|
@ -2,15 +2,28 @@ |
|
|
|
|
|
|
|
|
# Script to create certificate to Alibaba Cloud CDN |
|
|
# Script to create certificate to Alibaba Cloud CDN |
|
|
# |
|
|
# |
|
|
|
|
|
# Docs: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#33-deploy-your-certificate-to-alibaba-cloud-cdn-aliyun |
|
|
|
|
|
# |
|
|
# This deployment required following variables |
|
|
# This deployment required following variables |
|
|
# export Ali_Key="ALIACCESSKEY" |
|
|
# export Ali_Key="ALIACCESSKEY" |
|
|
# export Ali_Secret="ALISECRETKEY" |
|
|
# export Ali_Secret="ALISECRETKEY" |
|
|
|
|
|
# The credentials are shared with all the Alibaba Cloud deploy hooks and dnsapi |
|
|
|
|
|
# |
|
|
|
|
|
# To specify the CDN domain that is different from the certificate CN, usually used for multi-domain or wildcard certificates |
|
|
# export DEPLOY_ALI_CDN_DOMAIN="cdn.example.com" |
|
|
# export DEPLOY_ALI_CDN_DOMAIN="cdn.example.com" |
|
|
# If you have more than one domain, just |
|
|
|
|
|
|
|
|
# If you have multiple CDN domains using the same certificate, just |
|
|
# export DEPLOY_ALI_CDN_DOMAIN="cdn1.example.com cdn2.example.com" |
|
|
# export DEPLOY_ALI_CDN_DOMAIN="cdn1.example.com cdn2.example.com" |
|
|
# |
|
|
|
|
|
# The credentials are shared with all domains, also shared with dns_ali api |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Load dnsapi/dns_ali.sh to reduce the duplicated codes |
|
|
|
|
|
# https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276 |
|
|
|
|
|
dnsapi_ali="$(_findHook "" "$_SUB_FOLDER_DNSAPI" dns_ali)" |
|
|
|
|
|
# shellcheck source=/dev/null |
|
|
|
|
|
if ! . "$dnsapi_ali"; then |
|
|
|
|
|
_err "Error loading file $dnsapi_ali. Please check your API file and try again." |
|
|
|
|
|
return 1 |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
# shellcheck disable=SC2034 |
|
|
Ali_API="https://cdn.aliyuncs.com/" |
|
|
Ali_API="https://cdn.aliyuncs.com/" |
|
|
|
|
|
|
|
|
ali_cdn_deploy() { |
|
|
ali_cdn_deploy() { |
|
@ -26,18 +39,7 @@ ali_cdn_deploy() { |
|
|
_debug _cca "$_cca" |
|
|
_debug _cca "$_cca" |
|
|
_debug _cfullchain "$_cfullchain" |
|
|
_debug _cfullchain "$_cfullchain" |
|
|
|
|
|
|
|
|
Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}" |
|
|
|
|
|
Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}" |
|
|
|
|
|
if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then |
|
|
|
|
|
Ali_Key="" |
|
|
|
|
|
Ali_Secret="" |
|
|
|
|
|
_err "You don't specify aliyun api key and secret yet." |
|
|
|
|
|
return 1 |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
#save the api key and secret to the account conf file. |
|
|
|
|
|
_saveaccountconf_mutable Ali_Key "$Ali_Key" |
|
|
|
|
|
_saveaccountconf_mutable Ali_Secret "$Ali_Secret" |
|
|
|
|
|
|
|
|
_prepare_ali_credentials |
|
|
|
|
|
|
|
|
_getdeployconf DEPLOY_ALI_CDN_DOMAIN |
|
|
_getdeployconf DEPLOY_ALI_CDN_DOMAIN |
|
|
if [ "$DEPLOY_ALI_CDN_DOMAIN" ]; then |
|
|
if [ "$DEPLOY_ALI_CDN_DOMAIN" ]; then |
|
@ -47,8 +49,8 @@ ali_cdn_deploy() { |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
# read cert and key files and urlencode both |
|
|
