You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
338 lines
6.7 KiB
338 lines
6.7 KiB
#!/usr/bin/env sh
|
|
|
|
# Script to create certificate to Aliyun CDN
|
|
#
|
|
# This deployment required following variables
|
|
# export ALI_CDN_KEY="LTqIA87hOKdjevsf5"
|
|
# export ALI_CDN_SECRET="0p5EYueFNq501xnCPzKNbx6K51qPH2"
|
|
# export Ali_CDN_DOMAIN="cdn.example.com"
|
|
# If you have more than one domain, just
|
|
# export Ali_CDN_DOMAIN="cdn1.example.com,cdn2.example.com"
|
|
#
|
|
# If ALI_CDN_KEY and ALI_CDN_SECRET are not set,
|
|
# Ali_key and Ali_Secret will be used. (see dns/dns_ali.sh)
|
|
#
|
|
# AliYun Authentication must have "AliyunCDNFullAccess" permission,
|
|
# May also need to "AliyunYundunCertFullAccess" permissions.
|
|
#
|
|
# Thanks:
|
|
# This script references dns/dns_ali.sh and pull request #2772
|
|
|
|
######## Public functions #####################
|
|
Ali_CDN_API="https://cdn.aliyuncs.com/"
|
|
|
|
alicdn_deploy() {
|
|
_cdomain="$1"
|
|
_ckey="$2"
|
|
_ccert="$3"
|
|
_cca="$4"
|
|
_cfullchain="$5"
|
|
|
|
_debug _cdomain "$_cdomain"
|
|
_debug _ckey "$_ckey"
|
|
_debug _ccert "$_ccert"
|
|
_debug _cca "$_cca"
|
|
_debug _cfullchain "$_cfullchain"
|
|
|
|
_info "$(__green "===Starting alicdn deploy===")"
|
|
|
|
_getdeployconf ALI_CDN_KEY
|
|
_getdeployconf ALI_CDN_SECRET
|
|
_getdeployconf Ali_CDN_DOMAIN
|
|
|
|
if [ -z "${ALI_CDN_KEY}" ] || [ -z "${ALI_CDN_SECRET}" ]; then
|
|
_info "Not set variables ALI_CDN_KEY and ALI_CDN_SECRET"
|
|
_info "Will use Ali_Key and Ali_Secret"
|
|
ALI_CDN_KEY="$(_readaccountconf_mutable Ali_Key)"
|
|
ALI_CDN_SECRET="$(_readaccountconf_mutable Ali_Secret)"
|
|
if [ -z "${ALI_CDN_KEY}" ] || [ -z "${ALI_CDN_SECRET}" ]; then
|
|
_err "You don't specify aliyun api key and secret yet."
|
|
return 1
|
|
fi
|
|
else
|
|
#save ALI_CDN_KEY and ALI_CDN_SECRET.
|
|
_savedeployconf ALI_CDN_KEY "$ALI_CDN_KEY"
|
|
_savedeployconf ALI_CDN_SECRET "$ALI_CDN_SECRET"
|
|
fi
|
|
|
|
if [ -z "${Ali_CDN_DOMAIN}" ]; then
|
|
Ali_CDN_DOMAIN=""
|
|
_err "You don't specify Ali_CDN_DOMAIN yet."
|
|
return 1
|
|
fi
|
|
#save Ali_CDN_DOMAIN.
