[mirror_acme.sh.git] / dnsapi / dns_ovh.sh

#!/usr/bin/env sh

#Application Key
#OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje"
#
#Application Secret
#OVH_AS="sdfsafsdfsdfdsfsdfsa"
#
#Consumer Key
#OVH_CK="sdfsdfsdfsdfsdfdsf"

#OVH_END_POINT=ovh-eu

#'ovh-eu'
OVH_EU='https://eu.api.ovh.com/1.0'

#'ovh-ca':
OVH_CA='https://ca.api.ovh.com/1.0'

#'kimsufi-eu'
KSF_EU='https://eu.api.kimsufi.com/1.0'

#'kimsufi-ca'
KSF_CA='https://ca.api.kimsufi.com/1.0'

#'soyoustart-eu'
SYS_EU='https://eu.api.soyoustart.com/1.0'

#'soyoustart-ca'
SYS_CA='https://ca.api.soyoustart.com/1.0'

#'runabove-ca'
RAV_CA='https://api.runabove.com/1.0'

wiki="https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api"

ovh_success="https://github.com/Neilpang/acme.sh/wiki/OVH-Success"

_ovh_get_api() {
  _ogaep="$1"

  case "${_ogaep}" in

    ovh-eu | ovheu)
      printf "%s" $OVH_EU
      return
      ;;
    ovh-ca | ovhca)
      printf "%s" $OVH_CA
      return
      ;;
    kimsufi-eu | kimsufieu)
      printf "%s" $KSF_EU
      return
      ;;
    kimsufi-ca | kimsufica)
      printf "%s" $KSF_CA
      return
      ;;
    soyoustart-eu | soyoustarteu)
      printf "%s" $SYS_EU
      return
      ;;
    soyoustart-ca | soyoustartca)
      printf "%s" $SYS_CA
      return
      ;;
    runabove-ca | runaboveca)
      printf "%s" $RAV_CA
      return
      ;;

    *)

      _err "Unknown parameter : $1"
      return 1
      ;;
  esac
}


_initAuth() {
  if [ -z "$OVH_AK" ] || [ -z "$OVH_AS" ]; then
    OVH_AK=""
    OVH_AS=""
    _err "You don't specify OVH application key and application secret yet."
    _err "Please create you key and try again."
    return 1
  fi

  #save the api key and email to the account conf file.
  _saveaccountconf OVH_AK "$OVH_AK"
  _saveaccountconf OVH_AS "$OVH_AS"

  if [ -z "$OVH_END_POINT" ]; then
    OVH_END_POINT="ovh-eu"
  fi
  _info "Using OVH endpoint: $OVH_END_POINT"
  if [ "$OVH_END_POINT" != "ovh-eu" ]; then
    _saveaccountconf OVH_END_POINT "$OVH_END_POINT"
  fi

  OVH_API="$(_ovh_get_api $OVH_END_POINT)"
  _debug OVH_API "$OVH_API"

  if [ -z "$OVH_CK" ]; then
    _info "OVH consumer key is empty, Let's get one:"
    if ! _ovh_authentication; then
      _err "Can not get consumer key."
    fi
    #return and wait for retry.
    return 1
  fi

  _info "Checking authentication"

  if ! _ovh_rest GET "domain" || _contains "$response" "INVALID_CREDENTIAL"; then
    _err "The consumer key is invalid: $OVH_CK"
    _err "Please retry to create a new one."
    _clearaccountconf OVH_CK
    return 1
  fi
  _info "Consumer key is ok."
  return 0
}

########  Public functions #####################

#Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_ovh_add() {
  fulldomain=$1
  txtvalue=$2

  if ! _initAuth; then
    return 1
  fi

  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi

  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"

  _info "Adding record"
  if _ovh_rest POST "domain/zone/$_domain/record" "{\"fieldType\":\"TXT\",\"subDomain\":\"$_sub_domain\",\"target\":\"$txtvalue\",\"ttl\":60}"; then
    if _contains "$response" "$txtvalue"; then
      _ovh_rest POST "domain/zone/$_domain/refresh"
      _debug "Refresh:$response"
      _info "Added, sleep 10 seconds."
      _sleep 10
      return 0
    fi
  fi
  _err "Add txt record error."
  return 1

