Merge branch 'dev' into master

2019-03-12 11:59:13 +01:00 · 2019-03-12 11:59:13 +01:00 · 88c6621cfe
parent 78c92642e4 53c0188248
commit 88c6621cfe
4 changed files with 207 additions and 18 deletions
--- a/README.md
+++ b/README.md
@ -358,6 +358,7 @@ You don't have to do anything manually!
 1. Rackspace Cloud DNS (https://www.rackspace.com)
 1. Online.net API (https://online.net/)
 1. MyDevil.net (https://www.mydevil.net/)
+1. Core-Networks.de (https://core-networks.de)
 1. NederHost API (https://www.nederhost.nl/)

 And:
--- a/acme.sh
+++ b/acme.sh
@ -66,6 +66,9 @@ END_CERT="-----END CERTIFICATE-----"
 CONTENT_TYPE_JSON="application/jose+json"
 RENEW_SKIP=2

+B64CONF_START="__ACME_BASE64__START_"
+B64CONF_END="__ACME_BASE64__END_"
+
 ECC_SEP="_"
 ECC_SUFFIX="${ECC_SEP}ecc"

@ -1964,12 +1967,16 @@ _setopt() {
  _debug3 "$(grep -n "^$__opt$__sep" "$__conf")"
 }

-#_save_conf  file key  value
+#_save_conf  file key  value base64encode
 #save to conf
 _save_conf() {
  _s_c_f="$1"
  _sdkey="$2"
  _sdvalue="$3"
+  _b64encode="$4"
+  if [ "$_sdvalue" ] && [ "$_b64encode" ]; then
+    _sdvalue="${B64CONF_START}$(printf "%s" "${_sdvalue}" | _base64)${B64CONF_END}"
+  fi
  if [ "$_s_c_f" ]; then
    _setopt "$_s_c_f" "$_sdkey" "=" "'$_sdvalue'"
  else
@ -1994,19 +2001,20 @@ _read_conf() {
  _r_c_f="$1"
  _sdkey="$2"
  if [ -f "$_r_c_f" ]; then
-    (
-      eval "$(grep "^$_sdkey *=" "$_r_c_f")"
-      eval "printf \"%s\" \"\$$_sdkey\""
-    )
+    _sdv="$(grep "^$_sdkey *=" "$_r_c_f" | cut -d = -f 2-1000 | tr -d "'")"
+    if _startswith "$_sdv" "${B64CONF_START}" && _endswith "$_sdv" "${B64CONF_END}"; then
+      _sdv="$(echo "$_sdv" | sed "s/${B64CONF_START}//" | sed "s/${B64CONF_END}//" | _dbase64)"
+    fi
+    printf "%s" "$_sdv"
  else
    _debug "config file is empty, can not read $_sdkey"
  fi
 }

-#_savedomainconf   key  value
+#_savedomainconf   key  value  base64encode
 #save to domain.conf
 _savedomainconf() {
-  _save_conf "$DOMAIN_CONF" "$1" "$2"
+  _save_conf "$DOMAIN_CONF" "$@"
 }

 #_cleardomainconf   key
@ -2019,14 +2027,14 @@ _readdomainconf() {
  _read_conf "$DOMAIN_CONF" "$1"
 }

-#_saveaccountconf  key  value
+#_saveaccountconf  key  value  base64encode
 _saveaccountconf() {
-  _save_conf "$ACCOUNT_CONF_PATH" "$1" "$2"
+  _save_conf "$ACCOUNT_CONF_PATH" "$@"
 }

-#key  value
+#key  value base64encode
 _saveaccountconf_mutable() {
-  _save_conf "$ACCOUNT_CONF_PATH" "SAVED_$1" "$2"
+  _save_conf "$ACCOUNT_CONF_PATH" "SAVED_$1" "$2" "$3"
  #remove later
  _clearaccountconf "$1"
 }
@ -3642,9 +3650,9 @@ issue() {
  _savedomainconf "Le_Alt" "$_alt_domains"
  _savedomainconf "Le_Webroot" "$_web_roots"

