refactor(entrypoint): remove export function

- never a need to export keypair, cert is always enough
This commit is contained in:
Asif Bacchus 2021-07-23 17:53:42 -06:00
parent c48e985d23
commit a184866de3

View File

@ -5,8 +5,27 @@
# #
# functions # functions
certificateCheckEnabled() {
if [ "$httpsEnabled" != "TRUE" ]; then
printf "\nSSL/TLS not enabled. Please set LR_HTTPS=TRUE if you want to enable SSL/TLS.\n"
exit 1
fi
}
certificateCheckExist() {
if [ -n "$(find /certs/ -type d -empty -print)" ]; then
printf "noexist"
elif ! [ -r "/certs/fullchain.pem" ]; then
printf "noread_certificate"
elif ! [ -r "/certs/privkey.pem" ]; then
printf "noread_key"
else
printf "ok"
fi
}
certificateGenerateNew() { certificateGenerateNew() {
# generate self-signed certificate # generate self-signed certificate and export as PFX
printf "\nGenerating new self-signed certificate:\n" printf "\nGenerating new self-signed certificate:\n"
# shellcheck disable=SC3028 # shellcheck disable=SC3028
if [ -z "$CERT_HOSTNAME" ]; then export CERT_HOSTNAME="$HOSTNAME"; fi if [ -z "$CERT_HOSTNAME" ]; then export CERT_HOSTNAME="$HOSTNAME"; fi
@ -14,18 +33,11 @@ certificateGenerateNew() {
printf "\nUnable to generate certificate. Is your 'certs' directory writable by this container?\n\n" printf "\nUnable to generate certificate. Is your 'certs' directory writable by this container?\n\n"
exit 55 exit 55
fi fi
printf "Exporting pfx certificate..."
if ! openssl pkcs12 -export -in /certs/fullchain.pem -inkey /certs/privkey.pem -out "/certs/${CERT_HOSTNAME}.pfx" -name "LiveReload" -passout pass:cert1234; then
printf "\nUnable to export generated certificate as PFX.\n\n"
exit 56
fi
# print message to user # print message to user
printf "\n\nA self-signed certificate has been generated and saved in the location mounted to '/certs' in this container.\n" printf "\n\nA self-signed certificate has been generated and saved in the location mounted to '/certs' in this container.\n"
printf "The certificate and private key are PEM formatted with names 'fullchain.pem' and 'privkey.pem', respectively.\n" printf "The certificate and private key are PEM formatted with names 'fullchain.pem' and 'privkey.pem', respectively.\n"
printf "If you need to import them to a Windows machine, please use the '%s.pfx' file with password 'cert1234'.\n\n" "$CERT_HOSTNAME" printf "Remember to import 'fullchain.pem' to the trusted store on any client machines or you will get warnings.\n\n"
if [ "$1" != "noexit" ]; then exit 0; fi
} }
certificateShow() { certificateShow() {
@ -34,25 +46,11 @@ certificateShow() {
exit 0 exit 0
} }
certificateExport() {
certificateCheckEnabled
printf "\nExporting currently loaded certificate:\n"
exit 0
}
certificateCheckEnabled() {
if [ "$httpsEnabled" != "TRUE" ]; then
printf "\nSSL/TLS not enabled. Please set LR_HTTPS=TRUE if you want to enable SSL/TLS.\n"
exit 1
fi
}
convertCaseUpper() { convertCaseUpper() {
printf "%s" "$1" | tr "[:lower:]" "[:upper:]" printf "%s" "$1" | tr "[:lower:]" "[:upper:]"
} }
# default variable values # default variable values
doCertExport=0
doCertNew=0 doCertNew=0
doCertShow=0 doCertShow=0
doServer=0 doServer=0
@ -73,13 +71,10 @@ new-cert)
show-cert) show-cert)
doCertShow=1 doCertShow=1
;; ;;
export-cert)
doCertExport=1
;;
*) *)
# invalid or unknown option # invalid or unknown option
printf "\nUnknown action requested: %s\n" "$1" printf "\nUnknown action requested: %s\n" "$1"
printf "Valid actions: [listen | server | run | start] | shell | new-cert | show-cert | export-cert\n\n" printf "Valid actions: [listen | server | run | start] | shell | new-cert | show-cert\n\n"
exit 1 exit 1
;; ;;
esac esac
@ -91,23 +86,26 @@ if [ "$doServer" -eq 1 ]; then
# https pre-flight check # https pre-flight check
if [ "$httpsEnabled" = "TRUE" ]; then if [ "$httpsEnabled" = "TRUE" ]; then
printf "[SSL/TLS mode enabled]\n" printf "[SSL/TLS mode enabled]\n"
if [ -n "$(find /certs/ -type d -empty -print)" ]; then certStatus="$(certificateCheckExist)"
case "$certStatus" in
noexist)
printf "[Generating certificate]\n" printf "[Generating certificate]\n"
# certs directory is empty --> auto-generate certificates certificateGenerateNew
certificateGenerateNew 'noexit' ;;
else noread_certificate)
# certs directory contains certificates --> check if they can read printf "[Checking mounted certificate]"
printf "[Checking mounted certificate]\n"
if ! [ -r "/certs/fullchain.pem" ]; then
printf "\nERROR: SSL/TLS mode selected but unable to read certificate!\n\n" printf "\nERROR: SSL/TLS mode selected but unable to read certificate!\n\n"
exit 51 exit 51
fi ;;
if ! [ -r "/certs/privkey.pem" ]; then noread_key)
printf "[Checking mounted certificate]"
printf "\nERROR: SSL/TLS mode selected but unable to read private key!\n\n" printf "\nERROR: SSL/TLS mode selected but unable to read private key!\n\n"
exit 52 exit 52
fi ;;
fi ok)
printf "[Certificate OK]\n" printf "[Certificate OK]\n"
;;
esac
fi fi
exec node livereload.js exec node livereload.js
exit "$?" exit "$?"
@ -127,14 +125,14 @@ if [ "$doShell" -eq 1 ]; then
fi fi
# action: generate new self-signed certificate # action: generate new self-signed certificate
if [ "$doCertNew" -eq 1 ]; then certificateGenerateNew; fi if [ "$doCertNew" -eq 1 ]; then
certificateGenerateNew
exit 0
fi
# action: show loaded certificate # action: show loaded certificate
if [ "$doCertShow" -eq 1 ]; then certificateShow; fi if [ "$doCertShow" -eq 1 ]; then certificateShow; fi
# action: export loaded certificate
if [ "$doCertExport" -eq 1 ]; then certificateExport; fi
# failsafe exit - terminate with code 99: this code should never be executed! # failsafe exit - terminate with code 99: this code should never be executed!
exit 99 exit 99
@ -146,7 +144,6 @@ exit 99
# 51: unable to read certificate/chain # 51: unable to read certificate/chain
# 52: unable to read private key # 52: unable to read private key
# 55: unable to generate new certificate # 55: unable to generate new certificate
# 56: unable to export certificate, likely write error
# 99: code error # 99: code error
#EOF #EOF