[mirror_acme.sh.git] / dnsapi / dns_ali.sh

#!/usr/bin/env sh

Ali_API="https://alidns.aliyuncs.com/"

#Ali_Key="LTqIA87hOKdjevsf5"
#Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2"

#Usage: dns_ali_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_ali_add() {
  fulldomain=$1
  txtvalue=$2

  Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
  Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
  if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then
    Ali_Key=""
    Ali_Secret=""
    _err "You don't specify aliyun api key and secret yet."
    return 1
  fi

  #save the api key and secret to the account conf file.
  _saveaccountconf_mutable Ali_Key "$Ali_Key"
  _saveaccountconf_mutable Ali_Secret "$Ali_Secret"

  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    return 1
  fi

  _debug "Add record"
  _add_record_query "$_domain" "$_sub_domain" "$txtvalue" && _ali_rest "Add record"
}

dns_ali_rm() {
  fulldomain=$1
  txtvalue=$2
  Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
  Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"

  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    return 1
  fi

  _clean
}

####################  Private functions below ##################################

_get_root() {
  domain=$1
  i=2
  p=1
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi

    _describe_records_query "$h"
    if ! _ali_rest "Get root" "ignore"; then
      return 1
    fi

    if _contains "$response" "PageNumber"; then
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
      _debug _sub_domain "$_sub_domain"
      _domain="$h"
      _debug _domain "$_domain"
      return 0
    fi
    p="$i"
    i=$(_math "$i" + 1)
  done
  return 1
}

_ali_rest() {
  signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64)
  signature=$(_ali_urlencode "$signature")
  url="$Ali_API?$query&Signature=$signature"

  if ! response="$(_get "$url")"; then
    _err "Error <$1>"
    return 1
  fi

  _debug2 response "$response"
  if [ -z "$2" ]; then
    message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")"
    if [ "$message" ]; then
      _err "$message"
      return 1
    fi
  fi
}

_ali_urlencode() {
  _str="$1"
  _str_len=${#_str}
  _u_i=1
  while [ "$_u_i" -le "$_str_len" ]; do
    _str_c="$(printf "%s" "$_str" | cut -c "$_u_i")"
    case $_str_c in [a-zA-Z0-9.~_-])
      printf "%s" "$_str_c"
      ;;
    *)
      printf "%%%02X" "'$_str_c"
      ;;
    esac
    _u_i="$(_math "$_u_i" + 1)"
  done
}

_ali_nonce() {
  #_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31
  #Not so good...
  date +"%s%N"
}

_check_exist_query() {
  _qdomain="$1"
  _qsubdomain="$2"
  query=''
  query=$query'AccessKeyId='$Ali_Key
  query=$query'&Action=DescribeDomainRecords'
  query=$query'&DomainName='$_qdomain
  query=$query'&Format=json'
  query=$query'&RRKeyWord='$_qsubdomain
  query=$query'&SignatureMethod=HMAC-SHA1'
  query=$query"&SignatureNonce=$(_ali_nonce)"
  query=$query'&SignatureVersion=1.0'
  query=$query'&Timestamp='$(_timestamp)
  query=$query'&TypeKeyWord=TXT'
  query=$query'&Version=2015-01-09'
}

_add_record_query() {
  query=''
  query=$query'AccessKeyId='$Ali_Key
  query=$query'&Action=AddDomainRecord'
  query=$query'&DomainName='$1
  query=$query'&Format=json'
  query=$query'&RR='$2
  query=$query'&SignatureMethod=HMAC-SHA1'
  query=$query"&SignatureNonce=$(_ali_nonce)"
  query=$query'&SignatureVersion=1.0'
  query=$query'&Timestamp='$(_timestamp)
  query=$query'&Type=TXT'
  query=$query'&Value='$3
  query=$query'&Version=2015-01-09'
}

_delete_record_query() {
  query=''
  query=$query'AccessKeyId='$Ali_Key
  query=$query'&Action=DeleteDomainRecord'
  query=$query'&Format=json'
  query=$query'&RecordId='$1
  query=$query'&SignatureMethod=HMAC-SHA1'
  query=$query"&SignatureNonce=$(_ali_nonce)"
  query=$query'&SignatureVersion=1.0'
  query=$query'&Timestamp='$(_timestamp)
  query=$query'&Version=2015-01-09'
}

