diff --git a/container_files/httpd/ssl-enabled.conf b/container_files/httpd/ssl-enabled.conf index 41bcad4b..cd894c94 100644 --- a/container_files/httpd/ssl-enabled.conf +++ b/container_files/httpd/ssl-enabled.conf @@ -5,7 +5,7 @@ SSLHonorCipherOrder on SSLCompression off # OCSP Stapling, only in httpd 2.3.3 and later -SSLUseStapling on +SSLUseStapling __GROUPER_SSL_USE_STAPLING__ SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000) @@ -17,11 +17,11 @@ __GROUPER_PROXY_PASS__ RewriteEngine on __GROUPER_PROXY_PASS__ RewriteRule "^/$" "/grouper/" [R] SSLEngine on - SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem + SSLCertificateChainFile __GROUPER_SSL_CHAIN_FILE__ - SSLCertificateFile /etc/pki/tls/certs/host-cert.pem + SSLCertificateFile __GROUPER_SSL_CERT_FILE__ - SSLCertificateKeyFile /etc/pki/tls/private/host-key.pem + SSLCertificateKeyFile __GROUPER_SSL_KEY_FILE__ # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security "max-age=15768000" diff --git a/container_files/tier-support/ssl-enabled.conf b/container_files/tier-support/ssl-enabled.conf deleted file mode 100644 index c172b744..00000000 --- a/container_files/tier-support/ssl-enabled.conf +++ /dev/null @@ -1,22 +0,0 @@ -SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 -SSLHonorCipherOrder on -SSLCompression off -# OCSP Stapling, only in httpd 2.3.3 and later -SSLUseStapling on -SSLStaplingResponderTimeout 5 -SSLStaplingReturnResponderErrors off -SSLStaplingCache shmcb:/var/run/ocsp(128000) -Listen __GROUPER_APACHE_SSL_PORT__ https - - -__GROUPER_PROXY_PASS__ RewriteEngine on -__GROUPER_PROXY_PASS__ RewriteRule "^/$" "/grouper/" [R] - - SSLEngine on - #SSLCertificateChainFile /etc/pki/tls/certs/localhost.crt - SSLCertificateFile /etc/pki/tls/certs/localhost.crt - SSLCertificateKeyFile /etc/pki/tls/private/localhost.key - # HSTS (mod_headers is required) (15768000 seconds = 6 months) - Header always set Strict-Transport-Security "max-age=15768000" - diff --git a/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh b/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh index e489efbb..8667e40c 100644 --- a/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh +++ b/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh @@ -19,8 +19,19 @@ testContainerSelfSigned() { docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_LOG_TO_HOST=true $imageName ui sleep $globalSleepSecondsAfterRun + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLUseStapling on" + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateFile /etc/pki/tls/certs/localhost.crt" + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateKeyFile /etc/pki/tls/private/localhost.key" + assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateChainFile" + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https" + assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__" assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt + assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "false" + assertEnvVar GROUPER_SSL_CERT_FILE "/etc/pki/tls/certs/localhost.crt" + assertEnvVar GROUPER_SSL_KEY_FILE "/etc/pki/tls/private/localhost.key" + assertEnvVar GROUPER_SSL_USE_STAPLING "true" + assertFileContains /etc/httpd/conf.d/grouper-www.conf "ProxyPass /grouper ajp://localhost:8009/grouper timeout=3600" assertFileContains /etc/httpd/conf.d/grouper-www.conf "#ProxyPass /grouper-ws ajp://localhost:8009/grouper timeout=3600" diff --git a/container_files/tier-support/test/grouperContainerUnitTestSlashRoot.sh b/container_files/tier-support/test/grouperContainerUnitTestSlashRoot.sh index b30201c4..8b32ab56 100644 --- a/container_files/tier-support/test/grouperContainerUnitTestSlashRoot.sh +++ b/container_files/tier-support/test/grouperContainerUnitTestSlashRoot.sh @@ -20,12 +20,17 @@ testContainerSlashRoot() { rm -rf someDir mkdir -p someDir/tmp echo 'whatever' > someDir/tmp/temp.txt + mkdir -p someDir/opt/grouper/grouperWebapp/WEB-INF/classes + echo 'someSettings' > someDir/opt/grouper/grouperWebapp/WEB-INF/classes/log4j_additional.properties