Phil Porada
8 months ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
46 changed files with 2545 additions and 846 deletions
-
89.github/workflows/DNS.yml
-
14.github/workflows/DragonFlyBSD.yml
-
6.github/workflows/FreeBSD.yml
-
2.github/workflows/Linux.yml
-
2.github/workflows/MacOS.yml
-
12.github/workflows/NetBSD.yml
-
75.github/workflows/Omnios.yml
-
8.github/workflows/OpenBSD.yml
-
4.github/workflows/PebbleStrict.yml
-
13.github/workflows/Solaris.yml
-
2.github/workflows/Ubuntu.yml
-
2.github/workflows/Windows.yml
-
2.github/workflows/dockerhub.yml
-
6.github/workflows/pr_dns.yml
-
2.github/workflows/pr_notify.yml
-
4.github/workflows/shellcheck.yml
-
39README.md
-
228acme.sh
-
15deploy/docker.sh
-
125deploy/haproxy.sh
-
171deploy/panos.sh
-
8deploy/proxmoxve.sh
-
6deploy/routeros.sh
-
443deploy/synology_dsm.sh
-
154dnsapi/dns_1984hosting.sh
-
2dnsapi/dns_ali.sh
-
180dnsapi/dns_artfiles.sh
-
33dnsapi/dns_aws.sh
-
89dnsapi/dns_bookmyname.sh
-
185dnsapi/dns_dnsexit.sh
-
148dnsapi/dns_do.sh
-
33dnsapi/dns_gandi_livedns.sh
-
2dnsapi/dns_gcloud.sh
-
4dnsapi/dns_gcore.sh
-
2dnsapi/dns_inwx.sh
-
19dnsapi/dns_kappernet.sh
-
94dnsapi/dns_limacity.sh
-
2dnsapi/dns_loopia.sh
-
4dnsapi/dns_opnsense.sh
-
17dnsapi/dns_ovh.sh
-
60dnsapi/dns_pleskxml.sh
-
211dnsapi/dns_tencent.sh
-
17dnsapi/dns_variomedia.sh
-
105dnsapi/dns_west_cn.sh
-
226notify/aws_ses.sh
-
52notify/mattermost.sh
@ -0,0 +1,75 @@ |
|||||
|
name: Omnios |
||||
|
on: |
||||
|
push: |
||||
|
branches: |
||||
|
- '*' |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Omnios.yml' |
||||
|
|
||||
|
pull_request: |
||||
|
branches: |
||||
|
- dev |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Omnios.yml' |
||||
|
|
||||
|
concurrency: |
||||
|
group: ${{ github.workflow }}-${{ github.ref }} |
||||
|
cancel-in-progress: true |
||||
|
|
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
Omnios: |
||||
|
strategy: |
||||
|
matrix: |
||||
|
include: |
||||
|
- TEST_ACME_Server: "LetsEncrypt.org_test" |
||||
|
CA_ECDSA: "" |
||||
|
CA: "" |
||||
|
CA_EMAIL: "" |
||||
|
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
||||
|
- TEST_ACME_Server: "LetsEncrypt.org_test" |
||||
|
CA_ECDSA: "" |
||||
|
CA: "" |
||||
|
CA_EMAIL: "" |
||||
|
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
||||
|
ACME_USE_WGET: 1 |
||||
|
#- TEST_ACME_Server: "ZeroSSL.com" |
||||
|
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
||||
|
# CA: "ZeroSSL RSA Domain Secure Site CA" |
||||
|
# CA_EMAIL: "githubtest@acme.sh" |
||||
|
# TEST_PREFERRED_CHAIN: "" |
||||
|
runs-on: ubuntu-latest |
||||
|
env: |
||||
|
TEST_LOCAL: 1 |
||||
|
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
||||
|
CA: ${{ matrix.CA }} |
||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
||||
|
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
||||
|
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
||||
|
steps: |
||||
|
- uses: actions/checkout@v4 |
||||
|
- uses: vmactions/cf-tunnel@v0 |
||||
|
id: tunnel |
||||
|
with: |
||||
|
protocol: http |
||||
|
port: 8080 |
||||
|
- name: Set envs |
||||
|
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
||||
|
- name: Clone acmetest |
||||
|
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
||||
|
- uses: vmactions/omnios-vm@v1 |
||||
|
with: |
||||
|
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' |
||||
|
nat: | |
||||
|
"8080": "80" |
||||
|
prepare: pkg install socat wget |
||||
|
copyback: false |
||||
|
run: | |
||||
|
cd ../acmetest \ |
||||
|
&& ./letest.sh |
||||
|
|
||||
|
|
@ -0,0 +1,180 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
################################################################################ |
||||
|
# ACME.sh 3rd party DNS API plugin for ArtFiles.de |
||||
|
################################################################################ |
||||
|
# Author: Martin Arndt, https://troublezone.net/ |
||||
|
# Released: 2022-02-27 |
||||
|
# Issues: https://github.com/acmesh-official/acme.sh/issues/4718 |
||||
|
################################################################################ |
||||
|
# Usage: |
||||
|
# 1. export AF_API_USERNAME='api12345678' |
||||
|
# 2. export AF_API_PASSWORD='apiPassword' |
||||
|
# 3. acme.sh --issue -d example.com --dns dns_artfiles |
||||
|
################################################################################ |
||||
|
|
||||
|
########## API configuration ################################################### |
||||
|
|
||||
|
AF_API_SUCCESS='status":"OK' |
||||
|
AF_URL_DCP='https://dcp.c.artfiles.de/api/' |
||||
|
AF_URL_DNS=${AF_URL_DCP}'dns/{*}_dns.html?domain=' |
||||
|
AF_URL_DOMAINS=${AF_URL_DCP}'domain/get_domains.html' |
||||
|
|
||||
|
########## Public functions #################################################### |
||||
|
|
||||
|
# Adds a new TXT record for given ACME challenge value & domain. |
||||
|
# Usage: dns_artfiles_add _acme-challenge.www.example.com "ACME challenge value" |
||||
|
dns_artfiles_add() { |
||||
|
domain="$1" |
||||
|
txtValue="$2" |
||||
|
_info 'Using ArtFiles.de DNS addition API…' |
||||
|
_debug 'Domain' "$domain" |
||||
|
_debug 'txtValue' "$txtValue" |
||||
|
|
||||
|
_set_credentials |
||||
|
_saveaccountconf_mutable 'AF_API_USERNAME' "$AF_API_USERNAME" |
||||
|
_saveaccountconf_mutable 'AF_API_PASSWORD' "$AF_API_PASSWORD" |
||||
|
|
||||
|
_set_headers |
||||
|
_get_zone "$domain" |
||||
|
_dns 'GET' |
||||
|
if ! _contains "$response" 'TXT'; then |
||||
|
_err 'Retrieving TXT records failed.' |
||||
|
|
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_clean_records |
||||
|
_dns 'SET' "$(printf -- '%s\n_acme-challenge "%s"' "$response" "$txtValue")" |
||||
|
if ! _contains "$response" "$AF_API_SUCCESS"; then |
||||
