From 86afe915f3ab40c85b517307af2e2758c6152efe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Mon, 28 Aug 2023 00:36:41 +0200
Subject: [PATCH] publish: Move fingerprint conversion to config parsing

We only really need to do it once, not every time a new message gets
published.
---
 config/config.go      | 3 +++
 config/config_test.go | 2 +-
 main.go               | 5 ++---
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/config/config.go b/config/config.go
index b6c5bb2..f7de2f0 100644
--- a/config/config.go
+++ b/config/config.go
@@ -283,6 +283,9 @@ func ReadConfig(path string) (*Config, error) {
 		if err := d.ParseParams(&config.Ntfy.CertFingerprint); err != nil {
 			return nil, err
 		}
+
+		// hex.EncodeToString outputs a lower case string
+		config.Ntfy.CertFingerprint = strings.ToLower(strings.ReplaceAll(config.Ntfy.CertFingerprint, ":", ""))
 	}
 
 	d = ntfyDir.Children.Get("email-address")
diff --git a/config/config_test.go b/config/config_test.go
index a72e9c9..9d75a47 100644
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -76,7 +76,7 @@ cache {
 			Topic:           "https://ntfy.sh/alertmanager-alerts",
 			User:            "user",
 			Password:        "pass",
-			CertFingerprint: "13:6D:2B:88:9C:57:36:D0:81:B4:B2:9C:79:09:27:62:92:CF:B8:6A:6B:D3:AD:46:35:CB:70:17:EB:99:6E:28:08:2A:B8:C6:79:4B:F6:2E:81:79:41:98:1D:53:C8:07:B3:5C:24:5F:B1:8E:B6:FB:66:B5:DD:B4:D0:5C:29:91",
+			CertFingerprint: "136d2b889c5736d081b4b29c7909276292cfb86a6bd3ad4635cb7017eb996e28082ab8c6794bf62e817941981d53c807b35c245fb18eb6fb66b5ddb4d05c2991",
 		},
 		Labels: labels{Order: []string{"severity", "instance"},
 			Label: map[string]labelConfig{
diff --git a/main.go b/main.go
index 9a34f14..aec085f 100644
--- a/main.go
+++ b/main.go
@@ -333,8 +333,7 @@ func (br *bridge) publish(n *notification) error {
 		req.Header.Set("Actions", fmt.Sprintf("http, Silence, %s, method=POST, body=%s%s", url, n.silenceBody, authString))
 	}
 
-	// hex.EncodeToString outputs a lower case string
-	configFingerprint := strings.ToLower(strings.ReplaceAll(br.cfg.Ntfy.CertFingerprint, ":", ""))
+	configFingerprint := br.cfg.Ntfy.CertFingerprint
 	if configFingerprint != "" {
 		tlsCfg := &tls.Config{}
 		tlsCfg.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
@@ -357,7 +356,7 @@ func (br *bridge) publish(n *notification) error {
 				}
 				expectedFingerprint += fmt.Sprintf("%02X", b)
 			}
-			return fmt.Errorf("ntfy certificate fingerprint does not match: expected %q, got %q", expectedFingerprint, br.cfg.Ntfy.CertFingerprint)
+			return fmt.Errorf("the ntfy certificate fingerprint (%s) is not set in the config", expectedFingerprint)
 		}
 
 		tlsCfg.InsecureSkipVerify = true
-- 
2.44.0