jakelamotta
4 years ago
5 changed files with 351 additions and 8 deletions
-
20acme.sh
-
70deploy/cleverreach.sh
-
10deploy/fritzbox.sh
-
4dnsapi/dns_desec.sh
-
255dnsapi/dns_huaweicloud.sh
@ -0,0 +1,70 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
# Here is the script to deploy the cert to your CleverReach Account using the CleverReach REST API. |
||||
|
# Your OAuth needs the right scope, please contact CleverReach support for that. |
||||
|
# |
||||
|
# Written by Jan-Philipp Benecke <github@bnck.me> |
||||
|
# Public domain, 2020 |
||||
|
# |
||||
|
# Following environment variables must be set: |
||||
|
# |
||||
|
#export DEPLOY_CLEVERREACH_CLIENT_ID=myid |
||||
|
#export DEPLOY_CLEVERREACH_CLIENT_SECRET=mysecret |
||||
|
|
||||
|
cleverreach_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
_getdeployconf DEPLOY_CLEVERREACH_CLIENT_ID |
||||
|
_getdeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET |
||||
|
|
||||
|
if [ -z "${DEPLOY_CLEVERREACH_CLIENT_ID}" ]; then |
||||
|
_err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID." |
||||
|
return 1 |
||||
|
fi |
||||
|
if [ -z "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" ]; then |
||||
|
_err "CleverReach client secret is not found, please define DEPLOY_CLEVERREACH_CLIENT_SECRET." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_savedeployconf DEPLOY_CLEVERREACH_CLIENT_ID "${DEPLOY_CLEVERREACH_CLIENT_ID}" |
||||
|
_savedeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" |
||||
|
|
||||
|
_info "Obtaining a CleverReach access token" |
||||
|
|
||||
|
_data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${DEPLOY_CLEVERREACH_CLIENT_ID}\", \"client_secret\": \"${DEPLOY_CLEVERREACH_CLIENT_SECRET}\"}" |
||||
|
_auth_result="$(_post "$_data" "https://rest.cleverreach.com/oauth/token.php" "" "POST" "application/json")" |
||||
|
|
||||
|
_debug _data "$_data" |
||||
|
_debug _auth_result "$_auth_result" |
||||
|
|
||||
|
_regex=".*\"access_token\":\"\([-._0-9A-Za-z]*\)\".*$" |
||||
|
_debug _regex "$_regex" |
||||
|
_access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p") |
||||
|
|
||||
|
_info "Uploading certificate and key to CleverReach" |
||||
|
|
||||
|
_certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}" |
||||
|
export _H1="Authorization: Bearer ${_access_token}" |
||||
|
_add_cert_result="$(_post "$_certData" "https://rest.cleverreach.com/v3/ssl" "" "POST" "application/json")" |
||||
|
|
||||
|
_debug "Destroying token at CleverReach" |
||||
|
_post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json" |
||||
|
|
||||
|
if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then |
||||
|
_info "Uploaded certificate successfully" |
||||
|
return 0 |
||||
|
else |
||||
|
_debug _add_cert_result "$_add_cert_result" |
||||
|
_err "Unable to update certificate" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
@ -0,0 +1,255 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# HUAWEICLOUD_Username |
||||
|
# HUAWEICLOUD_Password |
||||
|
# HUAWEICLOUD_ProjectID |
||||
|
|
||||
|
iam_api="https://iam.myhuaweicloud.com" |
||||
|
dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
# Used to add txt record |
||||
|
# |
||||
|
# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/zh-cn_topic_0132421999.html |
||||
|
# |
||||
|
|
||||
|
dns_huaweicloud_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" |
||||
|
HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" |
||||
|
HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" |
||||
|
|
||||
|
# Check information |
||||
|
if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then |
||||
|
_err "Not enough information provided to dns_huaweicloud!" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" |
||||
|
_debug2 "${token}" |
||||
|
zoneid="$(_get_zoneid "${token}" "${fulldomain}")" |
||||
|
_debug "${zoneid}" |
||||
|
|
||||
|
_debug "Adding Record" |
||||
|
_add_record "${token}" "${fulldomain}" "${txtvalue}" |
||||
|
ret="$?" |
||||
|
if [ "${ret}" != "0" ]; then |
||||
|
_err "dns_huaweicloud: Error adding record." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# Do saving work if all succeeded |
||||
|
_saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}" |
||||
|
_saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}" |
||||
|
_saveaccountconf_mutable HUAWEICLOUD_ProjectID "${HUAWEICLOUD_ProjectID}" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# Usage: fulldomain txtvalue |
||||
|
# Used to remove the txt record after validation |
||||
|
# |
||||
|
# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/dns_api_64005.html |
||||
|
# |
||||
|
|
||||
|
dns_huaweicloud_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" |
||||
|
HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" |
||||
|
HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" |
||||
|
|
||||
|
# Check information |
||||
|
if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then |
||||
|
_err "Not enough information provided to dns_huaweicloud!" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" |
||||
|
_debug2 "${token}" |
||||
|
zoneid="$(_get_zoneid "${token}" "${fulldomain}")" |
||||
|
_debug "${zoneid}" |
||||
|
