From a94f4510148c8e65ac7e1053d77bb536687471f9 Mon Sep 17 00:00:00 2001
From: hshh <hshh@hshh>
Date: Tue, 13 Aug 2024 01:21:57 +0800
Subject: [PATCH] Add support for Google Trust Services. Official
 Documentation:
 https://cloud.google.com/certificate-manager/docs/public-ca-tutorial The
 first registration requires obtaining EAB_KID and EAB_HMAC_KEY according to
 the document, and setting CONTACT_EMAIL, EAB_HMAC_KEY, EAB_KID in the
 configuration file.

---
 dehydrated | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/dehydrated b/dehydrated
index 4be9e57..a449624 100755
--- a/dehydrated
+++ b/dehydrated
@@ -357,6 +357,8 @@ load_config() {
   CA_LETSENCRYPT_TEST="https://acme-staging-v02.api.letsencrypt.org/directory"
   CA_BUYPASS="https://api.buypass.com/acme/directory"
   CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory"
+  CA_GOOGLE="https://dv.acme-v02.api.pki.goog/directory"
+  CA_GOOGLE_TEST="https://dv.acme-v02.test-api.pki.goog/directory"
 
   # Default values
   CA="letsencrypt"
@@ -484,6 +486,10 @@ load_config() {
     CA="${CA_BUYPASS}"
   elif [ "${CA}" = "buypass-test" ]; then
     CA="${CA_BUYPASS_TEST}"
+  elif [ "${CA}" = "google" ]; then
+    CA="${CA_GOOGLE}"
+  elif [ "${CA}" = "google-test" ]; then
+    CA="${CA_GOOGLE_TEST}"
   fi
 
   if [[ -z "${OLDCA}" ]] && [[ "${CA}" = "https://acme-v02.api.letsencrypt.org/directory" ]]; then
@@ -740,6 +746,14 @@ init_system() {
       fi
     fi
 
+     # Google special sauce
+    if [[ "${CA}" = "${CA_GOOGLE}" ]]; then
+      if [[ -z "${CONTACT_EMAIL}" ]] || [[ -z "${EAB_KID:-}" ]] || [[ -z "${EAB_HMAC_KEY:-}" ]]; then
+          echo "Google requires contact email, EAB_KID and EAB_HMAC_KEY to be manually configured"
+          FAILED=true
+      fi
+    fi
+
     # Check if external account is required
     if [[ "${FAILED}" = "false" ]]; then
       if [[ "${CA_REQUIRES_EAB}" = "true" ]]; then
-- 
2.47.3