[mirror_acme.sh.git] / dnsapi / dns_oci.sh

#!/usr/bin/env sh
#
# Acme.sh DNS API plugin for Oracle Cloud Infrastructure
# Copyright (c) 2021, Oracle and/or its affiliates
#
# The plugin will automatically use the default profile from an OCI SDK and CLI
# configuration file, if it exists.
#
# Alternatively, set the following environment variables:
# - OCI_CLI_TENANCY : OCID of tenancy that contains the target DNS zone
# - OCI_CLI_USER    : OCID of user with permission to add/remove records from zones
# - OCI_CLI_REGION  : Should point to the tenancy home region
#
# One of the following two variables is required:
# - OCI_CLI_KEY_FILE: Path to private API signing key file in PEM format; or
# - OCI_CLI_KEY     : The private API signing key in PEM format
#
# NOTE: using an encrypted private key that needs a passphrase is not supported.
#

dns_oci_add() {
  _fqdn="$1"
  _rdata="$2"

  if _get_oci_zone; then

    _add_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"ttl\": 30,\"operation\":\"ADD\"}]}"
    response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_add_record_body")
    if [ "$response" ]; then
      _info "Success: added TXT record for ${_sub_domain}.${_domain}."
    else
      _err "Error: failed to add TXT record for ${_sub_domain}.${_domain}."
      _err "Check that the user has permission to add records to this zone."
      return 1
    fi

  else
    return 1
  fi

}

dns_oci_rm() {
  _fqdn="$1"
  _rdata="$2"

  if _get_oci_zone; then

    _remove_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"operation\":\"REMOVE\"}]}"
    response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_remove_record_body")
    if [ "$response" ]; then
      _info "Success: removed TXT record for ${_sub_domain}.${_domain}."
    else
      _err "Error: failed to remove TXT record for ${_sub_domain}.${_domain}."
      _err "Check that the user has permission to remove records from this zone."
      return 1
    fi

  else
    return 1
  fi

}

####################  Private functions below ##################################
_get_oci_zone() {

  if ! _oci_config; then
    return 1
  fi

  if ! _get_zone "$_fqdn"; then
    _err "Error: DNS Zone not found for $_fqdn in $OCI_CLI_TENANCY"
    return 1
  fi

  return 0

}

_oci_config() {

  _DEFAULT_OCI_CLI_CONFIG_FILE="$HOME/.oci/config"
  OCI_CLI_CONFIG_FILE="${OCI_CLI_CONFIG_FILE:-$(_readaccountconf_mutable OCI_CLI_CONFIG_FILE)}"

  if [ -z "$OCI_CLI_CONFIG_FILE" ]; then
    OCI_CLI_CONFIG_FILE="$_DEFAULT_OCI_CLI_CONFIG_FILE"
  fi

  if [ "$_DEFAULT_OCI_CLI_CONFIG_FILE" != "$OCI_CLI_CONFIG_FILE" ]; then
    _saveaccountconf_mutable OCI_CLI_CONFIG_FILE "$OCI_CLI_CONFIG_FILE"
  else
    _clearaccountconf_mutable OCI_CLI_CONFIG_FILE
  fi

  _DEFAULT_OCI_CLI_PROFILE="DEFAULT"
  OCI_CLI_PROFILE="${OCI_CLI_PROFILE:-$(_readaccountconf_mutable OCI_CLI_PROFILE)}"
  if [ "$_DEFAULT_OCI_CLI_PROFILE" != "$OCI_CLI_PROFILE" ]; then
    _saveaccountconf_mutable OCI_CLI_PROFILE "$OCI_CLI_PROFILE"
  else
    OCI_CLI_PROFILE="$_DEFAULT_OCI_CLI_PROFILE"
    _clearaccountconf_mutable OCI_CLI_PROFILE
  fi

  OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}"
  if [ "$OCI_CLI_TENANCY" ]; then
    _saveaccountconf_mutable OCI_CLI_TENANCY "$OCI_CLI_TENANCY"
  elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
    _debug "Reading OCI_CLI_TENANCY value from: $OCI_CLI_CONFIG_FILE"
    OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readini "$OCI_CLI_CONFIG_FILE" tenancy "$OCI_CLI_PROFILE")}"
  fi

  if [ -z "$OCI_CLI_TENANCY" ]; then
    _err "Error: unable to read OCI_CLI_TENANCY from config file or environment variable."
    return 1
  fi

  OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}"
  if [ "$OCI_CLI_USER" ]; then
    _saveaccountconf_mutable OCI_CLI_USER "$OCI_CLI_USER"
  elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
    _debug "Reading OCI_CLI_USER value from: $OCI_CLI_CONFIG_FILE"
    OCI_CLI_USER="${OCI_CLI_USER:-$(_readini "$OCI_CLI_CONFIG_FILE" user "$OCI_CLI_PROFILE")}"
  fi
  if [ -z "$OCI_CLI_USER" ]; then
    _err "Error: unable to read OCI_CLI_USER from config file or environment variable."
    return 1
  fi

  OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}"
  if [ "$OCI_CLI_REGION" ]; then
    _saveaccountconf_mutable OCI_CLI_REGION "$OCI_CLI_REGION"
  elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
    _debug "Reading OCI_CLI_REGION value from: $OCI_CLI_CONFIG_FILE"
    OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readini "$OCI_CLI_CONFIG_FILE" region "$OCI_CLI_PROFILE")}"
  fi
  if [ -z "$OCI_CLI_REGION" ]; then
    _err "Error: unable to read OCI_CLI_REGION from config file or environment variable."
    return 1
  fi

  OCI_CLI_KEY="${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}"
  if [ -z "$OCI_CLI_KEY" ]; then
    _clearaccountconf_mutable OCI_CLI_KEY
    OCI_CLI_KEY_FILE="${OCI_CLI_KEY_FILE:-$(_readini "$OCI_CLI_CONFIG_FILE" key_file "$OCI_CLI_PROFILE")}"
    if [ "$OCI_CLI_KEY_FILE" ] && [ -f "$OCI_CLI_KEY_FILE" ]; then
      _debug "Reading OCI_CLI_KEY value from: $OCI_CLI_KEY_FILE"
      OCI_CLI_KEY=$(_base64 <"$OCI_CLI_KEY_FILE")
      _saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY"
    fi
  else
    _saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY"
  fi

  if [ -z "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then
    _err "Error: unable to find key file path in OCI config file or OCI_CLI_KEY_FILE."
    _err "Error: unable to load private API signing key from OCI_CLI_KEY."
    return 1
  fi

  if [ "$(printf "%s\n" "$OCI_CLI_KEY" | wc -l)" -eq 1 ]; then
    OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64)
  fi

  return 0

}

# _get_zone(): retrieves the Zone name and OCID
#
# _sub_domain=_acme-challenge.www
# _domain=domain.com
# _domain_ociid=ocid1.dns-zone.oc1..
_get_zone() {
  domain=$1
  i=1
  p=1

  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      # not valid
      return 1
    fi

    _domain_id=$(_signed_request "GET" "/20180115/zones/$h" "" "id")
    if [ "$_domain_id" ]; then
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
      _domain=$h

      _debug _domain_id "$_domain_id"
      _debug _sub_domain "$_sub_domain"
      _debug _domain "$_domain"
      return 0
    fi

    p=$i
    i=$(_math "$i" + 1)
  done
  return 1

}

#Usage: privatekey
#Output MD5 fingerprint
_fingerprint() {

  pkey="$1"
  if [ -z "$pkey" ]; then
    _usage "Usage: _fingerprint privkey"
    return 1
  fi

  printf "%s" "$pkey" | ${ACME_OPENSSL_BIN:-openssl} rsa -pubout -outform DER 2>/dev/null | ${ACME_OPENSSL_BIN:-openssl} md5 -c | cut -d = -f 2 | tr -d ' '

}

_signed_request() {

  _sig_method="$1"
  _sig_target="$2"
  _sig_body="$3"
  _return_field="$4"