|
|
_savedeployconf Ali_CDN_DOMAIN "$Ali_CDN_DOMAIN"
|
|
|
|
_debug ALI_CDN_KEY "${ALI_CDN_KEY}"
|
|
_debug ALI_CDN_SECRET "$ALI_CDN_SECRET"
|
|
_debug Ali_CDN_DOMAIN "$Ali_CDN_DOMAIN"
|
|
|
|
## upload certificate
|
|
_Ali_SSLPub=$(grep -Ev '^$' "$_cfullchain" | _ali_url_encode)
|
|
_Ali_SSLPri=$(_ali_url_encode <"$_ckey")
|
|
|
|
query=''
|
|
query=$query'AccessKeyId='${ALI_CDN_KEY}
|
|
query=$query'&Action=BatchSetCdnDomainServerCertificate'
|
|
query=$query'&CertName='$(_ali_urlencode "$_cdomain")
|
|
query=$query'&CertType=upload'
|
|
query=$query'&DomainName='$(_ali_urlencode "$Ali_CDN_DOMAIN")
|
|
query=$query'&ForceSet=1'
|
|
query=$query'&Format=json'
|
|
query=$query'&SSLPri='${_Ali_SSLPri}
|
|
query=$query'&SSLProtocol=on'
|
|
query=$query'&SSLPub='${_Ali_SSLPub}
|
|
query=$query'&SignatureMethod=HMAC-SHA1'
|
|
query=$query'&SignatureNonce='$(_ali_nonce)
|
|
query=$query'&SignatureVersion=1.0'
|
|
query=$query'&Timestamp='$(_timestamp)
|
|
query=$query'&Version=2018-05-10'
|
|
_debug2 signature_source "$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")")"
|
|
signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$ALI_CDN_SECRET&" | _hex_dump | tr -d " ")" | _base64)
|
|
signature=$(_ali_urlencode "$signature")
|
|
url="$Ali_CDN_API?$query&Signature=$signature"
|
|
|
|
if ! response="$(_get "$url")"; then
|
|
_err "Error <$1>"
|
|
return 1
|
|
fi
|
|
_debug response "$response"
|
|
message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2- | tr -d \")"
|
|
if [ "$message" ]; then
|
|
_err "$message"
|
|
return 1
|
|
fi
|
|
_info "Domain $_cdomain certificate has been deployed successfully"
|
|
_info "$(__green "===End alicdn deploy===")"
|
|
return 0
|
|
}
|
|
|
|
#################### Private functions below ##################################
|
|
_ali_url_encode() {
|
|
_hex_str=$(_hex_dump)
|
|
_debug3 "_url_encode"
|
|
_debug3 "_hex_str" "$_hex_str"
|
|
for _hex_code in $_hex_str; do
|
|
#upper case
|
|
case "${_hex_code}" in
|
|
"41")
|
|
printf "%s" "A"
|
|
;;
|
|
"42")
|
|
printf "%s" "B"
|
|
;;
|
|
"43")
|
|
printf "%s" "C"
|
|
;;
|
|
"44")
|
|
printf "%s" "D"
|
|
;;
|
|
"45")
|
|
printf "%s" "E"
|
|
;;
|
|
"46")
|
|
printf "%s" "F"
|
|
;;
|
|
"47")
|
|
printf "%s" "G"
|
|
;;
|
|
"48")
|
|
printf "%s" "H"
|
|
;;
|
|
"49")
|
|
printf "%s" "I"
|
|
;;
|
|
"4a")
|
|
printf "%s" "J"
|
|
;;
|
|
"4b")
|
|
printf "%s" "K"
|
|
;;
|
|
"4c")
|
|
