From 9721ab7a7c55140b1eb3a5aed37a8637f17d48bb Mon Sep 17 00:00:00 2001
From: admManuel <admmanuel@noreply.gitea>
Date: Sun, 26 Jan 2025 17:15:44 +0000
Subject: [PATCH] Update netcup/update_tlsa_record.md

---
 netcup/update_tlsa_record.md | 85 ++++++++++++++++++++++++++----------
 1 file changed, 63 insertions(+), 22 deletions(-)

diff --git a/netcup/update_tlsa_record.md b/netcup/update_tlsa_record.md
index 1dc3ce4..2e70279 100644
--- a/netcup/update_tlsa_record.md
+++ b/netcup/update_tlsa_record.md
@@ -20,11 +20,11 @@ GOTIFY_TOKEN=<- DEIN-APP-TOKEN ->
 ```python
 #!/bin/bash
 
-# .env Datei laden
+# netcup.env Datei laden
 if [ -f netcup.env ]; then
   export $(grep -v '^#' netcup.env | xargs)
 else
-  echo "Fehler: .env Datei nicht gefunden!"
+  echo "Fehler: netcup.env Datei nicht gefunden!"
   exit 1
 fi
 
@@ -34,10 +34,6 @@ CA_CERTIFICATE_DIR="/etc/ssl/certs" # Verzeichnis, in dem CA-Zertifikate gespeic
 # URL der Netcup API
 API_URL="https://ccp.netcup.net/run/webservice/servers/endpoint.php?JSON"
 
-# Gotify-URL und Token für spezifische App
-GOTIFY_URL="$GOTIFY_URL"
-GOTIFY_TOKEN="$GOTIFY_TOKEN"
-
 # Funktion für Gotify-Benachrichtigungen
 send_gotify_notification() {
   local TITLE="$1"
@@ -117,7 +113,6 @@ SESSION_ID=$(echo "$LOGIN_RESPONSE" | jq -r '.responsedata.apisessionid')
 if [[ -z "$SESSION_ID" || "$SESSION_ID" == "null" ]]; then
   ERROR_MSG="Fehler beim Login!"
   echo "$ERROR_MSG"
-  echo "$LOGIN_RESPONSE"
   send_gotify_notification "TLSA Script Fehler" "$ERROR_MSG" 10
   exit 1
 fi
@@ -138,21 +133,66 @@ DNS_RESPONSE=$(curl -s -X POST -H "Content-Type: application/json" \
 
 RECORDS=$(echo "$DNS_RESPONSE" | jq -r '.responsedata.dnsrecords // []')
 
-# Prüfen und aktualisieren der TLSA-Records
+# Spezifische TLSA-Records überprüfen und aktualisieren oder erstellen
 update_tlsa_record() {
   local HOSTNAME="$1"
   local TYPE="$2"
   local HASH="$3"
 
-  EXISTING_RECORD=$(echo "$RECORDS" | jq -r ".[] | select(.hostname == \"$HOSTNAME\" and .type == \"TLSA\") | .destination // \"\"" | grep -E "^$TYPE.*$HASH")
+  EXISTING_RECORD=$(echo "$RECORDS" | jq -r ".[] | select(.hostname == \"$HOSTNAME\" and .type == \"TLSA\" and (.destination | tostring | startswith(\"$TYPE\")))")
 
   if [[ -n "$EXISTING_RECORD" ]]; then
-    echo "TLSA-Record existiert bereits: $HOSTNAME $TYPE $HASH"
-  else
-    echo "TLSA-Record wird aktualisiert: $HOSTNAME $TYPE $HASH"
-    send_gotify_notification "TLSA Script Info" "TLSA-Record wird aktualisiert: $HOSTNAME $TYPE $HASH" 5
+    RECORD_ID=$(echo "$EXISTING_RECORD" | jq -r '.id')
+    OLD_DESTINATION=$(echo "$EXISTING_RECORD" | jq -r '.destination')
 
-    DNS_UPDATE_PAYLOAD='{
+    if [[ "$OLD_DESTINATION" == "$TYPE $HASH" ]]; then
+      echo "TLSA-Record ist identisch: $HOSTNAME $TYPE $HASH"
+    else
+      echo "Aktualisiere bestehenden TLSA-Record: $HOSTNAME"
+      echo "Von: $OLD_DESTINATION"
+      echo "Nach: $TYPE $HASH"