  _key_fingerprint=$(_fingerprint "$OCI_CLI_KEY")
  _sig_host="dns.$OCI_CLI_REGION.oraclecloud.com"
  _sig_keyId="$OCI_CLI_TENANCY/$OCI_CLI_USER/$_key_fingerprint"
  _sig_alg="rsa-sha256"
  _sig_version="1"
  _sig_now="$(LC_ALL=C \date -u "+%a, %d %h %Y %H:%M:%S GMT")"

  _request_method=$(printf %s "$_sig_method" | _lower_case)
  _curl_method=$(printf %s "$_sig_method" | _upper_case)

  _request_target="(request-target): $_request_method $_sig_target"
  _date_header="date: $_sig_now"
  _host_header="host: $_sig_host"

  _string_to_sign="$_request_target\n$_date_header\n$_host_header"
  _sig_headers="(request-target) date host"

  if [ "$_sig_body" ]; then
    _secure_debug3 _sig_body "$_sig_body"
    _sig_body_sha256="x-content-sha256: $(printf %s "$_sig_body" | _digest sha256)"
    _sig_body_type="content-type: application/json"
    _sig_body_length="content-length: ${#_sig_body}"
    _string_to_sign="$_string_to_sign\n$_sig_body_sha256\n$_sig_body_type\n$_sig_body_length"
    _sig_headers="$_sig_headers x-content-sha256 content-type content-length"
  fi

  _tmp_file=$(_mktemp)
  if [ -f "$_tmp_file" ]; then
    printf '%s' "$OCI_CLI_KEY" >"$_tmp_file"
    _signature=$(printf '%b' "$_string_to_sign" | _sign "$_tmp_file" sha256 | tr -d '\r\n')
    rm -f "$_tmp_file"
  fi

  _signed_header="Authorization: Signature version=\"$_sig_version\",keyId=\"$_sig_keyId\",algorithm=\"$_sig_alg\",headers=\"$_sig_headers\",signature=\"$_signature\""
  _secure_debug3 _signed_header "$_signed_header"

  if [ "$_curl_method" = "GET" ]; then
    export _H1="$_date_header"
    export _H2="$_signed_header"
    _response="$(_get "https://${_sig_host}${_sig_target}")"
  elif [ "$_curl_method" = "PATCH" ]; then
    export _H1="$_date_header"
    # shellcheck disable=SC2090
    export _H2="$_sig_body_sha256"
    export _H3="$_sig_body_type"
    export _H4="$_sig_body_length"
    export _H5="$_signed_header"
    _response="$(_post "$_sig_body" "https://${_sig_host}${_sig_target}" "" "PATCH")"
  else
    _err "Unable to process method: $_curl_method."
  fi

  _ret="$?"
  if [ "$_return_field" ]; then
    _response="$(echo "$_response" | sed 's/\\\"//g'))"
    _return=$(echo "${_response}" | _egrep_o "\"$_return_field\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"")
  else
    _return="$_response"
  fi

  printf "%s" "$_return"
  return $_ret

}

# file  key  [section]
_readini() {
  _file="$1"
  _key="$2"
  _section="${3:-DEFAULT}"

  _start_n=$(grep -n '\['"$_section"']' "$_file" | cut -d : -f 1)
  _debug3 _start_n "$_start_n"
  if [ -z "$_start_n" ]; then
    _err "Can not find section: $_section"
    return 1
  fi

  _start_nn=$(_math "$_start_n" + 1)
  _debug3 "_start_nn" "$_start_nn"

  _left="$(sed -n "${_start_nn},99999p" "$_file")"
  _debug3 _left "$_left"
  _end="$(echo "$_left" | grep -n "^\[" | _head_n 1)"
  _debug3 "_end" "$_end"
  if [ "$_end" ]; then
    _end_n=$(echo "$_end" | cut -d : -f 1)
    _debug3 "_end_n" "$_end_n"
    _seg_n=$(echo "$_left" | sed -n "1,${_end_n}p")
  else
    _seg_n="$_left"
  fi

  _debug3 "_seg_n" "$_seg_n"
  _lineini="$(echo "$_seg_n" | grep "^ *$_key *= *")"
  _inivalue="$(printf "%b" "$(eval "echo $_lineini | sed \"s/^ *${_key} *= *//g\"")")"
  _debug2 _inivalue "$_inivalue"
  echo "$_inivalue"

