]>
git.proxmox.com Git - proxmox-acme.git/blob - src/proxmox-acme
ff9fec863a3dc1f4e8a3145b4ea9137bea942451
5 PROJECT_NAME
="ProxmoxACME"
7 USER_AGENT
="$PROJECT_NAME/$VER"
9 DNS_PLUGIN_PATH
="/usr/share/proxmox-acme/dnsapi"
10 HTTP_HEADER
="$(mktemp)"
13 openssl base64
-e |
tr -d '\r\n'
20 # Usage: hashalg [outputhex]
21 # Output Base64-encoded digest
25 if [ "$alg" = "sha256" ] ||
[ "$alg" = "sha1" ] ||
[ "$alg" = "md5" ]; then
27 openssl dgst
-"$alg" -hex | cut
-d = -f 2 |
tr -d ' '
29 openssl dgst
-"$alg" -binary | _base64
35 # shellcheck disable=SC2018,SC2019
40 # shellcheck disable=SC2018,SC2019
47 echo "$_str" |
grep "^$_sub" >/dev
/null
2>&1
53 echo "$_str" |
grep -- "$_sub\$" >/dev
/null
2>&1
59 echo "$_str" |
grep -- "$_sub" >/dev
/null
2>&1
68 if [ -z "$_sep" ]; then
73 while [ "$_ffi" -gt "0" ]; do
74 _fv
="$(echo "$_str" | cut -d "$_sep" -f "$_ffi")"
79 _ffi
="$(_math "$_ffi" - 1)"
82 printf -- "%s" "$_str"
88 if eval type type >/dev
/null
2>&1; then
89 type "$cmd" >/dev
/null
2>&1
91 command -v "$cmd" >/dev
/null
2>&1
100 printf "%s" "$(($_m_opts))"
104 if ! egrep -o "$1" 2>/dev
/null
; then
105 sed -n 's/.*\('"$1"'\).*/\1/p'
109 # body url [needbase64] [POST|PUT|DELETE] [ContentType]
115 _postContentType
="$5"
117 if [ -z "$httpmethod" ]; then
121 _CURL
="curl -L --silent --dump-header $HTTP_HEADER -g "
122 if [ "$HTTPS_INSECURE" ]; then
123 _CURL
="$_CURL --insecure "
125 if [ "$httpmethod" = "HEAD" ]; then
128 if [ "$needbase64" ]; then
130 if [ "$_postContentType" ]; then
131 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type
: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)"
133 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)"
136 if [ "$_postContentType" ]; then
137 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type
: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url" | _base64)"
139 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url" | _base64)"
144 if [ "$_postContentType" ]; then
145 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type
: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")"
147 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")"
150 if [ "$_postContentType" ]; then
151 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type
: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url")"
153 response
="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$_post_url")"
158 if [ "$_ret" != "0" ]; then
159 _err
"Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret"
161 printf "%s" "$response"
165 # url getheader timeout
171 _CURL
="curl -L --silent --dump-header $HTTP_HEADER -g "
172 if [ "$HTTPS_INSECURE" ]; then
173 _CURL
="$_CURL --insecure "
176 _CURL
="$_CURL --connect-timeout $t"
178 if [ "$onlyheader" ]; then
179 $_CURL -I --user-agent "USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url"
181 $_CURL --user-agent "USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url"
184 if [ "$ret" != "0" ]; then
185 _err
"Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret"
198 # stdin output hexstr splited by one space
200 # output: " 61 62 63"
202 od -A n
-v -t x1 |
tr -s " " |
sed 's/ $//' |
tr -d "\r\t\n"
207 _hex_str
=$
(_hex_dump
)
208 for _hex_code
in $_hex_str; do
210 case "${_hex_code}" in
416 printf '%%%s' "$_hex_code"
422 # Usage: hashalg secret_hex [outputhex]
429 if [ "$alg" = "sha256" ] ||
[ "$alg" = "sha1" ]; then
430 if [ "$outputhex" ]; then
431 (openssl dgst
-"$alg" -mac HMAC
-macopt "hexkey:$secret_hex" 2>/dev
/null || openssl dgst
-"$alg" -hmac "$(printf "%s
" "$secret_hex" | _h2b)") | cut
-d = -f 2 |
tr -d ' '
433 openssl dgst
-"$alg" -mac HMAC
-macopt "hexkey:$secret_hex" -binary 2>/dev
/null || openssl dgst
-"$alg" -hmac "$(printf "%s
" "$secret_hex" | _h2b)" -binary
441 _idn_temp
=$
(printf "%s" "$_is_idn_d" |
tr -d '0-9' |
tr -d 'a-z' |
tr -d 'A-Z' |
tr -d '*.,-_')
448 if ! _is_idn
"$__idn_d"; then
449 printf "%s" "$__idn_d"
454 idn
"$__idn_d" |
tr -d "\r\n"
456 _err
"Please install idn to process IDN names."
461 sed "s/\" *: *\([\"{\[]\)/\":\1/g" |
sed "s/^ *\([^ ]\)/\1/" |
tr -d "\r\n"
475 stat
-c '%U:%G' "$1" 2>/dev
/null
483 date -u "+%Y-%m-%d %H:%M:%S"
500 printf -- "%s" "[$(date)] " >&1
505 printf -- "%s" "[$(date)] " >&2
521 _readaccountconf_mutable
() {
522 _readaccountconf
"$1"
526 _clearaccountconf
() {
562 _saveaccountconf_mutable
() {
574 _source_plugin_config
() {
578 # Proxmox implementation to inject the DNSAPI variables
579 _load_plugin_config
() {
580 tmp_str
="${plugin_conf_string//[^,]}"
581 index
="$(_math ${#tmp_str} + 1)"
582 while [ "$index" -gt "0" ]
584 field
=$
(_getfield
$plugin_conf_string "$index" ",")
589 # decode base64 encoded values
590 value
=$
(echo $value |
/usr
/bin
/openssl base64
-d -A)
592 # acme.sh uses eval insted of export
593 export "$key"="$value"
594 index
="$(_math "$index" - 1)"
598 # call setup and teardown direct
599 # the parameter must be set in the correct order
600 # $1 <String> DNS Plugin name
601 # $2 <String> Fully Qualified Domain Name
602 # $3 <String> value for TXT record
603 # $4 <String> DNS plugin auth and config parameter separated by ","
607 dns_plugin_path
="${DNS_PLUGIN_PATH}/${dns_plugin}.sh"
608 fqdn
="_acme-challenge.$2"
610 plugin_conf_string
=$4
614 if ! .
"$dns_plugin_path"; then
615 _err
"Load file $dns_plugin error."
619 addcommand
="${dns_plugin}_add"
620 if ! _exists
"$addcommand"; then
621 _err
"It seems that your api file is not correct, it must have a function named: $addcommand"
625 if ! $addcommand "$fqdn" "$txtvalue"; then
626 _err
"Error add txt for domain:$fulldomain"
633 dns_plugin_path
="${DNS_PLUGIN_PATH}/${dns_plugin}.sh"
634 fqdn
="_acme-challenge.$2"
636 plugin_conf_string
=$4
640 if ! .
"$dns_plugin_path"; then
641 _err
"Load file $dns_plugin error."
645 rmcommand
="${dns_plugin}_rm"
646 if ! _exists
"$rmcommand"; then
647 _err
"It seems that your api file is not correct, it must have a function named: $rmcommand"
651 if ! $rmcommand "$fqdn" "$txtvalue"; then
652 _err
"Error add txt for domain:$fulldomain"