You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

230 lines
6.6 KiB

3 months ago
3 months ago
  1. #!/usr/bin/env sh
  2. # shellcheck disable=SC2034
  3. dns_rcode0_info='Rcode0 rcodezero.at
  4. Site: rcodezero.at
  5. Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_rcode0
  6. Options:
  7. RCODE0_URL API URL. E.g. "https://my.rcodezero.at"
  8. RCODE0_API_TOKEN API Token
  9. RCODE0_TTL TTL. Default: "60".
  10. Issues: github.com/acmesh-official/acme.sh/issues/2490
  11. '
  12. #Rcode0 API Integration
  13. #https://my.rcodezero.at/api-doc
  14. #
  15. # log into https://my.rcodezero.at/enableapi and get your ACME API Token (the ACME API token has limited
  16. # access to the REST calls needed for acme.sh only)
  17. DEFAULT_RCODE0_URL="https://my.rcodezero.at"
  18. DEFAULT_RCODE0_TTL=60
  19. ######## Public functions #####################
  20. #Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000"
  21. #fulldomain
  22. #txtvalue
  23. dns_rcode0_add() {
  24. fulldomain=$1
  25. txtvalue=$2
  26. RCODE0_API_TOKEN="${RCODE0_API_TOKEN:-$(_readaccountconf_mutable RCODE0_API_TOKEN)}"
  27. RCODE0_URL="${RCODE0_URL:-$(_readaccountconf_mutable RCODE0_URL)}"
  28. RCODE0_TTL="${RCODE0_TTL:-$(_readaccountconf_mutable RCODE0_TTL)}"
  29. if [ -z "$RCODE0_URL" ]; then
  30. RCODE0_URL="$DEFAULT_RCODE0_URL"
  31. fi
  32. if [ -z "$RCODE0_API_TOKEN" ]; then
  33. RCODE0_API_TOKEN=""
  34. _err "Missing Rcode0 ACME API Token."
  35. _err "Please login and create your token at httsp://my.rcodezero.at/enableapi and try again."
  36. return 1
  37. fi
  38. if [ -z "$RCODE0_TTL" ]; then
  39. RCODE0_TTL="$DEFAULT_RCODE0_TTL"
  40. fi
  41. #save the token to the account conf file.
  42. _saveaccountconf_mutable RCODE0_API_TOKEN "$RCODE0_API_TOKEN"
  43. if [ "$RCODE0_URL" != "$DEFAULT_RCODE0_URL" ]; then
  44. _saveaccountconf_mutable RCODE0_URL "$RCODE0_URL"
  45. fi
  46. if [ "$RCODE0_TTL" != "$DEFAULT_RCODE0_TTL" ]; then
  47. _saveaccountconf_mutable RCODE0_TTL "$RCODE0_TTL"
  48. fi
  49. _debug "Detect root zone"
  50. if ! _get_root "$fulldomain"; then
  51. _err "No 'MASTER' zone for $fulldomain found at RcodeZero Anycast."
  52. return 1
  53. fi
  54. _debug _domain "$_domain"
  55. _debug "Adding record"
  56. _record_string=""
  57. _build_record_string "$txtvalue"
  58. _list_existingchallenges
  59. for oldchallenge in $_existing_challenges; do
  60. _build_record_string "$oldchallenge"
  61. done
  62. _debug "Challenges: $_existing_challenges"
  63. if [ -z "$_existing_challenges" ]; then
  64. if ! _rcode0_rest "PATCH" "/api/v1/acme/zones/$_domain/rrsets" "[{\"changetype\": \"add\", \"name\": \"$fulldomain.\", \"type\": \"TXT\", \"ttl\": $RCODE0_TTL, \"records\": [$_record_string]}]"; then
  65. _err "Add txt record error."
  66. return 1
  67. fi
  68. else
  69. # try update in case a records exists (need for wildcard certs)
  70. if ! _rcode0_rest "PATCH" "/api/v1/acme/zones/$_domain/rrsets" "[{\"changetype\": \"update\", \"name\": \"$fulldomain.\", \"type\": \"TXT\", \"ttl\": $RCODE0_TTL, \"records\": [$_record_string]}]"; then
  71. _err "Set txt record error."
  72. return 1
  73. fi
  74. fi
  75. return 0
  76. }
  77. #fulldomain txtvalue
  78. dns_rcode0_rm() {
  79. fulldomain=$1
  80. txtvalue=$2
  81. RCODE0_API_TOKEN="${RCODE0_API_TOKEN:-$(_readaccountconf_mutable RCODE0_API_TOKEN)}"
  82. RCODE0_URL="${RCODE0_URL:-$(_readaccountconf_mutable RCODE0_URL)}"
  83. RCODE0_TTL="${RCODE0_TTL:-$(_readaccountconf_mutable RCODE0_TTL)}"
  84. if [ -z "$RCODE0_URL" ]; then
  85. RCODE0_URL="$DEFAULT_RCODE0_URL"
  86. fi
  87. if [ -z "$RCODE0_API_TOKEN" ]; then
  88. RCODE0_API_TOKEN=""
  89. _err "Missing Rcode0 API Token."
