Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5456 Commits
8 Branches
43 Tags
26 MiB
Tree: 0a37489182
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0a37489182'
${ noResults }
acme.sh/deploy/tencent_ssl.sh

154 lines
5.0 KiB
Raw Normal View History

feat(deploy): add tencent_ssl
7 months ago
  1. #!/usr/bin/env sh
  3. #export DEPLOY_TENCENT_SSL_SECRET_ID="AKIDz81d2cd22cdcdc2dcd1cc1d1A"
  4. #export DEPLOY_TENCENT_SSL_SECRET_KEY="Gu5t9abcabcaabcbabcbbbcbcbbccbbcb"
  6. tencent_ssl_deploy() {
  7. _cdomain="$1"
  8. _ckey="$2"
  9. _cfullchain="$5"
  11. _debug _cdomain "$_cdomain"
  12. _debug _ckey "$_ckey"
  13. _debug _cfullchain "$_cfullchain"
  15. _getdeployconf DEPLOY_TENCENT_SSL_SECRET_ID
  16. _getdeployconf DEPLOY_TENCENT_SSL_SECRET_KEY
  17. if [ -z "${DEPLOY_TENCENT_SSL_SECRET_ID}" ]; then
  18. _err "Please define DEPLOY_TENCENT_SSL_SECRET_ID."
  19. return 1
  20. fi
  21. if [ -z "${DEPLOY_TENCENT_SSL_SECRET_KEY}" ]; then
  22. _err "Please define DEPLOY_TENCENT_SSL_SECRET_KEY."
  23. return 1
  24. fi
  25. _savedeployconf DEPLOY_TENCENT_SSL_SECRET_ID "$DEPLOY_TENCENT_SSL_SECRET_ID"
  26. _savedeployconf DEPLOY_TENCENT_SSL_SECRET_KEY "$DEPLOY_TENCENT_SSL_SECRET_KEY"
  28. # https://cloud.tencent.com/document/api/400/41665
  29. _payload="{\"CertificatePublicKey\":\"$(_json_encode <"$_cfullchain")\",\"CertificatePrivateKey\":\"$(_json_encode <"$_ckey")\",\"Alias\":\"acme.sh $_cdomain\"}"
  30. if ! cert_id="$(tencent_api_request_ssl "UploadCertificate" "$_payload" "CertificateId")"; then
  31. return 1
  32. fi
  33. _debug cert_id "$cert_id"
  35. _getdeployconf DEPLOY_TENCENT_SSL_CURRENT_CERTIFICATE_ID
  36. old_cert_id="$DEPLOY_TENCENT_SSL_CURRENT_CERTIFICATE_ID"
  37. # https://cloud.tencent.com/document/api/400/91649
  38. # NOTE: no new cert id returned from UpdateCertificateInstance+cert_data
  39. # so it's necessary to upload cert first then UpdateCertificateInstance+new_cert_id
  40. if [ -n "${old_cert_id}" ]; then
  41. _payload="{\"OldCertificateId\":\"$old_cert_id\",\"CertificateId\":\"$cert_id\",\"ResourceTypes\":[\"clb\",\"cdn\",\"waf\",\"live\",\"ddos\",\"teo\",\"apigateway\",\"vod\",\"tke\",\"tcb\",\"tse\"]}"
  42. if ! tencent_api_request_ssl "UpdateCertificateInstance" "$_payload" "RequestId"; then
  43. return 1
  44. fi
  45. _payload="{\"CertificateId\":\"$old_cert_id\"}"
  46. if ! tencent_api_request_ssl "DeleteCertificate" "$_payload" "RequestId"; then
  47. _err "Can not delete old certificate: $old_cert_id"
  48. # NOTE: non-exist old cert id will not break from UpdateCertificateInstance
  49. # break it here
  50. return 1
  51. fi
  52. fi
  53. _savedeployconf DEPLOY_TENCENT_SSL_CURRENT_CERTIFICATE_ID "$cert_id"
  55. return 0
  56. }
  58. tencent_api_request_ssl() {
  59. action=$1
  60. payload=$2
  61. response_field=$3
  63. if ! response="$(tencent_api_request "ssl" "2019-12-05" "$action" "$payload")"; then
  64. _err "Error <$1>"
