You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

264 lines
8.3 KiB

4 years ago
6 years ago
6 years ago
  1. #!/usr/bin/env sh
  2. # shellcheck disable=SC2034
  3. dns_conoha_info='ConoHa.jp
  4. Domains: ConoHa.io
  5. Site: ConoHa.jp
  6. Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_conoha
  7. Options:
  8. CONOHA_Username Username
  9. CONOHA_Password Password
  10. CONOHA_TenantId TenantId
  11. CONOHA_IdentityServiceApi Identity Service API. E.g. "https://identity.xxxx.conoha.io/v2.0"
  12. '
  13. CONOHA_DNS_EP_PREFIX_REGEXP="https://dns-service\."
  14. ######## Public functions #####################
  15. #Usage: dns_conoha_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  16. dns_conoha_add() {
  17. fulldomain=$1
  18. txtvalue=$2
  19. _info "Using conoha"
  20. _debug fulldomain "$fulldomain"
  21. _debug txtvalue "$txtvalue"
  22. _debug "Check uesrname and password"
  23. CONOHA_Username="${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}"
  24. CONOHA_Password="${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}"
  25. CONOHA_TenantId="${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}"
  26. CONOHA_IdentityServiceApi="${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}"
  27. if [ -z "$CONOHA_Username" ] || [ -z "$CONOHA_Password" ] || [ -z "$CONOHA_TenantId" ] || [ -z "$CONOHA_IdentityServiceApi" ]; then
  28. CONOHA_Username=""
  29. CONOHA_Password=""
  30. CONOHA_TenantId=""
  31. CONOHA_IdentityServiceApi=""
  32. _err "You didn't specify a conoha api username and password yet."
  33. _err "Please create the user and try again."
  34. return 1
  35. fi
  36. _saveaccountconf_mutable CONOHA_Username "$CONOHA_Username"
  37. _saveaccountconf_mutable CONOHA_Password "$CONOHA_Password"
  38. _saveaccountconf_mutable CONOHA_TenantId "$CONOHA_TenantId"
  39. _saveaccountconf_mutable CONOHA_IdentityServiceApi "$CONOHA_IdentityServiceApi"
  40. if token="$(_conoha_get_accesstoken "$CONOHA_IdentityServiceApi/tokens" "$CONOHA_Username" "$CONOHA_Password" "$CONOHA_TenantId")"; then
  41. accesstoken="$(printf "%s" "$token" | sed -n 1p)"
  42. CONOHA_Api="$(printf "%s" "$token" | sed -n 2p)"
  43. else
  44. return 1
  45. fi
  46. _debug "First detect the root zone"
  47. if ! _get_root "$fulldomain" "$CONOHA_Api" "$accesstoken"; then
  48. _err "invalid domain"
  49. return 1
  50. fi
  51. _debug _domain_id "$_domain_id"
  52. _debug _sub_domain "$_sub_domain"
  53. _debug _domain "$_domain"
  54. _info "Adding record"
  55. body="{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"data\":\"$txtvalue\",\"ttl\":60}"
  56. if _conoha_rest POST "$CONOHA_Api/v1/domains/$_domain_id/records" "$body" "$accesstoken"; then
  57. if _contains "$response" '"data":"'"$txtvalue"'"'; then
  58. _info "Added, OK"
  59. return 0
  60. else
  61. _err "Add txt record error."
  62. return 1
  63. fi
  64. fi
  65. _err "Add txt record error."
  66. return 1
  67. }
  68. #Usage: fulldomain txtvalue
  69. #Remove the txt record after validation.
  70. dns_conoha_rm() {
  71. fulldomain=$1
  72. txtvalue=$2
  73. _info "Using conoha"
  74. _debug fulldomain "$fulldomain"
  75. _debug txtvalue "$txtvalue"
  76. _debug "Check uesrname and password"
  77. CONOHA_Username="${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}"
  78. CONOHA_Password="${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}"
  79. CONOHA_TenantId="${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}"
  80. CONOHA_IdentityServiceApi="${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}"
  81. if [ -z "$CONOHA_Username" ] || [ -z "$CONOHA_Password" ] || [ -z "$CONOHA_TenantId" ] || [ -z "$CONOHA_IdentityServiceApi" ]; then
  82. CONOHA_Username=""
  83. CONOHA_Password=""
  84. CONOHA_TenantId=""
  85. CONOHA_IdentityServiceApi=""
  86. _err "You didn't specify a conoha api username and password yet."
  87. _err "Please create the user and try again."
  88. return 1
  89. fi
  90. _saveaccountconf_mutable CONOHA_Username "$CONOHA_Username"
  91. _saveaccountconf_mutable CONOHA_Password "$CONOHA_Password"
  92. _saveaccountconf_mutable CONOHA_TenantId "$CONOHA_TenantId"
  93. _saveaccountconf_mutable CONOHA_IdentityServiceApi "$CONOHA_IdentityServiceApi"
  94. if token="$(_conoha_get_accesstoken "$CONOHA_IdentityServiceApi/tokens" "$CONOHA_Username" "$CONOHA_Password" "$CONOHA_TenantId")"; then
  95. accesstoken="$(printf "%s" "$token" | sed -n 1p)"
  96. CONOHA_Api="$(printf "%s" "$token" | sed -n 2p)"
  97. else
  98. return 1
  99. fi
  100. _debug "First detect the root zone"
  101. if ! _get_root "$fulldomain" "$CONOHA_Api" "$accesstoken"; then
  102. _err "invalid domain"
  103. return 1
  104. fi
  105. _debug _domain_id "$_domain_id"
  106. _debug _sub_domain "$_sub_domain"
  107. _debug _domain "$_domain"
  108. _debug "Getting txt records"
  109. if ! _conoha_rest GET "$CONOHA_Api/v1/domains/$_domain_id/records" "" "$accesstoken"; then
  110. _err "Error"
  111. return 1
  112. fi
  113. record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' |
  114. grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" |
  115. _head_n 1 | cut -d : -f 2 | tr -d \")
  116. if [ -z "$record_id" ]; then
  117. _err "Can not get record id to remove."