}
Commit	Line	Data
6f88c816 AM	1	#!/usr/bin/env sh
	2	#
	3	# Acme.sh DNS API plugin for Oracle Cloud Infrastructure
	4	# Copyright (c) 2021, Oracle and/or its affiliates
	5	#
946c8b49 AM	6	# The plugin will automatically use the default profile from an OCI SDK and CLI
	7	# configuration file, if it exists.
	8	#
	9	# Alternatively, set the following environment variables:
017a1018 AM	10	# - OCI_CLI_TENANCY : OCID of tenancy that contains the target DNS zone
	11	# - OCI_CLI_USER : OCID of user with permission to add/remove records from zones
	12	# - OCI_CLI_REGION : Should point to the tenancy home region
6f88c816	13	#
017a1018 AM	14	# One of the following two variables is required:
	15	# - OCI_CLI_KEY_FILE: Path to private API signing key file in PEM format; or
	16	# - OCI_CLI_KEY : The private API signing key in PEM format
	17	#
	18	# NOTE: using an encrypted private key that needs a passphrase is not supported.
6f88c816 AM	19	#
	20
	21	dns_oci_add() {
	22	_fqdn="$1"
	23	_rdata="$2"
	24
946c8b49 AM	25	if _get_oci_zone; then
	26
	27	_add_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"ttl\": 30,\"operation\":\"ADD\"}]}"
	28	response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_add_record_body")
	29	if [ "$response" ]; then
	30	_info "Success: added TXT record for ${_sub_domain}.${_domain}."
ed971df9	31	else
946c8b49 AM	32	_err "Error: failed to add TXT record for ${_sub_domain}.${_domain}."
946c8b49 AM	33	_err "Check that the user has permission to add records to this zone."
ed971df9	34	return 1
6f88c816 AM	35	fi
	36
	37	else
	38	return 1
	39	fi
	40
	41	}
	42
	43	dns_oci_rm() {
	44	_fqdn="$1"
	45	_rdata="$2"
	46
946c8b49 AM	47	if _get_oci_zone; then
	48
	49	_remove_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"operation\":\"REMOVE\"}]}"
	50	response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_remove_record_body")
	51	if [ "$response" ]; then
	52	_info "Success: removed TXT record for ${_sub_domain}.${_domain}."
ed971df9	53	else
946c8b49 AM	54	_err "Error: failed to remove TXT record for ${_sub_domain}.${_domain}."
946c8b49 AM	55	_err "Check that the user has permission to remove records from this zone."
ed971df9	56	return 1
6f88c816 AM	57	fi
	58
	59	else
	60	return 1
	61	fi
	62
	63	}
	64
	65	#################### Private functions below ##################################
946c8b49 AM	66	_get_oci_zone() {
	67
	68	if ! _oci_config; then
	69	return 1
	70	fi
	71
	72	if ! _get_zone "$_fqdn"; then
	73	_err "Error: DNS Zone not found for $_fqdn in $OCI_CLI_TENANCY"
	74	return 1
	75	fi
	76
	77	return 0
	78
	79	}
	80
6f88c816 AM	81	_oci_config() {
6f88c816 AM	82
1d089d45 AM	83	_DEFAULT_OCI_CLI_CONFIG_FILE="$HOME/.oci/config"
	84	OCI_CLI_CONFIG_FILE="${OCI_CLI_CONFIG_FILE:-$(_readaccountconf_mutable OCI_CLI_CONFIG_FILE)}"
	85
	86	if [ -z "$OCI_CLI_CONFIG_FILE" ]; then
	87	OCI_CLI_CONFIG_FILE="$_DEFAULT_OCI_CLI_CONFIG_FILE"
946c8b49	88	fi
6f88c816	89
1d089d45 AM	90	if [ "$_DEFAULT_OCI_CLI_CONFIG_FILE" != "$OCI_CLI_CONFIG_FILE" ]; then
