]>
Commit | Line | Data |
---|---|---|
a4c57ee3 MB |
1 | #!/usr/bin/env sh |
2 | TRANSIP_Api_Url="https://api.transip.nl/v6" | |
a4c57ee3 | 3 | TRANSIP_Token_Read_Only="false" |
a4c57ee3 MB |
4 | TRANSIP_Token_Expiration="30 minutes" |
5 | # You can't reuse a label token, so we leave this empty normally | |
6 | TRANSIP_Token_Label="" | |
7 | ||
8 | ######## Public functions ##################### | |
9 | #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" | |
10 | dns_transip_add() { | |
11 | fulldomain="$1" | |
12 | _debug fulldomain="$fulldomain" | |
13 | txtvalue="$2" | |
14 | _debug txtvalue="$txtvalue" | |
65e82b03 | 15 | _transip_setup "$fulldomain" || return 1 |
a4c57ee3 MB |
16 | _info "Creating TXT record." |
17 | if ! _transip_rest POST "domains/$_domain/dns" "{\"dnsEntry\":{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"expire\":300}}"; then | |
18 | _err "Could not add TXT record." | |
19 | return 1 | |
20 | fi | |
21 | return 0 | |
22 | } | |
23 | ||
24 | dns_transip_rm() { | |
25 | fulldomain=$1 | |
26 | _debug fulldomain="$fulldomain" | |
27 | txtvalue=$2 | |
28 | _debug txtvalue="$txtvalue" | |
65e82b03 | 29 | _transip_setup "$fulldomain" || return 1 |
a4c57ee3 MB |
30 | _info "Removing TXT record." |
31 | if ! _transip_rest DELETE "domains/$_domain/dns" "{\"dnsEntry\":{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"expire\":300}}"; then | |
32 | _err "Could not remove TXT record $_sub_domain for $domain" | |
33 | return 1 | |
34 | fi | |
35 | return 0 | |
36 | } | |
37 | ||
38 | #################### Private functions below ################################## | |
39 | #_acme-challenge.www.domain.com | |
40 | #returns | |
41 | # _sub_domain=_acme-challenge.www | |
42 | # _domain=domain.com | |
43 | _get_root() { | |
44 | domain="$1" | |
45 | i=2 | |
46 | p=1 | |
47 | while true; do | |
48 | h=$(printf "%s" "$domain" | cut -d . -f $i-100) | |
49 | ||
50 | if [ -z "$h" ]; then | |
51 | #not valid | |
52 | return 1 | |
53 | fi | |
54 | ||
55 | _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) | |
56 | _domain="$h" | |
57 | ||
65e82b03 | 58 | if _transip_rest GET "domains/$h/dns" && _contains "$response" "dnsEntries"; then |
a102d775 | 59 | return 0 |
a4c57ee3 MB |
60 | fi |
61 | ||
62 | p=$i | |
63 | i=$(_math "$i" + 1) | |
64 | done | |
65 | _err "Unable to parse this domain" | |
66 | return 1 | |
67 | } | |
68 | ||
69 | _transip_rest() { | |
70 | m="$1" | |
71 | ep="$2" | |
72 | data="$3" | |
73 | _debug ep "$ep" | |
74 | export _H1="Accept: application/json" | |
75 | export _H2="Authorization: Bearer $_token" | |
76 | export _H4="Content-Type: application/json" | |
77 | if [ "$m" != "GET" ]; then | |
78 | _debug data "$data" | |
79 | response="$(_post "$data" "$TRANSIP_Api_Url/$ep" "" "$m")" | |
80 | retcode=$? | |
81 | else | |
82 | response="$(_get "$TRANSIP_Api_Url/$ep")" | |
83 | retcode=$? | |
84 | fi | |
85 | ||
86 | if [ "$retcode" != "0" ]; then | |
87 | _err "error $ep" | |
88 | return 1 | |
89 | fi | |
90 | _debug2 response "$response" | |
91 | return 0 | |
92 | } | |
93 | ||
94 | _transip_get_token() { | |
06356226 | 95 | nonce=$(echo "TRANSIP$(_time)" | _digest sha1 hex | cut -c 1-32) |
63031fb2 | 96 | _debug nonce "$nonce" |
a4c57ee3 | 97 | |
7122a960 DK |
98 | # make IP whitelisting configurable |
99 | TRANSIP_Token_Global_Key="${TRANSIP_Token_Global_Key:-$(_readaccountconf_mutable TRANSIP_Token_Global_Key)}" | |