}

#fulldomain
dns_ovh_rm() {
  fulldomain=$1
  txtvalue=$2

  if ! _initAuth; then
    return 1
  fi

  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi

  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  _debug "Getting txt records"
  if ! _ovh_rest GET "domain/zone/$_domain/record?fieldType=TXT&subDomain=$_sub_domain"; then
    return 1
  fi

  for rid in $(echo "$response" | tr '[,]' '   '); do
    _debug rid "$rid"
    if ! _ovh_rest GET "domain/zone/$_domain/record/$rid"; then
      return 1
    fi
    if _contains "$response" "\"target\":\"$txtvalue\""; then
      _debug "Found txt id:$rid"
      if ! _ovh_rest DELETE "domain/zone/$_domain/record/$rid"; then
        return 1
      fi
      return 0
    fi
  done

  return 1
}

####################  Private functions below ##################################

_ovh_authentication() {

  _H1="X-Ovh-Application: $OVH_AK"
  _H2="Content-type: application/json"
  _H3=""
  _H4=""

  _ovhdata='{"accessRules": [{"method": "GET","path": "/auth/time"},{"method": "GET","path": "/domain"},{"method": "GET","path": "/domain/zone/*"},{"method": "GET","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/refresh"},{"method": "PUT","path": "/domain/zone/*/record/*"},{"method": "DELETE","path": "/domain/zone/*/record/*"}],"redirection":"'$ovh_success'"}'

  response="$(_post "$_ovhdata" "$OVH_API/auth/credential")"
  _debug3 response "$response"
  validationUrl="$(echo "$response" | _egrep_o "validationUrl\":\"[^\"]*\"" | _egrep_o "http.*\"" | tr -d '"')"
  if [ -z "$validationUrl" ]; then
    _err "Unable to get validationUrl"
    return 1
  fi
  _debug validationUrl "$validationUrl"

  consumerKey="$(echo "$response" | _egrep_o "consumerKey\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')"
  if [ -z "$consumerKey" ]; then
    _err "Unable to get consumerKey"
    return 1
  fi
  _secure_debug consumerKey "$consumerKey"

  OVH_CK="$consumerKey"
  _saveaccountconf OVH_CK "$OVH_CK"

  _info "Please open this link to do authentication: $(__green "$validationUrl")"

  _info "Here is a guide for you: $(__green "$wiki")"
  _info "Please retry after the authentication is done."

}

#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
_get_root() {
  domain=$1
  i=2
  p=1
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi

    if ! _ovh_rest GET "domain/zone/$h"; then
      return 1
    fi

    if ! _contains "$response" "This service does not exist" >/dev/null && ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
      _domain="$h"
      return 0
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
}

_ovh_timestamp() {
  _H1=""
  _H2=""
  _H3=""
  _H4=""
  _H5=""
  _get "$OVH_API/auth/time" "" 30
}

_ovh_rest() {
  m=$1
  ep="$2"
  data="$3"
  _debug "$ep"

  _ovh_url="$OVH_API/$ep"
  _debug2 _ovh_url "$_ovh_url"
  _ovh_t="$(_ovh_timestamp)"
  _debug2 _ovh_t "$_ovh_t"
  _ovh_p="$OVH_AS+$OVH_CK+$m+$_ovh_url+$data+$_ovh_t"
  _secure_debug _ovh_p "$_ovh_p"
  _ovh_hex="$(printf "%s" "$_ovh_p" | _digest sha1 hex)"
  _debug2 _ovh_hex "$_ovh_hex"

  export _H1="X-Ovh-Application: $OVH_AK"
  export _H2="X-Ovh-Signature: \$1\$$_ovh_hex"
  _debug2 _H2 "$_H2"
  export _H3="X-Ovh-Timestamp: $_ovh_t"
  export _H4="X-Ovh-Consumer: $OVH_CK"
  export _H5="Content-Type: application/json;charset=utf-8"
  if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] || [ "$m" = "DELETE" ]; then
    _debug data "$data"
    response="$(_post "$data" "$_ovh_url" "" "$m")"
  else
    response="$(_get "$_ovh_url")"
  fi

