Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4184 Commits
9 Branches
44 Tags
15 MiB
Tree: 017a10189c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '017a10189c'
${ noResults }
acme.sh/dnsapi/dns_oci.sh

242 lines
6.9 KiB
Raw Normal View History

Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>
4 years ago
  1. #!/usr/bin/env sh
  2. #
  3. # Acme.sh DNS API plugin for Oracle Cloud Infrastructure
  4. # Copyright (c) 2021, Oracle and/or its affiliates
  5. #
  6. # Required OCI CLI environment variables:
  7. # - OCI_CLI_TENANCY : OCID of tenancy that contains the target DNS zone
  8. # - OCI_CLI_USER : OCID of user with permission to add/remove records from zones
  9. # - OCI_CLI_REGION : Should point to the tenancy home region
  10. #
  11. # One of the following two variables is required:
  12. # - OCI_CLI_KEY_FILE: Path to private API signing key file in PEM format; or
  13. # - OCI_CLI_KEY : The private API signing key in PEM format
  14. #
  15. # NOTE: using an encrypted private key that needs a passphrase is not supported.
  16. #
  18. dns_oci_add() {
  19. _fqdn="$1"
  20. _rdata="$2"
  22. if _oci_config; then
  24. if [ "$_sub_domain" ] && [ "$_domain" ]; then
  25. _add_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"ttl\": 30,\"operation\":\"ADD\"}]}"
  26. response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_add_record_body")
  27. if [ "$response" ]; then
  28. _info "Success: added TXT record for ${_sub_domain}.${_domain}."
  29. else
  30. _err "Error: failed to add TXT record for ${_sub_domain}.${_domain}."
  31. return 1
  32. fi
  33. fi
  35. else
  36. return 1
  37. fi
  39. }
  41. dns_oci_rm() {
  42. _fqdn="$1"
  43. _rdata="$2"
  45. if _oci_config; then
  47. if [ "$_sub_domain" ] && [ "$_domain" ]; then
  48. _remove_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"operation\":\"REMOVE\"}]}"
  49. response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_remove_record_body")
  50. if [ "$response" ]; then
  51. _info "Success: removed TXT record for ${_sub_domain}.${_domain}."
  52. else
  53. _err "Error: failed to remove TXT record for ${_sub_domain}.${_domain}."
  54. return 1
  55. fi
  56. fi
  58. else
  59. return 1
  60. fi
  62. }
  64. #################### Private functions below ##################################
  65. _oci_config() {
  67. OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}"
  68. OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}"
  69. OCI_CLI_KEY="${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}"
  70. OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}"
  72. _not_set=""
  73. _ret=0
  75. if [ -z "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then
  76. _err "Fatal: you must provide a value for either OCI_CLI_KEY_FILE or OCI_CLI_KEY."
  77. return 1
  78. fi
  80. if [ "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then
  81. if [ -f "$OCI_CLI_KEY_FILE" ]; then
  82. OCI_CLI_KEY=$(_base64 <"$OCI_CLI_KEY_FILE")
  83. else
  84. _err "Fatal: unable to read $OCI_CLI_KEY_FILE."
  85. return 1
  86. fi
  87. fi
  89. if [ -z "$OCI_CLI_TENANCY" ]; then
  90. _not_set="${_not_set}OCI_CLI_TENANCY "
  91. fi
  93. if [ -z "$OCI_CLI_USER" ]; then
  94. _not_set="${_not_set}OCI_CLI_USER "
  95. fi
  97. if [ -z "$OCI_CLI_REGION" ]; then
  98. _not_set="${_not_set}OCI_CLI_REGION "
  99. fi
  101. if [ "$_not_set" ]; then
  102. _err "Fatal: required environment variable(s): ${_not_set} not set."
  103. _ret=1
  104. else
  105. _saveaccountconf_mutable OCI_CLI_TENANCY "$OCI_CLI_TENANCY"
  106. _saveaccountconf_mutable OCI_CLI_USER "$OCI_CLI_USER"
  107. _saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY"
  108. _saveaccountconf_mutable OCI_CLI_REGION "$OCI_CLI_REGION"
  109. fi
  111. if ! _contains "PRIVATE KEY" "$OCI_CLI_KEY"; then
  112. OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64 multiline)
  113. fi
  115. if ! _get_zone "$_fqdn"; then
  116. _err "Error: DNS Zone not found for $_fqdn."
  117. _ret=1
  118. fi
  120. return $_ret
  122. }
  124. # _get_zone(): retrieves the Zone name and OCID
  125. #
  126. # _sub_domain=_acme-challenge.www
  127. # _domain=domain.com
  128. # _domain_ociid=ocid1.dns-zone.oc1..
