You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

157 lines
3.9 KiB

  1. #!/usr/bin/env sh
  2. # Script to create certificate to Alibaba Cloud CDN
  3. #
  4. # This deployment required following variables
  5. # export Ali_Key="ALIACCESSKEY"
  6. # export Ali_Secret="ALISECRETKEY"
  7. # export DEPLOY_ALI_CDN_DOMAIN="cdn.example.com"
  8. # If you have more than one domain, just
  9. # export DEPLOY_ALI_CDN_DOMAIN="cdn1.example.com cdn2.example.com"
  10. #
  11. # The credentials are shared with all domains, also shared with dns_ali api
  12. Ali_API="https://cdn.aliyuncs.com/"
  13. ali_cdn_deploy() {
  14. _cdomain="$1"
  15. _ckey="$2"
  16. _ccert="$3"
  17. _cca="$4"
  18. _cfullchain="$5"
  19. _debug _cdomain "$_cdomain"
  20. _debug _ckey "$_ckey"
  21. _debug _ccert "$_ccert"
  22. _debug _cca "$_cca"
  23. _debug _cfullchain "$_cfullchain"
  24. Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
  25. Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
  26. if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then
  27. Ali_Key=""
  28. Ali_Secret=""
  29. _err "You don't specify aliyun api key and secret yet."
  30. return 1
  31. fi
  32. #save the api key and secret to the account conf file.
  33. _saveaccountconf_mutable Ali_Key "$Ali_Key"
  34. _saveaccountconf_mutable Ali_Secret "$Ali_Secret"
  35. _getdeployconf DEPLOY_ALI_CDN_DOMAIN
  36. if [ "$DEPLOY_ALI_CDN_DOMAIN" ]; then
  37. _savedeployconf DEPLOY_ALI_CDN_DOMAIN "$DEPLOY_ALI_CDN_DOMAIN"
  38. else
  39. DEPLOY_ALI_CDN_DOMAIN="$_cdomain"
  40. fi
  41. # read cert and key files and urlencode both
  42. _cert=$(_url_encode_upper <"$_cfullchain")
  43. _key=$(_url_encode_upper <"$_ckey")
  44. _debug2 _cert "$_cert"
  45. _debug2 _key "$_key"
  46. ## update domain ssl config
  47. for domain in $DEPLOY_ALI_CDN_DOMAIN; do
  48. _set_cdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key"
  49. if _ali_rest "Set CDN domain SSL certificate for $domain" "" POST; then
  50. _info "Domain $domain certificate has been deployed successfully"
  51. fi
  52. done
  53. return 0
  54. }
  55. #################### Private functions below ##################################
  56. # act ign mtd
  57. _ali_rest() {
  58. act="$1"
  59. ign="$2"
  60. mtd="$3"
  61. signature=$(printf "%s" "$mtd&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64)
  62. signature=$(_ali_urlencode "$signature")
  63. url="$Ali_API?$query&Signature=$signature"
  64. if [ "$mtd" = "GET" ]; then
  65. response="$(_get "$url")"
  66. else
  67. # post payload is not supported yet because of signature
  68. response="$(_post "" "$url")"
  69. fi
  70. _ret="$?"
  71. _debug2 response "$response"
  72. if [ "$_ret" != "0" ]; then
  73. _err "Error <$act>"
  74. return 1
  75. fi
  76. if [ -z "$ign" ]; then
  77. message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")"
  78. if [ "$message" ]; then
  79. _err "$message"
  80. return 1
  81. fi
  82. fi
  83. }
  84. _ali_urlencode() {
  85. _str="$1"
  86. _str_len=${#_str}
  87. _u_i=1
  88. while [ "$_u_i" -le "$_str_len" ]; do
  89. _str_c="$(printf "%s" "$_str" | cut -c "$_u_i")"
  90. case $_str_c in [a-zA-Z0-9.~_-])
  91. printf "%s" "$_str_c"
  92. ;;
  93. *)
  94. printf "%%%02X" "'$_str_c"
  95. ;;
  96. esac
  97. _u_i="$(_math "$_u_i" + 1)"
  98. done
  99. }
  100. _ali_nonce() {
  101. #_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31
  102. #Not so good...
  103. date +"%s%N" | sed 's/%N//g'
  104. }
  105. _timestamp() {
  106. date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ"
  107. }
  108. # stdin stdout
  109. _url_encode_upper() {
  110. encoded=$(_url_encode)
  111. for match in $(echo "$encoded" | _egrep_o '%..' | sort -u); do
  112. upper=$(echo "$match" | tr '[:lower:]' '[:upper:]')
  113. encoded=$(echo "$encoded" | sed "s/$match/$upper/g")
  114. done
  115. echo "$encoded"
  116. }
  117. # domain pub pri
  118. _set_cdn_domain_ssl_certificate_query() {
  119. query=''
  120. query=$query'AccessKeyId='$Ali_Key
  121. query=$query'&Action=SetCdnDomainSSLCertificate'
  122. query=$query'&CertType=upload'
  123. query=$query'&DomainName='$1
  124. query=$query'&Format=json'
  125. query=$query'&SSLPri='$3
  126. query=$query'&SSLProtocol=on'
  127. query=$query'&SSLPub='$2
  128. query=$query'&SignatureMethod=HMAC-SHA1'
  129. query=$query"&SignatureNonce=$(_ali_nonce)"
  130. query=$query'&SignatureVersion=1.0'
  131. query=$query'&Timestamp='$(_timestamp)
  132. query=$query'&Version=2018-05-10'
  133. }