mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-24 14:11:42 +00:00
feat: Mythic Beasts DNS API script
This commit is contained in:
parent
aa9f5b8c4a
commit
4dd709b543
230
dnsapi/dns_mythic_beasts.sh
Executable file
230
dnsapi/dns_mythic_beasts.sh
Executable file
@ -0,0 +1,230 @@
|
||||
#!/usr/bin/env sh
|
||||
# Mythic Beasts is a long-standing UK service provider using standards-based OAuth2 authentication
|
||||
# To test: ./acme.sh --dns dns_mythic_beasts --test --debug 1 --output-insecure --issue --domain domain.com
|
||||
# Cannot retest once cert is issued
|
||||
# OAuth2 tokens only valid for 300 seconds so we do not store
|
||||
# NOTE: This will remove all TXT records matching the fulldomain, not just the added ones (_acme-challenge.www.domain.com)
|
||||
|
||||
# Test OAuth2 credentials
|
||||
#MB_AK="aaaaaaaaaaaaaaaa"
|
||||
#MB_AS="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
|
||||
|
||||
# URLs
|
||||
MB_API='https://api.mythic-beasts.com/dns/v2/zones'
|
||||
MB_AUTH='https://auth.mythic-beasts.com/login'
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
dns_mythic_beasts_add() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
_info "MYTHIC BEASTS Adding record $fulldomain = $txtvalue"
|
||||
if ! _initAuth; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _get_root "$fulldomain"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
# method path body_data
|
||||
if _mb_rest POST "$_domain/records/$_sub_domain/TXT" "$txtvalue"; then
|
||||
|
||||
if _contains "$response" "1 records added"; then
|
||||
_info "Added, verifying..."
|
||||
# Max 120 seconds to publish
|
||||
for i in $(seq 1 6); do
|
||||
# Retry on error
|
||||
if ! _mb_rest GET "$_domain/records/$_sub_domain/TXT?verify"; then
|
||||
_sleep 20
|
||||
else
|
||||
_info "Record published!"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
|
||||
else
|
||||
_err "\n$response"
|
||||
fi
|
||||
|
||||
fi
|
||||
_err "Add txt record error."
|
||||
return 1
|
||||
}
|
||||
|
||||
#Usage: rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
dns_mythic_beasts_rm() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
_info "MYTHIC BEASTS Removing record $fulldomain = $txtvalue"
|
||||
if ! _initAuth; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _get_root "$fulldomain"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
# method path body_data
|
||||
if _mb_rest DELETE "$_domain/records/$_sub_domain/TXT" "$txtvalue"; then
|
||||
_info "Record removed"
|
||||
return 0
|
||||
fi
|
||||
_err "Remove txt record error."
|
||||
return 1
|
||||
}
|
||||
|
||||
#################### Private functions below ##################################
|
||||
|
||||
#Possible formats:
|
||||
# _acme-challenge.www.example.com
|
||||
# _acme-challenge.example.com
|
||||
# _acme-challenge.example.co.uk
|
||||
# _acme-challenge.www.example.co.uk
|
||||
# _acme-challenge.sub1.sub2.www.example.co.uk
|
||||
# sub1.sub2.example.co.uk
|
||||
# example.com
|
||||
# example.co.uk
|
||||
#returns
|
||||
# _sub_domain=_acme-challenge.www
|
||||
# _domain=domain.com
|
||||
_get_root() {
|
||||
domain=$1
|
||||
i=1
|
||||
p=1
|
||||
|
||||
_debug "Detect the root zone"
|
||||
while true; do
|
||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||
if [ -z "$h" ]; then
|
||||
_err "Domain exhausted"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Use the status errors to find the domain, continue on 403 Access denied
|
||||
# method path body_data
|
||||
_mb_rest GET "$h/records"
|
||||
ret="$?"
|
||||
if [ "$ret" -eq 0 ]; then
|
||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||
_domain="$h"
|
||||
_debug _sub_domain "$_sub_domain"
|
||||
_debug _domain "$_domain"
|
||||
return 0
|
||||
elif [ "$ret" -eq 1 ]; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
p=$i
|
||||
i=$(_math "$i" + 1)
|
||||
|
||||
if [ "$i" -gt 50 ]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
_err "Domain too long"
|
||||
return 1
|
||||
}
|
||||
|
||||
_initAuth() {
|
||||
MB_AK="${MB_AK:-$(_readaccountconf_mutable MB_AK)}"
|
||||
MB_AS="${MB_AS:-$(_readaccountconf_mutable MB_AS)}"
|
||||
|
||||
if [ -z "$MB_AK" ] || [ -z "$MB_AS" ]; then
|
||||
MB_AK=""
|
||||
MB_AS=""
|
||||
_err "Please specify an OAuth2 Key & Secret"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_saveaccountconf_mutable MB_AK "$MB_AK"
|
||||
_saveaccountconf_mutable MB_AS "$MB_AS"
|
||||
|
||||
if ! _oauth2; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
_info "Checking authentication"
|
||||
_secure_debug access_token "$MB_TK"
|
||||
_sleep 1
|
||||
|
||||
# GET a list of zones
|
||||
# method path body_data
|
||||
if ! _mb_rest GET ""; then
|
||||
_err "The token is invalid"
|
||||
return 1
|
||||
fi
|
||||
_info "Token OK"
|
||||
return 0
|
||||
}
|
||||
|
||||
_oauth2() {
|
||||
# HTTP Basic Authentication
|
||||
_H1="Authorization: Basic $(echo "$MB_AK:$MB_AS" | _base64)"
|
||||
_H2="Accepts: application/json"
|
||||
export _H1 _H2
|
||||
body="grant_type=client_credentials"
|
||||
|
||||
_info "Getting OAuth2 token..."
|
||||
# body url [needbase64] [POST|PUT|DELETE] [ContentType]
|
||||
response="$(_post "$body" "$MB_AUTH" "" "POST" "application/x-www-form-urlencoded")"
|
||||
if _contains "$response" "\"token_type\":\"bearer\""; then
|
||||
MB_TK="$(echo "$response" | _egrep_o "access_token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')"
|
||||
if [ -z "$MB_TK" ]; then
|
||||
_err "Unable to get access_token"
|
||||
_err "\n$response"
|
||||
return 1
|
||||
fi
|
||||
else
|
||||
_err "OAuth2 token_type not Bearer"
|
||||
_err "\n$response"
|
||||
return 1
|
||||
fi
|
||||
_debug2 response "$response"
|
||||
return 0
|
||||
}
|
||||
|
||||
# method path body_data
|
||||
_mb_rest() {
|
||||
# URL encoded body for single API operations
|
||||
m="$1"
|
||||
ep="$2"
|
||||
data="$3"
|
||||
|
||||
if [ -z "$ep" ]; then
|
||||
_mb_url="$MB_API"
|
||||
else
|
||||
_mb_url="$MB_API/$ep"
|
||||
fi
|
||||
|
||||
_H1="Authorization: Bearer $MB_TK"
|
||||
_H2="Accepts: application/json"
|
||||
export _H1 _H2
|
||||
if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] || [ "$m" = "DELETE" ]; then
|
||||
# body url [needbase64] [POST|PUT|DELETE] [ContentType]
|
||||
response="$(_post "data=$data" "$_mb_url" "" "$m" "application/x-www-form-urlencoded")"
|
||||
else
|
||||
response="$(_get "$_mb_url")"
|
||||
fi
|
||||
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "Request error"
|
||||
return 1
|
||||
fi
|
||||
|
||||
header="$(cat "$HTTP_HEADER")"
|
||||
status="$(echo "$header" | _egrep_o "^HTTP[^ ]* .*$" | cut -d " " -f 2-100 | tr -d "\f\n")"
|
||||
code="$(echo "$status" | _egrep_o "^[0-9]*")"
|
||||
if [ "$code" -ge 400 ] || _contains "$response" "\"error\"" || _contains "$response" "invalid_client"; then
|
||||
_err "error $status"
|
||||
_err "\n$response"
|
||||
_debug "\n$header"
|
||||
return 2
|
||||
fi
|
||||
|
||||
_debug2 response "$response"
|
||||
return 0
|
||||
}
|
Loading…
Reference in New Issue
Block a user