publish: Move fingerprint conversion to config parsing

We only really need to do it once, not every time a new message gets
published.
This commit is contained in:
Thorben Günther 2023-08-28 00:36:41 +02:00
parent 1abacacab4
commit 86afe915f3
No known key found for this signature in database
GPG key ID: 415CD778D8C5AFED
3 changed files with 6 additions and 4 deletions

View file

@ -283,6 +283,9 @@ func ReadConfig(path string) (*Config, error) {
if err := d.ParseParams(&config.Ntfy.CertFingerprint); err != nil { if err := d.ParseParams(&config.Ntfy.CertFingerprint); err != nil {
return nil, err return nil, err
} }
// hex.EncodeToString outputs a lower case string
config.Ntfy.CertFingerprint = strings.ToLower(strings.ReplaceAll(config.Ntfy.CertFingerprint, ":", ""))
} }
d = ntfyDir.Children.Get("email-address") d = ntfyDir.Children.Get("email-address")

View file

@ -76,7 +76,7 @@ cache {
Topic: "https://ntfy.sh/alertmanager-alerts", Topic: "https://ntfy.sh/alertmanager-alerts",
User: "user", User: "user",
Password: "pass", Password: "pass",
CertFingerprint: "13:6D:2B:88:9C:57:36:D0:81:B4:B2:9C:79:09:27:62:92:CF:B8:6A:6B:D3:AD:46:35:CB:70:17:EB:99:6E:28:08:2A:B8:C6:79:4B:F6:2E:81:79:41:98:1D:53:C8:07:B3:5C:24:5F:B1:8E:B6:FB:66:B5:DD:B4:D0:5C:29:91", CertFingerprint: "136d2b889c5736d081b4b29c7909276292cfb86a6bd3ad4635cb7017eb996e28082ab8c6794bf62e817941981d53c807b35c245fb18eb6fb66b5ddb4d05c2991",
}, },
Labels: labels{Order: []string{"severity", "instance"}, Labels: labels{Order: []string{"severity", "instance"},
Label: map[string]labelConfig{ Label: map[string]labelConfig{

View file

@ -333,8 +333,7 @@ func (br *bridge) publish(n *notification) error {
req.Header.Set("Actions", fmt.Sprintf("http, Silence, %s, method=POST, body=%s%s", url, n.silenceBody, authString)) req.Header.Set("Actions", fmt.Sprintf("http, Silence, %s, method=POST, body=%s%s", url, n.silenceBody, authString))
} }
// hex.EncodeToString outputs a lower case string configFingerprint := br.cfg.Ntfy.CertFingerprint
configFingerprint := strings.ToLower(strings.ReplaceAll(br.cfg.Ntfy.CertFingerprint, ":", ""))
if configFingerprint != "" { if configFingerprint != "" {
tlsCfg := &tls.Config{} tlsCfg := &tls.Config{}
tlsCfg.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { tlsCfg.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
@ -357,7 +356,7 @@ func (br *bridge) publish(n *notification) error {
} }
expectedFingerprint += fmt.Sprintf("%02X", b) expectedFingerprint += fmt.Sprintf("%02X", b)
} }
return fmt.Errorf("ntfy certificate fingerprint does not match: expected %q, got %q", expectedFingerprint, br.cfg.Ntfy.CertFingerprint) return fmt.Errorf("the ntfy certificate fingerprint (%s) is not set in the config", expectedFingerprint)
} }
tlsCfg.InsecureSkipVerify = true tlsCfg.InsecureSkipVerify = true