  if [ "$?" != "0" ] || _contains "$response" "INVALID_CREDENTIAL"; then
    _err "error $response"
    return 1
  fi
  _debug2 response "$response"
  return 0
}
Commit	Line	Data
690a5e20	1	#!/usr/bin/env sh
690a5e20	2
8afd3190	3	#Application Key
690a5e20	4	#OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje"
	5	#
	6	#Application Secret
	7	#OVH_AS="sdfsafsdfsdfdsfsdfsa"
	8	#
	9	#Consumer Key
	10	#OVH_CK="sdfsdfsdfsdfsdfdsf"
	11
690a5e20	12	#OVH_END_POINT=ovh-eu
690a5e20	13
690a5e20	14	#'ovh-eu'
	15	OVH_EU='https://eu.api.ovh.com/1.0'
	16
3c07f57a	17	#'ovh-ca':
690a5e20	18	OVH_CA='https://ca.api.ovh.com/1.0'
	19
	20	#'kimsufi-eu'
	21	KSF_EU='https://eu.api.kimsufi.com/1.0'
	22
	23	#'kimsufi-ca'
	24	KSF_CA='https://ca.api.kimsufi.com/1.0'
	25
	26	#'soyoustart-eu'
	27	SYS_EU='https://eu.api.soyoustart.com/1.0'
	28
	29	#'soyoustart-ca'
	30	SYS_CA='https://ca.api.soyoustart.com/1.0'
	31
	32	#'runabove-ca'
	33	RAV_CA='https://api.runabove.com/1.0'
	34
690a5e20	35	wiki="https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api"
	36
	37	ovh_success="https://github.com/Neilpang/acme.sh/wiki/OVH-Success"
	38
690a5e20	39	_ovh_get_api() {
	40	_ogaep="$1"
	41
	42	case "${_ogaep}" in
4c2a3841	43
	44	ovh-eu \| ovheu)
	45	printf "%s" $OVH_EU
	46	return
	47	;;
	48	ovh-ca \| ovhca)
	49	printf "%s" $OVH_CA
	50	return
	51	;;
	52	kimsufi-eu \| kimsufieu)
	53	printf "%s" $KSF_EU
	54	return
	55	;;
	56	kimsufi-ca \| kimsufica)
	57	printf "%s" $KSF_CA
	58	return
	59	;;
	60	soyoustart-eu \| soyoustarteu)
	61	printf "%s" $SYS_EU
	62	return
	63	;;
	64	soyoustart-ca \| soyoustartca)
	65	printf "%s" $SYS_CA
	66	return
	67	;;
	68	runabove-ca \| runaboveca)
	69	printf "%s" $RAV_CA
	70	return
	71	;;
	72
690a5e20	73	*)
4c2a3841	74
	75	_err "Unknown parameter : $1"
	76	return 1
	77	;;
	78	esac
690a5e20	79	}
690a5e20	80
4c2a3841	81
be186bd3	82	_initAuth() {
4c2a3841	83	if [ -z "$OVH_AK" ] \|\| [ -z "$OVH_AS" ]; then
422e5026	84	OVH_AK=""
422e5026	85	OVH_AS=""
690a5e20	86	_err "You don't specify OVH application key and application secret yet."
	87	_err "Please create you key and try again."
	88	return 1
	89	fi
4c2a3841	90
690a5e20	91	#save the api key and email to the account conf file.
	92	_saveaccountconf OVH_AK "$OVH_AK"
	93	_saveaccountconf OVH_AS "$OVH_AS"
4c2a3841	94
4c2a3841	95	if [ -z "$OVH_END_POINT" ]; then
690a5e20	96	OVH_END_POINT="ovh-eu"
	97	fi
	98	_info "Using OVH endpoint: $OVH_END_POINT"
4c2a3841	99	if [ "$OVH_END_POINT" != "ovh-eu" ]; then
4c2a3841	100	_saveaccountconf OVH_END_POINT "$OVH_END_POINT"
690a5e20	101	fi
4c2a3841	102
4c2a3841	103	OVH_API="$(_ovh_get_api $OVH_END_POINT)"
690a5e20	104	_debug OVH_API "$OVH_API"
690a5e20	105
4c2a3841	106	if [ -z "$OVH_CK" ]; then
690a5e20	107	_info "OVH consumer key is empty, Let's get one:"
4c2a3841	108	if ! _ovh_authentication; then
690a5e20	109	_err "Can not get consumer key."
	110	fi
	111	#return and wait for retry.
4c2a3841	112	return 1
690a5e20	113	fi
4c2a3841	114
690a5e20	115	_info "Checking authentication"
4c2a3841	116
f823f170	117	if ! _ovh_rest GET "domain" \|\| _contains "$response" "INVALID_CREDENTIAL"; then
