128 lines
4.3 KiB
Bash
128 lines
4.3 KiB
Bash
#!/usr/bin/env sh
|
|
|
|
#Support Amazon SES api
|
|
|
|
#AWS_ACCESS_KEY_ID=""
|
|
#AWS_SECRET_ACCESS_KEY=""
|
|
#AWS_REGION=""
|
|
#AWS_SES_TO="xxxx@xxx.com"
|
|
#AWS_SES_FROM="xxxx@cccc.com"
|
|
|
|
ses_send() {
|
|
_subject="$1"
|
|
_content="$2"
|
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped
|
|
_debug "_statusCode" "$_statusCode"
|
|
|
|
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}"
|
|
if [ -z "$AWS_ACCESS_KEY_ID" ]; then
|
|
AWS_ACCESS_KEY_ID=""
|
|
_err "You didn't specify a amazon access key AWS_ACCESS_KEY_ID yet."
|
|
_err "See https://docs.aws.amazon.com/en_us/general/latest/gr/aws-sec-cred-types.html"
|
|
return 1
|
|
fi
|
|
_saveaccountconf_mutable AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID"
|
|
|
|
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}"
|
|
if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
|
|
AWS_SECRET_ACCESS_KEY=""
|
|
_err "You didn't specify a amazon secret key AWS_SECRET_ACCESS_KEY yet."
|
|
_err "See https://docs.aws.amazon.com/en_us/general/latest/gr/aws-sec-cred-types.html"
|
|
return 1
|
|
fi
|
|
_saveaccountconf_mutable AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY"
|
|
|
|
AWS_REGION="${AWS_REGION:-$(_readaccountconf_mutable AWS_REGION)}"
|
|
if [ -z "$AWS_REGION" ]; then
|
|
AWS_REGION=""
|
|
_err "You didn't specify the AWS_REGION."
|
|
return 1
|
|
fi
|
|
AWS_REGION="$(echo "$AWS_REGION" | _lower_case)"
|
|
_saveaccountconf_mutable AWS_REGION "$AWS_REGION"
|
|
|
|
AWS_SES_TO="${AWS_SES_TO:-$(_readaccountconf_mutable AWS_SES_TO)}"
|
|
if [ -z "$AWS_SES_TO" ]; then
|
|
AWS_SES_TO=""
|
|
_err "You didn't specify an email to AWS_SES_TO receive messages."
|
|
return 1
|
|
fi
|
|
_saveaccountconf_mutable AWS_SES_TO "$AWS_SES_TO"
|
|
|
|
AWS_SES_FROM="${AWS_SES_FROM:-$(_readaccountconf_mutable AWS_SES_FROM)}"
|
|
if [ -z "$AWS_SES_FROM" ]; then
|
|
AWS_SES_FROM=""
|
|
_err "You didn't specify an email to AWS_SES_FROM receive messages."
|
|
return 1
|
|
fi
|
|
_saveaccountconf_mutable AWS_SES_FROM "$AWS_SES_FROM"
|
|
|
|
_host="email.$AWS_REGION.amazonaws.com"
|
|
_endpoint="https://$_host"
|
|
_data="Action=SendEmail&Source=$(printf "%s" "$AWS_SES_FROM" | _url_encode)&Destination.ToAddresses.member.1=$(printf "%s" "$AWS_SES_TO" | _url_encode)&Message.Subject.Data=$(printf "%s" "$_subject" | _url_encode)&Message.Body.Text.Data=$(printf "%s" "$_content" | _url_encode)"
|
|
|
|
Service="ses"
|
|
Hash="sha256"
|
|
|
|
Algorithm="AWS4-HMAC-SHA256"
|
|
_debug2 Algorithm "$Algorithm"
|
|
|
|
RequestDate="$(date -u +"%Y%m%dT%H%M%SZ")"
|
|
RequestDateOnly="$(echo "$RequestDate" | cut -c 1-8)"
|
|
_debug2 RequestDateOnly "$RequestDateOnly"
|
|
|
|
CredentialScope="$RequestDateOnly/$AWS_REGION/$Service/aws4_request"
|
|
_debug2 StringToSign "$StringToSign"
|
|
|
|
CanonicalHeaders="host:$_host\nx-amz-date:$RequestDate\n"
|
|
_debug2 CanonicalHeaders "$CanonicalHeaders"
|
|
|
|
SignedHeaders="host;x-amz-date"
|
|
_debug2 SignedHeaders "$SignedHeaders"
|
|
|
|
CanonicalRequest="POST\n/\n\n$CanonicalHeaders\n$SignedHeaders\n$(printf "%s" "$_data" | _digest "$Hash" hex)"
|
|
_debug2 CanonicalRequest "$CanonicalRequest"
|
|
|
|
HashedCanonicalRequest="$(printf "$CanonicalRequest%s" | _digest "$Hash" hex)"
|
|
_debug2 HashedCanonicalRequest "$HashedCanonicalRequest"
|
|
|
|
StringToSign="$Algorithm\n$RequestDate\n$CredentialScope\n$HashedCanonicalRequest"
|
|
_debug2 StringToSign "$StringToSign"
|
|
|
|
kSecret="AWS4$AWS_SECRET_ACCESS_KEY"
|
|
|
|
kSecretH="$(printf "%s" "$kSecret" | _hex_dump | tr -d " ")"
|
|
_secure_debug2 kSecretH "$kSecretH"
|
|
|
|
kDateH="$(printf "$RequestDateOnly%s" | _hmac "$Hash" "$kSecretH" hex)"
|
|
_debug2 kDateH "$kDateH"
|
|
|
|
kRegionH="$(printf "$AWS_REGION%s" | _hmac "$Hash" "$kDateH" hex)"
|
|
_debug2 kRegionH "$kRegionH"
|
|
|
|
kServiceH="$(printf "$Service%s" | _hmac "$Hash" "$kRegionH" hex)"
|
|
_debug2 kServiceH "$kServiceH"
|
|
|
|
kSigningH="$(printf "%s" "aws4_request" | _hmac "$Hash" "$kServiceH" hex)"
|
|
_debug2 kSigningH "$kSigningH"
|
|
|
|
signature="$(printf "$StringToSign%s" | _hmac "$Hash" "$kSigningH" hex)"
|
|
_debug2 signature "$signature"
|
|
|
|
Authorization="$Algorithm Credential=$AWS_ACCESS_KEY_ID/$CredentialScope, SignedHeaders=$SignedHeaders, Signature=$signature"
|
|
_debug2 Authorization "$Authorization"
|
|
|
|
export _H1="x-amz-date: $RequestDate"
|
|
export _H2="Authorization: $Authorization"
|
|
|
|
response=$(_post "$_data" "$_endpoint")
|
|
if _contains "$response" "MessageId"; then
|
|
_debug "Amazon SES send success."
|
|
return 0
|
|
else
|
|
_err "Amazon SES send error"
|
|
_err "$response"
|
|
return 1
|
|
fi
|
|
}
|