Test original implementation by trgosk

dnsapi/dns_websupport.sh

@@ -0,0 +1,208 @@
+#!/usr/bin/env sh
+
+#This is the websupport.sk api wrapper for acme.sh
+#
+#Author: trgo.sk
+#Report Bugs here: https://github.com/trgosk/acme.sh
+
+#WS_ApiKey="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+#WS_ApiSecret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
+WS_Api="https://rest.websupport.sk"
+
+########  Public functions #####################
+
+#Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_websupport_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  WS_ApiKey="${WS_ApiKey:-$(_readaccountconf_mutable WS_ApiKey)}"
+  WS_ApiSecret="${WS_ApiSecret:-$(_readaccountconf_mutable WS_ApiSecret)}"
+
+  if [ "$WS_ApiKey" ] && [ "$WS_ApiSecret" ]; then
+    _saveaccountconf_mutable WS_ApiKey "$WS_ApiKey"
+    _saveaccountconf_mutable WS_ApiSecret "$WS_ApiSecret"
+  else
+    WS_ApiKey=""
+    WS_ApiSecret=""
+    _err "You didn't specify a api key and/or api secret yet."
+    _err "You can get yours from here https://admin.websupport.sk/en/auth/apiKey"
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
+  # we can not use updating anymore.
+  #  count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
+  #  _debug count "$count"
+  #  if [ "$count" = "0" ]; then
+  _info "Adding record"
+  if _ws_rest POST "/v1/user/self/zone/$_domain/record" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
+    if _contains "$response" "$txtvalue"; then
+      _info "Added, OK"
+      return 0
+    elif _contains "$response" "The record already exists"; then
+      _info "Already exists, OK"
+      return 0
+    else
+      _err "Add txt record error."
+      return 1
+    fi
+  fi
+  _err "Add txt record error."
+  return 1
+
+}
+
+#fulldomain txtvalue
+dns_websupport_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _debug2 fulldomain "$fulldomain"
+  _debug2 txtvalue "$txtvalue"
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _debug "Getting txt records"
+  _ws_rest GET "/v1/user/self/zone/$_domain/record"
+
+  if [ "$(printf "%s" "$response" | tr -d " " | grep -c \"items\")" -lt "1" ]; then
+    _err "Error: $response"
+    return 1
+  fi
+
+  record_line="$(_get_from_array "$response" "$txtvalue")"
+  _debug record_line "$record_line"
+  if [ -z "$record_line" ]; then
+    _info "Don't need to remove."
+  else
+    record_id=$(echo "$record_line" | _egrep_o "\"id\": *[^,]*" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ")
+    _debug "record_id" "$record_id"
+    if [ -z "$record_id" ]; then
+      _err "Can not get record id to remove."
+      return 1
+    fi
+    if ! _ws_rest DELETE "/v1/user/self/zone/$_domain/record/$record_id"; then
+      _err "Delete record error."
+      return 1
+    fi
+    if [ "$(printf "%s" "$response" | tr -d " " | grep -c \"success\")" -lt "1" ]; then
+      return 1
+    else
+      return 0
+    fi
+  fi
+
+}
+
+####################  Private functions below ##################################
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+_get_root() {
+  domain=$1
+  i=1
+  p=1
+
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    _debug h "$h"
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+
+    if ! _ws_rest GET "/v1/user/self/zone"; then
+      return 1
+    fi
+
+    if _contains "$response" "\"name\":\"$h\""; then
+      _domain_id=$(echo "$response" | _egrep_o "\[.\"id\": *[^,]*" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ")
+      if [ "$_domain_id" ]; then
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _domain=$h
+        return 0
+      fi
+      return 1
+    fi
+    p=$i
+    i=$(_math "$i" + 1)
+  done
+  return 1
+}
+
+_ws_rest() {
+  me=$1
+  pa="$2"
+  da="$3"
+
+  _debug2 api_key "$WS_ApiKey"
+  _debug2 api_secret "$WS_ApiSecret"
+
+  timestamp="$(date +%s)"
+  datez=$(date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || date -u -d@"$timestamp" +%Y-%m-%dT%H:%M:%S%z)
+  canonical_request="${me} ${pa} ${timestamp}"
+  alg="sha1"
+  signature_hash=$( (printf "%s" "$canonical_request" | ${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -mac HMAC -macopt "key:$WS_ApiSecret" 2>/dev/null || printf "%s" "$canonical_request" | ${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -hmac "$(printf "%s" "$WS_ApiSecret" | _h2b)") | cut -d = -f 2 | tr -d ' ')
+  basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)"
+
+  _debug2 method "$me"
+  _debug2 path "$pa"
+  _debug2 data "$da"
+  _debug2 timestamp "$timestamp"
+  _debug2 datez "$datez"
+  _debug2 canonical_request "$canonical_request"
+  _debug2 alg "$alg"
+  _debug2 signature_hash "$signature_hash"
+  _debug2 basicauth "$basicauth"
+
+  export _H1="Accept: application/json"
+  export _H2="Content-Type: application/json"
+  export _H3="Authorization: Basic ${basicauth}"
+  export _H4="Date: ${datez}"
+
+  _debug2 H1 "$_H1"
+  _debug2 H2 "$_H2"
+  _debug2 H3 "$_H3"
+  _debug2 H4 "$_H4"
+
+  if [ "$me" != "GET" ]; then
+    _debug2 "${me} $WS_Api${pa}"
+    _debug data "$da"
+    response="$(_post "$da" "${WS_Api}${pa}" "" "$me")"
+  else
+    _debug2 "GET $WS_Api${pa}"
+    response="$(_get "$WS_Api${pa}")"
+  fi
+
+  _debug2 response "$response"
+  return "$?"
+}
+
+_get_from_array() {
+  va="$1"
+  fi="$2"
+  for i in $(echo "$va" | sed "s/{/ /g"); do
+    if _contains "$i" "$fi"; then
+      echo "$i"
+      break
+    fi
+  done
+}