pushd ../certs >/dev/null

source ./cert-def

# Fedora project authority
# ./cert-import homebundle admin.fedoraproject.org  # good to do first?
./cert-import homebundle firefox https://admin.fedoraproject.org/ca/cacert.pem
./cert-import homebundle -nocrl https://admin.fedoraproject.org/ca/crl.pem

# CAcert.org ... should utilize cert_pick_url_selfsigned (not tested yet)
# ./cert-import homebundle firefox https://www.cacert.org/certs/root.crt
# ./cert-import homebundle -nocrl https://crl.cacert.org/revoke.crl

# GitHub
./cert-import homebundle -nocrl \
	https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.pem \
	https://www.digicert.com/CACerts/DigiCertHighAssuranceEVCA-1.crt
./cert-import homebundle -nocrl www.github.com

# Fedora HTTPS git clones
# first for https://www.geotrust.com itself (Primary CA + Extended Validation)
./cert-import homebundle -nocrl \
	https://www.geotrust.com/resources/extended-validation-ssl/certs/Equifax%20Secure%20Certificate%20Authority.crt \
	https://www.geotrust.com/resources/extended-validation-ssl/certs/GTPCA.cer \
	https://www.geotrust.com/resources/extended-validation-ssl/certs/GTEVCA.cer
# ... then for GeoTrust's ones for Fedora (Global CA)
./cert-import homebundle -nocrl \
	https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem
## ... and GeoTrust SSL CA (not available as file?)
#wget -nv --ca-certificate "${HOMEBUNDLE}" https://www.geotrust.co.jp/resources/repository/intermediate.html -O- \
#  | xmllint --html --xpath "/html/body//h2[@id='a131206']/following-sibling::div[1]/table/tbody//textarea/text()" -
#./cert-import homebundle -nocrl fedorahosted.org

# npm (prerequisite: GitHub)
NPMCA_SRC="https://raw.github.com/isaacs/npm/master/node_modules/npmconf/config-defs.js"
wget -nv --ca-certificate "${HOMEBUNDLE}" -O - -- "${NPMCA_SRC}" \
  | sed -n '120,135{s|^\s\+\(\[\s*\)\?\"\([^\"]\+\)\\n\"[+,]|\2|g;p}' \
  >> "${CA_BUNDLE_NPM}"
unset NPMCA_SRC

popd >/dev/null