dnsapi/dns_ovh.sh

   1 #!/usr/bin/env sh
   2
   3 #Application Key
   4 #OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje"
   5 #
   6 #Application Secret
   7 #OVH_AS="sdfsafsdfsdfdsfsdfsa"
   8 #
   9 #Consumer Key
  10 #OVH_CK="sdfsdfsdfsdfsdfdsf"
  11
  12 #OVH_END_POINT=ovh-eu
  13
  14 #'ovh-eu'
  15 OVH_EU='https://eu.api.ovh.com/1.0'
  16
  17 #'ovh-us'
  18 OVH_US='https://api.us.ovhcloud.com/1.0'
  19
  20 #'ovh-ca':
  21 OVH_CA='https://ca.api.ovh.com/1.0'
  22
  23 #'kimsufi-eu'
  24 KSF_EU='https://eu.api.kimsufi.com/1.0'
  25
  26 #'kimsufi-ca'
  27 KSF_CA='https://ca.api.kimsufi.com/1.0'
  28
  29 #'soyoustart-eu'
  30 SYS_EU='https://eu.api.soyoustart.com/1.0'
  31
  32 #'soyoustart-ca'
  33 SYS_CA='https://ca.api.soyoustart.com/1.0'
  34
  35 wiki="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api"
  36
  37 ovh_success="https://github.com/acmesh-official/acme.sh/wiki/OVH-Success"
  38
  39 _ovh_get_api() {
  40   _ogaep="$1"
  41
  42   case "${_ogaep}" in
  43
  44   ovh-eu | ovheu)
  45     printf "%s" $OVH_EU
  46     return
  47     ;;
  48   ovh-us | ovhus)
  49     printf "%s" $OVH_US
  50     return
  51     ;;
  52   ovh-ca | ovhca)
  53     printf "%s" $OVH_CA
  54     return
  55     ;;
  56   kimsufi-eu | kimsufieu)
  57     printf "%s" $KSF_EU
  58     return
  59     ;;
  60   kimsufi-ca | kimsufica)
  61     printf "%s" $KSF_CA
  62     return
  63     ;;
  64   soyoustart-eu | soyoustarteu)
  65     printf "%s" $SYS_EU
  66     return
  67     ;;
  68   soyoustart-ca | soyoustartca)
  69     printf "%s" $SYS_CA
  70     return
  71     ;;
  72   # raw API url starts with https://
  73   https*)
  74     printf "%s" "$1"
  75     return
  76     ;;
  77
  78   *)
  79
  80     _err "Unknown endpoint : $1"
  81     return 1
  82     ;;
  83   esac
  84 }
  85
  86 _initAuth() {
  87   OVH_AK="${OVH_AK:-$(_readaccountconf_mutable OVH_AK)}"
  88   OVH_AS="${OVH_AS:-$(_readaccountconf_mutable OVH_AS)}"
  89
  90   if [ -z "$OVH_AK" ] || [ -z "$OVH_AS" ]; then
  91     OVH_AK=""
  92     OVH_AS=""
  93     _err "You don't specify OVH application key and application secret yet."
  94     _err "Please create you key and try again."
  95     return 1
  96   fi
  97
  98   if [ "$OVH_AK" != "$(_readaccountconf OVH_AK)" ]; then
  99     _info "It seems that your ovh key is changed, let's clear consumer key first."
 100     _clearaccountconf_mutable OVH_CK
 101   fi
 102   _saveaccountconf_mutable OVH_AK "$OVH_AK"
 103   _saveaccountconf_mutable OVH_AS "$OVH_AS"
 104
 105   OVH_END_POINT="${OVH_END_POINT:-$(_readaccountconf_mutable OVH_END_POINT)}"
 106   if [ -z "$OVH_END_POINT" ]; then
 107     OVH_END_POINT="ovh-eu"
 108   fi
 109   _info "Using OVH endpoint: $OVH_END_POINT"
 110   if [ "$OVH_END_POINT" != "ovh-eu" ]; then
 111     _saveaccountconf_mutable OVH_END_POINT "$OVH_END_POINT"
 112   fi
 113
 114   OVH_API="$(_ovh_get_api $OVH_END_POINT)"
 115   _debug OVH_API "$OVH_API"
 116
 117   OVH_CK="${OVH_CK:-$(_readaccountconf_mutable OVH_CK)}"
 118   if [ -z "$OVH_CK" ]; then
 119     _info "OVH consumer key is empty, Let's get one:"
 120     if ! _ovh_authentication; then
 121       _err "Can not get consumer key."