docker run --detach --name $containerName --mount type=bind,src=$someDir,dst=/opt/grouper/slashRoot --publish 443:443 $imageName ui sleep $globalSleepSecondsAfterRun assertFileExists /tmp/temp.txt + assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "someSettings" + + #rm -rf someDir } diff --git a/container_files/tier-support/test/grouperContainerUnitTestUi.sh b/container_files/tier-support/test/grouperContainerUnitTestUi.sh index 08e0f1a8..5d46d66e 100644 --- a/container_files/tier-support/test/grouperContainerUnitTestUi.sh +++ b/container_files/tier-support/test/grouperContainerUnitTestUi.sh @@ -30,8 +30,6 @@ testContainerUi() { assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar" assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar" - assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https" - assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__" assertFileContains /etc/httpd/conf/httpd.conf "Listen 80" assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp" assertFileContains /opt/tier-support/supervisord.conf "program:tomee" @@ -39,8 +37,20 @@ testContainerUi() { assertFileContains /opt/tier-support/supervisord.conf "user=shibd" assertFileNotContains /opt/tier-support/supervisord.conf "program:hsqldb" assertFileNotContains /opt/tier-support/supervisord.conf "__" - assertFileContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem + + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLUseStapling on" + assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem" + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateFile /etc/pki/tls/certs/host-cert.pem" + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateKeyFile /etc/pki/tls/private/host-key.pem" + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https" + assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__" + assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt + assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "false" + assertEnvVar GROUPER_SSL_CERT_FILE "/etc/pki/tls/certs/host-cert.pem" + assertEnvVar GROUPER_SSL_KEY_FILE "/etc/pki/tls/certs/cachain.pem" + assertEnvVarNot GROUPER_SSL_CHAIN_FILE "/etc/pki/tls/certs/cachain.pem" + assertEnvVar GROUPER_SSL_USE_STAPLING "true" assertFileContains /opt/tomee/conf/Catalina/localhost/grouper.xml 'cookies="true"' diff --git a/container_files/tier-support/test/grouperContainerUnitTestUi2.sh b/container_files/tier-support/test/grouperContainerUnitTestUi2.sh new file mode 100644 index 00000000..fd90b50d --- /dev/null +++ b/container_files/tier-support/test/grouperContainerUnitTestUi2.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +testContainerUi2() { + + if [ "$#" -ne 0 ]; then + echo "You must enter exactly 0 command line arguments" + exit 1 + fi + + dockerRemoveContainer + + echo + echo '################' + echo Running container as ui + echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain $imageName ui" + echo '################' + echo + + docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain $imageName ui + sleep $globalSleepSecondsAfterRun + + + assertFileContains /opt/tomee/conf/server.xml 'address="0.0.0.0"' + assertFileContains /opt/tomee/conf/server.xml 'allowedRequestAttributesPattern=".*"' + + assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar + assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar + assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar + assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar + assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar" + assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar" + + assertFileContains /etc/httpd/conf/httpd.conf "Listen 80" + assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp" + assertFileContains /opt/tier-support/supervisord.conf "program:tomee" + assertFileContains /opt/tier-support/supervisord.conf "program:httpd" + assertFileContains /opt/tier-support/supervisord.conf "user=shibd" + assertFileNotContains /opt/tier-support/supervisord.conf "program:hsqldb" + assertFileNotContains /opt/tier-support/supervisord.conf "__" + + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLUseStapling off" + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateFile /a/b/cert" + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateKeyFile /a/b/key" + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateChainFile /a/b/chain" + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https" + assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__" + assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem + assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt + assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "true" + assertEnvVar GROUPER_SSL_CERT_FILE "/a/b/cert" + assertEnvVar GROUPER_SSL_KEY_FILE "/a/b/key" + assertEnvVar GROUPER_SSL_CHAIN_FILE "/a/b/chain" + assertEnvVar GROUPER_SSL_USE_STAPLING "false" + + assertNumberOfTomcatProcesses 1 + # bad cert apache wont start + assertNumberOfApacheProcesses 0 + assertNumberOfShibProcesses 1 + + assertNotListeningOnPort 443 + assertNotListeningOnPort 80 + assertListeningOnPort 8009 + assertNotListeningOnPort 9001 + assertListeningOnPort 8080 + #assertListeningOnPort 8005 + + +} +export -f testContainerUi2 diff --git a/container_files/tier-support/test/rebuildTestContainer.sh b/container_files/tier-support/test/rebuildTestContainer.sh index d5ee7892..0396b87f 100644 --- a/container_files/tier-support/test/rebuildTestContainer.sh +++ b/container_files/tier-support/test/rebuildTestContainer.sh @@ -17,6 +17,12 @@ export reldir=`dirname $0` mkdir -p $reldir/slashRoot/usr/local/bin rsync -avzpl $grouperContainerGitPath/container_files/usr-local-bin/* $reldir/slashRoot/usr/local/bin +mkdir -p $reldir/slashRoot/etc/httpd/conf.d +rsync -avzpl $grouperContainerGitPath/container_files/httpd/ssl-enabled.conf $reldir/slashRoot/etc/httpd/conf.d + +mkdir -p $reldir/slashRoot/opt/tier-support/originalFiles +rsync -avzpl $reldir/etc/httpd/conf.d/ssl-enabled.conf $reldir/slashRoot/opt/tier-support/originalFiles + rsync -avzpl $grouperContainerGitPath/container_files/tier-support/test/grouper*.sh $reldir #mkdir -p $reldir/slashRoot/opt/tomee/conf diff --git a/container_files/usr-local-bin/libraryPrep.sh b/container_files/usr-local-bin/libraryPrep.sh index 14f7a284..f7e9d05b 100644 --- a/container_files/usr-local-bin/libraryPrep.sh +++ b/container_files/usr-local-bin/libraryPrep.sh @@ -96,6 +96,7 @@ prep_daemon() { } prep_scim() { + if [ -z "$GROUPER_SCIM" ]; then echo "grouperContainer; INFO: (libraryPrep.sh-prep_scim) export GROUPER_SCIM=true" export GROUPER_SCIM=true @@ -111,6 +112,7 @@ prep_scim() { } prep_ui() { + if [ -z "$GROUPER_UI" ]; then echo "grouperContainer; INFO: (libraryPrep.sh-prep_ui) export GROUPER_UI=true" export GROUPER_UI=true @@ -174,6 +176,7 @@ prep_runScim() { prep_ws() { + if [ -z "$GROUPER_WS" ]; then echo "grouperContainer; INFO: (libraryPrep.sh-prep_ws) export GROUPER_WS=true" export GROUPER_WS=true @@ -293,6 +296,80 @@ prep_finishBegin() { echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_USE_SSL=true" export GROUPER_USE_SSL=true fi + if [ "$GROUPER_USE_SSL" = "true" ]; then + if [ -z "$GROUPER_SELF_SIGNED_CERT" ] && [ -z "$GROUPER_SSL_CERT_FILE" ] && [ ! -f /etc/pki/tls/certs/host-cert.pem ] ; then + + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) GROUPER_SELF_SIGNED_CERT and GROUPER_SSL_CERT_FILE are not specified and /etc/pki/tls/certs/host-cert.pem does not exist, so: export GROUPER_SELF_SIGNED_CERT=true" + export GROUPER_SELF_SIGNED_CERT=true + + fi + if [ "$GROUPER_SELF_SIGNED_CERT" = "true" ]; then + + # default the cert path to self signed and no chain file + if [ -z "$GROUPER_SSL_CERT_FILE" ] ; then + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/localhost.crt" + export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/localhost.crt + fi + if [ -z "$GROUPER_SSL_KEY_FILE" ] ; then + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/localhost.key" + export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/localhost.key + fi + if [ -z "$GROUPER_SSL_CHAIN_FILE" ] && [ -z "$GROUPER_SSL_USE_CHAIN_FILE" ] ; then + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=false" + export GROUPER_SSL_USE_CHAIN_FILE=false + fi + + fi + # default the cert path + if [ -z "$GROUPER_SSL_CERT_FILE" ] ; then + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem" + export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem + fi + if [ -z "$GROUPER_SSL_KEY_FILE" ] ; then + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/host-key.pem" + export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/host-key.pem + fi + if [ -z "$GROUPER_SSL_CHAIN_FILE" ] ; then + + if [ -f /etc/pki/tls/certs/cachain.pem ]; then + + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=true" + export GROUPER_SSL_USE_CHAIN_FILE=true + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CHAIN_FILE=/etc/pki/tls/certs/cachain.pem" + export GROUPER_SSL_CHAIN_FILE=/etc/pki/tls/certs/cachain.pem + else + + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=false" + export GROUPER_SSL_USE_CHAIN_FILE=false + + fi + fi + if [ -z "$GROUPER_SSL_USE_CHAIN_FILE" ] ; then + + if [ -z "$GROUPER_SSL_CHAIN_FILE" ]; then + + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=false" + export GROUPER_SSL_USE_CHAIN_FILE=false + + else + + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=true" + export GROUPER_SSL_USE_CHAIN_FILE=true + + fi + + fi + if [ -z "$GROUPER_SSL_USE_STAPLING" ] ; then + + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_STAPLING=true" + export GROUPER_SSL_USE_STAPLING=true + + fi + + fi + + + if [ -z "$GROUPER_RUN_PROCESSES_AS_USERS" ]; then echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_RUN_PROCESSES_AS_USERS=true" export GROUPER_RUN_PROCESSES_AS_USERS=true @@ -315,8 +392,6 @@ prep_finishBegin() { echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_APACHE_AJP_TIMEOUT_SECONDS=3600" export GROUPER_APACHE_AJP_TIMEOUT_SECONDS=3600 fi - - if [ -z "$GROUPER_APACHE_SSL_PORT" ] ; then echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_APACHE_SSL_PORT=443" export GROUPER_APACHE_SSL_PORT=443 diff --git a/container_files/usr-local-bin/librarySetupFiles.sh b/container_files/usr-local-bin/librarySetupFiles.sh index 092e02fb..34bacdee 100644 --- a/container_files/usr-local-bin/librarySetupFiles.sh +++ b/container_files/usr-local-bin/librarySetupFiles.sh @@ -49,6 +49,14 @@ setupFiles_localLogging() { echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties is not the original file so will not be edited" fi fi + if [ -f /opt/grouper/grouperWebapp/WEB-INF/classes/log4j_additional.properties ]; then + echo >> /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties + cat /opt/grouper/grouperWebapp/WEB-INF/classes/log4j_additional.properties >> /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties + returnCode=$? + echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) cat /opt/grouper/grouperWebapp/WEB-INF/classes/log4j_additional.properties >> /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties, result: $returnCode" + if [ $returnCode != 0 ]; then exit $returnCode; fi + + fi } diff --git a/container_files/usr-local-bin/librarySetupFilesApache.sh b/container_files/usr-local-bin/librarySetupFilesApache.sh index a997a2fa..90a66f28 100644 --- a/container_files/usr-local-bin/librarySetupFilesApache.sh +++ b/container_files/usr-local-bin/librarySetupFilesApache.sh @@ -21,20 +21,6 @@ setupFilesApache_indexes() { } -setupFilesApache_selfSignedCert() { - if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_SELF_SIGNED_CERT" = "true" ] && [ "$GROUPER_USE_SSL" = "true" ] - then - if [ "$GROUPER_ORIGFILE_SSL_ENABLED_CONF" = "true" ]; then - cp /opt/tier-support/ssl-enabled.conf /etc/httpd/conf.d/ - returnCode=$? - echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_selfSignedCert) cp /opt/tier-support/ssl-enabled.conf /etc/httpd/conf.d/ , result: $?" - if [ $returnCode != 0 ]; then exit $returnCode; fi - else - echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_selfSignedCert) /opt/tier-support/ssl-enabled.conf is not the original file so will not be edited" - fi - fi -} - setupFilesApache_ssl() { if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_USE_SSL" != "true" ] then @@ -53,6 +39,48 @@ setupFilesApache_ssl() { if [ $returnCode != 0 ]; then exit $returnCode; fi fi fi + if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_USE_SSL" = "true" ] && [ -f /etc/httpd/conf.d/ssl-enabled.conf ] && [ "$GROUPER_ORIGFILE_SSL_ENABLED_CONF" = "true" ] ; then + + if [ "$GROUPER_SSL_USE_STAPLING" = "true" ]; then + sed -i "s|__GROUPER_SSL_USE_STAPLING__|on|g" /etc/httpd/conf.d/ssl-enabled.conf + returnCode=$? + echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) sed -i \"s|__GROUPER_SSL_USE_STAPLING__|on|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?" + if [ $returnCode != 0 ]; then exit $returnCode; fi + else + sed -i "s|__GROUPER_SSL_USE_STAPLING__|off|g" /etc/httpd/conf.d/ssl-enabled.conf + returnCode=$? + echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) sed -i \"s|__GROUPER_SSL_USE_STAPLING__|on|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?" + if [ $returnCode != 0 ]; then exit $returnCode; fi + + fi + + sed -i "s|__GROUPER_SSL_CERT_FILE__|$GROUPER_SSL_CERT_FILE|g" /etc/httpd/conf.d/ssl-enabled.conf + returnCode=$? + echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) Set cert file: sed -i \"s|SSLCertificateChainFile __GROUPER_SSL_CERT_FILE__|$GROUPER_SSL_CERT_FILE|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?" + if [ $returnCode != 0 ]; then exit $returnCode; fi + + sed -i "s|__GROUPER_SSL_KEY_FILE__|$GROUPER_SSL_KEY_FILE|g" /etc/httpd/conf.d/ssl-enabled.conf + returnCode=$? + echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) Set cert file: sed -i \"s|SSLCertificateChainFile __GROUPER_SSL_KEY_FILE__|$GROUPER_SSL_KEY_FILE|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?" + if [ $returnCode != 0 ]; then exit $returnCode; fi + + if [ "$GROUPER_SSL_USE_CHAIN_FILE" = "true" ]; then + + sed -i "s|__GROUPER_SSL_CHAIN_FILE__|$GROUPER_SSL_CHAIN_FILE|g" /etc/httpd/conf.d/ssl-enabled.conf + returnCode=$? + echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) No chain setting: sed -i \"s|SSLCertificateChainFile __GROUPER_SSL_CHAIN_FILE__|$GROUPER_SSL_CHAIN_FILE|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?" + if [ $returnCode != 0 ]; then exit $returnCode; fi + + + else + sed -i "s|SSLCertificateChainFile __GROUPER_SSL_CHAIN_FILE__||g" /etc/httpd/conf.d/ssl-enabled.conf + returnCode=$? + echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) No chain setting: sed -i \"s|SSLCertificateChainFile __GROUPER_SSL_CHAIN_FILE__||g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?" + if [ $returnCode != 0 ]; then exit $returnCode; fi + + fi + + fi } @@ -88,7 +116,7 @@ setupFilesApache_ports() { # filter the ssl config for ssl port - if [ "$GROUPER_RUN_APACHE" = "true" ] && [ -f /etc/httpd/conf.d/ssl-enabled.conf ] + if [ "$GROUPER_RUN_APACHE" = "true" ] && [ -f /etc/httpd/conf.d/ssl-enabled.conf ] && [ "$GROUPER_ORIGFILE_SSL_ENABLED_CONF" = "true" ] then sed -i "s|__GROUPER_APACHE_SSL_PORT__|$GROUPER_APACHE_SSL_PORT|g" /etc/httpd/conf.d/ssl-enabled.conf returnCode=$? @@ -109,7 +137,6 @@ setupFilesApache_ports() { setupFilesApache() { setupFilesApache_supervisor - setupFilesApache_selfSignedCert setupFilesApache_ports setupFilesApache_ssl setupFilesApache_serverName @@ -120,7 +147,6 @@ setupFilesApache_unsetAll() { unset -f setupFilesApache unset -f setupFilesApache_indexes unset -f setupFilesApache_ports - unset -f setupFilesApache_selfSignedCert unset -f setupFilesApache_ssl unset -f setupFilesApache_supervisor unset -f setupFilesApache_unsetAll @@ -131,7 +157,6 @@ setupFilesApache_exportAll() { export -f setupFilesApache export -f setupFilesApache_indexes export -f setupFilesApache_ports - export -f setupFilesApache_selfSignedCert export -f setupFilesApache_ssl export -f setupFilesApache_supervisor export -f setupFilesApache_unsetAll