From 3001dbca73cfd71d60a3e2d73215378ea2c47577 Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@asifbacchus.dev>
Date: Fri, 23 Jul 2021 18:19:36 -0600
Subject: [PATCH] feature(entrypoint): show loaded certificate

- warn if private key missing
- change error return codes
---
 build/entrypoint.sh | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/build/entrypoint.sh b/build/entrypoint.sh
index 0ceeeef..903b671 100644
--- a/build/entrypoint.sh
+++ b/build/entrypoint.sh
@@ -35,7 +35,24 @@ certificateGenerateNew() {
 
 certificateShow() {
     printf "\nCurrently loaded certificate:\n"
-    exit 0
+    certStatus="$(certificateCheckExist)"
+    case "$certStatus" in
+    noexist)
+        printf "[ERROR]: No certificate is loaded (certificate directory empty).\n\n"
+        exit 51
+        ;;
+    noread_certificate)
+        printf "[ERROR]: Cannot read loaded certificate.\n\n"
+        exit 52
+        ;;
+    noread_key)
+        printf "\n[WARNING]: Cannot find private key associated with certificate!\n\n"
+        ;;
+    esac
+    if ! openssl x509 -noout -text -nameopt align,multiline -certopt no_pubkey,no_sigdump -in /certs/fullchain.pem; then
+        printf "\n[ERROR]: Unable to display loaded certificate.\n\n"
+        exit 52
+    fi
 }
 
 convertCaseLower() {
@@ -92,12 +109,12 @@ if [ "$doServer" -eq 1 ]; then
             noread_certificate)
                 printf "[Checking mounted certificate]"
                 printf "\nERROR: SSL/TLS mode selected but unable to read certificate!\n\n"
-                exit 51
+                exit 52
                 ;;
             noread_key)
                 printf "[Checking mounted certificate]"
                 printf "\nERROR: SSL/TLS mode selected but unable to read private key!\n\n"
-                exit 52
+                exit 53
                 ;;
             ok)
                 printf "[Certificate OK]\n"
@@ -128,7 +145,10 @@ if [ "$doCertNew" -eq 1 ]; then
 fi
 
 # action: show loaded certificate
-if [ "$doCertShow" -eq 1 ]; then certificateShow; fi
+if [ "$doCertShow" -eq 1 ]; then
+    certificateShow
+    exit 0
+fi
 
 # failsafe exit - terminate with code 99: this code should never be executed!
 exit 99
@@ -138,8 +158,9 @@ exit 99
 # 1:   invalid or invalid parameter passed to script
 # 2:   interactive shell required
 # 50:  certificate errors
-# 51:    unable to read certificate/chain
-# 52:    unable to read private key
+# 51:    certificate directory empty
+# 52:    unable to read certificate/chain
+# 53:    unable to read private key
 # 55:    unable to generate new certificate
 # 99:  code error