aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2023-04-06 14:56:36 +0200
committerGravatar Christian Hesse <mail@eworm.de>2023-04-07 22:53:33 +0200
commit11093045f30eb289c17c9d08a80de69798ad942d (patch)
tree0dbbc9f7dd7fb10b0a8528d398b5cd16f5265cde
parent4073daa13990076c695a2d9c32208faf7415617b (diff)
check-certificates: download and import in a local function
-rw-r--r--check-certificates.rsc72
1 files changed, 41 insertions, 31 deletions
diff --git a/check-certificates.rsc b/check-certificates.rsc
index 6b35cbf..8250269 100644
--- a/check-certificates.rsc
+++ b/check-certificates.rsc
@@ -10,23 +10,59 @@
:global GlobalFunctionsReady;
:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
-:global CertRenewPass;
:global CertRenewTime;
:global CertRenewUrl;
:global CertWarnTime;
:global Identity;
:global CertificateAvailable
-:global CertificateNameByCN;
:global IfThenElse;
:global LogPrintExit2;
:global ParseKeyValueStore;
:global SendNotification2;
:global SymbolForNotification;
-:global UrlEncode;
-:global WaitForFile;
:global WaitFullyConnected;
+:local CheckCertificatesDownloadImport do={
+ :local Name [ :tostr $1 ];
+
+ :global CertRenewUrl;
+ :global CertRenewPass;
+
+ :global CertificateNameByCN;
+ :global LogPrintExit2;
+ :global UrlEncode;
+ :global WaitForFile;
+
+ :foreach Type in={ ".pem"; ".p12" } do={
+ :local CertFileName ([ $UrlEncode $Name ] . $Type);
+ :do {
+ /tool/fetch check-certificate=yes-without-crl \
+ ($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value;
+ $WaitForFile $CertFileName;
+
+ :local DecryptionFailed true;
+ :foreach PassPhrase in=$CertRenewPass do={
+ :local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ];
+ :if ($Result->"decryption-failures" = 0) do={
+ :set DecryptionFailed false;
+ }
+ }
+ /file/remove [ find where name=$CertFileName ];
+
+ :if ($DecryptionFailed = true) do={
+ $LogPrintExit2 warning $0 ("Decryption failed for certificate file " . $CertFileName) false;
+ }
+
+ :foreach CertInChain in=[ /certificate/find where name~("^" . $CertFileName . "_[0-9]+\$") common-name!=$Name ] do={
+ $CertificateNameByCN [ /certificate/get $CertInChain common-name ];
+ }
+ } on-error={
+ $LogPrintExit2 debug $0 ("Could not download certificate file " . $CertFileName) false;
+ }
+ }
+}
+
:local FormatInfo do={
:local CertVal $1;
@@ -70,33 +106,7 @@ $WaitFullyConnected;
}
$LogPrintExit2 info $0 ("Attempting to renew certificate " . ($CertVal->"name") . ".") false;
- :foreach Type in={ ".pem"; ".p12" } do={
- :local CertFileName ([ $UrlEncode ($CertVal->"common-name") ] . $Type);
- :do {
- /tool/fetch check-certificate=yes-without-crl \
- ($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value;
- $WaitForFile $CertFileName;
-
- :local DecryptionFailed true;
- :foreach PassPhrase in=$CertRenewPass do={
- :local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ];
- :if ($Result->"decryption-failures" = 0) do={
- :set DecryptionFailed false;
- }
- }
- /file/remove [ find where name=$CertFileName ];
-
- :if ($DecryptionFailed = true) do={
- $LogPrintExit2 warning $0 ("Decryption failed for certificate file " . $CertFileName) false;
- }
-
- :foreach CertInChain in=[ /certificate/find where name~("^" . $CertFileName . "_[0-9]+\$") common-name!=($CertVal->"common-name") ] do={
- $CertificateNameByCN [ /certificate/get $CertInChain common-name ];
- }
- } on-error={
- $LogPrintExit2 debug $0 ("Could not download certificate file " . $CertFileName) false;
- }
- }
+ $CheckCertificatesDownloadImport ($CertVal->"common-name");
:local CertNew [ /certificate/find where common-name=($CertVal->"common-name") fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>$CertRenewTime ];
:local CertNewVal [ /certificate/get $CertNew ];