-  _savedomainconf "Le_PreHook" "$_pre_hook"
-  _savedomainconf "Le_PostHook" "$_post_hook"
-  _savedomainconf "Le_RenewHook" "$_renew_hook"
+  _savedomainconf "Le_PreHook" "$_pre_hook" "base64"
+  _savedomainconf "Le_PostHook" "$_post_hook" "base64"
+  _savedomainconf "Le_RenewHook" "$_renew_hook" "base64"

  if [ "$_local_addr" ]; then
    _savedomainconf "Le_LocalAddress" "$_local_addr"
@ -4242,7 +4250,7 @@ $_authorizations_map"

    _link_cert_retry=0
    _MAX_CERT_RETRY=5
-    while [ -z "$Le_LinkCert" ] && [ "$_link_cert_retry" -lt "$_MAX_CERT_RETRY" ]; do
+    while [ "$_link_cert_retry" -lt "$_MAX_CERT_RETRY" ]; do
      if _contains "$response" "\"status\":\"valid\""; then
        _debug "Order status is valid."
        Le_LinkCert="$(echo "$response" | tr -d '\r\n' | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)"
@ -4455,7 +4463,7 @@ $_authorizations_map"
    _savedomainconf "Le_RealCertPath" "$_real_cert"
    _savedomainconf "Le_RealCACertPath" "$_real_ca"
    _savedomainconf "Le_RealKeyPath" "$_real_key"
-    _savedomainconf "Le_ReloadCmd" "$_reload_cmd"
+    _savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
    _savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
    if ! _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"; then
      return 1
@ -4522,6 +4530,10 @@ renew() {
  fi

  IS_RENEW="1"
+  Le_ReloadCmd="$(_readdomainconf Le_ReloadCmd)"
+  Le_PreHook="$(_readdomainconf Le_PreHook)"
+  Le_PostHook="$(_readdomainconf Le_PostHook)"
+  Le_RenewHook="$(_readdomainconf Le_RenewHook)"
  issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias"
  res="$?"
  if [ "$res" != "0" ]; then
@ -4802,7 +4814,7 @@ installcert() {
  _savedomainconf "Le_RealCertPath" "$_real_cert"
  _savedomainconf "Le_RealCACertPath" "$_real_ca"
  _savedomainconf "Le_RealKeyPath" "$_real_key"
-  _savedomainconf "Le_ReloadCmd" "$_reload_cmd"
+  _savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
  _savedomainconf "Le_RealFullChainPath" "$_real_fullchain"

  _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"
--- a/dnsapi/README.md
+++ b/dnsapi/README.md
@ -1279,7 +1279,24 @@ acme.sh --issue --dns dns_mydevil -d example.com -d *.example.com

 After certificate is ready, you can install it with [deploy command](../deploy/README.md#14-deploy-your-cert-on-mydevilnet).

-## 67. Use NederHost API
+## 67. Use Core-Networks API to automatically issue cert
+
+First you need to login to your Core-Networks account to to set up an API-User.
+Then export username and password to use these credentials.
+
+```
+export CN_User="user"
+export CN_Password="passowrd"
+```
+
+Ok, let's issue a cert now:
+```
+acme.sh --issue --dns dns_cn -d example.com -d www.example.com
+```
+
+The `CN_User` and `CN_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
+
+## 68. Use NederHost API

 Create an API token in Mijn NederHost.

