Add support for Google Trust Services.

Official Documentation: https://cloud.google.com/certificate-manager/docs/public-ca-tutorial
The first registration requires obtaining EAB_KID and EAB_HMAC_KEY according to the document, and setting CONTACT_EMAIL, EAB_HMAC_KEY, EAB_KID in the configuration file.

diff --git a/dehydrated b/dehydrated
index 4be9e57e3f7b32f6d9182fdfd7e6af1558aa2b14..a449624ac3003f5676c7c06e6a526dcebf0abfc7 100755 (executable)
--- a/dehydrated
+++ b/dehydrated
@@ -357,6 +357,8 @@ load_config() {
   CA_LETSENCRYPT_TEST="https://acme-staging-v02.api.letsencrypt.org/directory"
   CA_BUYPASS="https://api.buypass.com/acme/directory"
   CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory"
+  CA_GOOGLE="https://dv.acme-v02.api.pki.goog/directory"
+  CA_GOOGLE_TEST="https://dv.acme-v02.test-api.pki.goog/directory"
 
   # Default values
   CA="letsencrypt"
@@ -484,6 +486,10 @@ load_config() {
     CA="${CA_BUYPASS}"
   elif [ "${CA}" = "buypass-test" ]; then
     CA="${CA_BUYPASS_TEST}"
+  elif [ "${CA}" = "google" ]; then
+    CA="${CA_GOOGLE}"
+  elif [ "${CA}" = "google-test" ]; then
+    CA="${CA_GOOGLE_TEST}"
   fi
 
   if [[ -z "${OLDCA}" ]] && [[ "${CA}" = "https://acme-v02.api.letsencrypt.org/directory" ]]; then
@@ -740,6 +746,14 @@ init_system() {
       fi
     fi
 
+     # Google special sauce
+    if [[ "${CA}" = "${CA_GOOGLE}" ]]; then
+      if [[ -z "${CONTACT_EMAIL}" ]] || [[ -z "${EAB_KID:-}" ]] || [[ -z "${EAB_HMAC_KEY:-}" ]]; then
+          echo "Google requires contact email, EAB_KID and EAB_HMAC_KEY to be manually configured"
+          FAILED=true
+      fi
+    fi
+
     # Check if external account is required
     if [[ "${FAILED}" = "false" ]]; then
       if [[ "${CA_REQUIRES_EAB}" = "true" ]]; then