690a5e20	118	_err "The consumer key is invalid: $OVH_CK"
690a5e20	119	_err "Please retry to create a new one."
4c2a3841	120	_clearaccountconf OVH_CK
690a5e20	121	return 1
	122	fi
	123	_info "Consumer key is ok."
be186bd3	124	return 0
	125	}
	126
	127	######## Public functions #####################
	128
	129	#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
	130	dns_ovh_add() {
	131	fulldomain=$1
	132	txtvalue=$2
	133
	134	if ! _initAuth; then
	135	return 1
	136	fi
4c2a3841	137
690a5e20	138	_debug "First detect the root zone"
e9f9f515	139	if ! _get_root "$fulldomain"; then
690a5e20	140	_err "invalid domain"
	141	return 1
	142	fi
e440223b	143
690a5e20	144	_debug _sub_domain "$_sub_domain"
690a5e20	145	_debug _domain "$_domain"
4c2a3841	146
ea25492c	147	_info "Adding record"
	148	if _ovh_rest POST "domain/zone/$_domain/record" "{\"fieldType\":\"TXT\",\"subDomain\":\"$_sub_domain\",\"target\":\"$txtvalue\",\"ttl\":60}"; then
	149	if _contains "$response" "$txtvalue"; then
	150	_ovh_rest POST "domain/zone/$_domain/refresh"
	151	_debug "Refresh:$response"
01cc2e13	152	_info "Added, sleep 10 seconds."
01cc2e13	153	_sleep 10
ea25492c	154	return 0
690a5e20	155	fi
690a5e20	156	fi
ea25492c	157	_err "Add txt record error."
ea25492c	158	return 1
690a5e20	159
4c2a3841	160	}
690a5e20	161
5d6fd809	162	#fulldomain
	163	dns_ovh_rm() {
	164	fulldomain=$1
ea25492c	165	txtvalue=$2
be186bd3	166
	167	if ! _initAuth; then
	168	return 1
	169	fi
	170
	171	_debug "First detect the root zone"
	172	if ! _get_root "$fulldomain"; then
	173	_err "invalid domain"
	174	return 1
	175	fi
	176
	177	_debug _sub_domain "$_sub_domain"
	178	_debug _domain "$_domain"
ea25492c	179	_debug "Getting txt records"
be186bd3	180	if ! _ovh_rest GET "domain/zone/$_domain/record?fieldType=TXT&subDomain=$_sub_domain"; then
	181	return 1
	182	fi
5d6fd809	183
be186bd3	184	for rid in $(echo "$response" \| tr '[,]' ' '); do
	185	_debug rid "$rid"
	186	if ! _ovh_rest GET "domain/zone/$_domain/record/$rid"; then
	187	return 1
	188	fi
	189	if _contains "$response" "\"target\":\"$txtvalue\""; then
	190	_debug "Found txt id:$rid"
	191	if ! _ovh_rest DELETE "domain/zone/$_domain/record/$rid"; then
	192	return 1
	193	fi
	194	return 0
	195	fi
	196	done
	197
	198	return 1
5d6fd809	199	}
5d6fd809	200
329174b6	201	#################### Private functions below ##################################
690a5e20	202
690a5e20	203	_ovh_authentication() {
4c2a3841	204
690a5e20	205	_H1="X-Ovh-Application: $OVH_AK"
	206	_H2="Content-type: application/json"
	207	_H3=""
	208	_H4=""
4c2a3841	209
be186bd3	210	_ovhdata='{"accessRules": [{"method": "GET","path": "/auth/time"},{"method": "GET","path": "/domain"},{"method": "GET","path": "/domain/zone/"},{"method": "GET","path": "/domain/zone//record"},{"method": "POST","path": "/domain/zone//record"},{"method": "POST","path": "/domain/zone//refresh"},{"method": "PUT","path": "/domain/zone//record/"},{"method": "DELETE","path": "/domain/zone//record/"}],"redirection":"'$ovh_success'"}'
4c2a3841	211
690a5e20	212	response="$(_post "$_ovhdata" "$OVH_API/auth/credential")"
	213	_debug3 response "$response"
