From e5937ecdb8dac3b744bd06b9cd37764017bed68e Mon Sep 17 00:00:00 2001
From: Jason Kendall <coolacid@gmail.com>
Date: Wed, 29 Jan 2020 14:47:26 -0500
Subject: [PATCH] Make SSL certs in INIT mode if any part doesn't exist

---
 .gitignore                        |  8 ++------
 server/files/entrypoint_apache.sh | 13 +++++++++++++
 ssl/generate.sh                   |  7 -------
 3 files changed, 15 insertions(+), 13 deletions(-)
 delete mode 100755 ssl/generate.sh

diff --git a/.gitignore b/.gitignore
index 95c8248..0121696 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,12 +1,8 @@
 logs/
-ssl/cert.pem
-ssl/chain.pem
-ssl/dhparams.pem
-ssl/key.pem
+files/
+ssl/
 server-configs/database.php
 server-configs/config.php
 server-configs/bootstrap.php
 server-configs/core.php
 server-configs/config.php.bk
-files/INIT
-files/[0-9]*
diff --git a/server/files/entrypoint_apache.sh b/server/files/entrypoint_apache.sh
index 868eff6..cfd89b0 100755
--- a/server/files/entrypoint_apache.sh
+++ b/server/files/entrypoint_apache.sh
@@ -45,6 +45,18 @@ init_misp_files(){
     fi
 }
 
+init_ssl() {
+    if [[ (! -f /etc/apache2/ssl/dhparams.pem) ||
+          (! -f /etc/apache2/ssl/cert.pem) ||
+          (! -f /etc/apache2/ssl/key.pem) ||
+          (! -f /etc/apache2/ssl/chain.pem) ]]; then
+        cd /etc/apache2/ssl
+        openssl dhparam -out dhparams.pem 2048
+        openssl req -x509 -subj '/CN=localhost' -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
+        cp cert.pem chain.pem
+    fi
+}
+
 init_mysql(){
     # Test when MySQL is ready....
     # wait for Database come ready
@@ -78,6 +90,7 @@ start_apache() {
 if [[ "$INIT" == true ]]; then
     echo "Import MySQL scheme..." && init_mysql
     echo "Setup MISP files dir..." && init_misp_files
+    echo "Ensure SSL certs exist..." && init_ssl
 fi
 
 # Things we should do if we're configuring MISP via ENV
diff --git a/ssl/generate.sh b/ssl/generate.sh
deleted file mode 100755
index 783fe5e..0000000
--- a/ssl/generate.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-
-
-echo "Seriously, don't use this"
-openssl dhparam -out dhparams.pem 2048
-openssl req -x509 -subj '/CN=localhost' -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
-cp cert.pem chain.pem