record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" |
||||
|
_debug "Record Set ID is: ${record_id}" |
||||
|
|
||||
|
# Remove all records |
||||
|
# Therotically HuaweiCloud does not allow more than one record set |
||||
|
# But remove them recurringly to increase robusty |
||||
|
while [ "${record_id}" != "0" ]; do |
||||
|
_debug "Removing Record" |
||||
|
_rm_record "${token}" "${zoneid}" "${record_id}" |
||||
|
record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" |
||||
|
done |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
################### Private functions below ################################## |
||||
|
|
||||
|
# _get_zoneid |
||||
|
# |
||||
|
# _token=$1 |
||||
|
# _domain_string=$2 |
||||
|
# |
||||
|
# printf "%s" "${_zoneid}" |
||||
|
_get_zoneid() { |
||||
|
_token=$1 |
||||
|
_domain_string=$2 |
||||
|
export _H1="X-Auth-Token: ${_token}" |
||||
|
|
||||
|
i=1 |
||||
|
while true; do |
||||
|
h=$(printf "%s" "${_domain_string}" | cut -d . -f $i-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug "$h" |
||||
|
response=$(_get "${dns_api}/v2/zones?name=${h}") |
||||
|
|
||||
|
if _contains "${response}" "id"; then |
||||
|
_debug "Get Zone ID Success." |
||||
|
_zoneid=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ") |
||||
|
printf "%s" "${_zoneid}" |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_get_recordset_id() { |
||||
|
_token=$1 |
||||
|
_domain=$2 |
||||
|
_zoneid=$3 |
||||
|
export _H1="X-Auth-Token: ${_token}" |
||||
|
|
||||
|
response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}") |
||||
|
if _contains "${response}" "id"; then |
||||
|
_id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")" |
||||
|
printf "%s" "${_id}" |
||||
|
return 0 |
||||
|
fi |
||||
|
printf "%s" "0" |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_add_record() { |
||||
|
_token=$1 |
||||
|
_domain=$2 |
||||
|
_txtvalue=$3 |
||||
|
|
||||
|
# Get Existing Records |
||||
|
export _H1="X-Auth-Token: ${_token}" |
||||
|
response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}") |
||||
|
|
||||
|
_debug2 "${response}" |
||||
|
_exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g') |
||||
|
_debug "${_exist_record}" |
||||
|
|
||||
|
# Check if record exist |
||||
|
# Generate body data |
||||
|
if [ -z "${_exist_record}" ]; then |
||||
|
_post_body="{ |
||||
|
\"name\": \"${_domain}.\", |
||||
|
\"description\": \"ACME Challenge\", |
||||
|
\"type\": \"TXT\", |
||||
|
\"ttl\": 1, |
||||
|
\"records\": [ |
||||
|
\"\\\"${_txtvalue}\\\"\" |
||||
|
] |
||||
|
}" |
||||
|
else |
||||
|
_post_body="{ |
||||
|
\"name\": \"${_domain}.\", |
||||
|
\"description\": \"ACME Challenge\", |
||||
|
\"type\": \"TXT\", |
||||
|
\"ttl\": 1, |
||||
|
\"records\": [ |
||||
|
${_exist_record}, |
||||
|
\"\\\"${_txtvalue}\\\"\" |
||||
|
] |
||||
|
}" |
||||
|
fi |
||||
|
|
||||
|
_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")" |
||||
|
_debug "Record Set ID is: ${_record_id}" |
||||
|
|
||||
|
# Remove all records |
||||
|
while [ "${_record_id}" != "0" ]; do |
||||
|
_debug "Removing Record" |
||||
|
_rm_record "${_token}" "${zoneid}" "${_record_id}" |
||||
|
_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")" |
||||
|
done |
||||
|
|
||||
|
# Add brand new records with all old and new records |
||||
|
export _H2="Content-Type: application/json" |
||||
|
export _H1="X-Auth-Token: ${_token}" |
||||
|
|
||||
|
_debug2 "${_post_body}" |
||||
|
_post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null |
||||
|
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
||||
|
if [ "$_code" != "202" ]; then |
||||
|
_err "dns_huaweicloud: http code ${_code}" |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# _rm_record $token $zoneid $recordid |
||||
|
# assume ${dns_api} exist |
||||
|
# no output |
||||
|
# return 0 |
||||
|
_rm_record() { |
||||
|
_token=$1 |
||||
|
_zone_id=$2 |
||||
|
_record_id=$3 |
||||
|
|
||||
|
export _H2="Content-Type: application/json" |
||||
|
export _H1="X-Auth-Token: ${_token}" |
||||
|
|
||||
|
_post "" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null |
||||
|
return $? |
||||
|
} |
||||
|
|
||||
|
_get_token() { |
||||
|
_username=$1 |
||||
|
_password=$2 |
||||
|
_project=$3 |
||||
|
|
||||
|
_debug "Getting Token" |
||||
|
body="{ |
||||
|
\"auth\": { |
||||
|
\"identity\": { |
||||
|
\"methods\": [ |
||||
|
\"password\" |
||||
|
], |
||||
|
\"password\": { |
||||
|
\"user\": { |
||||
|
\"name\": \"${_username}\", |
||||
|
\"password\": \"${_password}\", |
||||
|
\"domain\": { |
||||
|
\"name\": \"${_username}\" |
||||
|
} |
||||
|
} |
||||
|
} |
||||
|
}, |
||||
|
\"scope\": { |
||||
|
\"project\": { |
||||
|
\"id\": \"${_project}\" |
||||
|
} |
||||
|
} |
||||
|
} |
||||
|
}" |
||||
|
export _H1="Content-Type: application/json;charset=utf8" |
||||
|
_post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null |
||||
|
_code=$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n") |
||||
|
_token=$(grep "^X-Subject-Token" "$HTTP_HEADER" | cut -d " " -f 2-) |
||||
|
_debug2 "${_code}" |
||||
|
printf "%s" "${_token}" |
||||
|
return 0 |
||||
|
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue