docker/scripts/pre/02_make_snakeoil_certificates.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

#!/bin/bash
set -e

source "${EJABBERD_HOME}/scripts/lib/base_config.sh"
source "${EJABBERD_HOME}/scripts/lib/config.sh"
source "${EJABBERD_HOME}/scripts/lib/base_functions.sh"
source "${EJABBERD_HOME}/scripts/lib/functions.sh"


make_snakeoil_certificate() {
    local domain=$1
    local certfile=$2

    openssl req -subj "/CN=${domain}" \
                -new \
                -newkey rsa:4096 \
                -days 365 \
                -nodes \
                -x509 \
                -keyout /tmp/selfsigned.key \
                -out /tmp/selfsigned.crt

    echo "Writing ssl cert and private key to '${certfile}'..."
    cat /tmp/selfsigned.crt /tmp/selfsigned.key > ${certfile}
    rm /tmp/selfsigned.crt /tmp/selfsigned.key
}


make_host_snakeoil_certificate() {
    local IFS=@
    local domain='localhost'
    local erlang_node=${ERLANG_NODE}

    if is_true ${erlang_node} ; then
        domain=${HOSTNAME}
    elif is_set ${erlang_node} ; then
        set ${erlang_node}
        local nodehost=$2
        if is_zero ${nodehost} ; then
            domain=${HOSTNAME}
        else
            domain=${nodehost}
        fi
    fi

    echo -n "Missing ssl cert for your host. "
    echo "Generating snakeoil ssl cert for ${domain}..."

    make_snakeoil_certificate ${domain} ${SSLCERTHOST}
}


make_domain_snakeoil_certificate() {
    local domain=$1
    local certfile=$2

    echo -n "Missing ssl cert for your xmpp domain. "
    echo "Generating snakeoil ssl cert for ${domain}..."

    make_snakeoil_certificate ${domain} ${certfile}
}


## backward compatibility
# link old xmpp_domain.pem file to the first <domainname>.pem in XMPP_DOMAIN
readonly SSLCERTDOMAIN="${SSLCERTDIR}/xmpp_domain.pem"
if file_exist ${SSLCERTDOMAIN} ; then
    for xmpp_domain in ${XMPP_DOMAIN} ; do
        file_exist "${SSLCERTDIR}/${xmpp_domain}.pem" \
          || ln -s ${SSLCERTDOMAIN} "${SSLCERTDIR}/${xmpp_domain}.pem"
        break
    done
fi


is_true ${EJABBERD_SKIP_MAKE_SSLCERT} \
    && echo "Skip certificate generation" \
    && exit 0

# generate host ssl cert if missing
file_exist ${SSLCERTHOST} \
  || make_host_snakeoil_certificate

# generate xmmp domain ssl certificates if missing
for xmpp_domain in ${XMPP_DOMAIN} ; do
  domain_certfile="${SSLCERTDIR}/${xmpp_domain}.pem"
  file_exist ${domain_certfile} \
    || make_domain_snakeoil_certificate ${xmpp_domain} ${domain_certfile}
done

exit 0