|
_err 'Adding ACME challenge value failed.' |
||||
|
|
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
# Removes the existing TXT record for given ACME challenge value & domain. |
||||
|
# Usage: dns_artfiles_rm _acme-challenge.www.example.com "ACME challenge value" |
||||
|
dns_artfiles_rm() { |
||||
|
domain="$1" |
||||
|
txtValue="$2" |
||||
|
_info 'Using ArtFiles.de DNS removal API…' |
||||
|
_debug 'Domain' "$domain" |
||||
|
_debug 'txtValue' "$txtValue" |
||||
|
|
||||
|
_set_credentials |
||||
|
_set_headers |
||||
|
_get_zone "$domain" |
||||
|
if ! _dns 'GET'; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _contains "$response" "$txtValue"; then |
||||
|
_err 'Retrieved TXT records are missing given ACME challenge value.' |
||||
|
|
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_clean_records |
||||
|
response="$(printf -- '%s' "$response" | sed '/_acme-challenge "'"$txtValue"'"/d')" |
||||
|
_dns 'SET' "$response" |
||||
|
if ! _contains "$response" "$AF_API_SUCCESS"; then |
||||
|
_err 'Removing ACME challenge value failed.' |
||||
|
|
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
########## Private functions ################################################### |
||||
|
|
||||
|
# Cleans awful TXT records response of ArtFiles's API & pretty prints it. |
||||
|
# Usage: _clean_records |
||||
|
_clean_records() { |
||||
|
_info 'Cleaning TXT records…' |
||||
|
# Extract TXT part, strip trailing quote sign (ACME.sh API guidelines forbid |
||||
|
# usage of SED's GNU extensions, hence couldn't omit it via regex), strip '\' |
||||
|
# from '\"' & turn '\n' into real LF characters. |
||||
|
# Yup, awful API to use - but that's all we got to get this working, so… ;) |
||||
|
_debug2 'Raw ' "$response" |
||||
|
response="$(printf -- '%s' "$response" | sed 's/^.*TXT":"\([^}]*\).*$/\1/;s/,".*$//;s/.$//;s/\\"/"/g;s/\\n/\n/g')" |
||||
|
_debug2 'Clean' "$response" |
||||
|
} |
||||
|
|
||||
|
# Executes an HTTP GET or POST request for getting or setting DNS records, |
||||
|
# containing given payload upon POST. |
||||
|
# Usage: _dns [GET | SET] [payload] |
||||
|
_dns() { |
||||
|
_info 'Executing HTTP request…' |
||||
|
action="$1" |
||||
|
payload="$(printf -- '%s' "$2" | _url_encode)" |
||||
|
url="$(printf -- '%s%s' "$AF_URL_DNS" "$domain" | sed 's/{\*}/'"$(printf -- '%s' "$action" | _lower_case)"'/')" |
||||
|
|
||||
|
if [ "$action" = 'SET' ]; then |
||||
|
_debug2 'Payload' "$payload" |
||||
|
response="$(_post '' "$url&TXT=$payload" '' 'POST' 'application/x-www-form-urlencoded')" |
||||
|
else |
||||
|
response="$(_get "$url" '' 10)" |
||||
|
fi |
||||
|
|
||||
|
if ! _contains "$response" "$AF_API_SUCCESS"; then |
||||
|
_err "DNS API error: $response" |
||||
|
|
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug 'Response' "$response" |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# Gets the root domain zone for given domain. |
||||
|
# Usage: _get_zone _acme-challenge.www.example.com |
||||
|
_get_zone() { |
||||
|
fqdn="$1" |
||||
|
domains="$(_get "$AF_URL_DOMAINS" '' 10)" |
||||
|
_info 'Getting domain zone…' |
||||
|
_debug2 'FQDN' "$fqdn" |
||||
|
_debug2 'Domains' "$domains" |
||||
|
|
||||
|
while _contains "$fqdn" "."; do |
||||
|
if _contains "$domains" "$fqdn"; then |
||||
|
domain="$fqdn" |
||||
|
_info "Found root domain zone: $domain" |
||||
|
break |
||||
|
else |
||||
|
fqdn="${fqdn#*.}" |
||||
|
_debug2 'FQDN' "$fqdn" |
||||
|
fi |
||||
|
done |
||||
|
|
||||
|
if [ "$domain" = "$fqdn" ]; then |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
_err 'Couldn'\''t find root domain zone.' |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
# Sets the credentials for accessing ArtFiles's API |
||||
|
# Usage: _set_credentials |
||||
|
_set_credentials() { |
||||
|
_info 'Setting credentials…' |
||||
|
AF_API_USERNAME="${AF_API_USERNAME:-$(_readaccountconf_mutable AF_API_USERNAME)}" |
||||
|
AF_API_PASSWORD="${AF_API_PASSWORD:-$(_readaccountconf_mutable AF_API_PASSWORD)}" |
||||
|
if [ -z "$AF_API_USERNAME" ] || [ -z "$AF_API_PASSWORD" ]; then |
||||
|
_err 'Missing ArtFiles.de username and/or password.' |
||||
|
_err 'Please ensure both are set via export command & try again.' |
||||
|
|
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
# Adds the HTTP Authorization & Content-Type headers to a follow-up request. |
||||
|
# Usage: _set_headers |
||||
|
_set_headers() { |
||||
|
_info 'Setting headers…' |
||||
|
encoded="$(printf -- '%s:%s' "$AF_API_USERNAME" "$AF_API_PASSWORD" | _base64)" |
||||
|
export _H1="Authorization: Basic $encoded" |
||||
|
export _H2='Content-Type: application/json' |
||||
|
} |
@ -0,0 +1,89 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Here is a sample custom api script. |
||||
|
#This file name is "dns_bookmyname.sh" |
||||
|
#So, here must be a method dns_bookmyname_add() |
||||
|
#Which will be called by acme.sh to add the txt record to your api system. |
||||
|
#returns 0 means success, otherwise error. |
||||
|
# |
||||
|
#Author: Neilpang |
||||
|
#Report Bugs here: https://github.com/acmesh-official/acme.sh |
||||
|
# |
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
# Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide |
||||
|
|
||||
|
# BookMyName urls: |
||||
|
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=add&value="XXXXXXXX"' |
||||
|
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=remove&value="XXXXXXXX"' |
||||
|
|
||||
|
# Output: |
||||
|
#good: update done, cid 123456, domain id 456789, type txt, ip XXXXXXXX |
||||
|
#good: remove done 1, cid 123456, domain id 456789, ttl 300, type txt, ip XXXXXXXX |
||||
|
|
||||
|
# Be careful, BMN DNS servers can be slow to pick up changes; using dnssleep is thus advised. |
||||
|
|
||||
|
# Usage: |
||||
|
# export BOOKMYNAME_USERNAME="ABCDE-FREE" |
||||
|
# export BOOKMYNAME_PASSWORD="MyPassword" |
||||
|
# /usr/local/ssl/acme.sh/acme.sh --dns dns_bookmyname --dnssleep 600 --issue -d domain.tld |
||||
|
|
||||
|
#Usage: dns_bookmyname_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_bookmyname_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
_info "Using bookmyname" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}" |
||||
|
BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}" |
||||
|
|
||||
|
if [ -z "$BOOKMYNAME_USERNAME" ] || [ -z "$BOOKMYNAME_PASSWORD" ]; then |
||||
|
BOOKMYNAME_USERNAME="" |
||||
|
BOOKMYNAME_PASSWORD="" |
||||
|
_err "You didn't specify BookMyName username and password yet." |
||||
|
_err "Please specify them and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the credentials to the account conf file. |
||||
|
_saveaccountconf_mutable BOOKMYNAME_USERNAME "$BOOKMYNAME_USERNAME" |
||||
|
_saveaccountconf_mutable BOOKMYNAME_PASSWORD "$BOOKMYNAME_PASSWORD" |
||||
|
|
||||
|
uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" |
||||
|
data="?hostname=${fulldomain}&type=TXT&ttl=300&do=add&value=${txtvalue}" |
||||
|
result="$(_get "${uri}${data}")" |
||||
|
_debug "Result: $result" |
||||
|
|
||||
|
if ! _startswith "$result" 'good: update done, cid '; then |
||||
|
_err "Can't add $fulldomain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#Usage: fulldomain txtvalue |
||||
|
#Remove the txt record after validation. |
||||
|
dns_bookmyname_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
_info "Using bookmyname" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}" |
||||
|
BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}" |
||||
|
|
||||
|
uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" |
||||
|
data="?hostname=${fulldomain}&type=TXT&ttl=300&do=remove&value=${txtvalue}" |
||||
|
result="$(_get "${uri}${data}")" |
||||
|
_debug "Result: $result" |
||||
|
|
||||
|
if ! _startswith "$result" 'good: remove done 1, cid '; then |
||||
|
_info "Can't remove $fulldomain" |
||||
|
fi |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
@ -0,0 +1,185 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#use dns-01 at DNSExit.com |
||||
|
|
||||
|
#Author: Samuel Jimenez |
||||
|
#Report Bugs here: https://github.com/acmesh-official/acme.sh |
||||
|
|
||||
|
#DNSEXIT_API_KEY=ABCDEFGHIJ0123456789abcdefghij |
||||
|
#DNSEXIT_AUTH_USER=login@email.address |
||||
|
#DNSEXIT_AUTH_PASS=aStrongPassword |
||||
|
DNSEXIT_API_URL="https://api.dnsexit.com/dns/" |
||||
|
DNSEXIT_HOSTS_URL="https://update.dnsexit.com/ipupdate/hosts.jsp" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
#Usage: dns_dnsexit_add _acme-challenge.*.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_dnsexit_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
_info "Using DNSExit.com" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
_debug 'Load account auth' |
||||
|
if ! get_account_info; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug 'First detect the root zone' |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
if ! _dnsexit_rest "{\"domain\":\"$_domain\",\"add\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":0,\"overwrite\":false}}"; then |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug2 _response "$response" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#Usage: fulldomain txtvalue |
||||
|
#Remove the txt record after validation. |
||||
|
dns_dnsexit_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
_info "Using DNSExit.com" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
_debug 'Load account auth' |
||||
|
if ! get_account_info; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug 'First detect the root zone' |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
if ! _dnsexit_rest "{\"domain\":\"$_domain\",\"delete\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\"}}"; then |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug2 _response "$response" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
while true; do |
||||
|
_domain=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$_domain" |
||||
|
if [ -z "$_domain" ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug login "$DNSEXIT_AUTH_USER" |
||||
|
_debug password "$DNSEXIT_AUTH_PASS" |
||||
|
_debug domain "$_domain" |
||||
|
|
||||
|
_dnsexit_http "login=$DNSEXIT_AUTH_USER&password=$DNSEXIT_AUTH_PASS&domain=$_domain" |
||||
|
|
||||
|
if _contains "$response" "0=$_domain"; then |
||||
|
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" |
||||
|
return 0 |
||||
|
else |
||||
|
_debug "Go to next level of $_domain" |
||||
|
fi |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_dnsexit_rest() { |
||||
|
m=POST |
||||
|
ep="" |
||||
|
data="$1" |
||||
|
_debug _dnsexit_rest "$ep" |
||||
|
_debug data "$data" |
||||
|
|
||||
|
api_key_trimmed=$(echo "$DNSEXIT_API_KEY" | tr -d '"') |
||||
|
|
||||
|
export _H1="apikey: $api_key_trimmed" |
||||
|
export _H2='Content-Type: application/json' |
||||
|
|
||||
|
if [ "$m" != "GET" ]; then |
||||
|
_debug data "$data" |
||||
|
response="$(_post "$data" "$DNSEXIT_API_URL/$ep" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "$DNSEXIT_API_URL/$ep")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "Error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_dnsexit_http() { |
||||
|
m=GET |
||||
|
param="$1" |
||||
|
_debug param "$param" |
||||
|
_debug get "$DNSEXIT_HOSTS_URL?$param" |
||||
|
|
||||
|
response="$(_get "$DNSEXIT_HOSTS_URL?$param")" |
||||
|
|
||||
|
_debug response "$response" |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "Error $param" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
