You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

253 lines
7.8 KiB

7 years ago
7 years ago
7 years ago
  1. #!/usr/bin/env sh
  2. CONOHA_DNS_EP_PREFIX_REGEXP="https://dns-service\."
  3. ######## Public functions #####################
  4. #Usage: dns_conoha_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  5. dns_conoha_add() {
  6. fulldomain=$1
  7. txtvalue=$2
  8. _info "Using conoha"
  9. _debug fulldomain "$fulldomain"
  10. _debug txtvalue "$txtvalue"
  11. _debug "Check uesrname and password"
  12. CONOHA_Username="${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}"
  13. CONOHA_Password="${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}"
  14. CONOHA_TenantId="${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}"
  15. CONOHA_IdentityServiceApi="${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}"
  16. if [ -z "$CONOHA_Username" ] || [ -z "$CONOHA_Password" ] || [ -z "$CONOHA_TenantId" ] || [ -z "$CONOHA_IdentityServiceApi" ]; then
  17. CONOHA_Username=""
  18. CONOHA_Password=""
  19. CONOHA_TenantId=""
  20. CONOHA_IdentityServiceApi=""
  21. _err "You didn't specify a conoha api username and password yet."
  22. _err "Please create the user and try again."
  23. return 1
  24. fi
  25. _saveaccountconf_mutable CONOHA_Username "$CONOHA_Username"
  26. _saveaccountconf_mutable CONOHA_Password "$CONOHA_Password"
  27. _saveaccountconf_mutable CONOHA_TenantId "$CONOHA_TenantId"
  28. _saveaccountconf_mutable CONOHA_IdentityServiceApi "$CONOHA_IdentityServiceApi"
  29. if set -- $(_conoha_get_accesstoken "$CONOHA_IdentityServiceApi/tokens" "$CONOHA_Username" "$CONOHA_Password" "$CONOHA_TenantId"); then
  30. accesstoken=$1
  31. CONOHA_Api=$2
  32. else
  33. return 1
  34. fi
  35. _debug "First detect the root zone"
  36. if ! _get_root "$fulldomain" "$CONOHA_Api" "$accesstoken"; then
  37. _err "invalid domain"
  38. return 1
  39. fi
  40. _debug _domain_id "$_domain_id"
  41. _debug _sub_domain "$_sub_domain"
  42. _debug _domain "$_domain"
  43. _info "Adding record"
  44. body="{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"data\":\"$txtvalue\",\"ttl\":60}"
  45. if _conoha_rest POST "$CONOHA_Api/v1/domains/$_domain_id/records" "$body" "$accesstoken"; then
  46. if _contains "$response" '"data":"'"$txtvalue"'"'; then
  47. _info "Added, OK"
  48. return 0
  49. else
  50. _err "Add txt record error."
  51. return 1
  52. fi
  53. fi
  54. _err "Add txt record error."
  55. return 1
  56. }
  57. #Usage: fulldomain txtvalue
  58. #Remove the txt record after validation.
  59. dns_conoha_rm() {
  60. fulldomain=$1
  61. txtvalue=$2
  62. _info "Using conoha"
  63. _debug fulldomain "$fulldomain"
  64. _debug txtvalue "$txtvalue"
  65. _debug "Check uesrname and password"
  66. CONOHA_Username="${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}"
  67. CONOHA_Password="${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}"
  68. CONOHA_TenantId="${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}"
  69. CONOHA_IdentityServiceApi="${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}"
  70. if [ -z "$CONOHA_Username" ] || [ -z "$CONOHA_Password" ] || [ -z "$CONOHA_TenantId" ] || [ -z "$CONOHA_IdentityServiceApi" ]; then
  71. CONOHA_Username=""
  72. CONOHA_Password=""
  73. CONOHA_TenantId=""
  74. CONOHA_IdentityServiceApi=""
  75. _err "You didn't specify a conoha api username and password yet."
  76. _err "Please create the user and try again."
  77. return 1
  78. fi
  79. _saveaccountconf_mutable CONOHA_Username "$CONOHA_Username"
  80. _saveaccountconf_mutable CONOHA_Password "$CONOHA_Password"
  81. _saveaccountconf_mutable CONOHA_TenantId "$CONOHA_TenantId"
  82. _saveaccountconf_mutable CONOHA_IdentityServiceApi "$CONOHA_IdentityServiceApi"
  83. if set -- $(_conoha_get_accesstoken "$CONOHA_IdentityServiceApi/tokens" "$CONOHA_Username" "$CONOHA_Password" "$CONOHA_TenantId"); then
  84. accesstoken=$1
  85. CONOHA_Api=$2
  86. else
  87. return 1
  88. fi
  89. _debug "First detect the root zone"
  90. if ! _get_root "$fulldomain" "$CONOHA_Api" "$accesstoken"; then
  91. _err "invalid domain"
  92. return 1
  93. fi
  94. _debug _domain_id "$_domain_id"
  95. _debug _sub_domain "$_sub_domain"
  96. _debug _domain "$_domain"
  97. _debug "Getting txt records"
  98. if ! _conoha_rest GET "$CONOHA_Api/v1/domains/$_domain_id/records" "" "$accesstoken"; then
  99. _err "Error"
  100. return 1
  101. fi
  102. record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' \
  103. | grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" \
  104. | _head_n 1 | cut -d : -f 2 | tr -d \")
  105. if [ -z "$record_id" ]; then
  106. _err "Can not get record id to remove."
