From d81e1bf1956d0d4f111bee6617311fca76a5d01c Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 16 Oct 2018 15:32:08 +0200 Subject: global-functions: import certificates if required Signed-off-by: Christian Hesse --- ...ad49e34c37846d3e976ff6a620b6712e33832041aa6.pem | 51 ++++++++++++++++++++++ certs/godaddy.pem | 1 + global-functions | 27 ++++++++++-- 3 files changed, 76 insertions(+), 3 deletions(-) create mode 100644 certs/973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832041aa6.pem create mode 120000 certs/godaddy.pem diff --git a/certs/973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832041aa6.pem b/certs/973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832041aa6.pem new file mode 100644 index 0000000..72e5054 --- /dev/null +++ b/certs/973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832041aa6.pem @@ -0,0 +1,51 @@ +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT +EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz +NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH +EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE +AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD +E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH +/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy +DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh +GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR +tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX +WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu +9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr +gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo +2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI +4uJEvlz36hz1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT +EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3 +MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH +EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UE +CxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQD +EypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzD +BNliF44v/z5lz4/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOv +K/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23e +cSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HY +pDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7n +eTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMB +AAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv +9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +b2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5n +b2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEG +CCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv +MA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz +91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2 +RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawi +DsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11 +GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2x +LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB +-----END CERTIFICATE----- diff --git a/certs/godaddy.pem b/certs/godaddy.pem new file mode 120000 index 0000000..0fa51fe --- /dev/null +++ b/certs/godaddy.pem @@ -0,0 +1 @@ +973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832041aa6.pem \ No newline at end of file diff --git a/global-functions b/global-functions index 1c061f8..61637ff 100644 --- a/global-functions +++ b/global-functions @@ -27,6 +27,28 @@ :return $return; } +# check and import required certificates +:global CertificateAvailable do={ + :local fprint [ :tostr $1 ]; + + :global "script-updates-baseurl"; + :global "script-updates-urlsuffix"; + + :if ([ :len [ / certificate find where fingerprint=$fprint ] ] = 0) do={ + :log info ("Certificate with fingerprint " . $fprint . \ + " not available, downloading and importing."); + :do { + / tool fetch check-certificate=yes-without-crl \ + ($"script-updates-baseurl" . "certs/" . \ + $fprint . ".pem" . $"script-updates-urlsuffix") \ + dst-path=($fprint . ".pem"); + / certificate import file-name=($fprint . ".pem") passphrase=""; + } on-error={ + :log warning "Failed imprting certificate!"; + } + } +} + # send notification via e-mail and telegram # Note that subject and attachment are ignored for telegram! :global SendNotification do={ @@ -40,6 +62,7 @@ :global "telegram-chatid"; :global UrlEncode; + :global CertificateAvailable; :if ([ :len $"email-general-to" ] > 0) do={ :do { @@ -50,10 +73,8 @@ } } - # You need to import the certificate chain for api.telegram.org! - # https://certs.godaddy.com/repository/gdroot-g2.crt - # https://certs.godaddy.com/repository/gdig2.crt.pem :if ([ :len $"telegram-tokenid" ] > 0 && [ :len $"telegram-chatid" ] > 0) do={ + $CertificateAvailable "973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832041aa6"; :do { / tool fetch check-certificate=yes-without-crl keep-result=no http-method=post \ ("https://api.telegram.org/bot" . $"telegram-tokenid" . "/sendMessage") \ -- cgit v1.2.3-70-g09d2