100 | _saveaccountconf_mutable TRANSIP_Token_Global_Key "$TRANSIP_Token_Global_Key" | |
101 | ||
102 | data="{\"login\":\"${TRANSIP_Username}\",\"nonce\":\"${nonce}\",\"read_only\":\"${TRANSIP_Token_Read_Only}\",\"expiration_time\":\"${TRANSIP_Token_Expiration}\",\"label\":\"${TRANSIP_Token_Label}\",\"global_key\":\"${TRANSIP_Token_Global_Key:-false}\"}" | |
a4c57ee3 MB |
103 | _debug data "$data" |
104 | ||
105 | #_signature=$(printf "%s" "$data" | openssl dgst -sha512 -sign "$TRANSIP_Key_File" | _base64) | |
106 | _signature=$(printf "%s" "$data" | _sign "$TRANSIP_Key_File" "sha512") | |
107 | _debug2 _signature "$_signature" | |
108 | ||
109 | export _H1="Signature: $_signature" | |
110 | export _H2="Content-Type: application/json" | |
111 | ||
112 | response="$(_post "$data" "$TRANSIP_Api_Url/auth" "" "POST")" | |
113 | retcode=$? | |
114 | _debug2 response "$response" | |
115 | if [ "$retcode" != "0" ]; then | |
116 | _err "Authentication failed." | |
117 | return 1 | |
118 | fi | |
119 | if _contains "$response" "token"; then | |
120 | _token="$(echo "$response" | _normalizeJson | sed -n 's/^{"token":"\(.*\)"}/\1/p')" | |
121 | _debug _token "$_token" | |
122 | return 0 | |
123 | fi | |
124 | return 1 | |
125 | } | |
126 | ||
127 | _transip_setup() { | |
128 | fulldomain=$1 | |
129 | ||
130 | # retrieve the transip creds | |
131 | TRANSIP_Username="${TRANSIP_Username:-$(_readaccountconf_mutable TRANSIP_Username)}" | |
132 | TRANSIP_Key_File="${TRANSIP_Key_File:-$(_readaccountconf_mutable TRANSIP_Key_File)}" | |
133 | # check their vals for null | |
134 | if [ -z "$TRANSIP_Username" ] || [ -z "$TRANSIP_Key_File" ]; then | |
135 | TRANSIP_Username="" | |
136 | TRANSIP_Key_File="" | |
137 | _err "You didn't specify a TransIP username and api key file location" | |
138 | _err "Please set those values and try again." | |
139 | return 1 | |
140 | fi | |
141 | # save the username and api key to the account conf file. | |
142 | _saveaccountconf_mutable TRANSIP_Username "$TRANSIP_Username" | |
143 | _saveaccountconf_mutable TRANSIP_Key_File "$TRANSIP_Key_File" | |
144 | ||
7122a960 DK |
145 | # download key file if it's an URL |
146 | if _startswith "$TRANSIP_Key_File" "http"; then | |
147 | _debug "download transip key file" | |
148 | TRANSIP_Key_URL=$TRANSIP_Key_File | |
149 | TRANSIP_Key_File="$(_mktemp)" | |
150 | chmod 600 "$TRANSIP_Key_File" | |
151 | if ! _get "$TRANSIP_Key_URL" >"$TRANSIP_Key_File"; then | |
152 | _err "Error getting key file from : $TRANSIP_Key_URL" | |
153 | return 1 | |
154 | fi | |
155 | fi | |
156 | ||
80a636bd | 157 | if [ -f "$TRANSIP_Key_File" ]; then |
a102d775 MB |
158 | if ! grep "BEGIN PRIVATE KEY" "$TRANSIP_Key_File" >/dev/null 2>&1; then |
159 | _err "Key file doesn't seem to be a valid key: ${TRANSIP_Key_File}" | |
160 | return 1 | |
161 | fi | |
a4c57ee3 | 162 | else |
d5ef3a3f MB |
163 | _err "Can't read private key file: ${TRANSIP_Key_File}" |
164 | return 1 | |
a4c57ee3 MB |
165 | fi |
166 | ||
a4c57ee3 MB |
167 | if [ -z "$_token" ]; then |
168 | if ! _transip_get_token; then | |
169 | _err "Can not get token." | |
170 | return 1 | |
171 | fi | |
172 | fi | |
173 | ||
7122a960 DK |
174 | if [ -n "${TRANSIP_Key_URL}" ]; then |
175 | _debug "delete transip key file" | |
176 | rm "${TRANSIP_Key_File}" | |
177 | TRANSIP_Key_File=$TRANSIP_Key_URL | |
178 | fi | |
179 | ||
65e82b03 | 180 | _get_root "$fulldomain" || return 1 |
a4c57ee3 MB |
181 | |
182 | return 0 | |
183 | } |