You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

291 lines
8.4 KiB

3 months ago
3 months ago
  1. #!/usr/bin/env sh
  2. # shellcheck disable=SC2034
  3. dns_jd_info='jdcloud.com
  4. Site: jdcloud.com
  5. Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_jd
  6. Options:
  7. JD_ACCESS_KEY_ID Access key ID
  8. JD_ACCESS_KEY_SECRET Access key secret
  9. JD_REGION Region. E.g. "cn-north-1"
  10. Issues: github.com/acmesh-official/acme.sh/issues/2388
  11. '
  12. _JD_ACCOUNT="https://uc.jdcloud.com/account/accesskey"
  13. _JD_PROD="clouddnsservice"
  14. _JD_API="jdcloud-api.com"
  15. _JD_API_VERSION="v1"
  16. _JD_DEFAULT_REGION="cn-north-1"
  17. _JD_HOST="$_JD_PROD.$_JD_API"
  18. ######## Public functions #####################
  19. #Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  20. dns_jd_add() {
  21. fulldomain=$1
  22. txtvalue=$2
  23. JD_ACCESS_KEY_ID="${JD_ACCESS_KEY_ID:-$(_readaccountconf_mutable JD_ACCESS_KEY_ID)}"
  24. JD_ACCESS_KEY_SECRET="${JD_ACCESS_KEY_SECRET:-$(_readaccountconf_mutable JD_ACCESS_KEY_SECRET)}"
  25. JD_REGION="${JD_REGION:-$(_readaccountconf_mutable JD_REGION)}"
  26. if [ -z "$JD_ACCESS_KEY_ID" ] || [ -z "$JD_ACCESS_KEY_SECRET" ]; then
  27. JD_ACCESS_KEY_ID=""
  28. JD_ACCESS_KEY_SECRET=""
  29. _err "You haven't specifed the jdcloud api key id or api key secret yet."
  30. _err "Please create your key and try again. see $(__green $_JD_ACCOUNT)"
  31. return 1
  32. fi
  33. _saveaccountconf_mutable JD_ACCESS_KEY_ID "$JD_ACCESS_KEY_ID"
  34. _saveaccountconf_mutable JD_ACCESS_KEY_SECRET "$JD_ACCESS_KEY_SECRET"
  35. if [ -z "$JD_REGION" ]; then
  36. _debug "Using default region: $_JD_DEFAULT_REGION"
  37. JD_REGION="$_JD_DEFAULT_REGION"
  38. else
  39. _saveaccountconf_mutable JD_REGION "$JD_REGION"
  40. fi
  41. _JD_BASE_URI="$_JD_API_VERSION/regions/$JD_REGION"
  42. _debug "First detect the root zone"
  43. if ! _get_root "$fulldomain"; then
  44. _err "invalid domain"
  45. return 1
  46. fi
  47. _debug _domain_id "$_domain_id"
  48. _debug _sub_domain "$_sub_domain"
  49. _debug _domain "$_domain"
  50. #_debug "Getting getViewTree"
  51. _debug "Adding records"
  52. _addrr="{\"req\":{\"hostRecord\":\"$_sub_domain\",\"hostValue\":\"$txtvalue\",\"ttl\":300,\"type\":\"TXT\",\"viewValue\":-1},\"regionId\":\"$JD_REGION\",\"domainId\":\"$_domain_id\"}"
  53. #_addrr='{"req":{"hostRecord":"xx","hostValue":"\"value4\"","jcloudRes":false,"mxPriority":null,"port":null,"ttl":300,"type":"TXT","weight":null,"viewValue":-1},"regionId":"cn-north-1","domainId":"8824"}'
  54. if jd_rest POST "domain/$_domain_id/RRAdd" "" "$_addrr"; then
  55. _rid="$(echo "$response" | tr '{},' '\n' | grep '"id":' | cut -d : -f 2)"
  56. if [ -z "$_rid" ]; then
  57. _err "Can not find record id from the result."
  58. return 1
  59. fi
  60. _info "TXT record added successfully."
