global-functions: $CertificateAvailable: fetch by CommonName

Now that we have a proper $UrlEncode function... Fetch certificates
by CommonName.

Also remove the PEM after import.

7 files changed, 15 insertions, 11 deletions

diff --git a/README.md b/README.md
index 2b7a009..a739dae 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,7 @@ download the certificates. If you intend to download the scripts from a
 different location (for example from github.com) install the corresponding
 certificate chain.
 
-    [admin@MikroTik] > / tool fetch "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/certs/letsencrypt.pem" dst-path="letsencrypt.pem"
+    [admin@MikroTik] > / tool fetch "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/certs/Let%27s%20Encrypt%20Authority%20X3.pem" dst-path="letsencrypt.pem"
           status: finished
       downloaded: 3KiBC-z pause]
            total: 3KiB
diff --git a/certs/godaddy.pem b/certs/Go Daddy Secure Certificate Authority - G2.pem
index 72e5054..72e5054 100644
--- a/certs/godaddy.pem
+++ b/certs/Go Daddy Secure Certificate Authority - G2.pem
diff --git a/certs/letsencrypt.pem b/certs/Let's Encrypt Authority X3.pem
index 7df773f..7df773f 100644
--- a/certs/letsencrypt.pem
+++ b/certs/Let's Encrypt Authority X3.pem
diff --git a/certs/starfield.pem b/certs/Starfield Secure Certificate Authority - G2.pem
index 9c17e74..9c17e74 100644
--- a/certs/starfield.pem
+++ b/certs/Starfield Secure Certificate Authority - G2.pem
diff --git a/global-functions b/global-functions
index 356a570..a629ca6 100644
--- a/global-functions
+++ b/global-functions
@@ -63,23 +63,26 @@
 # check and import required certificates
 :global CertificateAvailable do={
   :local CommonName [ :tostr $1 ];
-  :local FileName ([ :tostr $2 ] . ".pem");
 
   :global ScriptUpdatesBaseUrl;
   :global ScriptUpdatesUrlSuffix;
 
+  :global UrlEncode;
   :global WaitForFile;
 
   :if ([ / certificate print count-only where common-name=$CommonName ] = 0) do={
     :log info ("Certificate with CommonName " . $CommonName . \
       " not available, downloading and importing.");
     :do {
+      :local LocalFileName ($CommonName . ".pem");
+      :local UrlFileName ([ $UrlEncode $CommonName ] . ".pem");
       / tool fetch check-certificate=yes-without-crl \
         ($ScriptUpdatesBaseUrl . "certs/" . \
-        $FileName . $ScriptUpdatesUrlSuffix) \
-        dst-path=$FileName;
-      $WaitForFile $FileName;
-      / certificate import file-name=$FileName passphrase="";
+        $UrlFileName . $ScriptUpdatesUrlSuffix) \
+        dst-path=$LocalFileName;
+      $WaitForFile $LocalFileName;
+      / certificate import file-name=$LocalFileName passphrase="";
+      / file remove $LocalFileName;
     } on-error={
       :log warning "Failed imprting certificate!";
     }
@@ -112,7 +115,7 @@
   }
 
   :if ([ :len $TelegramTokenId ] > 0 && [ :len $TelegramChatId ] > 0) do={
-    $CertificateAvailable "Go Daddy Secure Certificate Authority - G2" "godaddy";
+    $CertificateAvailable "Go Daddy Secure Certificate Authority - G2";
     :do {
       / tool fetch check-certificate=yes-without-crl keep-result=no http-method=post \
         ("https://api.telegram.org/bot" . $TelegramTokenId . "/sendMessage") \
@@ -132,7 +135,7 @@
 
   :do {
     :local Vendor;
-    $CertificateAvailable "Let's Encrypt Authority X3" "letsencrypt";
+    $CertificateAvailable "Let's Encrypt Authority X3";
     :set Vendor ([ / tool fetch check-certificate=yes-without-crl \
         ("https://api.macvendors.com/" . [ :pick $Mac 0 8 ]) output=user as-value ]->"data");
     :return $Vendor;
@@ -178,7 +181,7 @@
   :local PkgFile ($PkgName . "-" . $PkgVer . "-" . $PkgArch . ".npk");
   :local PkgDest [ $CleanFilePath ($PkgDir . "/" . $PkgFile) ];
 
-  $CertificateAvailable "Let's Encrypt Authority X3" "letsencrypt";
+  $CertificateAvailable "Let's Encrypt Authority X3";
   :do {
     / tool fetch check-certificate=yes-without-crl \
       ("https://upgrade.mikrotik.com/routeros/" . $PkgVer . "/" . $PkgFile) \
diff --git a/initial-commands b/initial-commands
index c42b001..cc15baf 100644
--- a/initial-commands
+++ b/initial-commands
@@ -3,7 +3,7 @@
 # Copyright (c) 2018-2019 Christian Hesse <mail@eworm.de>
 
 {
-  / tool fetch "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/certs/letsencrypt.pem" dst-path="letsencrypt.pem";
+  / tool fetch "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/certs/Let%27s%20Encrypt%20Authority%20X3.pem" dst-path="letsencrypt.pem";
   :delay 1s;
   / certificate {
     import file-name=letsencrypt.pem passphrase="";
@@ -14,6 +14,7 @@
   :if ([ / certificate print count-only where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" or fingerprint="731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568" or fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739" ] != 3) do={
     :error "Anything is wrong with your certificates!";
   }
+  / file remove "letsencrypt.pem";
   :foreach Script in={ "global-config"; "global-functions"; "script-updates" } do={
     / system script add name=$Script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit.cgi/routeros-scripts/plain/" . $Script) output=user as-value]->"data");
   }
diff --git a/update-tunnelbroker b/update-tunnelbroker
index f6674b6..7d0fc35 100644
--- a/update-tunnelbroker
+++ b/update-tunnelbroker
@@ -27,7 +27,7 @@
     :local Pass [ :pick ($Comment->2) 5 99 ];
     :local Id [ :pick ($Comment->3) 3 99 ];
 
-    $CertificateAvailable "Starfield Secure Certificate Authority - G2" "starfield";
+    $CertificateAvailable "Starfield Secure Certificate Authority - G2";
     :log info ("Local address changed, sending UPDATE to tunnelbroker! New address: " . $PublicAddress);
     / tool fetch check-certificate=yes-without-crl \
         ("https://ipv4.tunnelbroker.net/nic/update\?hostname=" . $Id) \