printf "%s" "L"
|
|
;;
|
|
"4d")
|
|
printf "%s" "M"
|
|
;;
|
|
"4e")
|
|
printf "%s" "N"
|
|
;;
|
|
"4f")
|
|
printf "%s" "O"
|
|
;;
|
|
"50")
|
|
printf "%s" "P"
|
|
;;
|
|
"51")
|
|
printf "%s" "Q"
|
|
;;
|
|
"52")
|
|
printf "%s" "R"
|
|
;;
|
|
"53")
|
|
printf "%s" "S"
|
|
;;
|
|
"54")
|
|
printf "%s" "T"
|
|
;;
|
|
"55")
|
|
printf "%s" "U"
|
|
;;
|
|
"56")
|
|
printf "%s" "V"
|
|
;;
|
|
"57")
|
|
printf "%s" "W"
|
|
;;
|
|
"58")
|
|
printf "%s" "X"
|
|
;;
|
|
"59")
|
|
printf "%s" "Y"
|
|
;;
|
|
"5a")
|
|
printf "%s" "Z"
|
|
;;
|
|
|
|
#lower case
|
|
"61")
|
|
printf "%s" "a"
|
|
;;
|
|
"62")
|
|
printf "%s" "b"
|
|
;;
|
|
"63")
|
|
printf "%s" "c"
|
|
;;
|
|
"64")
|
|
printf "%s" "d"
|
|
;;
|
|
"65")
|
|
printf "%s" "e"
|
|
;;
|
|
"66")
|
|
printf "%s" "f"
|
|
;;
|
|
"67")
|
|
printf "%s" "g"
|
|
;;
|
|
"68")
|
|
printf "%s" "h"
|
|
;;
|
|
"69")
|
|
printf "%s" "i"
|
|
;;
|
|
"6a")
|
|
printf "%s" "j"
|
|
;;
|
|
"6b")
|
|
printf "%s" "k"
|
|
;;
|
|
"6c")
|
|
printf "%s" "l"
|
|
;;
|
|
"6d")
|
|
printf "%s" "m"
|
|
;;
|
|
"6e")
|
|
printf "%s" "n"
|
|
;;
|
|
"6f")
|
|
printf "%s" "o"
|
|
;;
|
|
"70")
|
|
printf "%s" "p"
|
|
;;
|
|
"71")
|
|
printf "%s" "q"
|
|
;;
|
|
"72")
|
|
printf "%s" "r"
|
|
;;
|
|
"73")
|
|
printf "%s" "s"
|
|
;;
|
|
"74")
|
|
printf "%s" "t"
|
|
;;
|
|
"75")
|
|
printf "%s" "u"
|
|
;;
|
|
"76")
|
|
printf "%s" "v"
|
|
;;
|
|
"77")
|
|
printf "%s" "w"
|
|
;;
|
|
"78")
|
|
printf "%s" "x"
|
|
;;
|
|
"79")
|
|
printf "%s" "y"
|
|
;;
|
|
"7a")
|
|
printf "%s" "z"
|
|
;;
|
|
#numbers
|
|
"30")
|
|
printf "%s" "0"
|
|
;;
|
|
"31")
|
|
printf "%s" "1"
|
|
;;
|
|
"32")
|
|
printf "%s" "2"
|
|
;;
|
|
"33")
|
|
printf "%s" "3"
|
|
;;
|
|
"34")
|
|
printf "%s" "4"
|
|
;;
|
|
"35")
|
|
printf "%s" "5"
|
|
;;
|
|
"36")
|
|
printf "%s" "6"
|
|
;;
|
|
"37")
|
|
printf "%s" "7"
|
|
;;
|
|
"38")
|
|
printf "%s" "8"
|
|
;;
|
|
"39")
|
|
printf "%s" "9"
|
|
;;
|
|
"2d")
|
|
printf "%s" "-"
|
|
;;
|
|
"5f")
|
|
printf "%s" "_"
|
|
;;
|
|
"2e")
|
|
printf "%s" "."
|
|
;;
|
|
"7e")
|
|
printf "%s" "~"
|
|
;;
|
|
#other hex
|
|
*)
|
|
printf '%%%s' "$_hex_code" | tr '[:lower:]' '[:upper:]'
|
|
;;
|
|
esac
|
|
done
|
|
}
|
|
|
|
_ali_urlencode() {
|
|
_str=$(printf "%s" "$1" | _ali_url_encode)
|
|
printf "%s" "$_str"
|
|
}
|
|
|
|
_ali_nonce() {
|
|
date +"%s%N"
|
|
}
|
|
|
|
_timestamp() {
|
|
date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ"
|
|
}
|