ervin/acme.sh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge 10240eb9f0 into 2d4b900e33

Browse Source
This commit is contained in:
Yang Liu 2024-03-19 11:54:19 -03:00 committed by GitHub
commit 9fc6227a16
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 63 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
dnsapi/dns_ali.sh
View File

@ -5,13 +5,18 @@ Ali_API="https://alidns.aliyuncs.com/"
#Ali_Key="LTqIA87hOKdjevsf5" #Ali_Key="LTqIA87hOKdjevsf5"
#Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2" #Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2"
#Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" #Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_ali_add() { dns_ali_add() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}" Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}" Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then
_use_instance_role
fi
if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then
Ali_Key="" Ali_Key=""
Ali_Secret="" Ali_Secret=""
@ -20,8 +25,10 @@ dns_ali_add() {
fi fi
#save the api key and secret to the account conf file. #save the api key and secret to the account conf file.
_saveaccountconf_mutable Ali_Key "$Ali_Key" if [ -z "$_using_role" ]; then
_saveaccountconf_mutable Ali_Secret "$Ali_Secret" _saveaccountconf_mutable Ali_Key "$Ali_Key"
_saveaccountconf_mutable Ali_Secret "$Ali_Secret"
fi
_debug "First detect the root zone" _debug "First detect the root zone"
if ! _get_root "$fulldomain"; then if ! _get_root "$fulldomain"; then
@ -77,6 +84,47 @@ _get_root() {
return 1 return 1
} }
_use_instance_role() {
_url="http://100.100.100.200/latest/meta-data/ram/security-credentials/"
_debug "_url" "$_url"
# **Do Not** set the parameter `onlyheadr` for _get, it will
# send a HEAD request instead of GET. And alicloud
# mata url not allow HEAD request.
if _get "$_url" "" 1 | grep '404 - Not Found' >/dev/null; then
_debug "Unable to fetch RAM role from instance metadata"
return 1
fi
_ali_instance_role=$(_get "$_url" "" 1)
_debug "_ali_instance_role" "_ali_instance_role"
_ali_creds="$(
_get "$_url$_ali_instance_role" "" 1 |
_normalizeJson |
tr '{,}' '\n' |
while read -r _line; do
_key="$(echo "${_line%%:*}" | tr -d '"')"
_value="${_line#*:}"
_debug3 "_key" "$_key"
_secure_debug3 "_value" "$_value"
case "$_key" in
AccessKeyId) echo "Ali_Key=$_value" ;;
AccessKeySecret) echo "Ali_Secret=$_value" ;;
SecurityToken) echo "ALICLOUD_SECURITY_TOKEN=$_value" ;;
esac
done |
paste -sd' ' -
)"
_secure_debug "_ali_creds" "$_ali_creds"
if [ -z "$_ali_creds" ]; then
return 1
fi
eval "$_ali_creds"
_using_role=true
}
_ali_rest() { _ali_rest() {
signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64) signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64)
signature=$(_ali_urlencode "$signature") signature=$(_ali_urlencode "$signature")
@ -129,6 +177,9 @@ _check_exist_query() {
query=$query'&DomainName='$_qdomain query=$query'&DomainName='$_qdomain
query=$query'&Format=json' query=$query'&Format=json'
query=$query'&RRKeyWord='$_qsubdomain query=$query'&RRKeyWord='$_qsubdomain
if [ -n "$ALICLOUD_SECURITY_TOKEN" ]; then
query=$query'&SecurityToken='$(_ali_urlencode "$ALICLOUD_SECURITY_TOKEN")
fi
query=$query'&SignatureMethod=HMAC-SHA1' query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)" query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0' query=$query'&SignatureVersion=1.0'
@ -144,6 +195,9 @@ _add_record_query() {
query=$query'&DomainName='$1 query=$query'&DomainName='$1
query=$query'&Format=json' query=$query'&Format=json'
query=$query'&RR='$2 query=$query'&RR='$2
if [ -n "$ALICLOUD_SECURITY_TOKEN" ]; then
query=$query'&SecurityToken='$(_ali_urlencode "$ALICLOUD_SECURITY_TOKEN")
fi
query=$query'&SignatureMethod=HMAC-SHA1' query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)" query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0' query=$query'&SignatureVersion=1.0'
@ -159,6 +213,9 @@ _delete_record_query() {
query=$query'&Action=DeleteDomainRecord' query=$query'&Action=DeleteDomainRecord'
query=$query'&Format=json' query=$query'&Format=json'
query=$query'&RecordId='$1 query=$query'&RecordId='$1
if [ -n "$ALICLOUD_SECURITY_TOKEN" ]; then
query=$query'&SecurityToken='$(_ali_urlencode "$ALICLOUD_SECURITY_TOKEN")
fi
query=$query'&SignatureMethod=HMAC-SHA1' query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)" query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0' query=$query'&SignatureVersion=1.0'
@ -172,6 +229,9 @@ _describe_records_query() {
query=$query'&Action=DescribeDomainRecords' query=$query'&Action=DescribeDomainRecords'
query=$query'&DomainName='$1 query=$query'&DomainName='$1
query=$query'&Format=json' query=$query'&Format=json'
if [ -n "$ALICLOUD_SECURITY_TOKEN" ]; then
query=$query'&SecurityToken='$(_ali_urlencode "$ALICLOUD_SECURITY_TOKEN")
fi
query=$query'&SignatureMethod=HMAC-SHA1' query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)" query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0' query=$query'&SignatureVersion=1.0'