]> git.proxmox.com Git - mirror_acme.sh.git/blob - dnsapi/dns_ali.sh
projects / mirror_acme.sh.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #4542 from alexleigh/master
[mirror_acme.sh.git] / dnsapi / dns_ali.sh
1 #!/usr/bin/env sh
2
3 Ali_API="https://alidns.aliyuncs.com/"
4
5 #Ali_Key="LTqIA87hOKdjevsf5"
6 #Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2"
7
8 #Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
9 dns_ali_add() {
10 fulldomain=$1
11 txtvalue=$2
12
13 Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
14 Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
15 if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then
16 Ali_Key=""
17 Ali_Secret=""
18 _err "You don't specify aliyun api key and secret yet."
19 return 1
20 fi
21
22 #save the api key and secret to the account conf file.
23 _saveaccountconf_mutable Ali_Key "$Ali_Key"
24 _saveaccountconf_mutable Ali_Secret "$Ali_Secret"
25
26 _debug "First detect the root zone"
27 if ! _get_root "$fulldomain"; then
28 return 1
29 fi
30
31 _debug "Add record"
32 _add_record_query "$_domain" "$_sub_domain" "$txtvalue" && _ali_rest "Add record"
33 }
34
35 dns_ali_rm() {
36 fulldomain=$1
37 txtvalue=$2
38 Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
39 Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
40
41 _debug "First detect the root zone"
42 if ! _get_root "$fulldomain"; then
43 return 1
44 fi
45
46 _clean
47 }
48
49 #################### Private functions below ##################################
50
51 _get_root() {
52 domain=$1
53 i=2
54 p=1
55 while true; do
56 h=$(printf "%s" "$domain" | cut -d . -f $i-100)
57 if [ -z "$h" ]; then
58 #not valid
59 return 1
60 fi
61
62 _describe_records_query "$h"
63 if ! _ali_rest "Get root" "ignore"; then
64 return 1
65 fi
66
67 if _contains "$response" "PageNumber"; then
68 _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
69 _debug _sub_domain "$_sub_domain"
70 _domain="$h"
71 _debug _domain "$_domain"
72 return 0
73 fi
74 p="$i"
75 i=$(_math "$i" + 1)
76 done
77 return 1
78 }
79
80 _ali_rest() {
81 signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64)
82 signature=$(_ali_urlencode "$signature")
83 url="$Ali_API?$query&Signature=$signature"
84
85 if ! response="$(_get "$url")"; then
86 _err "Error <$1>"
87 return 1
88 fi
89
90 _debug2 response "$response"
91 if [ -z "$2" ]; then
92 message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")"
93 if [ "$message" ]; then
94 _err "$message"
95 return 1
96 fi
97 fi
98 }
99
100 _ali_urlencode() {
101 _str="$1"
102 _str_len=${#_str}
103 _u_i=1
104 while [ "$_u_i" -le "$_str_len" ]; do
105 _str_c="$(printf "%s" "$_str" | cut -c "$_u_i")"
106 case $_str_c in [a-zA-Z0-9.~_-])
107 printf "%s" "$_str_c"
108 ;;
109 *)
110 printf "%%%02X" "'$_str_c"
111 ;;
112 esac
113 _u_i="$(_math "$_u_i" + 1)"
114 done
115 }
116
117 _ali_nonce() {
118 #_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31
119 #Not so good...
120 date +"%s%N"
121 }
122
123 _check_exist_query() {
124 _qdomain="$1"
125 _qsubdomain="$2"
126 query=''
127 query=$query'AccessKeyId='$Ali_Key
128 query=$query'&Action=DescribeDomainRecords'
129 query=$query'&DomainName='$_qdomain
130 query=$query'&Format=json'
131 query=$query'&RRKeyWord='$_qsubdomain
132 query=$query'&SignatureMethod=HMAC-SHA1'
133 query=$query"&SignatureNonce=$(_ali_nonce)"
134 query=$query'&SignatureVersion=1.0'
135 query=$query'&Timestamp='$(_timestamp)
136 query=$query'&TypeKeyWord=TXT'
137 query=$query'&Version=2015-01-09'
138 }
139
140 _add_record_query() {
141 query=''
142 query=$query'AccessKeyId='$Ali_Key
143 query=$query'&Action=AddDomainRecord'
144 query=$query'&DomainName='$1
145 query=$query'&Format=json'
146 query=$query'&RR='$2
147 query=$query'&SignatureMethod=HMAC-SHA1'
148 query=$query"&SignatureNonce=$(_ali_nonce)"
149 query=$query'&SignatureVersion=1.0'
150 query=$query'&Timestamp='$(_timestamp)
151 query=$query'&Type=TXT'
152 query=$query'&Value='$3
153 query=$query'&Version=2015-01-09'
154 }
155
156 _delete_record_query() {
157 query=''
158 query=$query'AccessKeyId='$Ali_Key
159 query=$query'&Action=DeleteDomainRecord'
160 query=$query'&Format=json'
161 query=$query'&RecordId='$1
162 query=$query'&SignatureMethod=HMAC-SHA1'
163 query=$query"&SignatureNonce=$(_ali_nonce)"
164 query=$query'&SignatureVersion=1.0'
165 query=$query'&Timestamp='$(_timestamp)
166 query=$query'&Version=2015-01-09'
167 }
168
169 _describe_records_query() {
170 query=''
171 query=$query'AccessKeyId='$Ali_Key
172 query=$query'&Action=DescribeDomainRecords'
173 query=$query'&DomainName='$1
174 query=$query'&Format=json'
175 query=$query'&SignatureMethod=HMAC-SHA1'
176 query=$query"&SignatureNonce=$(_ali_nonce)"
177 query=$query'&SignatureVersion=1.0'
178 query=$query'&Timestamp='$(_timestamp)
179 query=$query'&Version=2015-01-09'
180 }
181
182 _clean() {
183 _check_exist_query "$_domain" "$_sub_domain"
184 # do not correct grammar here
185 if ! _ali_rest "Check exist records" "ignore"; then
186 return 1
187 fi
188
189 record_id="$(echo "$response" | tr '{' "\n" | grep "$_sub_domain" | grep -- "$txtvalue" | tr "," "\n" | grep RecordId | cut -d '"' -f 4)"
190 _debug2 record_id "$record_id"
191
192 if [ -z "$record_id" ]; then
193 _debug "record not found, skip"
194 else
195 _delete_record_query "$record_id"
196 _ali_rest "Delete record $record_id" "ignore"
197 fi
198
199 }
200
201 _timestamp() {
202 date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ"
203 }
acme.sh DNS challenge mirror