From 1530abbd1aacf5877a7317f24f60d8fab96d9735 Mon Sep 17 00:00:00 2001
From: Jan-Philipp Benecke <jpb@cleverreach.com>
Date: Fri, 26 Mar 2021 15:37:12 +0100
Subject: [PATCH 1/3] Make uploading cert to subaccount possible

---
 deploy/cleverreach.sh | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/deploy/cleverreach.sh b/deploy/cleverreach.sh
index 552d8149..10670f34 100644
--- a/deploy/cleverreach.sh
+++ b/deploy/cleverreach.sh
@@ -25,6 +25,7 @@ cleverreach_deploy() {
 
   _getdeployconf DEPLOY_CLEVERREACH_CLIENT_ID
   _getdeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET
+  _getdeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID
 
   if [ -z "${DEPLOY_CLEVERREACH_CLIENT_ID}" ]; then
     _err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID."
@@ -37,6 +38,7 @@ cleverreach_deploy() {
 
   _savedeployconf DEPLOY_CLEVERREACH_CLIENT_ID "${DEPLOY_CLEVERREACH_CLIENT_ID}"
   _savedeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${DEPLOY_CLEVERREACH_CLIENT_SECRET}"
+  _savedeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
 
   _info "Obtaining a CleverReach access token"
 
@@ -50,14 +52,26 @@ cleverreach_deploy() {
   _debug _regex "$_regex"
   _access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p")
 
+  if ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}; then
+    _info "Obtaining token for sub-client"
+    export _H1="Authorization: Bearer ${_access_token}"
+    _subclient_token_result="$(_get "https://rest.cleverreach.com/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID}/token")"
+    _access_token=$(echo "$_subclient_token_result" | _json_decode | sed -n "s/$_regex/\1/p")
+
+    _debug "Destroying parent token at CleverReach"
+    _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json"
+  fi
+
   _info "Uploading certificate and key to CleverReach"
 
   _certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}"
   export _H1="Authorization: Bearer ${_access_token}"
   _add_cert_result="$(_post "$_certData" "https://rest.cleverreach.com/v3/ssl" "" "POST" "application/json")"
 
-  _debug "Destroying token at CleverReach"
-  _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json"
+  if ! ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}; then
+    _debug "Destroying token at CleverReach"
+    _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json"
+  fi
 
   if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then
     _info "Uploaded certificate successfully"

From d853a9ebbed913d752faceb86be29edaf82806a0 Mon Sep 17 00:00:00 2001
From: Jan-Philipp Benecke <jpb@cleverreach.com>
Date: Tue, 30 Mar 2021 09:13:32 +0200
Subject: [PATCH 2/3] Make uploading cert to subaccount possible

---
 deploy/cleverreach.sh | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/deploy/cleverreach.sh b/deploy/cleverreach.sh
index 10670f34..03fccc74 100644
--- a/deploy/cleverreach.sh
+++ b/deploy/cleverreach.sh
@@ -17,6 +17,8 @@ cleverreach_deploy() {
   _cca="$4"
   _cfullchain="$5"
 
+  _rest_endpoint="https://rest.cleverreach.com"
+
   _debug _cdomain "$_cdomain"
   _debug _ckey "$_ckey"
   _debug _ccert "$_ccert"
@@ -43,7 +45,7 @@ cleverreach_deploy() {
   _info "Obtaining a CleverReach access token"
 
   _data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${DEPLOY_CLEVERREACH_CLIENT_ID}\", \"client_secret\": \"${DEPLOY_CLEVERREACH_CLIENT_SECRET}\"}"
-  _auth_result="$(_post "$_data" "https://rest.cleverreach.com/oauth/token.php" "" "POST" "application/json")"
+  _auth_result="$(_post "$_data" "$_rest_endpoint/oauth/token.php" "" "POST" "application/json")"
 
   _debug _data "$_data"
   _debug _auth_result "$_auth_result"
@@ -52,25 +54,31 @@ cleverreach_deploy() {
   _debug _regex "$_regex"
   _access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p")
 
-  if ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}; then
-    _info "Obtaining token for sub-client"
-    export _H1="Authorization: Bearer ${_access_token}"
-    _subclient_token_result="$(_get "https://rest.cleverreach.com/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID}/token")"
-    _access_token=$(echo "$_subclient_token_result" | _json_decode | sed -n "s/$_regex/\1/p")
+  _debug _subclient "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
 
-    _debug "Destroying parent token at CleverReach"
-    _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json"
+  if ! [ -z "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then
+    _info "Obtaining token for sub-client ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
+    export _H1="Authorization: Bearer ${_access_token}"
+    _subclient_token_result="$(_get "$_rest_endpoint/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID/token")"
+    _access_token=$(echo "$_subclient_token_result" | sed -n "s/\"//p")
+
+    _debug _subclient_token_result "$_access_token"
+
+    _info "Destroying parent token at CleverReach, as it not needed anymore"
+    _destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")"
+    _debug _destroy_result "$_destroy_result"
   fi
 
   _info "Uploading certificate and key to CleverReach"
 
   _certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}"
   export _H1="Authorization: Bearer ${_access_token}"
-  _add_cert_result="$(_post "$_certData" "https://rest.cleverreach.com/v3/ssl" "" "POST" "application/json")"
+  _add_cert_result="$(_post "$_certData" "$_rest_endpoint/v3/ssl" "" "POST" "application/json")"
 
-  if ! ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}; then
-    _debug "Destroying token at CleverReach"
-    _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json"
+  if [ -z "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then
+    _info "Destroying token at CleverReach, as it not needed anymore"
+    _destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")"
+    _debug _destroy_result "$_destroy_result"
   fi
 
   if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then

From 2867ec509efae5136bf9cb4572bfd46eb7eba7fa Mon Sep 17 00:00:00 2001
From: Jan-Philipp Benecke <jpb@cleverreach.com>
Date: Tue, 30 Mar 2021 09:18:33 +0200
Subject: [PATCH 3/3] Make CI happy

---
 deploy/cleverreach.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/cleverreach.sh b/deploy/cleverreach.sh
index 03fccc74..a460a139 100644
--- a/deploy/cleverreach.sh
+++ b/deploy/cleverreach.sh
@@ -56,7 +56,7 @@ cleverreach_deploy() {
 
   _debug _subclient "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
 
-  if ! [ -z "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then
+  if [ -n "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then
     _info "Obtaining token for sub-client ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
     export _H1="Authorization: Bearer ${_access_token}"
     _subclient_token_result="$(_get "$_rest_endpoint/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID/token")"