCERTDIR CHALLENGETYPE DOMAINS_D DOMAINS_TXT HOOK HOOK_CHAIN RENEW_DAYS ACCOUNT_KEY ACCOUNT_KEY_JSON ACCOUNT_ID_JSON KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE
 }
 
 # Main method (parses script arguments and calls command_* methods)