# read cert and key files and urlencode both |
|
|
_cert=$(_url_encode_upper <"$_cfullchain") |
|
|
|
|
|
_key=$(_url_encode_upper <"$_ckey") |
|
|
|
|
|
|
|
|
_cert=$(_url_encode upper-hex <"$_cfullchain") |
|
|
|
|
|
_key=$(_url_encode upper-hex <"$_ckey") |
|
|
|
|
|
|
|
|
_debug2 _cert "$_cert" |
|
|
_debug2 _cert "$_cert" |
|
|
_debug2 _key "$_key" |
|
|
_debug2 _key "$_key" |
|
@ -64,80 +66,7 @@ ali_cdn_deploy() { |
|
|
return 0 |
|
|
return 0 |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
#################### Private functions below ################################## |
|
|
|
|
|
|
|
|
|
|
|
# act ign mtd |
|
|
|
|
|
_ali_rest() { |
|
|
|
|
|
act="$1" |
|
|
|
|
|
ign="$2" |
|
|
|
|
|
mtd="$3" |
|
|
|
|
|
|
|
|
|
|
|
signature=$(printf "%s" "$mtd&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64) |
|
|
|
|
|
signature=$(_ali_urlencode "$signature") |
|
|
|
|
|
url="$Ali_API?$query&Signature=$signature" |
|
|
|
|
|
|
|
|
|
|
|
if [ "$mtd" = "GET" ]; then |
|
|
|
|
|
response="$(_get "$url")" |
|
|
|
|
|
else |
|
|
|
|
|
# post payload is not supported yet because of signature |
|
|
|
|
|
response="$(_post "" "$url")" |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
_ret="$?" |
|
|
|
|
|
_debug2 response "$response" |
|
|
|
|
|
if [ "$_ret" != "0" ]; then |
|
|
|
|
|
_err "Error <$act>" |
|
|
|
|
|
return 1 |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
if [ -z "$ign" ]; then |
|
|
|
|
|
message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")" |
|
|
|
|
|
if [ "$message" ]; then |
|
|
|
|
|
_err "$message" |
|
|
|
|
|
return 1 |
|
|
|
|
|
fi |
|
|
|
|
|
fi |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
_ali_urlencode() { |
|
|
|
|
|
_str="$1" |
|
|
|
|
|
_str_len=${#_str} |
|
|
|
|
|
_u_i=1 |
|
|
|
|
|
while [ "$_u_i" -le "$_str_len" ]; do |
|
|
|
|
|
_str_c="$(printf "%s" "$_str" | cut -c "$_u_i")" |
|
|
|
|
|
case $_str_c in [a-zA-Z0-9.~_-]) |
|
|
|
|
|
printf "%s" "$_str_c" |
|
|
|
|
|
;; |
|
|
|
|
|
*) |
|
|
|
|
|
printf "%%%02X" "'$_str_c" |
|
|
|
|
|
;; |
|
|
|
|
|
esac |
|
|
|
|
|
_u_i="$(_math "$_u_i" + 1)" |
|
|
|
|
|
done |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
_ali_nonce() { |
|
|
|
|
|
#_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31 |
|
|
|
|
|
#Not so good... |
|
|
|
|
|
date +"%s%N" | sed 's/%N//g' |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
_timestamp() { |
|
|
|
|
|
date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ" |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# stdin stdout |
|
|
|
|
|
_url_encode_upper() { |
|
|
|
|
|
encoded=$(_url_encode) |
|
|
|
|
|
|
|
|
|
|
|
for match in $(echo "$encoded" | _egrep_o '%..' | sort -u); do |
|
|
|
|
|
upper=$(echo "$match" | _upper_case) |
|
|
|
|
|
encoded=$(echo "$encoded" | sed "s/$match/$upper/g") |
|
|
|
|
|
done |
|
|
|
|
|
|
|
|
|
|
|
echo "$encoded" |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# shellcheck disable=SC2154 |
|
|
# domain pub pri |
|
|
# domain pub pri |
|
|
_set_cdn_domain_ssl_certificate_query() { |
|
|
_set_cdn_domain_ssl_certificate_query() { |
|
|
query='' |
|
|
query='' |
|
|