]>
git.proxmox.com Git - proxmox-acme.git/blob - src/proxmox-acme
5 PROJECT_NAME
="ProxmoxACME"
7 USER_AGENT
="$PROJECT_NAME/$VER"
9 DNS_PLUGIN_PATH
="/usr/share/proxmox-acme/dnsapi"
10 HTTP_HEADER
="$(mktemp)"
15 openssl base64
-e |
tr -d '\r\n'
22 # Usage: hashalg [outputhex]
23 # Output Base64-encoded digest
27 if [ "$alg" = "sha256" ] ||
[ "$alg" = "sha1" ] ||
[ "$alg" = "md5" ]; then
29 openssl dgst
-"$alg" -hex | cut
-d = -f 2 |
tr -d ' '
31 openssl dgst
-"$alg" -binary | _base64
37 # shellcheck disable=SC2018,SC2019
42 # shellcheck disable=SC2018,SC2019
49 echo "$_str" |
grep "^$_sub" >/dev
/null
2>&1
55 echo "$_str" |
grep -- "$_sub\$" >/dev
/null
2>&1
61 echo "$_str" |
grep -- "$_sub" >/dev
/null
2>&1
70 if [ -z "$_sep" ]; then
75 while [ "$_ffi" -gt "0" ]; do
76 _fv
="$(echo "$_str" | cut -d "$_sep" -f "$_ffi")"
81 _ffi
="$(_math "$_ffi" - 1)"
84 printf -- "%s" "$_str"
90 if eval type type >/dev
/null
2>&1; then
91 type "$cmd" >/dev
/null
2>&1
93 command -v "$cmd" >/dev
/null
2>&1
102 printf "%s" "$(($_m_opts))"
106 if ! egrep -o "$1" 2>/dev
/null
; then
107 sed -n 's/.*\('"$1"'\).*/\1/p'
111 # body url [needbase64] [POST|PUT|DELETE] [ContentType]
117 _postContentType
="$5"
119 if [ -z "$httpmethod" ]; then
123 _CURL
="curl -L --silent --dump-header $HTTP_HEADER -g "
124 if [ "$HTTPS_INSECURE" ]; then
125 _CURL
="$_CURL --insecure "
127 if [ "$httpmethod" = "HEAD" ]; then
130 if [ "$needbase64" ]; then
132 if [ "$_postContentType" ]; then
133 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type
: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)"
135 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)"
138 if [ "$_postContentType" ]; then
139 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type
: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url" | _base64)"
141 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url" | _base64)"
146 if [ "$_postContentType" ]; then
147 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type
: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")"
149 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")"
152 if [ "$_postContentType" ]; then
153 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type
: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url")"
155 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url")"
160 if [ "$_ret" != "0" ]; then
161 _err
"Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret"
163 printf "%s" "$response"
167 # url getheader timeout
173 _CURL
="curl -L --silent --dump-header $HTTP_HEADER -g "
174 if [ "$HTTPS_INSECURE" ]; then
175 _CURL
="$_CURL --insecure "
178 _CURL
="$_CURL --connect-timeout $t"
180 if [ "$onlyheader" ]; then
181 $_CURL -I --user-agent "USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url"
183 $_CURL --user-agent "USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url"
186 if [ "$ret" != "0" ]; then
187 _err
"Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret"
200 # stdin output hexstr splited by one space
202 # output: " 61 62 63"
204 od -A n
-v -t x1 |
tr -s " " |
sed 's/ $//' |
tr -d "\r\t\n"
209 _hex_str
=$
(_hex_dump
)
210 for _hex_code
in $_hex_str; do
212 case "${_hex_code}" in
418 printf '%%%s' "$_hex_code"
424 # Usage: hashalg secret_hex [outputhex]
431 if [ "$alg" = "sha256" ] ||
[ "$alg" = "sha1" ]; then
432 if [ "$outputhex" ]; then
433 (openssl dgst
-"$alg" -mac HMAC
-macopt "hexkey:$secret_hex" 2>/dev
/null || openssl dgst
-"$alg" -hmac "$(printf "%s
" "$secret_hex" | _h2b)") | cut
-d = -f 2 |
tr -d ' '
435 openssl dgst
-"$alg" -mac HMAC
-macopt "hexkey:$secret_hex" -binary 2>/dev
/null || openssl dgst
-"$alg" -hmac "$(printf "%s
" "$secret_hex" | _h2b)" -binary
443 _idn_temp
=$
(printf "%s" "$_is_idn_d" |
tr -d '0-9' |
tr -d 'a-z' |
tr -d 'A-Z' |
tr -d '*.,-_')
450 if ! _is_idn
"$__idn_d"; then
451 printf "%s" "$__idn_d"
456 idn
"$__idn_d" |
tr -d "\r\n"
458 _err
"Please install idn to process IDN names."
463 sed "s/\" *: *\([\"{\[]\)/\":\1/g" |
sed "s/^ *\([^ ]\)/\1/" |
tr -d "\r\n"
477 stat
-c '%U:%G' "$1" 2>/dev
/null
485 date -u "+%Y-%m-%d %H:%M:%S"
502 printf -- "%s" "[$(date)] " >&1
507 printf -- "%s" "[$(date)] " >&2
523 _readaccountconf_mutable
() {
524 _readaccountconf
"$1"
528 _clearaccountconf
() {
537 if [[ $DEBUG -eq 0 ]]; then
540 printf -- "%s" "[$(date)] " >&1
568 _saveaccountconf_mutable
() {
580 _source_plugin_config
() {
584 # Proxmox implementation to inject the DNSAPI variables
585 _load_plugin_config
() {
586 while IFS
= read -r line
; do
591 # acme.sh uses eval insted of export
592 if [ -n "$key" ]; then
593 export "$key"="$value"
598 # call setup and teardown direct
599 # the parameter must be set in the correct order
600 # $1 <String> DNS Plugin name
601 # $2 <String> Fully Qualified Domain Name
602 # $3 <String> value for TXT record
603 # $4 <String> DNS plugin auth and config parameter separated by ","
604 # $5 <Integer> 0 is off, and the default all others are on.
608 dns_plugin_path
="${DNS_PLUGIN_PATH}/${dns_plugin}.sh"
609 fqdn
="_acme-challenge.$2"
611 IFS
= read -r txtvalue
612 plugin_conf_string
=$4
616 if ! .
"$dns_plugin_path"; then
617 _err
"Load file $dns_plugin error."
621 addcommand
="${dns_plugin}_add"
622 if ! _exists
"$addcommand"; then
623 _err
"It seems that your api file is not correct, it must have a function named: $addcommand"
627 if ! $addcommand "$fqdn" "$txtvalue"; then
628 _err
"Error add txt for domain:$fulldomain"
635 dns_plugin_path
="${DNS_PLUGIN_PATH}/${dns_plugin}.sh"
636 fqdn
="_acme-challenge.$2"
638 IFS
= read -r txtvalue
642 if ! .
"$dns_plugin_path"; then
643 _err
"Load file $dns_plugin error."
647 rmcommand
="${dns_plugin}_rm"
648 if ! _exists
"$rmcommand"; then
649 _err
"It seems that your api file is not correct, it must have a function named: $rmcommand"
653 if ! $rmcommand "$fqdn" "$txtvalue"; then
654 _err
"Error add txt for domain:$fulldomain"