configure

#!/bin/bash

set -e

cd /

EXAMPLES=$(cat <<- EOF
Example:
  Docker:

    docker run -v <path>/saml_idp.xml:/etc/httpd/conf.d/saml_idp.xml -e BACKEND=https://api.example.com:8443 barnabassudy/saml-proxy

  Docker-compose:

    version: "2"
    services:
      yourservice:
          ...
      saml-proxy:
          image: "barnabassudy/saml-proxy"
          environment:
              BACKEND: "http://yourservice:port"
          ports:
              - "80:80"
          volumes:
              - "<path>/saml_idp.xml:/etc/httpd/conf.d/saml_idp.xml"
EOF
)
if [ ! -z "$IDP_METADATA" ]; then
   wget -O /etc/httpd/conf.d/saml_idp.xml "$IDP_METADATA"
fi
if [ ! -f /etc/httpd/conf.d/saml_idp.xml ]; then
    echo -e "No saml_idp.xml file found.\n\n" \
            "In order to get the proxy running you must provide a saml_idp.xml file\n" \
            "in /etc/httpd/conf.d/ directory.\n\n" \
            "$EXAMPLES"
    exit 1
fi

if [ -z "$BACKEND" ]; then
    echo -e "No BACKEND environement variable is set.\n\n" \
            "In order to get the proxy running you must provide a BACKEND environment variable.\n\n" \
            "$EXAMPLES"
    exit 1
fi


# Get environment
export REAL_HOST=`hostname -f`
export SCHEMA=${SCHEMA:-https}
export HOST=${PROXY_HOST:-$REAL_HOST}
export realm=`echo $HOST | tr [a-z] [A-Z]`
export BACKEND=${BACKEND:-https://api.example.com:8443}
export MELLON_PATH=${MELLON_PATH:-mellon}

# Create mod_auth_mellon service provider config
if [ -f /etc/httpd/conf.d/saml_sp.key ] || [ -f /etc/httpd/conf.d/saml_sp.cert ] || [ -f /etc/httpd/conf.d/saml_sp.xml ]; then
    if [ ! -f /etc/httpd/conf.d/saml_sp.key ]; then
        echo "/etc/httpd/conf.d/saml_sp.key file is not provided."
        exit 1
    fi
    if [ ! -f /etc/httpd/conf.d/saml_sp.cert ]; then
        echo "/etc/httpd/conf.d/saml_sp.cert file is not provided."
        exit 1
    fi
    if [ ! -f /etc/httpd/conf.d/saml_sp.xml ]; then
        echo "/etc/httpd/conf.d/saml_sp.xml file is not provided."
        exit 1
    fi
else
    pushd /etc/httpd/conf.d
    echo -e "Generating new service provider certificate.\n\n" \
            "In order to avoid generating new certificate every time. You can provide the following files as volumes:\n" \
            " * /etc/httpd/conf.d/saml_sp.key - private key\n" \
            " * /etc/httpd/conf.d/saml_sp.cert - certificate\n" \
            " * /etc/httpd/conf.d/saml_sp.xml - SAML SP xml\n\n" \
            "The files can be generated by https://github.com/bsudy/saml-proxy/blob/master/mellon_create_metadata.sh script.\n\n" \
            "  mellon_create_metadata.sh ${SCHEMA}://${HOST} ${SCHEMA}://${HOST}/${MELLON_PATH}\n\n" \
            "--------------------------------------------------\n"
    /usr/sbin/mellon_create_metadata.sh ${SCHEMA}://${HOST} ${SCHEMA}://${HOST}/${MELLON_PATH}
    mv ${SCHEMA}_${HOST}.cert saml_sp.cert -f
    mv ${SCHEMA}_${HOST}.key saml_sp.key -f
    mv ${SCHEMA}_${HOST}.xml saml_sp.xml -f
    popd
fi

REQUEST_HEADERS=""

for varname in ${!SAML_MAP_*}
do
    declare -n REQUEST_HEADER_NAME=$varname
    SAML_ATTR=${varname:9}
    echo "Mapping $SAML_ATTR attribute to $REQUEST_HEADER_NAME request header"

    REQUEST_HEADER_CONFIG=$(cat << EOF
    RequestHeader set ${REQUEST_HEADER_NAME} %{MELLON_$SAML_ATTR}e env=MELLON_$SAML_ATTR
EOF
)
    REQUEST_HEADERS=$(echo -e "$REQUEST_HEADERS\n$REQUEST_HEADER_CONFIG")
done
export REQUEST_HEADERS

# configure Apache proxy and auth
cat /etc/httpd/conf.d/proxy.conf.template | envsubst '$SCHEMA,$HOST,$BACKEND,$MELLON_PATH,$REQUEST_HEADERS,$CUSTOM_CONFIG' > /etc/httpd/conf.d/proxy.conf

# Start apache
exec httpd -DFOREGROUND