  61. _srid="$(_readdomainconf "JD_CLOUD_RIDS")"
  62. if [ "$_srid" ]; then
  63. _rid="$_srid,$_rid"
  64. fi
  65. _savedomainconf "JD_CLOUD_RIDS" "$_rid"
  66. return 0
  67. fi
  68. return 1
  69. }
  70. dns_jd_rm() {
  71. fulldomain=$1
  72. txtvalue=$2
  73. JD_ACCESS_KEY_ID="${JD_ACCESS_KEY_ID:-$(_readaccountconf_mutable JD_ACCESS_KEY_ID)}"
  74. JD_ACCESS_KEY_SECRET="${JD_ACCESS_KEY_SECRET:-$(_readaccountconf_mutable JD_ACCESS_KEY_SECRET)}"
  75. JD_REGION="${JD_REGION:-$(_readaccountconf_mutable JD_REGION)}"
  76. if [ -z "$JD_REGION" ]; then
  77. _debug "Using default region: $_JD_DEFAULT_REGION"
  78. JD_REGION="$_JD_DEFAULT_REGION"
  79. fi
  80. _JD_BASE_URI="$_JD_API_VERSION/regions/$JD_REGION"
  81. _info "Getting existing records for $fulldomain"
  82. _srid="$(_readdomainconf "JD_CLOUD_RIDS")"
  83. _debug _srid "$_srid"
  84. if [ -z "$_srid" ]; then
  85. _err "Not rid skip"
  86. return 0
  87. fi
  88. _debug "First detect the root zone"
  89. if ! _get_root "$fulldomain"; then
  90. _err "invalid domain"
  91. return 1
  92. fi
  93. _debug _domain_id "$_domain_id"
  94. _debug _sub_domain "$_sub_domain"
  95. _debug _domain "$_domain"
  96. _cleardomainconf JD_CLOUD_RIDS
  97. _aws_tmpl_xml="{\"ids\":[$_srid],\"action\":\"del\",\"regionId\":\"$JD_REGION\",\"domainId\":\"$_domain_id\"}"
  98. if jd_rest POST "domain/$_domain_id/RROperate" "" "$_aws_tmpl_xml" && _contains "$response" "\"code\":\"OK\""; then
  99. _info "TXT record deleted successfully."
  100. return 0
  101. fi
  102. return 1
  103. }
  104. #################### Private functions below ##################################
  105. _get_root() {
  106. domain=$1
  107. i=1
  108. p=1
  109. while true; do
  110. h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
  111. _debug2 "Checking domain: $h"
  112. if ! jd_rest GET "domain"; then
  113. _err "error get domain list"
  114. return 1
  115. fi
  116. if [ -z "$h" ]; then
  117. #not valid
  118. _err "Invalid domain"
  119. return 1
  120. fi
  121. if _contains "$response" "\"domainName\":\"$h\""; then
  122. hostedzone="$(echo "$response" | tr '{}' '\n' | grep "\"domainName\":\"$h\"")"
  123. _debug hostedzone "$hostedzone"
  124. if [ "$hostedzone" ]; then
  125. _domain_id="$(echo "$hostedzone" | tr ',' '\n' | grep "\"id\":" | cut -d : -f 2)"
  126. if [ "$_domain_id" ]; then
  127. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
  128. _domain=$h
  129. return 0
  130. fi
  131. fi
  132. _err "Can't find domain with id: $h"
  133. return 1
  134. fi
  135. p=$i
  136. i=$(_math "$i" + 1)
  137. done
  138. return 1
  139. }
  140. #method uri qstr data
  141. jd_rest() {
  142. mtd="$1"
  143. ep="$2"
  144. qsr="$3"
  145. data="$4"
  146. _debug mtd "$mtd"
  147. _debug ep "$ep"
  148. _debug qsr "$qsr"
  149. _debug data "$data"
  150. CanonicalURI="/$_JD_BASE_URI/$ep"
  151. _debug2 CanonicalURI "$CanonicalURI"
  152. CanonicalQueryString="$qsr"
  153. _debug2 CanonicalQueryString "$CanonicalQueryString"
  154. RequestDate="$(date -u +"%Y%m%dT%H%M%SZ")"
  155. #RequestDate="20190713T082155Z" ######################################################
  156. _debug2 RequestDate "$RequestDate"
  157. export _H1="X-Jdcloud-Date: $RequestDate"
  158. RequestNonce="2bd0852a-8bae-4087-b2d5-$(_time)"