 122     fi
 123     #return and wait for retry.
 124     return 1
 125   fi
 126   _saveaccountconf_mutable OVH_CK "$OVH_CK"
 127
 128   _info "Checking authentication"
 129
 130   if ! _ovh_rest GET "domain" || _contains "$response" "INVALID_CREDENTIAL" || _contains "$response" "NOT_CREDENTIAL"; then
 131     _err "The consumer key is invalid: $OVH_CK"
 132     _err "Please retry to create a new one."
 133     _clearaccountconf_mutable OVH_CK
 134     return 1
 135   fi
 136   _info "Consumer key is ok."
 137   return 0
 138 }
 139
 140 ########  Public functions #####################
 141
 142 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 143 dns_ovh_add() {
 144   fulldomain=$1
 145   txtvalue=$2
 146
 147   if ! _initAuth; then
 148     return 1
 149   fi
 150
 151   _debug "First detect the root zone"
 152   if ! _get_root "$fulldomain"; then
 153     _err "invalid domain"
 154     return 1
 155   fi
 156
 157   _debug _sub_domain "$_sub_domain"
 158   _debug _domain "$_domain"
 159
 160   _info "Adding record"
 161   if _ovh_rest POST "domain/zone/$_domain/record" "{\"fieldType\":\"TXT\",\"subDomain\":\"$_sub_domain\",\"target\":\"$txtvalue\",\"ttl\":60}"; then
 162     if _contains "$response" "$txtvalue"; then
 163       _ovh_rest POST "domain/zone/$_domain/refresh"
 164       _debug "Refresh:$response"
 165       _info "Added, sleep 10 seconds."
 166       _sleep 10
 167       return 0
 168     fi
 169   fi
 170   _err "Add txt record error."
 171   return 1
 172
 173 }
 174
 175 #fulldomain
 176 dns_ovh_rm() {
 177   fulldomain=$1
 178   txtvalue=$2
 179
 180   if ! _initAuth; then
 181     return 1
 182   fi
 183
 184   _debug "First detect the root zone"
 185   if ! _get_root "$fulldomain"; then
 186     _err "invalid domain"
 187     return 1
 188   fi
 189
 190   _debug _sub_domain "$_sub_domain"
 191   _debug _domain "$_domain"
 192   _debug "Getting txt records"
 193   if ! _ovh_rest GET "domain/zone/$_domain/record?fieldType=TXT&subDomain=$_sub_domain"; then
 194     return 1
 195   fi
 196
 197   for rid in $(echo "$response" | tr '][,' '   '); do
 198     _debug rid "$rid"
 199     if ! _ovh_rest GET "domain/zone/$_domain/record/$rid"; then
 200       return 1
 201     fi
 202     if _contains "$response" "\"target\":\"$txtvalue\""; then
 203       _debug "Found txt id:$rid"
 204       if ! _ovh_rest DELETE "domain/zone/$_domain/record/$rid"; then
 205         return 1
 206       fi
 207       _ovh_rest POST "domain/zone/$_domain/refresh"
 208       _debug "Refresh:$response"
 209       return 0
 210     fi
 211   done
 212
 213   return 1
 214 }
 215
 216 ####################  Private functions below ##################################
 217
 218 _ovh_authentication() {
 219
 220   _H1="X-Ovh-Application: $OVH_AK"
 221   _H2="Content-type: application/json"
 222   _H3=""
 223   _H4=""
 224
 225   _ovhdata='{"accessRules": [{"method": "GET","path": "/auth/time"},{"method": "GET","path": "/domain"},{"method": "GET","path": "/domain/zone/*"},{"method": "GET","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/refresh"},{"method": "PUT","path": "/domain/zone/*/record/*"},{"method": "DELETE","path": "/domain/zone/*/record/*"}],"redirection":"'$ovh_success'"}'