get_account_info() { |
||||
|
|
||||
|
DNSEXIT_API_KEY="${DNSEXIT_API_KEY:-$(_readaccountconf_mutable DNSEXIT_API_KEY)}" |
||||
|
if test -z "$DNSEXIT_API_KEY"; then |
||||
|
DNSEXIT_API_KEY='' |
||||
|
_err 'DNSEXIT_API_KEY was not exported' |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable DNSEXIT_API_KEY "$DNSEXIT_API_KEY" |
||||
|
|
||||
|
DNSEXIT_AUTH_USER="${DNSEXIT_AUTH_USER:-$(_readaccountconf_mutable DNSEXIT_AUTH_USER)}" |
||||
|
if test -z "$DNSEXIT_AUTH_USER"; then |
||||
|
DNSEXIT_AUTH_USER="" |
||||
|
_err 'DNSEXIT_AUTH_USER was not exported' |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable DNSEXIT_AUTH_USER "$DNSEXIT_AUTH_USER" |
||||
|
|
||||
|
DNSEXIT_AUTH_PASS="${DNSEXIT_AUTH_PASS:-$(_readaccountconf_mutable DNSEXIT_AUTH_PASS)}" |
||||
|
if test -z "$DNSEXIT_AUTH_PASS"; then |
||||
|
DNSEXIT_AUTH_PASS="" |
||||
|
_err 'DNSEXIT_AUTH_PASS was not exported' |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable DNSEXIT_AUTH_PASS "$DNSEXIT_AUTH_PASS" |
||||
|
|
||||
|
return 0 |
||||
|
} |
@ -1,148 +0,0 @@ |
|||||
#!/usr/bin/env sh |
|
||||
|
|
||||
# DNS API for Domain-Offensive / Resellerinterface / Domainrobot |
|
||||
|
|
||||
# Report bugs at https://github.com/seidler2547/acme.sh/issues |
|
||||
|
|
||||
# set these environment variables to match your customer ID and password: |
|
||||
# DO_PID="KD-1234567" |
|
||||
# DO_PW="cdfkjl3n2" |
|
||||
|
|
||||
DO_URL="https://soap.resellerinterface.de/" |
|
||||
|
|
||||
######## Public functions ##################### |
|
||||
|
|
||||
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|
||||
dns_do_add() { |
|
||||
fulldomain=$1 |
|
||||
txtvalue=$2 |
|
||||
if _dns_do_authenticate; then |
|
||||
_info "Adding TXT record to ${_domain} as ${fulldomain}" |
|
||||
_dns_do_soap createRR origin "${_domain}" name "${fulldomain}" type TXT data "${txtvalue}" ttl 300 |
|
||||
if _contains "${response}" '>success<'; then |
|
||||
return 0 |
|
||||
fi |
|
||||
_err "Could not create resource record, check logs" |
|
||||
fi |
|
||||
return 1 |
|
||||
} |
|
||||
|
|
||||
#fulldomain |
|
||||
dns_do_rm() { |
|
||||
fulldomain=$1 |
|
||||
if _dns_do_authenticate; then |
|
||||
if _dns_do_list_rrs; then |
|
||||
_dns_do_had_error=0 |
|
||||
for _rrid in ${_rr_list}; do |
|
||||
_info "Deleting resource record $_rrid for $_domain" |
|
||||
_dns_do_soap deleteRR origin "${_domain}" rrid "${_rrid}" |
|
||||
if ! _contains "${response}" '>success<'; then |
|
||||
_dns_do_had_error=1 |
|
||||
_err "Could not delete resource record for ${_domain}, id ${_rrid}" |
|
||||
fi |
|
||||
done |
|
||||
return $_dns_do_had_error |
|
||||
fi |
|
||||
fi |
|
||||
return 1 |
|
||||
} |
|
||||
|
|
||||
#################### Private functions below ################################## |
|
||||
_dns_do_authenticate() { |
|
||||
_info "Authenticating as ${DO_PID}" |
|
||||
_dns_do_soap authPartner partner "${DO_PID}" password "${DO_PW}" |
|
||||
if _contains "${response}" '>success<'; then |
|
||||
_get_root "$fulldomain" |
|
||||
_debug "_domain $_domain" |
|
||||
return 0 |
|
||||
else |
|
||||
_err "Authentication failed, are DO_PID and DO_PW set correctly?" |
|
||||
fi |
|
||||
return 1 |
|
||||
} |
|
||||
|
|
||||
_dns_do_list_rrs() { |
|
||||
_dns_do_soap getRRList origin "${_domain}" |
|
||||
if ! _contains "${response}" 'SOAP-ENC:Array'; then |
|
||||
_err "getRRList origin ${_domain} failed" |
|
||||
return 1 |
|
||||
fi |
|
||||
_rr_list="$(echo "${response}" | |
|
||||
tr -d "\n\r\t" | |
|
||||
sed -e 's/<item xsi:type="ns2:Map">/\n/g' | |
|
||||
grep ">$(_regexcape "$fulldomain")</value>" | |
|
||||
sed -e 's/<\/item>/\n/g' | |
|
||||
grep '>id</key><value' | |
|
||||
_egrep_o '>[0-9]{1,16}<' | |
|
||||
tr -d '><')" |
|
||||
[ "${_rr_list}" ] |
|
||||
} |
|
||||
|
|
||||
_dns_do_soap() { |
|
||||
func="$1" |
|
||||
shift |
|
||||
# put the parameters to xml |
|
||||
body="<tns:${func} xmlns:tns=\"${DO_URL}\">" |
|
||||
while [ "$1" ]; do |
|
||||
_k="$1" |
|
||||
shift |
|
||||
_v="$1" |
|
||||
shift |
|
||||
body="$body<$_k>$_v</$_k>" |
|
||||
done |
|
||||
body="$body</tns:${func}>" |
|
||||
_debug2 "SOAP request ${body}" |
|
||||
|
|
||||
# build SOAP XML |
|
||||
_xml='<?xml version="1.0" encoding="UTF-8"?> |
|
||||
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> |
|
||||
<env:Body>'"$body"'</env:Body> |
|
||||
</env:Envelope>' |
|
||||
|
|
||||
# set SOAP headers |
|
||||
export _H1="SOAPAction: ${DO_URL}#${func}" |
|
||||
|
|
||||
if ! response="$(_post "${_xml}" "${DO_URL}")"; then |
|
||||
_err "Error <$1>" |
|
||||
return 1 |
|
||||
fi |
|
||||
_debug2 "SOAP response $response" |
|
||||
|
|
||||
# retrieve cookie header |
|
||||
_H2="$(_egrep_o 'Cookie: [^;]+' <"$HTTP_HEADER" | _head_n 1)" |
|
||||
export _H2 |
|
||||
|
|
||||
return 0 |
|
||||
} |
|
||||
|
|
||||
_get_root() { |
|
||||
domain=$1 |
|
||||
i=1 |
|
||||
|
|
||||
_dns_do_soap getDomainList |
|
||||
_all_domains="$(echo "${response}" | |
|
||||
tr -d "\n\r\t " | |
|
||||
_egrep_o 'domain</key><value[^>]+>[^<]+' | |
|
||||
sed -e 's/^domain<\/key><value[^>]*>//g')" |
|
||||
|
|
||||
while true; do |
|
||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|
||||
if [ -z "$h" ]; then |
|
||||
return 1 |
|
||||
fi |
|
||||
|
|
||||
if _contains "${_all_domains}" "^$(_regexcape "$h")\$"; then |
|
||||
_domain="$h" |
|
||||
return 0 |
|
||||
fi |
|
||||
|
|
||||
i=$(_math $i + 1) |
|
||||
done |
|
||||
_debug "$domain not found" |
|
||||
|
|
||||
return 1 |
|
||||
} |
|
||||
|
|
||||
_regexcape() { |
|
||||
echo "$1" | sed -e 's/\([]\.$*^[]\)/\\\1/g' |
|
||||
} |
|
@ -0,0 +1,94 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Created by Laraveluser |
||||
|
# |
||||
|