	91	_saveaccountconf_mutable OCI_CLI_CONFIG_FILE "$OCI_CLI_CONFIG_FILE"
	92	else
	93	_clearaccountconf_mutable OCI_CLI_CONFIG_FILE
	94	fi
6f88c816	95
1d089d45 AM	96	_DEFAULT_OCI_CLI_PROFILE="DEFAULT"
	97	OCI_CLI_PROFILE="${OCI_CLI_PROFILE:-$(_readaccountconf_mutable OCI_CLI_PROFILE)}"
	98	if [ "$_DEFAULT_OCI_CLI_PROFILE" != "$OCI_CLI_PROFILE" ]; then
	99	_saveaccountconf_mutable OCI_CLI_PROFILE "$OCI_CLI_PROFILE"
	100	else
	101	OCI_CLI_PROFILE="$_DEFAULT_OCI_CLI_PROFILE"
	102	_clearaccountconf_mutable OCI_CLI_PROFILE
6f88c816 AM	103	fi
6f88c816 AM	104
1d089d45 AM	105	OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}"
	106	if [ "$OCI_CLI_TENANCY" ]; then
	107	_saveaccountconf_mutable OCI_CLI_TENANCY "$OCI_CLI_TENANCY"
	108	elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
	109	_debug "Reading OCI_CLI_TENANCY value from: $OCI_CLI_CONFIG_FILE"
	110	OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readini "$OCI_CLI_CONFIG_FILE" tenancy "$OCI_CLI_PROFILE")}"
6f88c816 AM	111	fi
6f88c816 AM	112
017a1018	113	if [ -z "$OCI_CLI_TENANCY" ]; then
1d089d45 AM	114	_err "Error: unable to read OCI_CLI_TENANCY from config file or environment variable."
1d089d45 AM	115	return 1
6f88c816 AM	116	fi
6f88c816 AM	117
1d089d45 AM	118	OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}"
	119	if [ "$OCI_CLI_USER" ]; then
	120	_saveaccountconf_mutable OCI_CLI_USER "$OCI_CLI_USER"
	121	elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
	122	_debug "Reading OCI_CLI_USER value from: $OCI_CLI_CONFIG_FILE"
	123	OCI_CLI_USER="${OCI_CLI_USER:-$(_readini "$OCI_CLI_CONFIG_FILE" user "$OCI_CLI_PROFILE")}"
	124	fi
017a1018	125	if [ -z "$OCI_CLI_USER" ]; then
1d089d45 AM	126	_err "Error: unable to read OCI_CLI_USER from config file or environment variable."
1d089d45 AM	127	return 1
6f88c816 AM	128	fi
6f88c816 AM	129
1d089d45 AM	130	OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}"
	131	if [ "$OCI_CLI_REGION" ]; then
	132	_saveaccountconf_mutable OCI_CLI_REGION "$OCI_CLI_REGION"
	133	elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
	134	_debug "Reading OCI_CLI_REGION value from: $OCI_CLI_CONFIG_FILE"
	135	OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readini "$OCI_CLI_CONFIG_FILE" region "$OCI_CLI_PROFILE")}"
	136	fi
017a1018	137	if [ -z "$OCI_CLI_REGION" ]; then
1d089d45 AM	138	_err "Error: unable to read OCI_CLI_REGION from config file or environment variable."
1d089d45 AM	139	return 1
6f88c816 AM	140	fi
6f88c816 AM	141
1d089d45 AM	142	OCI_CLI_KEY="${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}"
	143	if [ -z "$OCI_CLI_KEY" ]; then
	144	_clearaccountconf_mutable OCI_CLI_KEY
	145	OCI_CLI_KEY_FILE="${OCI_CLI_KEY_FILE:-$(_readini "$OCI_CLI_CONFIG_FILE" key_file "$OCI_CLI_PROFILE")}"
	146	if [ "$OCI_CLI_KEY_FILE" ] && [ -f "$OCI_CLI_KEY_FILE" ]; then
	147	_debug "Reading OCI_CLI_KEY value from: $OCI_CLI_KEY_FILE"
	148	OCI_CLI_KEY=$(_base64 <"$OCI_CLI_KEY_FILE")