 226
 227   response="$(_post "$_ovhdata" "$OVH_API/auth/credential")"
 228   _debug3 response "$response"
 229   validationUrl="$(echo "$response" | _egrep_o "validationUrl\":\"[^\"]*\"" | _egrep_o "http.*\"" | tr -d '"')"
 230   if [ -z "$validationUrl" ]; then
 231     _err "Unable to get validationUrl"
 232     return 1
 233   fi
 234   _debug validationUrl "$validationUrl"
 235
 236   consumerKey="$(echo "$response" | _egrep_o "consumerKey\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')"
 237   if [ -z "$consumerKey" ]; then
 238     _err "Unable to get consumerKey"
 239     return 1
 240   fi
 241   _secure_debug consumerKey "$consumerKey"
 242
 243   OVH_CK="$consumerKey"
 244   _saveaccountconf_mutable OVH_CK "$OVH_CK"
 245   _info "Please open this link to do authentication: $(__green "$validationUrl")"
 246
 247   _info "Here is a guide for you: $(__green "$wiki")"
 248   _info "Please retry after the authentication is done."
 249
 250 }
 251
 252 #_acme-challenge.www.domain.com
 253 #returns
 254 # _sub_domain=_acme-challenge.www
 255 # _domain=domain.com
 256 _get_root() {
 257   domain=$1
 258   i=1
 259   p=1
 260   while true; do
 261     h=$(printf "%s" "$domain" | cut -d . -f $i-100)
 262     if [ -z "$h" ]; then
 263       #not valid
 264       return 1
 265     fi
 266
 267     if ! _ovh_rest GET "domain/zone/$h"; then
 268       return 1
 269     fi
 270
 271     if ! _contains "$response" "This service does not exist" >/dev/null &&
 272       ! _contains "$response" "This call has not been granted" >/dev/null &&
 273       ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then
 274       _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
 275       _domain="$h"
 276       return 0
 277     fi
 278     p=$i
 279     i=$(_math "$i" + 1)
 280   done
 281   return 1
 282 }
 283
 284 _ovh_timestamp() {
 285   _H1=""
 286   _H2=""
 287   _H3=""
 288   _H4=""
 289   _H5=""
 290   _get "$OVH_API/auth/time" "" 30
 291 }
 292
 293 _ovh_rest() {
 294   m=$1
 295   ep="$2"
 296   data="$3"
 297   _debug "$ep"
 298
 299   _ovh_url="$OVH_API/$ep"
 300   _debug2 _ovh_url "$_ovh_url"
 301   _ovh_t="$(_ovh_timestamp)"
 302   _debug2 _ovh_t "$_ovh_t"
 303   _ovh_p="$OVH_AS+$OVH_CK+$m+$_ovh_url+$data+$_ovh_t"
 304   _secure_debug _ovh_p "$_ovh_p"
 305   _ovh_hex="$(printf "%s" "$_ovh_p" | _digest sha1 hex)"
 306   _debug2 _ovh_hex "$_ovh_hex"
 307
 308   export _H1="X-Ovh-Application: $OVH_AK"
 309   export _H2="X-Ovh-Signature: \$1\$$_ovh_hex"
 310   _debug2 _H2 "$_H2"
 311   export _H3="X-Ovh-Timestamp: $_ovh_t"
 312   export _H4="X-Ovh-Consumer: $OVH_CK"
 313   export _H5="Content-Type: application/json;charset=utf-8"
 314   if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] || [ "$m" = "DELETE" ]; then
 315     _debug data "$data"
 316     response="$(_post "$data" "$_ovh_url" "" "$m")"
 317   else
 318     response="$(_get "$_ovh_url")"
 319   fi
 320
 321   if [ "$?" != "0" ] || _contains "$response" "INVALID_CREDENTIAL"; then
 322     _err "error $response"
 323     return 1
 324   fi
 325   _debug2 response "$response"
 326   return 0
 327 }