# Pass credentials before "acme.sh --issue --dns dns_limacity ..." |
||||
|
# -- |
||||
|
# export LIMACITY_APIKEY="<API-KEY>" |
||||
|
# -- |
||||
|
# |
||||
|
# Pleas note: APIKEY must have following roles: dns.admin, domains.reader |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
LIMACITY_APIKEY="${LIMACITY_APIKEY:-$(_readaccountconf_mutable LIMACITY_APIKEY)}" |
||||
|
AUTH=$(printf "%s" "api:$LIMACITY_APIKEY" | _base64 -w 0) |
||||
|
export _H1="Authorization: Basic $AUTH" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
APIBASE=https://www.lima-city.de/usercp |
||||
|
|
||||
|
#Usage: dns_limacity_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_limacity_add() { |
||||
|
_debug LIMACITY_APIKEY "$LIMACITY_APIKEY" |
||||
|
if [ "$LIMACITY_APIKEY" = "" ]; then |
||||
|
_err "No Credentials given" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# save the dns server and key to the account conf file. |
||||
|
_saveaccountconf_mutable LIMACITY_APIKEY "${LIMACITY_APIKEY}" |
||||
|
|
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
if ! _lima_get_domain_id "$fulldomain"; then return 1; fi |
||||
|
|
||||
|
msg=$(_post "{\"nameserver_record\":{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\",\"ttl\":60}}" "${APIBASE}/domains/${LIMACITY_DOMAINID}/records.json" "" "POST") |
||||
|
_debug "$msg" |
||||
|
|
||||
|
if [ "$(echo "$msg" | _egrep_o "\"status\":\"ok\"")" = "" ]; then |
||||
|
_err "$msg" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#Usage: dns_limacity_rm _acme-challenge.www.domain.com |
||||
|
dns_limacity_rm() { |
||||
|
|
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
if ! _lima_get_domain_id "$fulldomain"; then return 1; fi |
||||
|
|
||||
|
for recordId in $(_get "${APIBASE}/domains/${LIMACITY_DOMAINID}/records.json" | _egrep_o "{\"id\":[0-9]*[^}]*,\"name\":\"${fulldomain}\"" | _egrep_o "[0-9]*"); do |
||||
|
_post "" "${APIBASE}/domains/${LIMACITY_DOMAINID}/records/${recordId}" "" "DELETE" |
||||
|
done |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_lima_get_domain_id() { |
||||
|
domain="$1" |
||||
|
_debug "$domain" |
||||
|
i=2 |
||||
|
p=1 |
||||
|
|
||||
|
domains=$(_get "${APIBASE}/domains.json") |
||||
|
if [ "$(echo "$domains" | _egrep_o "\{.*""domains""")" ]; then |
||||
|
response="$(echo "$domains" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")" |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
hostedzone="$(echo "$response" | _egrep_o "\{.*""unicode_fqdn""[^,]+""$h"".*\}")" |
||||
|
if [ "$hostedzone" ]; then |
||||
|
LIMACITY_DOMAINID=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) |
||||
|
if [ "$LIMACITY_DOMAINID" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
fi |
||||
|
return 1 |
||||
|
} |
@ -0,0 +1,211 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
Tencent_API="https://dnspod.tencentcloudapi.com" |
||||
|
|
||||
|
#Tencent_SecretId="AKIDz81d2cd22cdcdc2dcd1cc1d1A" |
||||
|
#Tencent_SecretKey="Gu5t9abcabcaabcbabcbbbcbcbbccbbcb" |
||||
|
|
||||
|
#Usage: dns_tencent_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_tencent_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
Tencent_SecretId="${Tencent_SecretId:-$(_readaccountconf_mutable Tencent_SecretId)}" |
||||
|
Tencent_SecretKey="${Tencent_SecretKey:-$(_readaccountconf_mutable Tencent_SecretKey)}" |
||||
|
if [ -z "$Tencent_SecretId" ] || [ -z "$Tencent_SecretKey" ]; then |
||||
|
Tencent_SecretId="" |
||||
|
Tencent_SecretKey="" |
||||
|
_err "You don't specify tencent api SecretId and SecretKey yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the api SecretId and SecretKey to the account conf file. |
||||
|
_saveaccountconf_mutable Tencent_SecretId "$Tencent_SecretId" |
||||
|
_saveaccountconf_mutable Tencent_SecretKey "$Tencent_SecretKey" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "Add record" |
||||
|
_add_record_query "$_domain" "$_sub_domain" "$txtvalue" && _tencent_rest "CreateRecord" |
||||
|
} |
||||
|
|
||||
|
dns_tencent_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
Tencent_SecretId="${Tencent_SecretId:-$(_readaccountconf_mutable Tencent_SecretId)}" |
||||
|
Tencent_SecretKey="${Tencent_SecretKey:-$(_readaccountconf_mutable Tencent_SecretKey)}" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "Get record list" |
||||
|
attempt=1 |
||||
|
max_attempts=5 |
||||
|
while [ -z "$record_id" ] && [ "$attempt" -le $max_attempts ]; do |
||||
|
_check_exist_query "$_domain" "$_sub_domain" "$txtvalue" && _tencent_rest "DescribeRecordFilterList" |
||||
|
record_id="$(echo "$response" | _egrep_o "\"RecordId\":\s*[0-9]+" | _egrep_o "[0-9]+")" |
||||
|
_debug2 record_id "$record_id" |
||||
|
if [ -z "$record_id" ]; then |
||||
|
_debug "Due to TencentCloud API synchronization delay, record not found, waiting 10 seconds and retrying" |
||||
|
_sleep 10 |
||||
|
attempt=$(_math "$attempt + 1") |
||||
|
fi |
||||
|
done |
||||
|
|
||||
|
record_id="$(echo "$response" | _egrep_o "\"RecordId\":\s*[0-9]+" | _egrep_o "[0-9]+")" |
||||
|
_debug2 record_id "$record_id" |
||||
|
|
||||
|
if [ -z "$record_id" ]; then |
||||
|
_debug "record not found after $max_attempts attempts, skip" |
||||
|
else |
||||
|
_debug "Delete record" |
||||
|
_delete_record_query "$record_id" && _tencent_rest "DeleteRecord" |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_describe_records_query "$h" "@" |
||||
|
if ! _tencent_rest "DescribeRecordList" "ignore"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"TotalCount\":"; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_domain="$h" |
||||
|
_debug _domain "$_domain" |
||||
|
return 0 |
||||
|
fi |
||||
|
p="$i" |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_tencent_rest() { |
||||
|
action=$1 |
||||
|
service="dnspod" |
||||
|
payload="${query}" |
||||
