# @description Applies changes that require input from the user such as using Touch ID on macOS when
#     importing certificates into the system keychain.
#
#     * Ensures CloudFlare Teams certificate is imported into the system keychain
importCloudFlareCert() {
  if [ -d /Applications ] && [ -d /System ] && [ -z "$HEADLESS_INSTALL" ]; then
    ### Acquire certificate
    if [ ! -f "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt" ]; then
      logg info 'Downloading Cloudflare_CA.crt from https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.crt to determine if it is already in the System.keychain'
      CRT_TMP="$(mktemp)"
      curl -sSL https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.crt > "$CRT_TMP"
    else
      CRT_TMP="$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt"
    fi

    ### Validate / import certificate
    security verify-cert -c "$CRT_TMP" > /dev/null 2>&1
    if [ $? != 0 ]; then
      logg info '**macOS Manual Security Permission** Requesting security authorization for Cloudflare trusted certificate'
      sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$CRT_TMP" && logg success 'Successfully imported Cloudflare_CA.crt into System.keychain'
    fi

    ### Remove temporary file, if necessary
    if [ ! -f "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt" ]; then
      rm -f "$CRT_TMP"
    fi
  fi
}