  118. return 1
  119. fi
  120. _debug record_id "$record_id"
  121. _info "Removing the txt record"
  122. if ! _conoha_rest DELETE "$CONOHA_Api/v1/domains/$_domain_id/records/$record_id" "" "$accesstoken"; then
  123. _err "Delete record error."
  124. return 1
  125. fi
  126. return 0
  127. }
  128. #################### Private functions below ##################################
  129. _conoha_rest() {
  130. m="$1"
  131. ep="$2"
  132. data="$3"
  133. accesstoken="$4"
  134. export _H1="Accept: application/json"
  135. export _H2="Content-Type: application/json"
  136. if [ -n "$accesstoken" ]; then
  137. export _H3="X-Auth-Token: $accesstoken"
  138. fi
  139. _debug "$ep"
  140. if [ "$m" != "GET" ]; then
  141. _secure_debug2 data "$data"
  142. response="$(_post "$data" "$ep" "" "$m")"
  143. else
  144. response="$(_get "$ep")"
  145. fi
  146. _ret="$?"
  147. _secure_debug2 response "$response"
  148. if [ "$_ret" != "0" ]; then
  149. _err "error $ep"
  150. return 1
  151. fi
  152. response="$(printf "%s" "$response" | _normalizeJson)"
  153. return 0
  154. }
  155. _conoha_get_accesstoken() {
  156. ep="$1"
  157. username="$2"
  158. password="$3"
  159. tenantId="$4"
  160. accesstoken="$(_readaccountconf_mutable conoha_accesstoken)"
  161. expires="$(_readaccountconf_mutable conoha_tokenvalidto)"
  162. CONOHA_Api="$(_readaccountconf_mutable conoha_dns_ep)"
  163. # can we reuse the access token?
  164. if [ -n "$accesstoken" ] && [ -n "$expires" ] && [ -n "$CONOHA_Api" ]; then
  165. utc_date="$(_utc_date | sed "s/ /T/")"
  166. if expr "$utc_date" "<" "$expires" >/dev/null; then
  167. # access token is still valid - reuse it
  168. _debug "reusing access token"
  169. printf "%s\n%s\n" "$accesstoken" "$CONOHA_Api"
  170. return 0
  171. else
  172. _debug "access token expired"
  173. fi
  174. fi
  175. _debug "getting new access token"
  176. body="$(printf '{"auth":{"passwordCredentials":{"username":"%s","password":"%s"},"tenantId":"%s"}}' "$username" "$password" "$tenantId")"
  177. if ! _conoha_rest POST "$ep" "$body" ""; then
  178. _err error "$response"
  179. return 1
  180. fi
  181. accesstoken=$(printf "%s" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
  182. expires=$(printf "%s" "$response" | _egrep_o "\"expires\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2-4 | tr -d \" | tr -d Z) #expect UTC
  183. if [ -z "$accesstoken" ] || [ -z "$expires" ]; then
  184. _err "no acccess token received. Check your Conoha settings see $WIKI"
  185. return 1
  186. fi
  187. _saveaccountconf_mutable conoha_accesstoken "$accesstoken"
  188. _saveaccountconf_mutable conoha_tokenvalidto "$expires"
  189. CONOHA_Api=$(printf "%s" "$response" | _egrep_o 'publicURL":"'"$CONOHA_DNS_EP_PREFIX_REGEXP"'[^"]*"' | _head_n 1 | cut -d : -f 2-3 | tr -d \")
  190. if [ -z "$CONOHA_Api" ]; then
  191. _err "failed to get conoha dns endpoint url"
  192. return 1
  193. fi
  194. _saveaccountconf_mutable conoha_dns_ep "$CONOHA_Api"
  195. printf "%s\n%s\n" "$accesstoken" "$CONOHA_Api"
  196. return 0
  197. }
  198. #_acme-challenge.www.domain.com
  199. #returns
  200. # _sub_domain=_acme-challenge.www
  201. # _domain=domain.com
  202. # _domain_id=sdjkglgdfewsdfg
  203. _get_root() {
  204. domain="$1"
  205. ep="$2"
  206. accesstoken="$3"
  207. i=2
  208. p=1
  209. while true; do
  210. h=$(printf "%s" "$domain" | cut -d . -f $i-100).
  211. _debug h "$h"
  212. if [ -z "$h" ]; then
  213. #not valid
  214. return 1
  215. fi
  216. if ! _conoha_rest GET "$ep/v1/domains?name=$h" "" "$accesstoken"; then
  217. return 1
  218. fi
  219. if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
  220. _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
  221. if [ "$_domain_id" ]; then
  222. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
  223. _domain=$h
  224. return 0
  225. fi
  226. return 1
  227. fi
  228. p=$i
  229. i=$(_math "$i" + 1)
  230. done
  231. return 1
  232. }