  129. _get_zone() {
  130. domain=$1
  131. i=1
  132. p=1
  134. while true; do
  135. h=$(printf "%s" "$domain" | cut -d . -f $i-100)
  136. _debug h "$h"
  137. if [ -z "$h" ]; then
  138. # not valid
  139. return 1
  140. fi
  142. _domain_id=$(_signed_request "GET" "/20180115/zones/$h" "" "id")
  143. if [ "$_domain_id" ]; then
  144. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
  145. _domain=$h
  147. _debug _domain_id "$_domain_id"
  148. _debug _sub_domain "$_sub_domain"
  149. _debug _domain "$_domain"
  150. return 0
  151. fi
  153. p=$i
  154. i=$(_math "$i" + 1)
  155. done
  156. return 1
  158. }
  160. #Usage: privatekey
  161. #Output MD5 fingerprint
  162. _fingerprint() {
  163. pkey="$1"
  164. if [ -z "$pkey" ]; then
  165. _usage "Usage: _fingerprint privkey"
  166. return 1
  167. fi
  169. printf "%s" "$pkey" | ${ACME_OPENSSL_BIN:-openssl} rsa -pubout -outform DER 2>/dev/null | ${ACME_OPENSSL_BIN:-openssl} md5 -c | cut -d = -f 2 | tr -d ' '
  171. }
  173. _signed_request() {
  175. _sig_method="$1"
  176. _sig_target="$2"
  177. _sig_body="$3"
  178. _return_field="$4"
  180. _key_fingerprint=$(_fingerprint "$OCI_CLI_KEY")
  181. _sig_host="dns.$OCI_CLI_REGION.oraclecloud.com"
  182. _sig_keyId="$OCI_CLI_TENANCY/$OCI_CLI_USER/$_key_fingerprint"
  183. _sig_alg="rsa-sha256"
  184. _sig_version="1"
  185. _sig_now="$(LC_ALL=C \date -u "+%a, %d %h %Y %H:%M:%S GMT")"
  187. _request_method=$(printf %s "$_sig_method" | _lower_case)
  188. _curl_method=$(printf %s "$_sig_method" | _upper_case)
  190. _request_target="(request-target): $_request_method $_sig_target"
  191. _date_header="date: $_sig_now"
  192. _host_header="host: $_sig_host"
  194. _string_to_sign="$_request_target\n$_date_header\n$_host_header"
  195. _sig_headers="(request-target) date host"
  197. if [ "$_sig_body" ]; then
  198. _secure_debug3 _sig_body "$_sig_body"
  199. _sig_body_sha256="x-content-sha256: $(printf %s "$_sig_body" | _digest sha256)"
  200. _sig_body_type="content-type: application/json"
  201. _sig_body_length="content-length: ${#_sig_body}"
  202. _string_to_sign="$_string_to_sign\n$_sig_body_sha256\n$_sig_body_type\n$_sig_body_length"
  203. _sig_headers="$_sig_headers x-content-sha256 content-type content-length"
  204. fi
  206. _tmp_file=$(_mktemp)
  207. if [ -f "$_tmp_file" ]; then
  208. printf '%s' "$OCI_CLI_KEY" >"$_tmp_file"
  209. _signature=$(printf '%b' "$_string_to_sign" | _sign "$_tmp_file" sha256 | tr -d '\r\n')
  210. rm -f "$_tmp_file"
  211. fi
  213. _signed_header="Authorization: Signature version=\"$_sig_version\",keyId=\"$_sig_keyId\",algorithm=\"$_sig_alg\",headers=\"$_sig_headers\",signature=\"$_signature\""
  214. _secure_debug3 _signed_header "$_signed_header"
  216. if [ "$_curl_method" = "GET" ]; then
  217. export _H1="$_date_header"
  218. export _H2="$_signed_header"
  219. _response="$(_get "https://${_sig_host}${_sig_target}")"
  220. elif [ "$_curl_method" = "PATCH" ]; then
  221. export _H1="$_date_header"
  222. export _H2="$_sig_body_sha256"
  223. export _H3="$_sig_body_type"
  224. export _H4="$_sig_body_length"
  225. export _H5="$_signed_header"
  226. _response="$(_post "$_sig_body" "https://${_sig_host}${_sig_target}" "" "PATCH")"
  227. else
  228. _err "Unable to process method: $_curl_method."
  229. fi
  231. _ret="$?"
  232. if [ "$_return_field" ]; then
  233. _response="$(echo "$_response" | sed 's/\\\"//g'))"
  234. _return=$(echo "${_response}" | _egrep_o "\"$_return_field\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"")
  235. else
  236. _return="$_response"
  237. fi
  239. printf "%s" "$_return"
  240. return $_ret
  242. }