|
timestamp=$(date -u +%s) |
||||
|
|
||||
|
token=$(tencent_signature_v3 $service "$action" "$payload" "$timestamp") |
||||
|
version="2021-03-23" |
||||
|
|
||||
|
if ! response="$(tencent_api_request $service $version "$action" "$payload" "$timestamp")"; then |
||||
|
_err "Error <$1>" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug2 response "$response" |
||||
|
if [ -z "$2" ]; then |
||||
|
message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")" |
||||
|
if [ "$message" ]; then |
||||
|
_err "$message" |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
_add_record_query() { |
||||
|
query="{\"Domain\":\"$1\",\"SubDomain\":\"$2\",\"RecordType\":\"TXT\",\"RecordLineId\":\"0\",\"RecordLine\":\"0\",\"Value\":\"$3\",\"TTL\":600}" |
||||
|
} |
||||
|
|
||||
|
_describe_records_query() { |
||||
|
query="{\"Domain\":\"$1\",\"Limit\":3000}" |
||||
|
} |
||||
|
|
||||
|
_delete_record_query() { |
||||
|
query="{\"Domain\":\"$_domain\",\"RecordId\":$1}" |
||||
|
} |
||||
|
|
||||
|
_check_exist_query() { |
||||
|
_domain="$1" |
||||
|
_subdomain="$2" |
||||
|
_value="$3" |
||||
|
query="{\"Domain\":\"$_domain\",\"SubDomain\":\"$_subdomain\",\"RecordValue\":\"$_value\"}" |
||||
|
} |
||||
|
|
||||
|
# shell client for tencent cloud api v3 | @author: rehiy |
||||
|
|
||||
|
tencent_sha256() { |
||||
|
printf %b "$@" | _digest sha256 hex |
||||
|
} |
||||
|
|
||||
|
tencent_hmac_sha256() { |
||||
|
k=$1 |
||||
|
shift |
||||
|
hex_key=$(printf %b "$k" | _hex_dump | tr -d ' ') |
||||
|
printf %b "$@" | _hmac sha256 "$hex_key" hex |
||||
|
} |
||||
|
|
||||
|
tencent_hmac_sha256_hexkey() { |
||||
|
k=$1 |
||||
|
shift |
||||
|
printf %b "$@" | _hmac sha256 "$k" hex |
||||
|
} |
||||
|
|
||||
|
tencent_signature_v3() { |
||||
|
service=$1 |
||||
|
action=$(echo "$2" | _lower_case) |
||||
|
payload=${3:-'{}'} |
||||
|
timestamp=${4:-$(date +%s)} |
||||
|
|
||||
|
domain="$service.tencentcloudapi.com" |
||||
|
secretId=${Tencent_SecretId:-'tencent-cloud-secret-id'} |
||||
|
secretKey=${Tencent_SecretKey:-'tencent-cloud-secret-key'} |
||||
|
|
||||
|
algorithm='TC3-HMAC-SHA256' |
||||
|
date=$(date -u -d "@$timestamp" +%Y-%m-%d 2>/dev/null) |
||||
|
[ -z "$date" ] && date=$(date -u -r "$timestamp" +%Y-%m-%d) |
||||
|
|
||||
|
canonicalUri='/' |
||||
|
canonicalQuery='' |
||||
|
canonicalHeaders="content-type:application/json\nhost:$domain\nx-tc-action:$action\n" |
||||
|
|
||||
|
signedHeaders='content-type;host;x-tc-action' |
||||
|
canonicalRequest="POST\n$canonicalUri\n$canonicalQuery\n$canonicalHeaders\n$signedHeaders\n$(tencent_sha256 "$payload")" |
||||
|
|
||||
|
credentialScope="$date/$service/tc3_request" |
||||
|
stringToSign="$algorithm\n$timestamp\n$credentialScope\n$(tencent_sha256 "$canonicalRequest")" |
||||
|
|
||||
|
secretDate=$(tencent_hmac_sha256 "TC3$secretKey" "$date") |
||||
|
secretService=$(tencent_hmac_sha256_hexkey "$secretDate" "$service") |
||||
|
secretSigning=$(tencent_hmac_sha256_hexkey "$secretService" 'tc3_request') |
||||
|
signature=$(tencent_hmac_sha256_hexkey "$secretSigning" "$stringToSign") |
||||
|
|
||||
|
echo "$algorithm Credential=$secretId/$credentialScope, SignedHeaders=$signedHeaders, Signature=$signature" |
||||
|
} |
||||
|
|
||||
|
tencent_api_request() { |
||||
|
service=$1 |
||||
|
version=$2 |
||||
|
action=$3 |
||||
|
payload=${4:-'{}'} |
||||
|
timestamp=${5:-$(date +%s)} |
||||
|
|
||||
|
token=$(tencent_signature_v3 "$service" "$action" "$payload" "$timestamp") |
||||
|
|
||||
|
_H1="Content-Type: application/json" |
||||
|
_H2="Authorization: $token" |
||||
|
_H3="X-TC-Version: $version" |
||||
|
_H4="X-TC-Timestamp: $timestamp" |
||||
|
_H5="X-TC-Action: $action" |
||||
|
|
||||
|
_post "$payload" "$Tencent_API" "" "POST" "application/json" |
||||
|
} |
@ -0,0 +1,105 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# West.cn Domain api |
||||
|
#WEST_Username="username" |
||||
|
#WEST_Key="sADDsdasdgdsf" |
||||
|
#Set key at https://www.west.cn/manager/API/APIconfig.asp |
||||
|
|
||||
|
REST_API="https://api.west.cn/API/v2" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_west_cn_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
WEST_Username="${WEST_Username:-$(_readaccountconf_mutable WEST_Username)}" |
||||
|
WEST_Key="${WEST_Key:-$(_readaccountconf_mutable WEST_Key)}" |
||||
|
if [ -z "$WEST_Username" ] || [ -z "$WEST_Key" ]; then |
||||
|
WEST_Username="" |
||||
|
WEST_Key="" |
||||
|
_err "You don't specify west api key and username yet." |
||||
|
_err "Please set you key and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the api key and email to the account conf file. |
||||
|
_saveaccountconf_mutable WEST_Username "$WEST_Username" |
||||
|
_saveaccountconf_mutable WEST_Key "$WEST_Key" |
||||
|
|
||||
|
add_record "$fulldomain" "$txtvalue" |
||||
|
} |
||||
|
|
||||
|
#Usage: rm _acme-challenge.www.domain.com |
||||
|
dns_west_cn_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
WEST_Username="${WEST_Username:-$(_readaccountconf_mutable WEST_Username)}" |
||||
|
WEST_Key="${WEST_Key:-$(_readaccountconf_mutable WEST_Key)}" |
||||
|
|
||||
|
if ! _rest POST "domain/dns/" "act=dnsrec.list&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_type=TXT"; then |
||||
|
_err "dnsrec.list error." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" 'no records'; then |
||||
|
_info "Don't need to remove." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
record_id=$(echo "$response" | tr "{" "\n" | grep -- "$txtvalue" | grep '^"record_id"' | cut -d : -f 2 | cut -d ',' -f 1) |
||||
|
_debug record_id "$record_id" |
||||
|
if [ -z "$record_id" ]; then |
||||
|
_err "Can not get record id." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _rest POST "domain/dns/" "act=dnsrec.remove&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_id=$record_id"; then |