+      send_gotify_notification "TLSA Script Update" "TLSA-Record alt: $OLD_DESTINATION" 5
+
+      DNS_UPDATE_PAYLOAD='{
+        "action": "updateDnsRecords",
+        "param": {
+          "customernumber": "'"$CUSTOMER_NUMBER"'",
+          "apikey": "'"$API_KEY"'",
+          "apisessionid": "'"$SESSION_ID"'",
+          "domainname": "'"$DOMAIN"'",
+          "dnsrecordset": {
+            "dnsrecords": [
+              {
+                "id": "'"$RECORD_ID"'",
+                "hostname": "'"$HOSTNAME"'",
+                "type": "TLSA",
+                "destination": "'"$TYPE $HASH"'",
+                "state": "yes"
+              }
+            ]
+          }
+        }
+      }'
+
+      UPDATE_RESPONSE=$(curl -s -X POST -H "Content-Type: application/json" \
+        -d "$DNS_UPDATE_PAYLOAD" "$API_URL")
+
+      UPDATE_STATUS=$(echo "$UPDATE_RESPONSE" | jq -r '.status')
+
+      if [[ "$UPDATE_STATUS" == "success" ]]; then
+        echo "TLSA-Record erfolgreich aktualisiert: $HOSTNAME $TYPE $HASH"
+        send_gotify_notification "TLSA Script Erfolg" "TLSA-Record neu: $TYPE $HASH" 0
+      else
+        ERROR_MSG="Fehler beim Aktualisieren des TLSA-Records: $HOSTNAME $TYPE $HASH"
+        echo "$ERROR_MSG"
+        echo "$UPDATE_RESPONSE"
+        send_gotify_notification "TLSA Script Fehler" "$ERROR_MSG" 10
+      fi
+    fi
+  else
+    echo "Erstelle neuen TLSA-Record: $HOSTNAME $TYPE $HASH"
+
+    DNS_CREATE_PAYLOAD='{
       "action": "updateDnsRecords",
       "param": {
         "customernumber": "'"$CUSTOMER_NUMBER"'",
@@ -172,23 +212,24 @@ update_tlsa_record() {
       }
     }'
 
-    UPDATE_RESPONSE=$(curl -s -X POST -H "Content-Type: application/json" \
-      -d "$DNS_UPDATE_PAYLOAD" "$API_URL")
+    CREATE_RESPONSE=$(curl -s -X POST -H "Content-Type: application/json" \
+      -d "$DNS_CREATE_PAYLOAD" "$API_URL")
 
-    UPDATE_STATUS=$(echo "$UPDATE_RESPONSE" | jq -r '.status')
+    CREATE_STATUS=$(echo "$CREATE_RESPONSE" | jq -r '.status')
 
-    if [[ "$UPDATE_STATUS" == "success" ]]; then
-      echo "TLSA-Record erfolgreich aktualisiert: $HOSTNAME $TYPE $HASH"
-      send_gotify_notification "TLSA Script Erfolg" "TLSA-Record erfolgreich aktualisiert: $HOSTNAME $TYPE $HASH" 0
+    if [[ "$CREATE_STATUS" == "success" ]]; then
+      echo "TLSA-Record erfolgreich erstellt: $HOSTNAME $TYPE $HASH"
+      send_gotify_notification "TLSA Script Erfolg" "TLSA-Record erfolgreich erstellt: $HOSTNAME $TYPE $HASH" 0
     else
-      ERROR_MSG="Fehler beim Aktualisieren des TLSA-Records: $HOSTNAME $TYPE $HASH"
+      ERROR_MSG="Fehler beim Erstellen des TLSA-Records: $HOSTNAME $TYPE $HASH"
       echo "$ERROR_MSG"
-      echo "$UPDATE_RESPONSE"
+      echo "$CREATE_RESPONSE"
       send_gotify_notification "TLSA Script Fehler" "$ERROR_MSG" 10
     fi
   fi
 }
 
+# Aktualisieren oder Erstellen der TLSA-Records
 update_tlsa_record "_25._tcp.mail" "3 1 1" "$TLSA_HASH_CURRENT"
 update_tlsa_record "_25._tcp.mail" "2 1 1" "$TLSA_HASH_CA"