@ -1314,3 +1331,5 @@ See:  https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
 # Use lexicon DNS API

 https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
+
+
--- a/dnsapi/dns_cn.sh
+++ b/dnsapi/dns_cn.sh
@ -0,0 +1,157 @@
+#!/usr/bin/env sh
+
+# DNS API for acme.sh for Core-Networks (https://beta.api.core-networks.de/doc/).
+# created by 5ll and francis
+
+CN_API="https://beta.api.core-networks.de"
+
+########  Public functions  #####################
+
+dns_cn_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  if ! _cn_login; then
+    _err "login failed"
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _cn_get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _debug "_sub_domain $_sub_domain"
+  _debug "_domain $_domain"
+
+  _info "Adding record"
+  curData="{\"name\":\"$_sub_domain\",\"ttl\":120,\"type\":\"TXT\",\"data\":\"$txtvalue\"}"
+  curResult="$(_post "${curData}" "${CN_API}/dnszones/${_domain}/records/")"
+
+  _debug "curData $curData"
+  _debug "curResult $curResult"
+
+  if _contains "$curResult" ""; then
+    _info "Added, OK"
+
+    if ! _cn_commit; then
+      _err "commiting changes failed"
+      return 1
+    fi
+    return 0
+
+  else
+    _err "Add txt record error."
+    _debug "curData is $curData"
+    _debug "curResult is $curResult"
+    _err "error adding text record, response was $curResult"
+    return 1
+  fi
+}
+
+dns_cn_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  if ! _cn_login; then
+    _err "login failed"
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _cn_get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _info "Deleting record"
+  curData="{\"name\":\"$_sub_domain\",\"data\":\"$txtvalue\"}"
+  curResult="$(_post "${curData}" "${CN_API}/dnszones/${_domain}/records/delete")"
+  _debug curData is "$curData"
+
+  _info "commiting changes"
+  if ! _cn_commit; then
+    _err "commiting changes failed"
+    return 1
+  fi
+
+  _info "Deletet txt record"
+  return 0
+}
+
+###################  Private functions below  ##################################
+_cn_login() {
+  CN_User="${CN_User:-$(_readaccountconf_mutable CN_User)}"
+  CN_Password="${CN_Password:-$(_readaccountconf_mutable CN_Password)}"
+  if [ -z "$CN_User" ] || [ -z "$CN_Password" ]; then
+    CN_User=""
+    CN_Password=""
+    _err "You must export variables: CN_User and CN_Password"
+    return 1
+  fi
+
+  #save the config variables to the account conf file.
+  _saveaccountconf_mutable CN_User "$CN_User"
+  _saveaccountconf_mutable CN_Password "$CN_Password"
+
+  _info "Getting an AUTH-Token"
+  curData="{\"login\":\"${CN_User}\",\"password\":\"${CN_Password}\"}"
+  curResult="$(_post "${curData}" "${CN_API}/auth/token")"
+  _debug "Calling _CN_login: '${curData}' '${CN_API}/auth/token'"
+
+  if _contains "${curResult}" '"token":"'; then
+    authToken=$(echo "${curResult}" | cut -d ":" -f2 | cut -d "," -f1 | sed 's/^.\(.*\).$/\1/')
+    export _H1="Authorization: Bearer $authToken"
+    _info "Successfully acquired AUTH-Token"
+    _debug "AUTH-Token: '${authToken}'"
+    _debug "_H1 '${_H1}'"
+  else
+    _err "Couldn't acquire an AUTH-Token"
+    return 1
+  fi
+}
+
+# Commit changes
+_cn_commit() {
+  _info "Commiting changes"
+  _post "" "${CN_API}/dnszones/$h/records/commit"
+}
+
+_cn_get_root() {
+  domain=$1
+  i=2
+  p=1
+  while true; do
+
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    _debug h "$h"
+    _debug _H1 "${_H1}"
+
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+
+    _cn_zonelist="$(_get ${CN_API}/dnszones/)"
+    _debug _cn_zonelist "${_cn_zonelist}"
+
+    if [ "$?" != "0" ]; then
+      _err "something went wrong while getting the zone list"
+      return 1
+    fi
+
+    if _contains "$_cn_zonelist" "\"name\":\"$h\"" >/dev/null; then
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _domain=$h
+      return 0
+    else
+      _debug "Zonelist does not contain domain - iterating "
+    fi
+    p=$i
+    i=$(_math "$i" + 1)
+
+  done
+  _err "Zonelist does not contain domain - exiting"
+  return 1
+}