	214	validationUrl="$(echo "$response" \| _egrep_o "validationUrl\":\"[^\"]\"" \| _egrep_o "http.\"" \| tr -d '"')"
4c2a3841	215	if [ -z "$validationUrl" ]; then
690a5e20	216	_err "Unable to get validationUrl"
	217	return 1
	218	fi
	219	_debug validationUrl "$validationUrl"
4c2a3841	220
690a5e20	221	consumerKey="$(echo "$response" \| _egrep_o "consumerKey\":\"[^\"]*\"" \| cut -d : -f 2 \| tr -d '"')"
4c2a3841	222	if [ -z "$consumerKey" ]; then
690a5e20	223	_err "Unable to get consumerKey"
	224	return 1
	225	fi
e6e85b0c	226	_secure_debug consumerKey "$consumerKey"
4c2a3841	227
690a5e20	228	OVH_CK="$consumerKey"
690a5e20	229	_saveaccountconf OVH_CK "$OVH_CK"
690a5e20	230
4c2a3841	231	_info "Please open this link to do authentication: $(__green "$validationUrl")"
	232
	233	_info "Here is a guide for you: $(__green "$wiki")"
690a5e20	234	_info "Please retry after the authentication is done."
	235
	236	}
	237
690a5e20	238	#_acme-challenge.www.domain.com
	239	#returns
	240	# _sub_domain=_acme-challenge.www
	241	# _domain=domain.com
690a5e20	242	_get_root() {
	243	domain=$1
	244	i=2
	245	p=1
c7b16249	246	while true; do
c7b16249	247	h=$(printf "%s" "$domain" \| cut -d . -f $i-100)
4c2a3841	248	if [ -z "$h" ]; then
690a5e20	249	#not valid
4c2a3841	250	return 1
690a5e20	251	fi
4c2a3841	252
4c2a3841	253	if ! _ovh_rest GET "domain/zone/$h"; then
690a5e20	254	return 1
690a5e20	255	fi
4c2a3841	256
486e77f4	257	if ! _contains "$response" "This service does not exist" >/dev/null && ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then
c7b16249	258	_sub_domain=$(printf "%s" "$domain" \| cut -d . -f 1-$p)
c7b16249	259	_domain="$h"
690a5e20	260	return 0
	261	fi
	262	p=$i
c7b16249	263	i=$(_math "$i" + 1)
690a5e20	264	done
	265	return 1
	266	}
	267
	268	_ovh_timestamp() {
	269	_H1=""
	270	_H2=""
	271	_H3=""
	272	_H4=""
	273	_H5=""
	274	_get "$OVH_API/auth/time" "" 30
	275	}
	276
	277	_ovh_rest() {
	278	m=$1
	279	ep="$2"
	280	data="$3"
c7b16249	281	_debug "$ep"
4c2a3841	282
690a5e20	283	_ovh_url="$OVH_API/$ep"
	284	_debug2 _ovh_url "$_ovh_url"
	285	_ovh_t="$(_ovh_timestamp)"
	286	_debug2 _ovh_t "$_ovh_t"
	287	_ovh_p="$OVH_AS+$OVH_CK+$m+$_ovh_url+$data+$_ovh_t"
e6e85b0c	288	_secure_debug _ovh_p "$_ovh_p"
690a5e20	289	_ovh_hex="$(printf "%s" "$_ovh_p" \| _digest sha1 hex)"
690a5e20	290	_debug2 _ovh_hex "$_ovh_hex"
690a5e20	291
3ca93f4a BB	292	export _H1="X-Ovh-Application: $OVH_AK"
3ca93f4a BB	293	export _H2="X-Ovh-Signature: \$1\$$_ovh_hex"
690a5e20	294	_debug2 _H2 "$_H2"
3ca93f4a BB	295	export _H3="X-Ovh-Timestamp: $_ovh_t"
	296	export _H4="X-Ovh-Consumer: $OVH_CK"
	297	export _H5="Content-Type: application/json;charset=utf-8"
be186bd3	298	if [ "$data" ] \|\| [ "$m" = "POST" ] \|\| [ "$m" = "PUT" ] \|\| [ "$m" = "DELETE" ]; then
690a5e20	299	_debug data "$data"
e9f9f515	300	response="$(_post "$data" "$_ovh_url" "" "$m")"
690a5e20	301	else
	302	response="$(_get "$_ovh_url")"
	303	fi
4c2a3841	304
f823f170	305	if [ "$?" != "0" ] \|\| _contains "$response" "INVALID_CREDENTIAL"; then
f823f170	306	_err "error $response"
690a5e20	307	return 1
	308	fi
	309	_debug2 response "$response"
	310	return 0
	311	}