blob: a31b8ba39ee2a1a6dca119b56b8320e69718e79c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
#!/usr/bin/env python3
# Copyright 2019 vg
# SPDX-License-Identifier: MIT
'''\
Takes json in stdin to modify a challenge in a zone txt record.
Usage: update-acme-challenge --zones=ZONES
Options:
--zones=ZONES json object: {"zone-to-check": "zone-to-modify"}
Json format:
{
"action": "add|delete",
"zone": "zone_name_to_modify",
"challenge": "mandatory only with add action: challenge",
}
'''
import datetime
import docopt
import json
import subprocess
import sys
def nsupdate(zone, challenge):
content = f'''
server ::1
del {zone} TXT
add {zone} 60 TXT "{challenge}"
send
'''
subprocess.run(['nsupdate'], check=True, input=content, encoding='utf8')
def main():
args = docopt.docopt(__doc__)
jsonmap = json.loads(sys.stdin.read())
zones = json.loads(args['--zones'])
zone = jsonmap.get('zone', '')
zone = zone[:-1] if zone.endswith('.') else zone
if zone not in zones:
raise ValueError(f'not permitted to modify zone {zone}')
action = jsonmap.get('action', '')
if action not in ('add', 'delete'):
raise ValueError(f'bad value for action content: {action}')
challenge = jsonmap.get('challenge', '')
if not all(x.isalnum() or x in '_-' for x in challenge):
# base64url as in acme spec
raise ValueError('bad format for challenge content')
nsupdate(zones[zone], challenge if action == 'add' else '')
main()
|