946c8b49	149	_saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY"
946c8b49	150	fi
1d089d45 AM	151	else
	152	_saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY"
	153	fi
	154
	155	if [ -z "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then
	156	_err "Error: unable to find key file path in OCI config file or OCI_CLI_KEY_FILE."
	157	_err "Error: unable to load private API signing key from OCI_CLI_KEY."
	158	return 1
6f88c816 AM	159	fi
6f88c816 AM	160
1d089d45	161	if [ "$(printf "%s\n" "$OCI_CLI_KEY" \| wc -l)" -eq 1 ]; then
32adc38e	162	OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" \| _dbase64)
6f88c816 AM	163	fi
6f88c816 AM	164
1d089d45	165	return 0
6f88c816 AM	166
	167	}
	168
	169	# _get_zone(): retrieves the Zone name and OCID
	170	#
	171	# _sub_domain=_acme-challenge.www
	172	# _domain=domain.com
	173	# _domain_ociid=ocid1.dns-zone.oc1..
	174	_get_zone() {
	175	domain=$1
	176	i=1
	177	p=1
	178
	179	while true; do
	180	h=$(printf "%s" "$domain" \| cut -d . -f $i-100)
	181	_debug h "$h"
	182	if [ -z "$h" ]; then
	183	# not valid
	184	return 1
	185	fi
	186
	187	_domain_id=$(_signed_request "GET" "/20180115/zones/$h" "" "id")
	188	if [ "$_domain_id" ]; then
	189	_sub_domain=$(printf "%s" "$domain" \| cut -d . -f 1-$p)
	190	_domain=$h
	191
	192	_debug _domain_id "$_domain_id"
	193	_debug _sub_domain "$_sub_domain"
	194	_debug _domain "$_domain"
	195	return 0
	196	fi
	197
	198	p=$i
	199	i=$(_math "$i" + 1)
	200	done
	201	return 1
	202
	203	}
	204
017a1018 AM	205	#Usage: privatekey
	206	#Output MD5 fingerprint
	207	_fingerprint() {
1d089d45	208
017a1018 AM	209	pkey="$1"
	210	if [ -z "$pkey" ]; then
	211	_usage "Usage: _fingerprint privkey"
	212	return 1
	213	fi
	214
	215	printf "%s" "$pkey" \| ${ACME_OPENSSL_BIN:-openssl} rsa -pubout -outform DER 2>/dev/null \| ${ACME_OPENSSL_BIN:-openssl} md5 -c \| cut -d = -f 2 \| tr -d ' '
	216
	217	}
	218
6f88c816 AM	219	_signed_request() {
	220
	221	_sig_method="$1"
	222	_sig_target="$2"
	223	_sig_body="$3"
	224	_return_field="$4"
	225
017a1018 AM	226	_key_fingerprint=$(_fingerprint "$OCI_CLI_KEY")
	227	_sig_host="dns.$OCI_CLI_REGION.oraclecloud.com"
	228	_sig_keyId="$OCI_CLI_TENANCY/$OCI_CLI_USER/$_key_fingerprint"
6f88c816 AM	229	_sig_alg="rsa-sha256"
	230	_sig_version="1"
	231	_sig_now="$(LC_ALL=C \date -u "+%a, %d %h %Y %H:%M:%S GMT")"
	232
6f88c816 AM	233	_request_method=$(printf %s "$_sig_method" \| _lower_case)
	234	_curl_method=$(printf %s "$_sig_method" \| _upper_case)
	235
	236	_request_target="(request-target): $_request_method $_sig_target"
	237	_date_header="date: $_sig_now"
	238	_host_header="host: $_sig_host"
	239
	240	_string_to_sign="$_request_target\n$_date_header\n$_host_header"
	241	_sig_headers="(request-target) date host"
	242
	243	if [ "$_sig_body" ]; then
	244	_secure_debug3 _sig_body "$_sig_body"
017a1018	245	_sig_body_sha256="x-content-sha256: $(printf %s "$_sig_body" \| _digest sha256)"
6f88c816 AM	246	_sig_body_type="content-type: application/json"
