42 lines
1.6 KiB
Bash
Executable File
42 lines
1.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Stack name and volume name
|
|
VOLUME_NAME="${STACK_NAME}_grist_keys"
|
|
|
|
# Temporary container name for key and certificate generation
|
|
KEY_CERT_GEN_CONTAINER="temp-generate-key-cert"
|
|
|
|
# Temporary container name for cert writing
|
|
CERT_WRITE_CONTAINER="temp-store-cert"
|
|
|
|
# Environment variable containing the X509 certificate
|
|
X509_CERT_CONTENT="${GRIST_SAML_IDP_CERTS_STRING}"
|
|
|
|
# Check if the Docker volume exists
|
|
if ! docker volume inspect $VOLUME_NAME > /dev/null 2>&1; then
|
|
echo "Creating Docker volume: $VOLUME_NAME"
|
|
docker volume create $VOLUME_NAME
|
|
fi
|
|
|
|
# Run a temporary Alpine container to generate the key and certificate
|
|
docker run --name $KEY_CERT_GEN_CONTAINER -v $VOLUME_NAME:/keys -it alpine sh -c "
|
|
apk add openssl; \
|
|
echo 'Generating RSA private key and self-signed certificate...'; \
|
|
openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout /keys/private.key -out /keys/certificate.crt; \
|
|
echo 'RSA private key and self-signed certificate generated in the $VOLUME_NAME volume.'
|
|
"
|
|
docker rm -f $KEY_CERT_GEN_CONTAINER
|
|
|
|
|
|
# Check if X509 certificate content is provided and not empty
|
|
if [ -n "$X509_CERT_CONTENT" ]; then
|
|
docker run --name $CERT_WRITE_CONTAINER -v $VOLUME_NAME:/keys -it alpine sh -c "
|
|
echo 'Writing X509 certificate to PEM file...'; \
|
|
echo '-----BEGIN CERTIFICATE-----' > /keys/idp-cert.pem; \
|
|
echo \"$X509_CERT_CONTENT\" >> /keys/idp-cert.pem; \
|
|
echo '-----END CERTIFICATE-----' >> /keys/idp-cert.pem;
|
|
echo 'X509 certificate written to /keys/idp-cert.pem.'
|
|
"
|
|
docker rm -f $CERT_WRITE_CONTAINER
|
|
fi
|