From a184866de3fcf928120749a12c230666ebf02c5b Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@asifbacchus.dev>
Date: Fri, 23 Jul 2021 17:53:42 -0600
Subject: [PATCH] refactor(entrypoint): remove export function

- never a need to export keypair, cert is always enough
---
 build/entrypoint.sh | 87 ++++++++++++++++++++++-----------------------
 1 file changed, 42 insertions(+), 45 deletions(-)

diff --git a/build/entrypoint.sh b/build/entrypoint.sh
index 7b60508..5ca934f 100644
--- a/build/entrypoint.sh
+++ b/build/entrypoint.sh
@@ -5,8 +5,27 @@
 #
 
 # functions
+certificateCheckEnabled() {
+    if [ "$httpsEnabled" != "TRUE" ]; then
+        printf "\nSSL/TLS not enabled. Please set LR_HTTPS=TRUE if you want to enable SSL/TLS.\n"
+        exit 1
+    fi
+}
+
+certificateCheckExist() {
+    if [ -n "$(find /certs/ -type d -empty -print)" ]; then
+        printf "noexist"
+    elif ! [ -r "/certs/fullchain.pem" ]; then
+        printf "noread_certificate"
+    elif ! [ -r "/certs/privkey.pem" ]; then
+        printf "noread_key"
+    else
+        printf "ok"
+    fi
+}
+
 certificateGenerateNew() {
-    # generate self-signed certificate
+    # generate self-signed certificate and export as PFX
     printf "\nGenerating new self-signed certificate:\n"
     # shellcheck disable=SC3028
     if [ -z "$CERT_HOSTNAME" ]; then export CERT_HOSTNAME="$HOSTNAME"; fi
@@ -14,18 +33,11 @@ certificateGenerateNew() {
         printf "\nUnable to generate certificate. Is your 'certs' directory writable by this container?\n\n"
         exit 55
     fi
-    printf "Exporting pfx certificate..."
-    if ! openssl pkcs12 -export -in /certs/fullchain.pem -inkey /certs/privkey.pem -out "/certs/${CERT_HOSTNAME}.pfx" -name "LiveReload" -passout pass:cert1234; then
-        printf "\nUnable to export generated certificate as PFX.\n\n"
-        exit 56
-    fi
 
     # print message to user
     printf "\n\nA self-signed certificate has been generated and saved in the location mounted to '/certs' in this container.\n"
     printf "The certificate and private key are PEM formatted with names 'fullchain.pem' and 'privkey.pem', respectively.\n"
-    printf "If you need to import them to a Windows machine, please use the '%s.pfx' file with password 'cert1234'.\n\n" "$CERT_HOSTNAME"
-
-    if [ "$1" != "noexit" ]; then exit 0; fi
+    printf "Remember to import 'fullchain.pem' to the trusted store on any client machines or you will get warnings.\n\n"
 }
 
 certificateShow() {
@@ -34,25 +46,11 @@ certificateShow() {
     exit 0
 }
 
-certificateExport() {
-    certificateCheckEnabled
-    printf "\nExporting currently loaded certificate:\n"
-    exit 0
-}
-
-certificateCheckEnabled() {
-    if [ "$httpsEnabled" != "TRUE" ]; then
-        printf "\nSSL/TLS not enabled. Please set LR_HTTPS=TRUE if you want to enable SSL/TLS.\n"
-        exit 1
-    fi
-}
-
 convertCaseUpper() {
     printf "%s" "$1" | tr "[:lower:]" "[:upper:]"
 }
 
 # default variable values
-doCertExport=0
 doCertNew=0
 doCertShow=0
 doServer=0
@@ -73,13 +71,10 @@ new-cert)
 show-cert)
     doCertShow=1
     ;;
-export-cert)
-    doCertExport=1
-    ;;
 *)
     # invalid or unknown option
     printf "\nUnknown action requested: %s\n" "$1"
-    printf "Valid actions: [listen | server | run | start] | shell | new-cert | show-cert | export-cert\n\n"
+    printf "Valid actions: [listen | server | run | start] | shell | new-cert | show-cert\n\n"
     exit 1
     ;;
 esac
@@ -91,23 +86,26 @@ if [ "$doServer" -eq 1 ]; then
     # https pre-flight check
     if [ "$httpsEnabled" = "TRUE" ]; then
         printf "[SSL/TLS mode enabled]\n"
-        if [ -n "$(find /certs/ -type d -empty -print)" ]; then
-            printf "[Generating certificate]\n"
-            # certs directory is empty --> auto-generate certificates
-            certificateGenerateNew 'noexit'
-        else
-            # certs directory contains certificates --> check if they can read
-            printf "[Checking mounted certificate]\n"
-            if ! [ -r "/certs/fullchain.pem" ]; then
+        certStatus="$(certificateCheckExist)"
+        case "$certStatus" in
+            noexist)
+                printf "[Generating certificate]\n"
+                certificateGenerateNew
+                ;;
+            noread_certificate)
+                printf "[Checking mounted certificate]"
                 printf "\nERROR: SSL/TLS mode selected but unable to read certificate!\n\n"
                 exit 51
-            fi
-            if ! [ -r "/certs/privkey.pem" ]; then
+                ;;
+            noread_key)
+                printf "[Checking mounted certificate]"
                 printf "\nERROR: SSL/TLS mode selected but unable to read private key!\n\n"
                 exit 52
-            fi
-        fi
-        printf "[Certificate OK]\n"
+                ;;
+            ok)
+                printf "[Certificate OK]\n"
+                ;;
+        esac
     fi
     exec node livereload.js
     exit "$?"
@@ -127,14 +125,14 @@ if [ "$doShell" -eq 1 ]; then
 fi
 
 # action: generate new self-signed certificate
-if [ "$doCertNew" -eq 1 ]; then certificateGenerateNew; fi
+if [ "$doCertNew" -eq 1 ]; then
+    certificateGenerateNew
+    exit 0
+fi
 
 # action: show loaded certificate
 if [ "$doCertShow" -eq 1 ]; then certificateShow; fi
 
-# action: export loaded certificate
-if [ "$doCertExport" -eq 1 ]; then certificateExport; fi
-
 # failsafe exit - terminate with code 99: this code should never be executed!
 exit 99
 
@@ -146,7 +144,6 @@ exit 99
 # 51:    unable to read certificate/chain
 # 52:    unable to read private key
 # 55:    unable to generate new certificate
-# 56:    unable to export certificate, likely write error
 # 99:  code error
 
 #EOF