  65. return 1
  66. fi
  68. err_message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")"
  69. if [ "$err_message" ]; then
  70. _err "$err_message"
  71. return 1
  72. fi
  74. _debug response "$response"
  76. value="$(echo "$response" | _egrep_o "\"$response_field\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")"
  77. if [ -z "$value" ]; then
  78. _err "$response_field not found"
  79. return 1
  80. fi
  81. echo "$value"
  82. }
  84. # shell client for tencent cloud api v3 | @author: rehiy
  85. # copy from dns_tencent.sh
  86. tencent_sha256() {
  87. printf %b "$@" | _digest sha256 hex
  88. }
  90. tencent_hmac_sha256() {
  91. k=$1
  92. shift
  93. hex_key=$(printf %b "$k" | _hex_dump | tr -d ' ')
  94. printf %b "$@" | _hmac sha256 "$hex_key" hex
  95. }
  97. tencent_hmac_sha256_hexkey() {
  98. k=$1
  99. shift
  100. printf %b "$@" | _hmac sha256 "$k" hex
  101. }
  103. tencent_signature_v3() {
  104. service=$1
  105. action=$(echo "$2" | _lower_case)
  106. payload=${3:-'{}'}
  107. timestamp=${4:-$(date +%s)}
  109. domain="$service.tencentcloudapi.com"
  110. secretId="$DEPLOY_TENCENT_SSL_SECRET_ID"
  111. secretKey="$DEPLOY_TENCENT_SSL_SECRET_KEY"
  113. algorithm='TC3-HMAC-SHA256'
  114. date=$(date -u -d "@$timestamp" +%Y-%m-%d 2>/dev/null)
  115. [ -z "$date" ] && date=$(date -u -r "$timestamp" +%Y-%m-%d)
  117. canonicalUri='/'
  118. canonicalQuery=''
  119. canonicalHeaders="content-type:application/json\nhost:$domain\nx-tc-action:$action\n"
  120. _debug2 payload "$payload"
  122. signedHeaders='content-type;host;x-tc-action'
  123. canonicalRequest="POST\n$canonicalUri\n$canonicalQuery\n$canonicalHeaders\n$signedHeaders\n$(printf %s "$payload" | _digest sha256 hex)"
  124. _debug2 canonicalRequest "$canonicalRequest"
  126. credentialScope="$date/$service/tc3_request"
  127. stringToSign="$algorithm\n$timestamp\n$credentialScope\n$(tencent_sha256 "$canonicalRequest")"
  128. _debug2 stringToSign "$stringToSign"
  130. secretDate=$(tencent_hmac_sha256 "TC3$secretKey" "$date")
  131. secretService=$(tencent_hmac_sha256_hexkey "$secretDate" "$service")
  132. secretSigning=$(tencent_hmac_sha256_hexkey "$secretService" 'tc3_request')
  133. signature=$(tencent_hmac_sha256_hexkey "$secretSigning" "$stringToSign")
  135. echo "$algorithm Credential=$secretId/$credentialScope, SignedHeaders=$signedHeaders, Signature=$signature"
  136. }
  138. tencent_api_request() {
  139. service=$1
  140. version=$2
  141. action=$3
  142. payload=${4:-'{}'}
  143. timestamp=${5:-$(date +%s)}
  145. token=$(tencent_signature_v3 "$service" "$action" "$payload" "$timestamp")
  147. _H1="Authorization: $token"
  148. _H2="X-TC-Version: $version"
  149. _H3="X-TC-Timestamp: $timestamp"
  150. _H4="X-TC-Action: $action"
  151. _H5="X-TC-Language: en-US"
  153. _post "$payload" "https://$service.tencentcloudapi.com" "" "POST" "application/json"
  154. }