dnsapi/dns_curanet.sh

   1 #!/usr/bin/env sh
   2
   3 #Script to use with curanet.dk, scannet.dk, wannafind.dk, dandomain.dk DNS management.
   4 #Requires api credentials with scope: dns
   5 #Author: Peter L. Hansen <peter@r12.dk>
   6 #Version 1.0
   7
   8 CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains"
   9 CURANET_AUTH_URL="https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token"
  10 CURANET_ACCESS_TOKEN=""
  11
  12 ########  Public functions #####################
  13
  14 #Usage: dns_curanet_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  15 dns_curanet_add() {
  16   fulldomain=$1
  17   txtvalue=$2
  18   _info "Using curanet"
  19   _debug fulldomain "$fulldomain"
  20   _debug txtvalue "$txtvalue"
  21
  22   CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}"
  23   CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}"
  24   if [ -z "$CURANET_AUTHCLIENTID" ] || [ -z "$CURANET_AUTHSECRET" ]; then
  25     CURANET_AUTHCLIENTID=""
  26     CURANET_AUTHSECRET=""
  27     _err "You don't specify curanet api client and secret."
  28     _err "Please create your auth info and try again."
  29     return 1
  30   fi
  31
  32   #save the credentials to the account conf file.
  33   _saveaccountconf_mutable CURANET_AUTHCLIENTID "$CURANET_AUTHCLIENTID"
  34   _saveaccountconf_mutable CURANET_AUTHSECRET "$CURANET_AUTHSECRET"
  35
  36   if ! _get_token; then
  37     _err "Unable to get token"
  38     return 1
  39   fi
  40
  41   if ! _get_root "$fulldomain"; then
  42     _err "Invalid domain"
  43     return 1
  44   fi
  45
  46   export _H1="Content-Type: application/json-patch+json"
  47   export _H2="Accept: application/json"
  48   export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN"
  49   data="{\"name\": \"$fulldomain\",\"type\": \"TXT\",\"ttl\": 60,\"priority\": 0,\"data\": \"$txtvalue\"}"
  50   response="$(_post "$data" "$CURANET_REST_URL/${_domain}/Records" "" "")"
  51
  52   if _contains "$response" "$txtvalue"; then
  53     _debug "TXT record added OK"
  54   else
  55     _err "Unable to add TXT record"
  56     return 1
  57   fi
  58
  59   return 0
  60 }
  61
  62 #Usage: fulldomain txtvalue
  63 #Remove the txt record after validation.
  64 dns_curanet_rm() {
  65   fulldomain=$1
  66   txtvalue=$2
  67   _info "Using curanet"
  68   _debug fulldomain "$fulldomain"
  69   _debug txtvalue "$txtvalue"
  70
  71   CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}"
  72   CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}"
  73
  74   if ! _get_token; then
  75     _err "Unable to get token"
  76     return 1
  77   fi
  78
  79   if ! _get_root "$fulldomain"; then
  80     _err "Invalid domain"
  81     return 1
  82   fi
  83
  84   _debug "Getting current record list to identify TXT to delete"
  85
  86   export _H1="Content-Type: application/json"
  87   export _H2="Accept: application/json"
  88   export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN"
  89
  90   response="$(_get "$CURANET_REST_URL/${_domain}/Records" "" "")"
  91
  92   if ! _contains "$response" "$txtvalue"; then
  93     _err "Unable to delete record (does not contain $txtvalue )"
  94     return 1
  95   fi
  96
  97   recordid=$(echo "$response" | _egrep_o "{\"id\":[0-9]+,\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":60,\"priority\":0,\"data\":\"..$txtvalue" | _egrep_o "id\":[0-9]+" | cut -c 5-)
  98
  99   if [ -z "$recordid" ]; then
 100     _err "Unable to get recordid"
 101     _debug "regex {\"id\":[0-9]+,\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":60,\"priority\":0,\"data\":\"..$txtvalue"
 102     _debug "response $response"
 103     return 1
 104   fi
 105
 106   _debug "Deleting recordID $recordid"
 107   response="$(_post "" "$CURANET_REST_URL/${_domain}/Records/$recordid" "" "DELETE")"
 108   return 0
 109 }
 110
 111 ####################  Private functions below ##################################
 112
 113 _get_token() {
 114   response="$(_post "grant_type=client_credentials&client_id=$CURANET_AUTHCLIENTID&client_secret=$CURANET_AUTHSECRET&scope=dns" "$CURANET_AUTH_URL" "" "")"
 115   if ! _contains "$response" "access_token"; then
 116     _err "Unable get access token"
 117     return 1
 118   fi
 119   CURANET_ACCESS_TOKEN=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]+" | cut -c 17-)
 120
 121   if [ -z "$CURANET_ACCESS_TOKEN" ]; then
 122     _err "Unable to get token"
 123     return 1
 124   fi
 125
 126   return 0
 127
 128 }
 129
 130 #_acme-challenge.www.domain.com
 131 #returns
 132 # _domain=domain.com
 133 # _domain_id=sdjkglgdfewsdfg
 134 _get_root() {
 135   domain=$1
 136   i=1
 137
 138   while true; do
 139     h=$(printf "%s" "$domain" | cut -d . -f $i-100)
 140     _debug h "$h"
 141     if [ -z "$h" ]; then
 142       #not valid
 143       return 1
 144     fi
 145
 146     export _H1="Content-Type: application/json"
 147     export _H2="Accept: application/json"
 148     export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN"
 149     response="$(_get "$CURANET_REST_URL/$h/Records" "" "")"
 150
 151     if [ ! "$(echo "$response" | _egrep_o "Entity not found")" ]; then
 152       _domain=$h
 153       return 0
 154     fi
 155
 156     i=$(_math "$i" + 1)
 157   done
 158   return 1
 159 }