_describe_records_query() {
  query=''
  query=$query'AccessKeyId='$Ali_Key
  query=$query'&Action=DescribeDomainRecords'
  query=$query'&DomainName='$1
  query=$query'&Format=json'
  query=$query'&SignatureMethod=HMAC-SHA1'
  query=$query"&SignatureNonce=$(_ali_nonce)"
  query=$query'&SignatureVersion=1.0'
  query=$query'&Timestamp='$(_timestamp)
  query=$query'&Version=2015-01-09'
}

_clean() {
  _check_exist_query "$_domain" "$_sub_domain"
  # do not correct grammar here
  if ! _ali_rest "Check exist records" "ignore"; then
    return 1
  fi

  record_id="$(echo "$response" | tr '{' "\n" | grep "$_sub_domain" | grep -- "$txtvalue" | tr "," "\n" | grep RecordId | cut -d '"' -f 4)"
  _debug2 record_id "$record_id"

  if [ -z "$record_id" ]; then
    _debug "record not found, skip"
  else
    _delete_record_query "$record_id"
    _ali_rest "Delete record $record_id" "ignore"
  fi

}

_timestamp() {
  date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ"
}
Commit	Line	Data
be39ab32	1	#!/usr/bin/env sh
	2
	3	Ali_API="https://alidns.aliyuncs.com/"
	4
	5	#Ali_Key="LTqIA87hOKdjevsf5"
	6	#Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2"
	7
	8	#Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
	9	dns_ali_add() {
	10	fulldomain=$1
	11	txtvalue=$2
	12
0096ef4d	13	Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
0096ef4d	14	Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
be39ab32	15	if [ -z "$Ali_Key" ] \|\| [ -z "$Ali_Secret" ]; then
	16	Ali_Key=""
	17	Ali_Secret=""
	18	_err "You don't specify aliyun api key and secret yet."
	19	return 1
	20	fi
	21
	22	#save the api key and secret to the account conf file.
0096ef4d	23	_saveaccountconf_mutable Ali_Key "$Ali_Key"
0096ef4d	24	_saveaccountconf_mutable Ali_Secret "$Ali_Secret"
be39ab32	25
	26	_debug "First detect the root zone"
	27	if ! _get_root "$fulldomain"; then
	28	return 1
	29	fi
	30
dbd94d04	31	_debug "Add record"
be39ab32	32	_add_record_query "$_domain" "$_sub_domain" "$txtvalue" && _ali_rest "Add record"
	33	}
	34
	35	dns_ali_rm() {
	36	fulldomain=$1
0096ef4d	37	txtvalue=$2
	38	Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
	39	Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
	40
	41	_debug "First detect the root zone"
	42	if ! _get_root "$fulldomain"; then
	43	return 1
	44	fi
	45
be39ab32	46	_clean
	47	}
	48
329174b6	49	#################### Private functions below ##################################
be39ab32	50
	51	_get_root() {
	52	domain=$1
	53	i=2
	54	p=1
	55	while true; do
	56	h=$(printf "%s" "$domain" \| cut -d . -f $i-100)
	57	if [ -z "$h" ]; then
	58	#not valid
	59	return 1
	60	fi
	61
	62	_describe_records_query "$h"
	63	if ! _ali_rest "Get root" "ignore"; then
	64	return 1
	65	fi
	66
	67	if _contains "$response" "PageNumber"; then
	68	_sub_domain=$(printf "%s" "$domain" \| cut -d . -f 1-$p)
	69	_debug _sub_domain "$_sub_domain"
	70	_domain="$h"
	71	_debug _domain "$_domain"
	72	return 0
	73	fi
	74	p="$i"
	75	i=$(_math "$i" + 1)
	76	done
	77	return 1
	78	}
	79
	80	_ali_rest() {
1c22c2f7	81	signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" \| _hmac "sha1" "$(printf "%s" "$Ali_Secret&" \| _hex_dump \| tr -d " ")" \| _base64)
be39ab32	82	signature=$(_ali_urlencode "$signature")
	83	url="$Ali_API?$query&Signature=$signature"
	84
	85	if ! response="$(_get "$url")"; then
	86	_err "Error <$1>"
	87	return 1
	88	fi
	89
0096ef4d	90	_debug2 response "$response"
