grist/prepare_keys.sh

#!/bin/bash

# Stack name and volume name
VOLUME_NAME="${STACK_NAME}_grist_keys"

# Temporary container name for key and certificate generation
KEY_CERT_GEN_CONTAINER="temp-generate-key-cert"

# Temporary container name for cert writing
CERT_WRITE_CONTAINER="temp-store-cert"

# Environment variable containing the X509 certificate
X509_CERT_CONTENT="${GRIST_SAML_IDP_CERTS_STRING}"

# Check if the Docker volume exists
if ! docker volume inspect $VOLUME_NAME > /dev/null 2>&1; then
    echo "Creating Docker volume: $VOLUME_NAME"
    docker volume create $VOLUME_NAME
fi

# Run a temporary Alpine container to generate the key and certificate
docker run --name $KEY_CERT_GEN_CONTAINER -v $VOLUME_NAME:/keys -it alpine sh -c "
    apk add openssl; \
    echo 'Generating RSA private key and self-signed certificate...'; \
    openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout /keys/private.key -out /keys/certificate.crt; \
    echo 'RSA private key and self-signed certificate generated in the $VOLUME_NAME volume.'
"
docker rm -f $KEY_CERT_GEN_CONTAINER


# Check if X509 certificate content is provided and not empty
if [ -n "$X509_CERT_CONTENT" ]; then
    docker run --name $CERT_WRITE_CONTAINER -v $VOLUME_NAME:/keys -it alpine sh -c "
        echo 'Writing X509 certificate to PEM file...'; \
        echo '-----BEGIN CERTIFICATE-----' > /keys/idp-cert.pem; \
        echo \"$X509_CERT_CONTENT\" >> /keys/idp-cert.pem; \
        echo '-----END CERTIFICATE-----' >> /keys/idp-cert.pem;
        echo 'X509 certificate written to /keys/idp-cert.pem.'
    "
    docker rm -f $CERT_WRITE_CONTAINER
fi