||||
|
_err "dnsrec.remove error." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_contains "$response" "success" |
||||
|
} |
||||
|
|
||||
|
#add the txt record. |
||||
|
#usage: add fulldomain txtvalue |
||||
|
add_record() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_info "Adding record" |
||||
|
|
||||
|
if ! _rest POST "domain/dns/" "act=dnsrec.add&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_type=TXT&record_value=$txtvalue"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_contains "$response" "success" |
||||
|
} |
||||
|
|
||||
|
#Usage: method URI data |
||||
|
_rest() { |
||||
|
m="$1" |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
_debug "$ep" |
||||
|
url="$REST_API/$ep" |
||||
|
|
||||
|
_debug url "$url" |
||||
|
|
||||
|
if [ "$m" = "GET" ]; then |
||||
|
response="$(_get "$url" | tr -d '\r')" |
||||
|
else |
||||
|
_debug2 data "$data" |
||||
|
response="$(_post "$data" "$url" | tr -d '\r')" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,226 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# |
||||
|
#AWS_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje" |
||||
|
# |
||||
|
#AWS_SECRET_ACCESS_KEY="xxxxxxx" |
||||
|
# |
||||
|
#AWS_SES_REGION="us-east-1" |
||||
|
# |
||||
|
#AWS_SES_TO="xxxx@xxx.com" |
||||
|
# |
||||
|
#AWS_SES_FROM="xxxx@cccc.com" |
||||
|
# |
||||
|
#AWS_SES_FROM_NAME="Something something" |
||||
|
#This is the Amazon SES api wrapper for acme.sh |
||||
|
AWS_WIKI="https://docs.aws.amazon.com/ses/latest/dg/send-email-api.html" |
||||
|
|
||||
|
aws_ses_send() { |
||||
|
_subject="$1" |
||||
|
_content="$2" |
||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
||||
|
_debug "_statusCode" "$_statusCode" |
||||
|
|
||||
|
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}" |
||||
|
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}" |
||||
|
AWS_SES_REGION="${AWS_SES_REGION:-$(_readaccountconf_mutable AWS_SES_REGION)}" |
||||
|
|
||||
|
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then |
||||
|
_use_container_role || _use_instance_role |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then |
||||
|
AWS_ACCESS_KEY_ID="" |
||||
|
AWS_SECRET_ACCESS_KEY="" |
||||
|
_err "You haven't specified the aws SES api key id and and api key secret yet." |
||||
|
_err "Please create your key and try again. see $(__green $AWS_WIKI)" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$AWS_SES_REGION" ]; then |
||||
|
AWS_SES_REGION="" |
||||
|
_err "You haven't specified the aws SES api region yet." |
||||
|
_err "Please specify your region and try again. see https://docs.aws.amazon.com/general/latest/gr/ses.html" |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable AWS_SES_REGION "$AWS_SES_REGION" |
||||
|
|
||||
|
#save for future use, unless using a role which will be fetched as needed |
||||
|
if [ -z "$_using_role" ]; then |
||||
|
_saveaccountconf_mutable AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID" |
||||
|
_saveaccountconf_mutable AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY" |
||||
|
fi |
||||
|
|
||||
|
AWS_SES_TO="${AWS_SES_TO:-$(_readaccountconf_mutable AWS_SES_TO)}" |
||||
|
if [ -z "$AWS_SES_TO" ]; then |
||||
|
AWS_SES_TO="" |
||||
|
_err "You didn't specify an email to AWS_SES_TO receive messages." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable AWS_SES_TO "$AWS_SES_TO" |
||||
|
|
||||
|
AWS_SES_FROM="${AWS_SES_FROM:-$(_readaccountconf_mutable AWS_SES_FROM)}" |
||||
|
if [ -z "$AWS_SES_FROM" ]; then |
||||
|
AWS_SES_FROM="" |
||||
|
_err "You didn't specify an email to AWS_SES_FROM receive messages." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable AWS_SES_FROM "$AWS_SES_FROM" |
||||
|
|
||||
|
AWS_SES_FROM_NAME="${AWS_SES_FROM_NAME:-$(_readaccountconf_mutable AWS_SES_FROM_NAME)}" |
||||
|
_saveaccountconf_mutable AWS_SES_FROM_NAME "$AWS_SES_FROM_NAME" |
||||
|
|
||||
|
AWS_SES_SENDFROM="$AWS_SES_FROM_NAME <$AWS_SES_FROM>" |
||||
|
|
||||
|
AWS_SES_ACTION="Action=SendEmail" |
||||
|
AWS_SES_SOURCE="Source=$AWS_SES_SENDFROM" |
||||
|
AWS_SES_TO="Destination.ToAddresses.member.1=$AWS_SES_TO" |
||||
|
AWS_SES_SUBJECT="Message.Subject.Data=$_subject" |
||||
|
AWS_SES_MESSAGE="Message.Body.Text.Data=$_content" |
||||
|
|
||||
|
_data="${AWS_SES_ACTION}&${AWS_SES_SOURCE}&${AWS_SES_TO}&${AWS_SES_SUBJECT}&${AWS_SES_MESSAGE}" |
||||
|
|
||||
|
response="$(aws_rest POST "" "" "$_data")" |
||||
|
} |
||||
|
|
||||
|
_use_metadata() { |
||||
|
_aws_creds="$( |
||||
|
_get "$1" "" 1 | |
||||
|
_normalizeJson | |
||||
|
tr '{,}' '\n' | |
||||
|
while read -r _line; do |
||||
|
_key="$(echo "${_line%%:*}" | tr -d '"')" |
||||
|
_value="${_line#*:}" |
||||
|
_debug3 "_key" "$_key" |
||||
|
_secure_debug3 "_value" "$_value" |
||||
|
case "$_key" in |
||||
|
AccessKeyId) echo "AWS_ACCESS_KEY_ID=$_value" ;; |
||||
|
SecretAccessKey) echo "AWS_SECRET_ACCESS_KEY=$_value" ;; |
||||
|
Token) echo "AWS_SESSION_TOKEN=$_value" ;; |
||||
|
esac |
||||
|
done | |
||||
|
paste -sd' ' - |
||||
|
)" |
||||
|
_secure_debug "_aws_creds" "$_aws_creds" |
||||
|
|
||||
|
if [ -z "$_aws_creds" ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
eval "$_aws_creds" |
||||
|
_using_role=true |
||||
|
} |
||||
|
|
||||
|
#method uri qstr data |
||||
|
aws_rest() { |
||||
|
mtd="$1" |
||||
|
ep="$2" |
||||
|
qsr="$3" |
||||
|
data="$4" |
||||
|
|
||||
|
_debug mtd "$mtd" |
||||
|
_debug ep "$ep" |
||||
|
_debug qsr "$qsr" |
||||
|
_debug data "$data" |
||||
|
|
||||
|
CanonicalURI="/$ep" |
||||
|
_debug2 CanonicalURI "$CanonicalURI" |
||||
|
|
||||
|
CanonicalQueryString="$qsr" |
||||
|
_debug2 CanonicalQueryString "$CanonicalQueryString" |
