From 42ed4fe2dec9bb00a8191092c208e34f94254fb0 Mon Sep 17 00:00:00 2001
From: Massimiliano Adamo <maxadamo@gmail.com>
Date: Tue, 21 Sep 2021 22:11:00 +0200
Subject: [PATCH] fixing wildcard certificates

---
 acme-downloader.sh | 11 ++++++++---
 main.go            | 26 ++++++++++++++++++--------
 2 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/acme-downloader.sh b/acme-downloader.sh
index bb303dc..38190ab 100755
--- a/acme-downloader.sh
+++ b/acme-downloader.sh
@@ -190,10 +190,15 @@ if [[ $TYPE != "EV" ]] && [[ $TYPE != "OV" ]]; then
     echo "type must be either EV, ev, OV, ov"
     usage
 fi
+if [[ -z $WILDCARD ]]; then
+    $MODIFIED_CERT_NAME = "wildcard_${CERT_NAME}"
+else
+    $MODIFIED_CERT_NAME = $CERT_NAME
+fi
 [[ -z $DAYS ]] && DAYS=30
-[[ -z $CERT_DESTINATION ]] && CERT_DESTINATION="${CERT_BASE}/${CERT_NAME}.crt"
-[[ -z $FULLCHAIN_DESTINATION ]] && FULLCHAIN_DESTINATION="${CERT_BASE}/${CERT_NAME}_fullchain.crt"
-[[ -z $KEY_DESTINATION ]] && KEY_DESTINATION="${KEY_BASE}/${CERT_NAME}.key"
+[[ -z $CERT_DESTINATION ]] && CERT_DESTINATION="${CERT_BASE}/${MODIFIED_CERT_NAME}.crt"
+[[ -z $FULLCHAIN_DESTINATION ]] && FULLCHAIN_DESTINATION="${CERT_BASE}/${MODIFIED_CERT_NAME}_fullchain.crt"
+[[ -z $KEY_DESTINATION ]] && KEY_DESTINATION="${KEY_BASE}/${MODIFIED_CERT_NAME}.key"
 [[ -z $CA_DESTINATION ]] && CA_DESTINATION="${CERT_BASE}/COMODO_${TYPE}.crt"
 
