#!/bin/bashMYSQL_HOSTNAME="42.42.42.42"MYSQL_DATABASE="pdns"MYSQL_USERNAME="

1. #!/bin/bash
2.  
3. MYSQL_HOSTNAME="42.42.42.42"
4. MYSQL_DATABASE="pdns"
5. MYSQL_USERNAME="pdns"
6. MYSQL_PASSWORD="pdns"
7.  
8. CERT_FILE_USER="root"
9. CERT_FILE_GROUP="root"
10.  
11. function _log {
12. echo >&2 "$(date) ${@}"
13. }
14.  
15. function _parse_basedomain {
16. local DOMAIN="${1}"
17. local BASEDOMAIN=$(echo -n "${DOMAIN}" | awk -F'.' '{print $(NF-1) "." $NF}')
18.  
19. echo -n "${BASEDOMAIN}"
20. }
21.  
22. function _fetch_domain_id {
23. local BASEDOMAIN="${1}"
24.  
25. local STATEMENT="SELECT id FROM domains WHERE name='${BASEDOMAIN}'"
26. local DOMAINID=$(mysql "${MYSQL_DATABASE}" -h "${MYSQL_HOSTNAME}" -u "${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -ss -e "${STATEMENT}")
27.  
28. if [ -z "${DOMAINID}" ]; then
29. _log "Could not get domain ID from PowerDNS database, invalid base domain!"
30. exit 1
31. fi
32.  
33. _log "Found domain in database with ID: ${DOMAINID}"
34.  
35. echo -n "${DOMAINID}"
36. }
37.  
38. function deploy_challenge {
39. local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
40.  
41. # Check arguments
42. [ ! -z "${DOMAIN}" ] || { _log 'Missing parameter: DOMAIN ($1)'; exit 1; }
43. [ ! -z "${TOKEN_VALUE}" ] || { _log 'Missing parameter: TOKEN_VALUE ($3)'; exit 1; }
44.  
45. # Get domain ID from database
46. local BASEDOMAIN=$(_parse_basedomain "${DOMAIN}")
47. local DOMAINID=$(_fetch_domain_id "${BASEDOMAIN}")
48.  
49. # Output some debug information about the task
50. _log "Parsed command line arguments:"
51. _log "> Task: Deploying ACME challenge record"
52. _log "> Domain: ${DOMAIN}"
53. _log "> Base Domain: ${BASEDOMAIN}"
54. _log "> Token Code: ${TOKEN_VALUE}"
55.  
56. # Create new _acme-challenge.<DOMAIN> record
57. local STATEMENT="INSERT INTO records (domain_id, name, type, content, ttl) VALUES (${DOMAINID}, '_acme-challenge.${DOMAIN}', 'TXT', '\"${TOKEN_VALUE}\"', 60)"
58. mysql "${MYSQL_DATABASE}" -h "${MYSQL_HOSTNAME}" -u "${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -ss -e "${STATEMENT}"
59. if [ $? -ne 0 ]; then
60. _log "Could not insert new ACME challenge record into PowerDNS database!"
61. exit 2
62. fi
63. _log "Inserted ACME challenge record into PowerDNS database."
64. }
65.  
66. function clean_challenge {
67. local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
68.  
69. # Check arguments
70. [ ! -z "${DOMAIN}" ] || { _log 'Missing parameter: DOMAIN ($1)'; exit 1; }
71. [ ! -z "${TOKEN_VALUE}" ] || { _log 'Missing parameter: TOKEN_VALUE ($3)'; exit 1; }
72.  
73. # Output some debug information about the task
74. _log "Parsed command line arguments:"
75. _log "> Task: Cleanup ACME challenge record(s)"
76. _log "> Domain: ${DOMAIN}"
77.  
78. # Delete all old _acme-challenge.<DOMAIN> records
79. local STATEMENT="DELETE FROM records WHERE name='_acme-challenge.${DOMAIN}' AND content='\"${TOKEN_VALUE}\"'"
80. mysql "${MYSQL_DATABASE}" -h "${MYSQL_HOSTNAME}" -u "${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -ss -e "${STATEMENT}"
81. if [ $? -ne 0 ]; then
82. _log "Could not delete old ACME challenge records from PowerDNS database!"
83. exit 2
84. fi
85. _log "Deleted all old ACME challenge records from PowerDNS database."
86. }
87.  
88. function deploy_cert {
89. local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" CHAINFILE="${4}"
90. local BASEDESTINATION="/opt/certificates/store"
91. local DESTINATION="${BASEDESTINATION}/${DOMAIN}"
92.  
93. # Output some debug information about the task
94. _log "Parsed command line arguments:"
95. _log "> Task: Deploy certificate files"
96. _log "> Certificate Store: ${DESTINATION}"
97. _log "> Domain: ${DOMAIN}"
98. _log "> Keyfile: ${KEYFILE}"
99. _log "> Certificate: ${CERTFILE}"
100. _log "> Chainfile: ${CHAINFILE}"
101.  
102. # Copy files to our certificate store
103. mkdir -pv "${DESTINATION}"
104. cp -vf "${KEYFILE}" "${DESTINATION}/site.key"
105. cp -vf "${CERTFILE}" "${DESTINATION}/site.crt"
106. cp -vf "${CHAINFILE}" "${DESTINATION}/site.wchain.crt"
107. cat "${DESTINATION}/site.key" "${DESTINATION}/site.crt" > "${DESTINATION}/site.wkey.pem"
108. cat "${DESTINATION}/site.key" "${DESTINATION}/site.wchain.crt" > "${DESTINATION}/site.wkey.wchain.pem"
109.  
110. # Fix permissions of certificate store
111. chown -R "${CERT_FILE_USER}:${CERT_FILE_GROUP}" "${BASEDESTINATION}"
112. find "${BASEDESTINATION}" -type d -exec chmod 750 {} \;
113. find "${BASEDESTINATION}" -type f -exec chmod 440 {} \;
114. }
115.  
116. if [ $(id -u) -ne 0 ]; then
117. _log "This application can only be run as root, exiting..."
118. exit 3
119. fi
120.  
121. HANDLER=$1; shift; $HANDLER $@