refactor(entrypoint): remove export function

- never a need to export keypair, cert is always enough
2021-07-23 17:53:42 -06:00 · 2021-07-23 17:53:42 -06:00 · a184866de3
commit a184866de3
parent c48e985d23
1 changed files with 42 additions and 45 deletions
--- a/build/entrypoint.sh
+++ b/build/entrypoint.sh
@ -5,8 +5,27 @@
 #

 # functions
+certificateCheckEnabled() {
+    if [ "$httpsEnabled" != "TRUE" ]; then
+        printf "\nSSL/TLS not enabled. Please set LR_HTTPS=TRUE if you want to enable SSL/TLS.\n"
+        exit 1
+    fi
+}
+
+certificateCheckExist() {
+    if [ -n "$(find /certs/ -type d -empty -print)" ]; then
+        printf "noexist"
+    elif ! [ -r "/certs/fullchain.pem" ]; then
+        printf "noread_certificate"
+    elif ! [ -r "/certs/privkey.pem" ]; then
+        printf "noread_key"
+    else
+        printf "ok"
+    fi
+}
+
 certificateGenerateNew() {
-    # generate self-signed certificate
+    # generate self-signed certificate and export as PFX
    printf "\nGenerating new self-signed certificate:\n"
    # shellcheck disable=SC3028
    if [ -z "$CERT_HOSTNAME" ]; then export CERT_HOSTNAME="$HOSTNAME"; fi
@ -14,18 +33,11 @@ certificateGenerateNew() {
        printf "\nUnable to generate certificate. Is your 'certs' directory writable by this container?\n\n"
        exit 55
    fi
-    printf "Exporting pfx certificate..."
-    if ! openssl pkcs12 -export -in /certs/fullchain.pem -inkey /certs/privkey.pem -out "/certs/${CERT_HOSTNAME}.pfx" -name "LiveReload" -passout pass:cert1234; then
-        printf "\nUnable to export generated certificate as PFX.\n\n"
-        exit 56
-    fi

    # print message to user
    printf "\n\nA self-signed certificate has been generated and saved in the location mounted to '/certs' in this container.\n"
    printf "The certificate and private key are PEM formatted with names 'fullchain.pem' and 'privkey.pem', respectively.\n"
-    printf "If you need to import them to a Windows machine, please use the '%s.pfx' file with password 'cert1234'.\n\n" "$CERT_HOSTNAME"
-
-    if [ "$1" != "noexit" ]; then exit 0; fi
+    printf "Remember to import 'fullchain.pem' to the trusted store on any client machines or you will get warnings.\n\n"
 }

 certificateShow() {
@ -34,25 +46,11 @@ certificateShow() {
    exit 0
 }

-certificateExport() {
-    certificateCheckEnabled
-    printf "\nExporting currently loaded certificate:\n"
-    exit 0
-}
-
-certificateCheckEnabled() {
-    if [ "$httpsEnabled" != "TRUE" ]; then
-        printf "\nSSL/TLS not enabled. Please set LR_HTTPS=TRUE if you want to enable SSL/TLS.\n"
-        exit 1
-    fi
-}
-
 convertCaseUpper() {
    printf "%s" "$1" | tr "[:lower:]" "[:upper:]"
 }

 # default variable values
-doCertExport=0
 doCertNew=0
 doCertShow=0
 doServer=0
@ -73,13 +71,10 @@ new-cert)
 show-cert)
    doCertShow=1
    ;;
-export-cert)
-    doCertExport=1
-    ;;
 *)
    # invalid or unknown option
    printf "\nUnknown action requested: %s\n" "$1"
-    printf "Valid actions: [listen | server | run | start] | shell | new-cert | show-cert | export-cert\n\n"
+    printf "Valid actions: [listen | server | run | start] | shell | new-cert | show-cert\n\n"
    exit 1
    ;;
 esac
@ -91,23 +86,26 @@ if [ "$doServer" -eq 1 ]; then
    # https pre-flight check
    if [ "$httpsEnabled" = "TRUE" ]; then
        printf "[SSL/TLS mode enabled]\n"
-        if [ -n "$(find /certs/ -type d -empty -print)" ]; then
-            printf "[Generating certificate]\n"
-            # certs directory is empty --> auto-generate certificates
-            certificateGenerateNew 'noexit'
-        else
-            # certs directory contains certificates --> check if they can read
-            printf "[Checking mounted certificate]\n"
-            if ! [ -r "/certs/fullchain.pem" ]; then
+        certStatus="$(certificateCheckExist)"
+        case "$certStatus" in
+            noexist)
+                printf "[Generating certificate]\n"
+                certificateGenerateNew
+                ;;
+            noread_certificate)
+                printf "[Checking mounted certificate]"
                printf "\nERROR: SSL/TLS mode selected but unable to read certificate!\n\n"
                exit 51
-            fi
-            if ! [ -r "/certs/privkey.pem" ]; then
+                ;;
+            noread_key)
+                printf "[Checking mounted certificate]"
                printf "\nERROR: SSL/TLS mode selected but unable to read private key!\n\n"
                exit 52
-            fi
-        fi
-        printf "[Certificate OK]\n"
+                ;;
+            ok)
+                printf "[Certificate OK]\n"
+                ;;
+        esac
    fi
    exec node livereload.js
    exit "$?"
@ -127,14 +125,14 @@ if [ "$doShell" -eq 1 ]; then
 fi

 # action: generate new self-signed certificate
-if [ "$doCertNew" -eq 1 ]; then certificateGenerateNew; fi
+if [ "$doCertNew" -eq 1 ]; then
+    certificateGenerateNew
+    exit 0
+fi

 # action: show loaded certificate
 if [ "$doCertShow" -eq 1 ]; then certificateShow; fi

-# action: export loaded certificate
-if [ "$doCertExport" -eq 1 ]; then certificateExport; fi
-
 # failsafe exit - terminate with code 99: this code should never be executed!
 exit 99

@ -146,7 +144,6 @@ exit 99
 # 51:    unable to read certificate/chain
 # 52:    unable to read private key
 # 55:    unable to generate new certificate
-# 56:    unable to export certificate, likely write error
 # 99:  code error

 #EOF