  107. return 1
  108. fi
  109. _debug record_id "$record_id"
  110. _info "Removing the txt record"
  111. if ! _conoha_rest DELETE "$CONOHA_Api/v1/domains/$_domain_id/records/$record_id" "" "$accesstoken"; then
  112. _err "Delete record error."
  113. return 1
  114. fi
  115. return 0
  116. }
  117. #################### Private functions below ##################################
  118. _conoha_rest() {
  119. m="$1"
  120. ep="$2"
  121. data="$3"
  122. accesstoken="$4"
  123. export _H1="Accept: application/json"
  124. export _H2="Content-Type: application/json"
  125. if [ -n "$accesstoken" ]; then
  126. export _H3="X-Auth-Token: $accesstoken"
  127. fi
  128. _debug "$ep"
  129. if [ "$m" != "GET" ]; then
  130. _secure_debug2 data "$data"
  131. response="$(_post "$data" "$ep" "" "$m")"
  132. else
  133. response="$(_get "$ep")"
  134. fi
  135. _ret="$?"
  136. _secure_debug2 response "$response"
  137. if [ "$_ret" != "0" ]; then
  138. _err "error $ep"
  139. return 1
  140. fi
  141. response="$(printf "%s" "$response" | _normalizeJson)"
  142. return 0
  143. }
  144. _conoha_get_accesstoken() {
  145. ep="$1"
  146. username="$2"
  147. password="$3"
  148. tenantId="$4"
  149. accesstoken="$(_readaccountconf_mutable conoha_accesstoken)"
  150. expires="$(_readaccountconf_mutable conoha_tokenvalidto)"
  151. CONOHA_Api="$(_readaccountconf_mutable conoha_dns_ep)"
  152. # can we reuse the access token?
  153. if [ -n "$accesstoken" ] && [ -n "$expires" ] && [ -n "$CONOHA_Api" ]; then
  154. utc_date="$(_utc_date | sed "s/ /T/")"
  155. if expr "$utc_date" "<" "$expires" >/dev/null; then
  156. # access token is still valid - reuse it
  157. _debug "reusing access token"
  158. printf "%s\n%s" "$accesstoken" "$CONOHA_Api"
  159. return 0
  160. else
  161. _debug "access token expired"
  162. fi
  163. fi
  164. _debug "getting new access token"
  165. body="$(printf '{"auth":{"passwordCredentials":{"username":"%s","password":"%s"},"tenantId":"%s"}}' "$username" "$password" "$tenantId")"
  166. if ! _conoha_rest POST "$ep" "$body" ""; then
  167. _err error "$response"
  168. return 1
  169. fi
  170. accesstoken=$(printf "%s" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
  171. expires=$(printf "%s" "$response" | _egrep_o "\"expires\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2-4 | tr -d \" | tr -d Z) #expect UTC
  172. if [ -z "$accesstoken" ] || [ -z "$expires" ]; then
  173. _err "no acccess token received. Check your Conoha settings see $WIKI"
  174. return 1
  175. fi
  176. _saveaccountconf_mutable conoha_accesstoken "$accesstoken"
  177. _saveaccountconf_mutable conoha_tokenvalidto "$expires"
  178. CONOHA_Api=$(printf "%s" "$response" | _egrep_o 'publicURL":"'"$CONOHA_DNS_EP_PREFIX_REGEXP"'[^"]*"' | _head_n 1 | cut -d : -f 2-3 | tr -d \")
  179. if [ -z "$CONOHA_Api" ]; then
  180. _err "failed to get conoha dns endpoint url"
  181. return 1
  182. fi
  183. _saveaccountconf_mutable conoha_dns_ep "$CONOHA_Api"
  184. printf "%s\n%s" "$accesstoken" "$CONOHA_Api"
  185. return 0
  186. }
  187. #_acme-challenge.www.domain.com
  188. #returns
  189. # _sub_domain=_acme-challenge.www
  190. # _domain=domain.com
  191. # _domain_id=sdjkglgdfewsdfg
  192. _get_root() {
  193. domain="$1"
  194. ep="$2"
  195. accesstoken="$3"
  196. i=2
  197. p=1
  198. while true; do
  199. h=$(printf "%s" "$domain" | cut -d . -f $i-100).
  200. _debug h "$h"
  201. if [ -z "$h" ]; then
  202. #not valid
  203. return 1
  204. fi
  205. if ! _conoha_rest GET "$ep/v1/domains?name=$h" "" "$accesstoken"; then
  206. return 1
  207. fi
  208. if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
  209. _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
  210. if [ "$_domain_id" ]; then
  211. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
  212. _domain=$h
  213. return 0
  214. fi
  215. return 1
  216. fi
  217. p=$i
  218. i=$(_math "$i" + 1)
  219. done
  220. return 1
  221. }