diff --git a/deploy/alicdn.sh b/deploy/alicdn.sh new file mode 100644 index 00000000..d64e2f3f --- /dev/null +++ b/deploy/alicdn.sh @@ -0,0 +1,338 @@ +#!/usr/bin/env sh + +# Script to create certificate to Aliyun CDN +# +# This deployment required following variables +# export ALI_CDN_KEY="LTqIA87hOKdjevsf5" +# export ALI_CDN_SECRET="0p5EYueFNq501xnCPzKNbx6K51qPH2" +# export Ali_CDN_DOMAIN="cdn.example.com" +# If you have more than one domain, just +# export Ali_CDN_DOMAIN="cdn1.example.com,cdn2.example.com" +# +# If ALI_CDN_KEY and ALI_CDN_SECRET are not set, +# Ali_key and Ali_Secret will be used. (see dns/dns_ali.sh) +# +# AliYun Authentication must have "AliyunCDNFullAccess" permission, +# May also need to "AliyunYundunCertFullAccess" permissions. +# +# Thanks: +# This script references dns/dns_ali.sh and pull request #2772 + +######## Public functions ##################### +Ali_CDN_API="https://cdn.aliyuncs.com/" + +alicdn_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + _info "$(__green "===Starting alicdn deploy===")" + + _getdeployconf ALI_CDN_KEY + _getdeployconf ALI_CDN_SECRET + _getdeployconf Ali_CDN_DOMAIN + + if [ -z "${ALI_CDN_KEY}" ] || [ -z "${ALI_CDN_SECRET}" ]; then + _info "Not set variables ALI_CDN_KEY and ALI_CDN_SECRET" + _info "Will use Ali_Key and Ali_Secret" + ALI_CDN_KEY="$(_readaccountconf_mutable Ali_Key)" + ALI_CDN_SECRET="$(_readaccountconf_mutable Ali_Secret)" + if [ -z "${ALI_CDN_KEY}" ] || [ -z "${ALI_CDN_SECRET}" ]; then + _err "You don't specify aliyun api key and secret yet." + return 1 + fi + else + #save ALI_CDN_KEY and ALI_CDN_SECRET. + _savedeployconf ALI_CDN_KEY "$ALI_CDN_KEY" + _savedeployconf ALI_CDN_SECRET "$ALI_CDN_SECRET" + fi + + if [ -z "${Ali_CDN_DOMAIN}" ]; then + Ali_CDN_DOMAIN="" + _err "You don't specify Ali_CDN_DOMAIN yet." + return 1 + fi + #save Ali_CDN_DOMAIN. + _savedeployconf Ali_CDN_DOMAIN "$Ali_CDN_DOMAIN" + + _debug ALI_CDN_KEY "${ALI_CDN_KEY}" + _debug ALI_CDN_SECRET "$ALI_CDN_SECRET" + _debug Ali_CDN_DOMAIN "$Ali_CDN_DOMAIN" + + ## upload certificate + _Ali_SSLPub=$(grep -Ev '^$' "$_cfullchain" | _ali_url_encode) + _Ali_SSLPri=$(_ali_url_encode <"$_ckey") + + query='' + query=$query'AccessKeyId='${ALI_CDN_KEY} + query=$query'&Action=BatchSetCdnDomainServerCertificate' + query=$query'&CertName='$(_ali_urlencode "$_cdomain") + query=$query'&CertType=upload' + query=$query'&DomainName='$(_ali_urlencode "$Ali_CDN_DOMAIN") + query=$query'&ForceSet=1' + query=$query'&Format=json' + query=$query'&SSLPri='${_Ali_SSLPri} + query=$query'&SSLProtocol=on' + query=$query'&SSLPub='${_Ali_SSLPub} + query=$query'&SignatureMethod=HMAC-SHA1' + query=$query'&SignatureNonce='$(_ali_nonce) + query=$query'&SignatureVersion=1.0' + query=$query'&Timestamp='$(_timestamp) + query=$query'&Version=2018-05-10' + _debug2 signature_source "$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")")" + signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$ALI_CDN_SECRET&" | _hex_dump | tr -d " ")" | _base64) + signature=$(_ali_urlencode "$signature") + url="$Ali_CDN_API?