	247	_sig_body_length="content-length: ${#_sig_body}"
	248	_string_to_sign="$_string_to_sign\n$_sig_body_sha256\n$_sig_body_type\n$_sig_body_length"
	249	_sig_headers="$_sig_headers x-content-sha256 content-type content-length"
	250	fi
	251
	252	_tmp_file=$(_mktemp)
	253	if [ -f "$_tmp_file" ]; then
017a1018 AM	254	printf '%s' "$OCI_CLI_KEY" >"$_tmp_file"
017a1018 AM	255	_signature=$(printf '%b' "$_string_to_sign" \| _sign "$_tmp_file" sha256 \| tr -d '\r\n')
6f88c816 AM	256	rm -f "$_tmp_file"
	257	fi
	258
	259	_signed_header="Authorization: Signature version=\"$_sig_version\",keyId=\"$_sig_keyId\",algorithm=\"$_sig_alg\",headers=\"$_sig_headers\",signature=\"$_signature\""
	260	_secure_debug3 _signed_header "$_signed_header"
	261
	262	if [ "$_curl_method" = "GET" ]; then
	263	export _H1="$_date_header"
	264	export _H2="$_signed_header"
	265	_response="$(_get "https://${_sig_host}${_sig_target}")"
	266	elif [ "$_curl_method" = "PATCH" ]; then
	267	export _H1="$_date_header"
3a1c6d84	268	# shellcheck disable=SC2090
6f88c816 AM	269	export _H2="$_sig_body_sha256"
	270	export _H3="$_sig_body_type"
	271	export _H4="$_sig_body_length"
	272	export _H5="$_signed_header"
	273	_response="$(_post "$_sig_body" "https://${_sig_host}${_sig_target}" "" "PATCH")"
	274	else
	275	_err "Unable to process method: $_curl_method."
	276	fi
	277
	278	_ret="$?"
	279	if [ "$_return_field" ]; then
	280	_response="$(echo "$_response" \| sed 's/\\\"//g'))"
	281	_return=$(echo "${_response}" \| _egrep_o "\"$_return_field\"\\s:\\s\"[^\"]*\"" \| _head_n 1 \| cut -d : -f 2 \| tr -d "\"")
	282	else
	283	_return="$_response"
	284	fi
	285
	286	printf "%s" "$_return"
	287	return $_ret
	288
	289	}
946c8b49 AM	290
946c8b49 AM	291	# file key [section]
76660228	292	_readini() {
1d089d45 AM	293	_file="$1"
1d089d45 AM	294	_key="$2"
76660228	295	_section="${3:-DEFAULT}"
946c8b49	296
76660228	297	_start_n=$(grep -n '\['"$_section"']' "$_file" \| cut -d : -f 1)
1d089d45	298	_debug3 _start_n "$_start_n"
946c8b49	299	if [ -z "$_start_n" ]; then
76660228	300	_err "Can not find section: $_section"
946c8b49 AM	301	return 1
	302	fi
	303
	304	_start_nn=$(_math "$_start_n" + 1)
1d089d45	305	_debug3 "_start_nn" "$_start_nn"
946c8b49	306
76660228	307	_left="$(sed -n "${_start_nn},99999p" "$_file")"
1d089d45	308	_debug3 _left "$_left"
946c8b49	309	_end="$(echo "$_left" \| grep -n "^\[" \| _head_n 1)"
1d089d45	310	_debug3 "_end" "$_end"
946c8b49 AM	311	if [ "$_end" ]; then
946c8b49 AM	312	_end_n=$(echo "$_end" \| cut -d : -f 1)
1d089d45	313	_debug3 "_end_n" "$_end_n"
946c8b49 AM	314	_seg_n=$(echo "$_left" \| sed -n "1,${_end_n}p")
	315	else
	316	_seg_n="$_left"
	317	fi
	318
1d089d45	319	_debug3 "_seg_n" "$_seg_n"
946c8b49	320	_lineini="$(echo "$_seg_n" \| grep "^ $_key = *")"
1d089d45 AM	321	_inivalue="$(printf "%b" "$(eval "echo $_lineini \| sed \"s/^ ${_key} = *//g\"")")"
	322	_debug2 _inivalue "$_inivalue"
	323	echo "$_inivalue"
946c8b49	324
946c8b49	325	}