||||
|
|
||||
|
RequestDate="$(date -u +"%Y%m%dT%H%M%SZ")" |
||||
|
_debug2 RequestDate "$RequestDate" |
||||
|
|
||||
|
#RequestDate="20161120T141056Z" ############## |
||||
|
|
||||
|
export _H1="x-amz-date: $RequestDate" |
||||
|
|
||||
|
aws_host="email.$AWS_SES_REGION.amazonaws.com" |
||||
|
CanonicalHeaders="host:$aws_host\nx-amz-date:$RequestDate\n" |
||||
|
SignedHeaders="host;x-amz-date" |
||||
|
if [ -n "$AWS_SESSION_TOKEN" ]; then |
||||
|
export _H3="x-amz-security-token: $AWS_SESSION_TOKEN" |
||||
|
CanonicalHeaders="${CanonicalHeaders}x-amz-security-token:$AWS_SESSION_TOKEN\n" |
||||
|
SignedHeaders="${SignedHeaders};x-amz-security-token" |
||||
|
fi |
||||
|
_debug2 CanonicalHeaders "$CanonicalHeaders" |
||||
|
_debug2 SignedHeaders "$SignedHeaders" |
||||
|
|
||||
|
RequestPayload="$data" |
||||
|
_debug2 RequestPayload "$RequestPayload" |
||||
|
|
||||
|
Hash="sha256" |
||||
|
|
||||
|
CanonicalRequest="$mtd\n$CanonicalURI\n$CanonicalQueryString\n$CanonicalHeaders\n$SignedHeaders\n$(printf "%s" "$RequestPayload" | _digest "$Hash" hex)" |
||||
|
_debug2 CanonicalRequest "$CanonicalRequest" |
||||
|
|
||||
|
HashedCanonicalRequest="$(printf "$CanonicalRequest%s" | _digest "$Hash" hex)" |
||||
|
_debug2 HashedCanonicalRequest "$HashedCanonicalRequest" |
||||
|
|
||||
|
Algorithm="AWS4-HMAC-SHA256" |
||||
|
_debug2 Algorithm "$Algorithm" |
||||
|
|
||||
|
RequestDateOnly="$(echo "$RequestDate" | cut -c 1-8)" |
||||
|
_debug2 RequestDateOnly "$RequestDateOnly" |
||||
|
|
||||
|
Region="$AWS_SES_REGION" |
||||
|
Service="ses" |
||||
|
|
||||
|
CredentialScope="$RequestDateOnly/$Region/$Service/aws4_request" |
||||
|
_debug2 CredentialScope "$CredentialScope" |
||||
|
|
||||
|
StringToSign="$Algorithm\n$RequestDate\n$CredentialScope\n$HashedCanonicalRequest" |
||||
|
|
||||
|
_debug2 StringToSign "$StringToSign" |
||||
|
|
||||
|
kSecret="AWS4$AWS_SECRET_ACCESS_KEY" |
||||
|
|
||||
|
#kSecret="wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY" ############################ |
||||
|
|
||||
|
_secure_debug2 kSecret "$kSecret" |
||||
|
|
||||
|
kSecretH="$(printf "%s" "$kSecret" | _hex_dump | tr -d " ")" |
||||
|
_secure_debug2 kSecretH "$kSecretH" |
||||
|
|
||||
|
kDateH="$(printf "$RequestDateOnly%s" | _hmac "$Hash" "$kSecretH" hex)" |
||||
|
_debug2 kDateH "$kDateH" |
||||
|
|
||||
|
kRegionH="$(printf "$Region%s" | _hmac "$Hash" "$kDateH" hex)" |
||||
|
_debug2 kRegionH "$kRegionH" |
||||
|
|
||||
|
kServiceH="$(printf "$Service%s" | _hmac "$Hash" "$kRegionH" hex)" |
||||
|
_debug2 kServiceH "$kServiceH" |
||||
|
|
||||
|
kSigningH="$(printf "%s" "aws4_request" | _hmac "$Hash" "$kServiceH" hex)" |
||||
|
_debug2 kSigningH "$kSigningH" |
||||
|
|
||||
|
signature="$(printf "$StringToSign%s" | _hmac "$Hash" "$kSigningH" hex)" |
||||
|
_debug2 signature "$signature" |
||||
|
|
||||
|
Authorization="$Algorithm Credential=$AWS_ACCESS_KEY_ID/$CredentialScope, SignedHeaders=$SignedHeaders, Signature=$signature" |
||||
|
_debug2 Authorization "$Authorization" |
||||
|
|
||||
|
_H2="Authorization: $Authorization" |
||||
|
_debug _H2 "$_H2" |
||||
|
|
||||
|
url="https://$aws_host/$ep" |
||||
|
if [ "$qsr" ]; then |
||||
|
url="https://$aws_host/$ep?$qsr" |
||||
|
fi |
||||
|
|
||||
|
if [ "$mtd" = "GET" ]; then |
||||
|
response="$(_get "$url")" |
||||
|
else |
||||
|
response="$(_post "$data" "$url")" |
||||
|
fi |
||||
|
|
||||
|
_ret="$?" |
||||
|
_debug2 response "$response" |
||||
|
if [ "$_ret" = "0" ]; then |
||||
|
if _contains "$response" "<ErrorResponse"; then |
||||
|
_err "Response error:$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
} |
@ -0,0 +1,52 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Support mattermost bots |
||||
|
|
||||
|
#MATTERMOST_API_URL="" |
||||
|
#MATTERMOST_CHANNEL_ID="" |
||||
|
#MATTERMOST_BOT_TOKEN="" |
||||
|
|
||||
|
mattermost_send() { |
||||
|
_subject="$1" |
||||
|
_content="$2" |
||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
||||
|
_debug "_statusCode" "$_statusCode" |
||||
|
|
||||
|
MATTERMOST_API_URL="${MATTERMOST_API_URL:-$(_readaccountconf_mutable MATTERMOST_API_URL)}" |
||||
|
if [ -z "$MATTERMOST_API_URL" ]; then |
||||
|
_err "You didn't specify a Mattermost API URL MATTERMOST_API_URL yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable MATTERMOST_API_URL "$MATTERMOST_API_URL" |
||||
|
|
||||
|
MATTERMOST_CHANNEL_ID="${MATTERMOST_CHANNEL_ID:-$(_readaccountconf_mutable MATTERMOST_CHANNEL_ID)}" |
||||
|
if [ -z "$MATTERMOST_CHANNEL_ID" ]; then |
||||
|
_err "You didn't specify a Mattermost channel id MATTERMOST_CHANNEL_ID yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable MATTERMOST_CHANNEL_ID "$MATTERMOST_CHANNEL_ID" |
||||
|
|
||||
|
MATTERMOST_BOT_TOKEN="${MATTERMOST_BOT_TOKEN:-$(_readaccountconf_mutable MATTERMOST_BOT_TOKEN)}" |
||||
|
if [ -z "$MATTERMOST_BOT_TOKEN" ]; then |
||||
|
_err "You didn't specify a Mattermost bot API token MATTERMOST_BOT_TOKEN yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable MATTERMOST_BOT_TOKEN "$MATTERMOST_BOT_TOKEN" |
||||
|
|
||||
|
_content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" |
||||
|
_data="{\"channel_id\": \"$MATTERMOST_CHANNEL_ID\", " |
||||
|
_data="$_data\"message\": \"$_content\"}" |
||||
|
|
||||
|
export _H1="Authorization: Bearer $MATTERMOST_BOT_TOKEN" |
||||
|
response="" |
||||
|
if _post "$_data" "$MATTERMOST_API_URL" "" "POST" "application/json; charset=utf-8"; then |
||||
|
MATTERMOST_RESULT_OK=$(echo "$response" | _egrep_o 'create_at') |
||||
|
if [ "$?" = "0" ] && [ "$MATTERMOST_RESULT_OK" ]; then |
||||
|
_info "mattermost send success." |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
_err "mattermost send error." |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue