Merge branch 'dev' into feature/dns-openprovider

dnsapi/README.md

@@ -1279,7 +1279,24 @@ acme.sh --issue --dns dns_mydevil -d example.com -d *.example.com
 
 After certificate is ready, you can install it with [deploy command](../deploy/README.md#14-deploy-your-cert-on-mydevilnet).
 
-## 67. Use OpenProvider API
+## 67. Use Core-Networks API to automatically issue cert
+
+First you need to login to your Core-Networks account to to set up an API-User.
+Then export username and password to use these credentials.
+
+```
+export CN_User="user"
+export CN_Password="passowrd"
+```
+
+Ok, let's issue a cert now:
+```
+acme.sh --issue --dns dns_cn -d example.com -d www.example.com
+```
+
+The `CN_User` and `CN_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
+
+## 68. Use OpenProvider API
 
 First, you need to enable API access and retrieve your password hash on https://rcp.openprovider.eu/account/dashboard.php
 
@@ -1317,3 +1334,5 @@ See:  https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
 # Use lexicon DNS API
 
 https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
+
+

dnsapi/dns_cn.sh

@@ -0,0 +1,157 @@
+#!/usr/bin/env sh
+
+# DNS API for acme.sh for Core-Networks (https://beta.api.core-networks.de/doc/).
+# created by 5ll and francis
+
+CN_API="https://beta.api.core-networks.de"
+
+########  Public functions  #####################
+
+dns_cn_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  if ! _cn_login; then
+    _err "login failed"
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _cn_get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _debug "_sub_domain $_sub_domain"
+  _debug "_domain $_domain"
+
+  _info "Adding record"
+  curData="{\"name\":\"$_sub_domain\",\"ttl\":120,\"type\":\"TXT\",\"data\":\"$txtvalue\"}"
+  curResult="$(_post "${curData}" "${CN_API}/dnszones/${_domain}/records/")"
+
+  _debug "curData $curData"
+  _debug "curResult $curResult"
+
+  if _contains "$curResult" ""; then
+    _info "Added, OK"
+
+    if ! _cn_commit; then
+      _err "commiting changes failed"
+      return 1
+    fi
+    return 0
+
+  else
+    _err "Add txt record error."
+    _debug "curData is $curData"
+    _debug "curResult is $curResult"
+    _err "error adding text record, response was $curResult"
+    return 1
+  fi
+}
+
+dns_cn_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  if ! _cn_login; then
+    _err "login failed"
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _cn_get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _info "Deleting record"
+  curData="{\"name\":\"$_sub_domain\",\"data\":\"$txtvalue\"}"
+  curResult="$(_post "${curData}" "${CN_API}/dnszones/${_domain}/records/delete")"
+  _debug curData is "$curData"
+  
+  _info "commiting changes"
+  if ! _cn_commit; then
+    _err "commiting changes failed"
+    return 1
+  fi
+
+  _info "Deletet txt record"
+  return 0
+}
+
+###################  Private functions below  ##################################
+_cn_login() {
+  CN_User="${CN_User:-$(_readaccountconf_mutable CN_User)}"
+  CN_Password="${CN_Password:-$(_readaccountconf_mutable CN_Password)}"
+  if [ -z "$CN_User" ] || [ -z "$CN_Password" ]; then
+    CN_User=""
+    CN_Password=""
+    _err "You must export variables: CN_User and CN_Password"
+    return 1
+  fi
+
+  #save the config variables to the account conf file.
+  _saveaccountconf_mutable CN_User "$CN_User"
+  _saveaccountconf_mutable CN_Password "$CN_Password"
+
+  _info "Getting an AUTH-Token"
+  curData="{\"login\":\"${CN_User}\",\"password\":\"${CN_Password}\"}"
+  curResult="$(_post "${curData}" "${CN_API}/auth/token")"
+  _debug "Calling _CN_login: '${curData}' '${CN_API}/auth/token'"
+
+  if _contains "${curResult}" '"token":"'; then
+    authToken=$(echo "${curResult}" | cut -d ":" -f2 | cut -d "," -f1 | sed 's/^.\(.*\).$/\1/')
+    export _H1="Authorization: Bearer $authToken"
+    _info "Successfully acquired AUTH-Token"
+    _debug "AUTH-Token: '${authToken}'"
+    _debug "_H1 '${_H1}'"
+  else
+    _err "Couldn't acquire an AUTH-Token"
+    return 1
+  fi
+}
+
+# Commit changes
+_cn_commit() {
+  _info "Commiting changes"
+  _post "" "${CN_API}/dnszones/$h/records/commit"
+}
+
+_cn_get_root() {
+  domain=$1
+  i=2
+  p=1
+  while true; do
+
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    _debug h "$h"
+    _debug _H1 "${_H1}"
+
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+    
+    _cn_zonelist="$(_get ${CN_API}/dnszones/)"
+    _debug _cn_zonelist "${_cn_zonelist}"
+
+    if [ "$?" != "0" ]; then
+      _err "something went wrong while getting the zone list"
+      return 1
+    fi
+
+    if _contains "$_cn_zonelist" "\"name\":\"$h\"" >/dev/null; then
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _domain=$h
+      return 0
+    else
+      _debug "Zonelist does not contain domain - iterating "
+    fi
+    p=$i
+    i=$(_math "$i" + 1)
+
+  done
+  _err "Zonelist does not contain domain - exiting"
+  return 1
+}

dnsapi/dns_namecheap.sh

@@ -76,6 +76,22 @@ dns_namecheap_rm() {
 # _sub_domain=_acme-challenge.www
 # _domain=domain.com
 _get_root() {
+  fulldomain=$1
+
+  if ! _get_root_by_getList "$fulldomain"; then
+    _debug "Failed domain lookup via domains.getList api call. Trying domain lookup via domains.dns.getHosts api."
+    # The above "getList" api will only return hosts *owned* by the calling user. However, if the calling
+    # user is not the owner, but still has administrative rights, we must query the getHosts api directly.
+    # See this comment and the official namecheap response: http://disq.us/p/1q6v9x9
+    if ! _get_root_by_getHosts "$fulldomain"; then
+      return 1
+    fi
+  fi
+
+  return 0
+}
+
+_get_root_by_getList() {
   domain=$1
 
   if ! _namecheap_post "namecheap.domains.getList"; then
@@ -94,6 +110,10 @@ _get_root() {
       #not valid
       return 1
     fi
+    if ! _contains "$h" "\\."; then
+      #not valid
+      return 1
+    fi
 
     if ! _contains "$response" "$h"; then
       _debug "$h not found"
@@ -108,6 +128,31 @@ _get_root() {
   return 1
 }
 
+_get_root_by_getHosts() {
+  i=100
+  p=99
+
+  while [ $p -ne 0 ]; do
+
+    h=$(printf "%s" "$1" | cut -d . -f $i-100)
+    if [ -n "$h" ]; then
+      if _contains "$h" "\\."; then
+        _debug h "$h"
+        if _namecheap_set_tld_sld "$h"; then
+          _sub_domain=$(printf "%s" "$1" | cut -d . -f 1-$p)
+          _domain="$h"
+          return 0
+        else
+          _debug "$h not found"
+        fi
+      fi
+    fi
+    i="$p"
+    p=$(_math "$p" - 1)
+  done
+  return 1
+}
+
 _namecheap_set_publicip() {
 
   if [ -z "$NAMECHEAP_SOURCEIP" ]; then