Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2277 Commits
9 Branches
44 Tags
15 MiB
Tree: 2e74df2583
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2e74df2583'
${ noResults }
acme.sh/dnsapi/dns_conoha.sh

255 lines
7.9 KiB
Raw Normal View History

Add support ConoHa DNS API
7 years ago
  1. #!/usr/bin/env sh
  3. CONOHA_DNS_EP_PREFIX_REGEXP="https://dns-service\."
  5. ######## Public functions #####################
  7. #Usage: dns_conoha_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  8. dns_conoha_add() {
  9. fulldomain=$1
  10. txtvalue=$2
  11. _info "Using conoha"
  12. _debug fulldomain "$fulldomain"
  13. _debug txtvalue "$txtvalue"
  15. _debug "Check uesrname and password"
  16. CONOHA_Username="${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}"
  17. CONOHA_Password="${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}"
  18. CONOHA_TenantId="${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}"
  19. CONOHA_IdentityServiceApi="${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}"
  20. if [ -z "$CONOHA_Username" ] || [ -z "$CONOHA_Password" ] || [ -z "$CONOHA_TenantId" ] || [ -z "$CONOHA_IdentityServiceApi" ]; then
  21. CONOHA_Username=""
  22. CONOHA_Password=""
  23. CONOHA_TenantId=""
  24. CONOHA_IdentityServiceApi=""
  25. _err "You didn't specify a conoha api username and password yet."
  26. _err "Please create the user and try again."
  27. return 1
  28. fi
  30. _saveaccountconf_mutable CONOHA_Username "$CONOHA_Username"
  31. _saveaccountconf_mutable CONOHA_Password "$CONOHA_Password"
  32. _saveaccountconf_mutable CONOHA_TenantId "$CONOHA_TenantId"
  33. _saveaccountconf_mutable CONOHA_IdentityServiceApi "$CONOHA_IdentityServiceApi"
  35. if set -- $(_conoha_get_accesstoken "$CONOHA_IdentityServiceApi/tokens" "$CONOHA_Username" "$CONOHA_Password" "$CONOHA_TenantId"); then
  36. accesstoken=$1
  37. CONOHA_Api=$2
  38. else
  39. return 1
  40. fi
  41. #return 1 #XXX
  43. _debug "First detect the root zone"
  44. if ! _get_root "$fulldomain" "$CONOHA_Api" "$accesstoken"; then
  45. _err "invalid domain"
  46. return 1
  47. fi
  48. _debug _domain_id "$_domain_id"
  49. _debug _sub_domain "$_sub_domain"
  50. _debug _domain "$_domain"
  51. #return 1 #XXX
  53. _info "Adding record"
  54. body="{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"data\":\"$txtvalue\",\"ttl\":60}"
  55. if _conoha_rest POST "$CONOHA_Api/v1/domains/$_domain_id/records" "$body" "$accesstoken"; then
  56. if _contains "$response" '"data":"'"$txtvalue"'"'; then
  57. _info "Added, OK"
  58. return 0
  59. else
  60. _err "Add txt record error."
  61. return 1
  62. fi
  63. fi
  65. _err "Add txt record error."
  66. return 1
  67. }
  69. #Usage: fulldomain txtvalue
  70. #Remove the txt record after validation.
  71. dns_conoha_rm() {
  72. fulldomain=$1
  73. txtvalue=$2
  74. _info "Using conoha"
  75. _debug fulldomain "$fulldomain"
  76. _debug txtvalue "$txtvalue"
  78. _debug "Check uesrname and password"
  79. CONOHA_Username="${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}"
  80. CONOHA_Password="${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}"
  81. CONOHA_TenantId="${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}"
  82. CONOHA_IdentityServiceApi="${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}"
  83. if [ -z "$CONOHA_Username" ] || [ -z "$CONOHA_Password" ] || [ -z "$CONOHA_TenantId" ] || [ -z "$CONOHA_IdentityServiceApi" ]; then
  84. CONOHA_Username=""
  85. CONOHA_Password=""
  86. CONOHA_TenantId=""
  87. CONOHA_IdentityServiceApi=""
  88. _err "You didn't specify a conoha api username and password yet."
  89. _err "Please create the user and try again."
  90. return 1
  91. fi
  93. _saveaccountconf_mutable CONOHA_Username "$CONOHA_Username"
  94. _saveaccountconf_mutable CONOHA_Password "$CONOHA_Password"
  95. _saveaccountconf_mutable CONOHA_TenantId "$CONOHA_TenantId"
  96. _saveaccountconf_mutable CONOHA_IdentityServiceApi "$CONOHA_IdentityServiceApi"
  98. if set -- $(_conoha_get_accesstoken "$CONOHA_IdentityServiceApi/tokens" "$CONOHA_Username" "$CONOHA_Password" "$CONOHA_TenantId"); then
  99. accesstoken=$1
  100. CONOHA_Api=$2
  101. else
  102. return 1
  103. fi
  105. _debug "First detect the root zone"
  106. if ! _get_root "$fulldomain" "$CONOHA_Api" "$accesstoken"; then
  107. _err "invalid domain"
  108. return 1
  109. fi
  110. _debug _domain_id "$_domain_id"
  111. _debug _sub_domain "$_sub_domain"
  112. _debug _domain "$_domain"
  114. _debug "Getting txt records"
  115. if ! _conoha_rest GET "$CONOHA_Api/v1/domains/$_domain_id/records" "" "$accesstoken"; then
  116. _err "Error"
  117. return 1
  118. fi
  120. record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' |
  121. grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" |
  122. _head_n 1 | cut -d : -f 2 | tr -d \")
  123. if [ -z "$record_id" ]; then
  124. _err "Can not get record id to remove."
