FROM centos:centos7

ENV MDA_VERSION=0.9.2 \
    XMLSECTOOL_VERSION=2.0.0 \
    INC_MDQ_BRANCH=master

ENV MDA_URL=https://shibboleth.net/downloads/metadata-aggregator/latest/aggregator-cli-$MDA_VERSION-bin.zip \
    INC_MDQ_URL=https://github.internet2.edu/InCommon/inc-meta/archive/$INC_MDQ_BRANCH.zip \
    INC_MD_URL=http://md.incommon.org/InCommon/InCommon-metadata.xml \
    INC_VERIFY_CRT_URL=https://ds.incommon.org/certs/inc-md-cert.pem \
    INC_MD_VERIFIED_PATH=/metadata/inc-metadata.xml \
    XMLSECTOOL_URL=http://shibboleth.net/downloads/tools/xmlsectool/latest/xmlsectool-$XMLSECTOOL_VERSION-bin.zip \
    XMLSECTOOL_PATH=/xmlsectool/xmlsectool.sh \
    JAVA_HOME=/ \
    JVMOPTS=-Xmx512m \
    MDQ_HOME=/mda/inc/inc-meta/ \
    WWW_HOME=/mdqwww \
    CERTGEN_MDQSIGN_SUBJECT=/C=US/ST=State/L=City/O=OrgName/CN=mdqsigning.example.org \
    CERTGEN_WWW_SUBJECT=/C=US/ST=State/L=City/O=OrgName/CN=mdqweb.example.org

RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime && \
    echo "NETWORKING=yes" > /etc/sysconfig/network && \
    rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \
    yum -y install net-tools wget curl tar unzip mlocate logrotate strace man unzip vim wget rsyslog openssl openssl-devel wget java ant httpd mod_ssl supervisor cron && \
    yum -y clean all && update-ca-trust force-enable

RUN mkdir -p /tmp/mda && pushd /tmp/mda && \
	# download files
	wget -q https://shibboleth.net/downloads/PGP_KEYS \
           $MDA_URL \ 
           $MDA_URL.asc $XMLSECTOOL_URL $XMLSECTOOL_URL.asc && \
        # Perform verifications
        gpg --import PGP_KEYS && \
        gpg aggregator-cli-$MDA_VERSION-bin.zip.asc && \
	gpg --batch --verify aggregator-cli-$MDA_VERSION-bin.zip.asc aggregator-cli-$MDA_VERSION-bin.zip && \
	gpg --batch --verify xmlsectool-$XMLSECTOOL_VERSION-bin.zip.asc xmlsectool-$XMLSECTOOL_VERSION-bin.zip && \
        # Unzip
        unzip aggregator-cli-$MDA_VERSION-bin.zip && \
        unzip xmlsectool-$XMLSECTOOL_VERSION-bin.zip && \
        # move/rename
	mv /tmp/mda/aggregator-cli-$MDA_VERSION /aggregator-cli-$MDA_VERSION && ln -s /aggregator-cli-$MDA_VERSION /mda && rm -f aggregator-cli-$MDA_VERSION-bin.zip && \
        mv /tmp/mda/xmlsectool-$XMLSECTOOL_VERSION/ /xmlsectool/ && \
        rm -rf /tmp/mda/* && rmdir /tmp/mda && mkdir -p /mda/inc && mkdir -p /keys && mkdir -p ${WWW_HOME}/entities

ADD $INC_MDQ_URL /mda/inc
ADD $INC_VERIFY_CRT_URL /keys/
COPY container_files/genMD.sh /usr/local/bin/
COPY container_files/setupcron.sh /usr/local/bin/
COPY container_files/startup.sh /usr/local/bin/
COPY container_files/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

RUN chmod 755 /usr/local/bin/genMD.sh && chmod 755 /usr/local/bin/startup.sh && \
    cd /mda/inc && unzip $INC_MDQ_BRANCH.zip && mv inc-meta-$INC_MDQ_BRANCH inc-meta && \
    rm -f /tmp/xmlsectool-$XMLSECTOOL_VERSION-bin.zip && rm $INC_MDQ_BRANCH.zip && mkdir -p /metadata && \
    chmod 755 /usr/local/bin/setupcron.sh && /usr/local/bin/setupcron.sh && rm -f /etc/httpd/conf.d/*.conf

COPY container_files/mdq-443.conf /etc/httpd/conf.d/virtual_host_443.conf
COPY container_files/build.properties ${MDQ_HOME}

EXPOSE 443

HEALTHCHECK --interval=2m --timeout=30s \
	CMD curl -k -I -H "Accept-Encoding: gzip" https://127.0.0.1/entities || exit 1

CMD ["/usr/local/bin/startup.sh"]