  90. _err "Please login and create your token at httsp://my.rcodezero.at/enableapi and try again."
  91. return 1
  92. fi
  93. #save the api addr and key to the account conf file.
  94. _saveaccountconf_mutable RCODE0_URL "$RCODE0_URL"
  95. _saveaccountconf_mutable RCODE0_API_TOKEN "$RCODE0_API_TOKEN"
  96. if [ "$RCODE0_TTL" != "$DEFAULT_RCODE0_TTL" ]; then
  97. _saveaccountconf_mutable RCODE0_TTL "$RCODE0_TTL"
  98. fi
  99. if [ -z "$RCODE0_TTL" ]; then
  100. RCODE0_TTL="$DEFAULT_RCODE0_TTL"
  101. fi
  102. _debug "Detect root zone"
  103. if ! _get_root "$fulldomain"; then
  104. _err "invalid domain"
  105. return 1
  106. fi
  107. _debug "Remove record"
  108. #Enumerate existing acme challenges
  109. _list_existingchallenges
  110. if _contains "$_existing_challenges" "$txtvalue"; then
  111. #Delete all challenges (PowerDNS API does not allow to delete content)
  112. if ! _rcode0_rest "PATCH" "/api/v1/acme/zones/$_domain/rrsets" "[{\"changetype\": \"delete\", \"name\": \"$fulldomain.\", \"type\": \"TXT\"}]"; then
  113. _err "Delete txt record error."
  114. return 1
  115. fi
  116. _record_string=""
  117. #If the only existing challenge was the challenge to delete: nothing to do
  118. if ! [ "$_existing_challenges" = "$txtvalue" ]; then
  119. for oldchallenge in $_existing_challenges; do
  120. #Build up the challenges to re-add, ommitting the one what should be deleted
  121. if ! [ "$oldchallenge" = "$txtvalue" ]; then
  122. _build_record_string "$oldchallenge"
  123. fi
  124. done
  125. #Recreate the existing challenges
  126. if ! _rcode0_rest "PATCH" "/api/v1/acme/zones/$_domain/rrsets" "[{\"changetype\": \"update\", \"name\": \"$fulldomain.\", \"type\": \"TXT\", \"ttl\": $RCODE0_TTL, \"records\": [$_record_string]}]"; then
  127. _err "Set txt record error."
  128. return 1
  129. fi
  130. fi
  131. else
  132. _info "Record not found, nothing to remove"
  133. fi
  134. return 0
  135. }
  136. #################### Private functions below ##################################
  137. #_acme-challenge.www.domain.com
  138. #returns
  139. # _domain=domain.com
  140. _get_root() {
  141. domain=$1
  142. i=1
  143. while true; do
  144. h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
  145. _debug "try to find: $h"
  146. if _rcode0_rest "GET" "/api/v1/acme/zones/$h"; then
  147. if [ "$response" = "[\"found\"]" ]; then
  148. _domain="$h"
  149. if [ -z "$h" ]; then
  150. _domain="=2E"
  151. fi
  152. return 0
  153. elif [ "$response" = "[\"not a master domain\"]" ]; then
  154. return 1
  155. fi
  156. fi
  157. if [ -z "$h" ]; then
  158. return 1
  159. fi
  160. i=$(_math "$i" + 1)
  161. done
  162. _debug "no matching domain for $domain found"
  163. return 1
  164. }
  165. _rcode0_rest() {
  166. method=$1
  167. ep=$2
  168. data=$3
  169. export _H1="Authorization: Bearer $RCODE0_API_TOKEN"
  170. if [ ! "$method" = "GET" ]; then
  171. _debug data "$data"
  172. response="$(_post "$data" "$RCODE0_URL$ep" "" "$method")"
  173. else
  174. response="$(_get "$RCODE0_URL$ep")"
  175. fi
  176. if [ "$?" != "0" ]; then
  177. _err "error $ep"
  178. return 1
  179. fi
  180. _debug2 response "$response"
  181. return 0
  182. }
  183. _build_record_string() {
  184. _record_string="${_record_string:+${_record_string}, }{\"content\": \"\\\"${1}\\\"\", \"disabled\": false}"
  185. }
  186. _list_existingchallenges() {
  187. _rcode0_rest "GET" "/api/v1/acme/zones/$_domain/rrsets"
  188. _existing_challenges=$(echo "$response" | _normalizeJson | _egrep_o "\"name\":\"${fulldomain}[^]]*}" | _egrep_o 'content\":\"\\"[^\\]*' | sed -n 's/^content":"\\"//p')
  189. _debug2 "$_existing_challenges"
  190. }