  125. return 1
  126. fi
  127. _debug record_id "$record_id"
  129. _info "Removing the txt record"
  130. if ! _conoha_rest DELETE "$CONOHA_Api/v1/domains/$_domain_id/records/$record_id" "" "$accesstoken"; then
  131. _err "Delete record error."
  132. return 1
  133. fi
  135. return 0
  136. }
  138. #################### Private functions below ##################################
  140. _conoha_rest() {
  141. m="$1"
  142. ep="$2"
  143. data="$3"
  144. accesstoken="$4"
  146. export _H1="Accept: application/json"
  147. export _H2="Content-Type: application/json"
  148. if [ -n "$accesstoken" ]; then
  149. export _H3="X-Auth-Token: $accesstoken"
  150. fi
  152. _debug "$ep"
  153. if [ "$m" != "GET" ]; then
  154. _secure_debug2 data "$data"
  155. response="$(_post "$data" "$ep" "" "$m")"
  156. else
  157. response="$(_get "$ep")"
  158. fi
  159. _ret="$?"
  160. _secure_debug2 response "$response"
  161. if [ "$_ret" != "0" ]; then
  162. _err "error $ep"
  163. return 1
  164. fi
  166. response="$(printf "%s" "$response" | _normalizeJson)"
  167. return 0
  168. }
  170. _conoha_get_accesstoken() {
  171. ep="$1"
  172. username="$2"
  173. password="$3"
  174. tenantId="$4"
  176. accesstoken="$(_readaccountconf_mutable conoha_accesstoken)"
  177. expires="$(_readaccountconf_mutable conoha_tokenvalidto)"
  178. CONOHA_Api="$(_readaccountconf_mutable conoha_dns_ep)"
  180. # can we reuse the access token?
  181. if [ -n "$accesstoken" ] && [ -n "$expires" ] && [ -n "$CONOHA_Api" ]; then
  182. utc_date="$(_utc_date | sed "s/ /T/")"
  183. if expr "$utc_date" "<" "$expires" >/dev/null; then
  184. # access token is still valid - reuse it
  185. _debug "reusing access token"
  186. printf "%s\n%s" "$accesstoken" "$CONOHA_Api"
  187. return 0
  188. else
  189. _debug "access token expired"
  190. fi
  191. fi
  192. _debug "getting new access token"
  194. body="$(printf '{"auth":{"passwordCredentials":{"username":"%s","password":"%s"},"tenantId":"%s"}}' "$username" "$password" "$tenantId")"
  195. if ! _conoha_rest POST "$ep" "$body" ""; then
  196. _err error "$response"
  197. return 1
  198. fi
  199. accesstoken=$(printf "%s" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
  200. expires=$(printf "%s" "$response" | _egrep_o "\"expires\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2-4 | tr -d \" | tr -d Z) #expect UTC
  201. if [ -z "$accesstoken" ] || [ -z "$expires" ]; then
  202. _err "no acccess token received. Check your Conoha settings see $WIKI"
  203. return 1
  204. fi
  205. _saveaccountconf_mutable conoha_accesstoken "$accesstoken"
  206. _saveaccountconf_mutable conoha_tokenvalidto "$expires"
  208. CONOHA_Api=$(printf "%s" "$response" | _egrep_o 'publicURL":"'"$CONOHA_DNS_EP_PREFIX_REGEXP"'[^"]*"' | _head_n 1 | cut -d : -f 2-3 | tr -d \")
  209. if [ -z "$CONOHA_Api" ]; then
  210. _err "failed to get conoha dns endpoint url"
  211. return 1
  212. fi
  213. _saveaccountconf_mutable conoha_dns_ep "$CONOHA_Api"
  215. printf "%s\n%s" "$accesstoken" "$CONOHA_Api"
  216. return 0
  217. }
  219. #_acme-challenge.www.domain.com
  220. #returns
  221. # _sub_domain=_acme-challenge.www
  222. # _domain=domain.com
  223. # _domain_id=sdjkglgdfewsdfg
  224. _get_root() {
  225. domain="$1"
  226. ep="$2"
  227. accesstoken="$3"
  228. i=2
  229. p=1
  230. while true; do
  231. h=$(printf "%s" "$domain" | cut -d . -f $i-100).
  232. _debug h "$h"
  233. if [ -z "$h" ]; then
  234. #not valid
  235. return 1
  236. fi
  238. if ! _conoha_rest GET "$ep/v1/domains?name=$h" "" "$accesstoken"; then
  239. return 1
  240. fi
  242. if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
  243. _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
  244. if [ "$_domain_id" ]; then
  245. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
  246. _domain=$h
  247. return 0
  248. fi
  249. return 1
  250. fi
  251. p=$i
  252. i=$(_math "$i" + 1)
  253. done
  254. return 1
  255. }