  159. #RequestNonce="894baff5-72d4-4244-883a-7b2eb51e7fbe" #################################
  160. _debug2 RequestNonce "$RequestNonce"
  161. export _H2="X-Jdcloud-Nonce: $RequestNonce"
  162. if [ "$data" ]; then
  163. CanonicalHeaders="content-type:application/json\n"
  164. SignedHeaders="content-type;"
  165. else
  166. CanonicalHeaders=""
  167. SignedHeaders=""
  168. fi
  169. CanonicalHeaders="${CanonicalHeaders}host:$_JD_HOST\nx-jdcloud-date:$RequestDate\nx-jdcloud-nonce:$RequestNonce\n"
  170. SignedHeaders="${SignedHeaders}host;x-jdcloud-date;x-jdcloud-nonce"
  171. _debug2 CanonicalHeaders "$CanonicalHeaders"
  172. _debug2 SignedHeaders "$SignedHeaders"
  173. Hash="sha256"
  174. RequestPayload="$data"
  175. _debug2 RequestPayload "$RequestPayload"
  176. RequestPayloadHash="$(printf "%s" "$RequestPayload" | _digest "$Hash" hex | _lower_case)"
  177. _debug2 RequestPayloadHash "$RequestPayloadHash"
  178. CanonicalRequest="$mtd\n$CanonicalURI\n$CanonicalQueryString\n$CanonicalHeaders\n$SignedHeaders\n$RequestPayloadHash"
  179. _debug2 CanonicalRequest "$CanonicalRequest"
  180. HashedCanonicalRequest="$(printf "$CanonicalRequest%s" | _digest "$Hash" hex)"
  181. _debug2 HashedCanonicalRequest "$HashedCanonicalRequest"
  182. Algorithm="JDCLOUD2-HMAC-SHA256"
  183. _debug2 Algorithm "$Algorithm"
  184. RequestDateOnly="$(echo "$RequestDate" | cut -c 1-8)"
  185. _debug2 RequestDateOnly "$RequestDateOnly"
  186. Region="$JD_REGION"
  187. Service="$_JD_PROD"
  188. CredentialScope="$RequestDateOnly/$Region/$Service/jdcloud2_request"
  189. _debug2 CredentialScope "$CredentialScope"
  190. StringToSign="$Algorithm\n$RequestDate\n$CredentialScope\n$HashedCanonicalRequest"
  191. _debug2 StringToSign "$StringToSign"
  192. kSecret="JDCLOUD2$JD_ACCESS_KEY_SECRET"
  193. _secure_debug2 kSecret "$kSecret"
  194. kSecretH="$(printf "%s" "$kSecret" | _hex_dump | tr -d " ")"
  195. _secure_debug2 kSecretH "$kSecretH"
  196. kDateH="$(printf "$RequestDateOnly%s" | _hmac "$Hash" "$kSecretH" hex)"
  197. _debug2 kDateH "$kDateH"
  198. kRegionH="$(printf "$Region%s" | _hmac "$Hash" "$kDateH" hex)"
  199. _debug2 kRegionH "$kRegionH"
  200. kServiceH="$(printf "$Service%s" | _hmac "$Hash" "$kRegionH" hex)"
  201. _debug2 kServiceH "$kServiceH"
  202. kSigningH="$(printf "%s" "jdcloud2_request" | _hmac "$Hash" "$kServiceH" hex)"
  203. _debug2 kSigningH "$kSigningH"
  204. signature="$(printf "$StringToSign%s" | _hmac "$Hash" "$kSigningH" hex)"
  205. _debug2 signature "$signature"
  206. Authorization="$Algorithm Credential=$JD_ACCESS_KEY_ID/$CredentialScope, SignedHeaders=$SignedHeaders, Signature=$signature"
  207. _debug2 Authorization "$Authorization"
  208. _H3="Authorization: $Authorization"
  209. _debug _H3 "$_H3"
  210. url="https://$_JD_HOST$CanonicalURI"
  211. if [ "$qsr" ]; then
  212. url="https://$_JD_HOST$CanonicalURI?$qsr"
  213. fi
  214. if [ "$mtd" = "GET" ]; then
  215. response="$(_get "$url")"
  216. else
  217. response="$(_post "$data" "$url" "" "$mtd" "application/json")"
  218. fi
  219. _ret="$?"
  220. _debug2 response "$response"
  221. if [ "$_ret" = "0" ]; then
  222. if _contains "$response" "\"error\""; then
  223. _err "Response error:$response"
  224. return 1
  225. fi
  226. fi
  227. return "$_ret"
  228. }