diff --git a/deploy/cdn_ali.sh b/deploy/cdn_ali.sh new file mode 100644 index 00000000..b1cb7bf3 --- /dev/null +++ b/deploy/cdn_ali.sh @@ -0,0 +1,138 @@ +#!/usr/bin/env sh + +Alicdn_API="https://cdn.aliyuncs.com/" + +#DEPLOY_CDN_Ali_Key="" +#DEPLOY_CDN_Ali_Secret="" +#DEPLOY_CDN_Ali_Prefix="" + +######## Public functions ##################### + +#domain keyfile certfile cafile fullchain + +cdn_ali_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + DEPLOY_CDN_Ali_Key="${DEPLOY_CDN_Ali_Key:-$(_readdomainconf DEPLOY_CDN_Ali_Key)}" + DEPLOY_CDN_Ali_Secret="${DEPLOY_CDN_Ali_Secret:-$(_readdomainconf DEPLOY_CDN_Ali_Secret)}" + DEPLOY_CDN_Ali_Prefix="${DEPLOY_CDN_Ali_Prefix:-$(_readdomainconf DEPLOY_CDN_Ali_Prefix)}" + if [ -z "$DEPLOY_CDN_Ali_Key" ] || [ -z "$DEPLOY_CDN_Ali_Secret" ]; then + DEPLOY_CDN_Ali_Key="" + DEPLOY_CDN_Ali_Secret="" + _err "You don't specify alicdn api key and secret yet." + return 1 + fi + + #save the api key and secret to the account conf file. + _savedomainconf DEPLOY_CDN_Ali_Key "$DEPLOY_CDN_Ali_Key" + _savedomainconf DEPLOY_CDN_Ali_Secret "$DEPLOY_CDN_Ali_Secret" + _savedomainconf DEPLOY_CDN_Ali_Prefix "$DEPLOY_CDN_Ali_Prefix" + + # read cert and key files and urlencode both + _certnamestr=$DEPLOY_CDN_Ali_Prefix$_cdomain'-'$(sha1sum "$_ccert" | cut -c1-20) + _certtext=$(cat "$_cfullchain" | sed '/^$/d') + _keytext=$(cat "$_ckey" | sed '/^$/d') + _certstr=$(_urlencode "$_certtext") + _keystr=$(_urlencode "$_keytext") + + _debug _certname "$_certnamestr" + _debug2 _cert "$_certstr" + _debug2 _key "$_keystr" + + _debug "Set Cert" + _set_cert_query $(_urlencode "$DEPLOY_CDN_Ali_Prefix$_cdomain") $(_urlencode "$_certnamestr") "$_certstr" "$_keystr" && _ali_rest "Set Cert" + return 0 +} + +######## Private functions ##################### + +_set_cert_query() { + query='' + query=$query'AccessKeyId='$DEPLOY_CDN_Ali_Key + query=$query'&Action=SetDomainServerCertificate' + query=$query'&CertName='$2 + query=$query'&DomainName='$1 + query=$query'&Format=json' + query=$query'&PrivateKey='$4 + query=$query'&ServerCertificate='$3 + query=$query'&ServerCertificateStatus=on' + query=$query'&SignatureMethod=HMAC-SHA1' + query=$query"&SignatureNonce=$(_ali_nonce)" + query=$query'&SignatureVersion=1.0' + query=$query'&Timestamp='$(_timestamp) + query=$query'&Version=2014-11-11' + + _debug2 query "$query" +} + +_ali_rest() { + signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$DEPLOY_CDN_Ali_Secret&" | _hex_dump | tr -d " ")" | _base64) + signature=$(_ali_urlencode "$signature") + url="$Alicdn_API?$query&Signature=$signature" + + if ! response="$(_get "$url")"; then + _err "Error <$1>" + return 1 + fi + + _debug2 response "$response" + if [ -z "$2" ]; then + message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")" + if [ "$message" ]; then + _err "$message" + return 1 + fi + fi +} + +_ali_urlencode() { + _str="$1" + _str_len=${#_str} + _u_i=1 + while [ "$_u_i" -le "$_str_len" ]; do + _str_c="$(printf "%s" "$_str" | cut -c "$_u_i")" + case $_str_c in [a-zA-Z0-9.~_-]) + printf "%s" "$_str_c" + ;; + *) + printf "%%%02X" "'$_str_c" + ;; + esac + _u_i="$(_math "$_u_i" + 1)" + done +} + +_ali_nonce() { + #_head_n 1 + old_lc_collate=$LC_COLLATE + LC_COLLATE=C + local length="${#1}" + for (( i = 0; i < length; i++ )); do + local c="${1:i:1}" + case $c in + [a-zA-Z0-9.~_-]) printf "$c" ;; + *) printf '%%%02X' "'$c" ;; + esac + done + LC_COLLATE=$old_lc_collate +}