be39ab32	91	if [ -z "$2" ]; then
0096ef4d	92	message="$(echo "$response" \| _egrep_o "\"Message\":\"[^\"]*\"" \| cut -d : -f 2 \| tr -d \")"
0096ef4d	93	if [ "$message" ]; then
be39ab32	94	_err "$message"
	95	return 1
	96	fi
	97	fi
be39ab32	98	}
	99
	100	_ali_urlencode() {
	101	_str="$1"
	102	_str_len=${#_str}
	103	_u_i=1
	104	while [ "$_u_i" -le "$_str_len" ]; do
	105	_str_c="$(printf "%s" "$_str" \| cut -c "$_u_i")"
	106	case $_str_c in [a-zA-Z0-9.~_-])
	107	printf "%s" "$_str_c"
	108	;;
	109	*)
	110	printf "%%%02X" "'$_str_c"
	111	;;
	112	esac
	113	_u_i="$(_math "$_u_i" + 1)"
	114	done
	115	}
	116
	117	_ali_nonce() {
	118	#_head_n 1 </dev/urandom \| _digest "sha256" hex \| cut -c 1-31
	119	#Not so good...
	120	date +"%s%N"
	121	}
	122
	123	_check_exist_query() {
0096ef4d	124	_qdomain="$1"
0096ef4d	125	_qsubdomain="$2"
be39ab32	126	query=''
	127	query=$query'AccessKeyId='$Ali_Key
	128	query=$query'&Action=DescribeDomainRecords'
0096ef4d	129	query=$query'&DomainName='$_qdomain
be39ab32	130	query=$query'&Format=json'
0096ef4d	131	query=$query'&RRKeyWord='$_qsubdomain
be39ab32	132	query=$query'&SignatureMethod=HMAC-SHA1'
	133	query=$query"&SignatureNonce=$(_ali_nonce)"
	134	query=$query'&SignatureVersion=1.0'
	135	query=$query'&Timestamp='$(_timestamp)
	136	query=$query'&TypeKeyWord=TXT'
	137	query=$query'&Version=2015-01-09'
	138	}
	139
	140	_add_record_query() {
	141	query=''
	142	query=$query'AccessKeyId='$Ali_Key
	143	query=$query'&Action=AddDomainRecord'
	144	query=$query'&DomainName='$1
	145	query=$query'&Format=json'
	146	query=$query'&RR='$2
	147	query=$query'&SignatureMethod=HMAC-SHA1'
	148	query=$query"&SignatureNonce=$(_ali_nonce)"
	149	query=$query'&SignatureVersion=1.0'
	150	query=$query'&Timestamp='$(_timestamp)
	151	query=$query'&Type=TXT'
	152	query=$query'&Value='$3
	153	query=$query'&Version=2015-01-09'
	154	}
	155
	156	_delete_record_query() {
	157	query=''
	158	query=$query'AccessKeyId='$Ali_Key
	159	query=$query'&Action=DeleteDomainRecord'
	160	query=$query'&Format=json'
	161	query=$query'&RecordId='$1
	162	query=$query'&SignatureMethod=HMAC-SHA1'
	163	query=$query"&SignatureNonce=$(_ali_nonce)"
	164	query=$query'&SignatureVersion=1.0'
	165	query=$query'&Timestamp='$(_timestamp)
	166	query=$query'&Version=2015-01-09'
	167	}
	168
	169	_describe_records_query() {
	170	query=''
	171	query=$query'AccessKeyId='$Ali_Key
	172	query=$query'&Action=DescribeDomainRecords'
	173	query=$query'&DomainName='$1
	174	query=$query'&Format=json'
	175	query=$query'&SignatureMethod=HMAC-SHA1'
	176	query=$query"&SignatureNonce=$(_ali_nonce)"
	177	query=$query'&SignatureVersion=1.0'
	178	query=$query'&Timestamp='$(_timestamp)
	179	query=$query'&Version=2015-01-09'
	180	}
	181
	182	_clean() {
0096ef4d	183	_check_exist_query "$_domain" "$_sub_domain"
eca57bee	184	# do not correct grammar here
be39ab32	185	if ! _ali_rest "Check exist records" "ignore"; then
	186	return 1
	187	fi
	188
950d024a	189	record_id="$(echo "$response" \| tr '{' "\n" \| grep "$_sub_domain" \| grep -- "$txtvalue" \| tr "," "\n" \| grep RecordId \| cut -d '"' -f 4)"
0096ef4d	190	_debug2 record_id "$record_id"
	191
	192	if [ -z "$record_id" ]; then
	193	_debug "record not found, skip"
	194	else
	195	_delete_record_query "$record_id"
	196	_ali_rest "Delete record $record_id" "ignore"
	197	fi
	198
be39ab32	199	}
	200
	201	_timestamp() {
	202	date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ"
	203	}