 UNDERSCORED_CERT_NAME=$(echo $CERT_NAME | sed -e 's,\.,_,g')
diff --git a/main.go b/main.go
index 57e8103..dfce8d0 100644
--- a/main.go
+++ b/main.go
@@ -48,6 +48,7 @@ var (
 	RedisCertURL              string
 	RedisCAURL                string
 	RedisFullChainURL         string
+	modifiedCertName          string
 	certificateDestination    string
 	fullchainDestination      string
 	keyDestination            string
@@ -504,11 +505,20 @@ Options:
 	RedisBaseURL = "https://redis.geant.org/GET"
 	VaultBaseURL = "https://vault.geant.org/v1"
 	if arguments["--wildcard"] == true {
-		VaultURL = fmt.Sprintf("%v/%v/common/vault_sectigo_ov_wildcard_%v_key", VaultBaseURL, TeamName, CertNameUnderscored)
-		RedisCertURL = fmt.Sprintf("%v/%v:common:redis_sectigo_ov_%v_pem.txt", RedisBaseURL, TeamName, CertNameUnderscored)
-		RedisCAURL = fmt.Sprintf("%v/%v:common:redis_sectigo_ov_%v_chain_pem.txt", RedisBaseURL, TeamName, CertNameUnderscored)
-		RedisFullChainURL = fmt.Sprintf("%v/%v:common:redis_sectigo_ov_%v_fullchain_pem.txt", RedisBaseURL, TeamName, CertNameUnderscored)
+		modifiedCertName = fmt.Sprintf("wildcard_%v", CertName)
+		if TeamName == "puppet" {
+			VaultURL = fmt.Sprintf("%v/%v/common/vault_sectigo_ov_wildcard_%v_key", VaultBaseURL, TeamName, CertNameUnderscored)
+			RedisCertURL = fmt.Sprintf("%v/%v:common:redis_sectigo_ov_%v_pem.txt", RedisBaseURL, TeamName, CertNameUnderscored)
+			RedisCAURL = fmt.Sprintf("%v/%v:common:redis_sectigo_ov_%v_chain_pem.txt", RedisBaseURL, TeamName, CertNameUnderscored)
+			RedisFullChainURL = fmt.Sprintf("%v/%v:common:redis_sectigo_ov_%v_fullchain_pem.txt", RedisBaseURL, TeamName, CertNameUnderscored)
+		} else {
+			VaultURL = fmt.Sprintf("%v/%v/%v/vault_sectigo_ov_wildcard_%v_key", VaultBaseURL, TeamName, CertName, CertNameUnderscored)
+			RedisCertURL = fmt.Sprintf("%v/%v:%v:redis_sectigo_ov_%v_pem.txt", RedisBaseURL, TeamName, CertName, CertNameUnderscored)
+			RedisCAURL = fmt.Sprintf("%v/%v:%v:redis_sectigo_ov_%v_chain_pem.txt", RedisBaseURL, TeamName, CertName, CertNameUnderscored)
+			RedisFullChainURL = fmt.Sprintf("%v/%v:%v:redis_sectigo_ov_%v_fullchain_pem.txt", RedisBaseURL, TeamName, CertName, CertNameUnderscored)
+		}
 	} else {
+		modifiedCertName = fmt.Sprintf(CertName)
 		VaultURL = fmt.Sprintf("%v/%v/%v/vault_%v_key", VaultBaseURL, TeamName, CertName, CertNameUnderscored)
 		RedisCertURL = fmt.Sprintf("%v/%v:%v:redis_%v_pem.txt", RedisBaseURL, TeamName, CertName, CertNameUnderscored)
 		RedisCAURL = fmt.Sprintf("%v/%v:%v:redis_%v_chain_pem.txt", RedisBaseURL, TeamName, CertName, CertNameUnderscored)
@@ -516,12 +526,12 @@ Options:
 	}
 
 	if arguments["--cert-destination"] == fmt.Sprintf(filepath.Join(CertBase, "<cert-name>.crt")) {
-		certificateDestination = fmt.Sprintf(filepath.Join(CertBase, fmt.Sprintf("%v.crt", CertName)))
+		certificateDestination = fmt.Sprintf(filepath.Join(CertBase, fmt.Sprintf("%v.crt", modifiedCertName)))
 	} else {
 		certificateDestination = arguments["--cert-destination"].(string)
 	}
 	if arguments["--fullchain-destination"] == fmt.Sprintf(filepath.Join(CertBase, "<cert-name>_fullchain.crt")) {
-		fullchainDestination = fmt.Sprintf(filepath.Join(CertBase, fmt.Sprintf("%v_fullchain.crt", CertName)))
+		fullchainDestination = fmt.Sprintf(filepath.Join(CertBase, fmt.Sprintf("%v_fullchain.crt", modifiedCertName)))
 	} else {
 		fullchainDestination = arguments["--fullchain-destination"].(string)
 	}
@@ -531,7 +541,7 @@ Options:
 		caDestination = arguments["--ca-destination"].(string)
 	}
 	if arguments["--key-destination"] == fmt.Sprintf(filepath.Join(KeyBase, "<cert-name>.key")) {
-		keyDestination = fmt.Sprintf(filepath.Join(KeyBase, fmt.Sprintf("%v.key", CertName)))
+		keyDestination = fmt.Sprintf(filepath.Join(KeyBase, fmt.Sprintf("%v.key", modifiedCertName)))
 	} else {
 		keyDestination = arguments["--key-destination"].(string)
 	}
@@ -564,7 +574,7 @@ Options:
 	moveFile(tmpKeyDestination, keyDestination, GroupID, 0640, 0750)
 
 	// Exit 64: if we are here it means that the certificate was replaced
-	//  and the application can be reloaded to make use of the new certificate
+	//   and the application can be reloaded to make use of the new certificate
 	appExit(64)
 
 }
-- 
GitLab