$query&Signature=$signature" + + if ! response="$(_get "$url")"; then + _err "Error <$1>" + return 1 + fi + _debug response "$response" + message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2- | tr -d \")" + if [ "$message" ]; then + _err "$message" + return 1 + fi + _info "Domain $_cdomain certificate has been deployed successfully" + _info "$(__green "===End alicdn deploy===")" + return 0 +} + +#################### Private functions below ################################## +_ali_url_encode() { + _hex_str=$(_hex_dump) + _debug3 "_url_encode" + _debug3 "_hex_str" "$_hex_str" + for _hex_code in $_hex_str; do + #upper case + case "${_hex_code}" in + "41") + printf "%s" "A" + ;; + "42") + printf "%s" "B" + ;; + "43") + printf "%s" "C" + ;; + "44") + printf "%s" "D" + ;; + "45") + printf "%s" "E" + ;; + "46") + printf "%s" "F" + ;; + "47") + printf "%s" "G" + ;; + "48") + printf "%s" "H" + ;; + "49") + printf "%s" "I" + ;; + "4a") + printf "%s" "J" + ;; + "4b") + printf "%s" "K" + ;; + "4c") + printf "%s" "L" + ;; + "4d") + printf "%s" "M" + ;; + "4e") + printf "%s" "N" + ;; + "4f") + printf "%s" "O" + ;; + "50") + printf "%s" "P" + ;; + "51") + printf "%s" "Q" + ;; + "52") + printf "%s" "R" + ;; + "53") + printf "%s" "S" + ;; + "54") + printf "%s" "T" + ;; + "55") + printf "%s" "U" + ;; + "56") + printf "%s" "V" + ;; + "57") + printf "%s" "W" + ;; + "58") + printf "%s" "X" + ;; + "59") + printf "%s" "Y" + ;; + "5a") + printf "%s" "Z" + ;; + + #lower case + "61") + printf "%s" "a" + ;; + "62") + printf "%s" "b" + ;; + "63") + printf "%s" "c" + ;; + "64") + printf "%s" "d" + ;; + "65") + printf "%s" "e" + ;; + "66") + printf "%s" "f" + ;; + "67") + printf "%s" "g" + ;; + "68") + printf "%s" "h" + ;; + "69") + printf "%s" "i" + ;; + "6a") + printf "%s" "j" + ;; + "6b") + printf "%s" "k" + ;; + "6c") + printf "%s" "l" + ;; + "6d") + printf "%s" "m" + ;; + "6e") + printf "%s" "n" + ;; + "6f") + printf "%s" "o" + ;; + "70") + printf "%s" "p" + ;; + "71") + printf "%s" "q" + ;; + "72") + printf "%s" "r" + ;; + "73") + printf "%s" "s" + ;; + "74") + printf "%s" "t" + ;; + "75") + printf "%s" "u" + ;; + "76") + printf "%s" "v" + ;; + "77") + printf "%s" "w" + ;; + "78") + printf "%s" "x" + ;; + "79") + printf "%s" "y" + ;; + "7a") + printf "%s" "z" + ;; + #numbers + "30") + printf "%s" "0" + ;; + "31") + printf "%s" "1" + ;; + "32") + printf "%s" "2" + ;; + "33") + printf "%s" "3" + ;; + "34") + printf "%s" "4" + ;; + "35") + printf "%s" "5" + ;; + "36") + printf "%s" "6" + ;; + "37") + printf "%s" "7" + ;; + "38") + printf "%s" "8" + ;; + "39") + printf "%s" "9" + ;; + "2d") + printf "%s" "-" + ;; + "5f") + printf "%s" "_" + ;; + "2e") + printf "%s" "." + ;; + "7e") + printf "%s" "~" + ;; + #other hex + *) + printf '%%%s' "$_hex_code" | tr '[:lower:]' '[:upper:]' + ;; + esac + done +} + +_ali_urlencode() { + _str=$(printf "%s" "$1" | _ali_url_encode) + printf "%s" "$_str" +} + +_ali_nonce() { + date +"%s%N" +} + +_timestamp() { + date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ" +}