global-functions: import certificates if required

Signed-off-by: Christian Hesse <mail@eworm.de>

1 files changed, 24 insertions, 3 deletions

diff --git a/global-functions b/global-functions
index 1c061f8..61637ff 100644
--- a/global-functions
+++ b/global-functions
@@ -27,6 +27,28 @@
   :return $return;
 }
 
+# check and import required certificates
+:global CertificateAvailable do={
+  :local fprint [ :tostr $1 ];
+
+  :global "script-updates-baseurl";
+  :global "script-updates-urlsuffix";
+
+  :if ([ :len [ / certificate find where fingerprint=$fprint ] ] = 0) do={
+    :log info ("Certificate with fingerprint " . $fprint . \
+      " not available, downloading and importing.");
+    :do {
+      / tool fetch check-certificate=yes-without-crl \
+        ($"script-updates-baseurl" . "certs/" . \
+        $fprint . ".pem" . $"script-updates-urlsuffix") \
+        dst-path=($fprint . ".pem");
+      / certificate import file-name=($fprint . ".pem") passphrase="";
+    } on-error={
+      :log warning "Failed imprting certificate!";
+    }
+  }
+}
+
 # send notification via e-mail and telegram
 # Note that subject and attachment are ignored for telegram!
 :global SendNotification do={
@@ -40,6 +62,7 @@
   :global "telegram-chatid";
 
   :global UrlEncode;
+  :global CertificateAvailable;
 
   :if ([ :len $"email-general-to" ] > 0) do={
     :do {
@@ -50,10 +73,8 @@
     }
   }
 
-  # You need to import the certificate chain for api.telegram.org!
-  # https://certs.godaddy.com/repository/gdroot-g2.crt
-  # https://certs.godaddy.com/repository/gdig2.crt.pem
   :if ([ :len $"telegram-tokenid" ] > 0 && [ :len $"telegram-chatid" ] > 0) do={
+    $CertificateAvailable "973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832041aa6";
     :do {
       / tool fetch check-certificate=yes-without-crl keep-result=no http-method=post \
         ("https://api.telegram.org/bot" . $"telegram-tokenid" . "/sendMessage") \