Allow use of hostname instead of local IP

Author: gfour

run-issuer.sh

@@ -1,11 +1,18 @@
 #!/usr/bin/env bash
 
-HOST_IP=$(<.config.ip)
+if [ -f ".config.hostname" ]; then
+    HOST=$(<.config.hostname)
+elif [ -f ".config.ip" ]; then
+    HOST=$(<.config.ip)
+else
+    echo "Missing server setup, run setup_issuer.sh"
+    exit
+fi
 
 source .venv/bin/activate
 export REQUESTS_CA_BUNDLE=$(realpath iaca.pem)
-export SERVICE_URL="https://${HOST_IP}:5000/"
+export SERVICE_URL="https://${HOST}:5000/"
 export EIDAS_NODE_URL="https://TODO1/"
 export DYNAMIC_PRESENTATION_URL="https://TODO2/"
 
-flask --app app run --cert=cert.pem --key=key.pem --host="$HOST_IP"
+flask --app app run --cert=cert.pem --key=key.pem --host="$HOST"

scripts/setup-cert.sh

@@ -35,6 +35,11 @@ function install_certificates() {
 
 function generate_config_file()
 {
+    if [ "${HOSTNAME}" != "" ]; then
+        DNS_ALT_NAME="DNS.1 = ${HOSTNAME}"
+    else
+        DNS_ALT_NAME=""
+    fi
     cat << EOF
 [req]
 default_bits = 2048
@@ -63,7 +68,8 @@ extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection
 subjectAltName = @alt_names
 
 [alt_names]
-IP.1 = ${LOCAL_ADDR}
+IP.1 = ${IP}
+${DNS_ALT_NAME}
 EOF
 }
 
@@ -113,21 +119,36 @@ function generate_ssl_certificate() {
 
     if [ $CUSTOM_ROOT_CA -eq 1 ]; then
         echo "== Verifying the certificate using root CA ${LOCAL_ROOT_CA} =="
-        openssl verify -CAfile ${LOCAL_ROOT_CA} -purpose sslserver -verify_ip ${LOCAL_ADDR} ${CRT}
+        openssl verify -CAfile ${LOCAL_ROOT_CA} -purpose sslserver -verify_ip ${IP} ${CRT}
     fi
 }
 
 if [ "$1" == "-h" ]; then
     echo "Set up the certificate of the issuer"
-    echo "Usage: setup-cert.sh [LOCAL_IP]"
+    echo "Usage: setup-cert.sh [IP] [HOSTNAME]"
     exit
-elif [ "$1" == "" ]; then
+fi
+
+# IP setup
+rm -f .config.ip
+if [ "$1" == "" ]; then
     echo $(./resolve-ip.sh) > .config.ip
 else
     echo $1 > .config.ip
 fi
-
-LOCAL_ADDR=$(cat .config.ip)
+IP=$(cat .config.ip)
+
+# Hostname setup
+rm -f .config.hostname
+if [ "$2" != "" ]; then
+    HOSTNAME=$2
+    LOCAL_ADDR=${HOSTNAME}
+    echo "Using local hostname: ${LOCAL_ADDR}"
+    echo ${LOCAL_ADDR} > .config.hostname
+else
+    HOSTNAME=
+    LOCAL_ADDR=${IP}
+fi
 echo "Using local address: ${LOCAL_ADDR}"
 
 generate_ssl_certificate

scripts/setup-issuer-metadata.sh

@@ -1,15 +1,15 @@
 #!/usr/bin/env bash
 
 if [ "$1" == "-h" ]; then
-    echo "Usage: setup-issuer-metadata.sh [IP]"
+    echo "Usage: setup-issuer-metadata.sh [ISSUER]"
     echo
-    echo "IP      the local IP of the issuer, empty for autodetection"
+    echo "IP      the local IP/hostname of the issuer, empty for IP autodetection"
     exit
 elif [ "$1" == "" ]; then
-    IP=$(cat .config.ip)
+    LOCAL_ADDR=$(cat .config.ip)
 else
-    IP=$1
+    LOCAL_ADDR=$1
 fi
 
 git restore app/metadata_config/metadata_config.json app/metadata_config/oauth-authorization-server.json app/metadata_config/openid-configuration.json
-git grep issuer.eudiw.dev | fgrep --color=none .json | cut -d ':' -f 1 | sort -u | xargs sed -i -e "s/https:\/\/issuer.eudiw.dev/https:\/\/${IP}:5000/g"
+git grep issuer.eudiw.dev | fgrep --color=none .json | cut -d ':' -f 1 | sort -u | xargs sed -i -e "s/https:\/\/issuer.eudiw.dev/https:\/\/${LOCAL_ADDR}:5000/g"

setup-issuer.sh

@@ -1,14 +1,20 @@
 #!/usr/bin/env bash
 
 if [ "$1" == "-h" ]; then
-    echo "Usage: setup-issuer.sh [IP]"
+    echo "Usage: setup-issuer.sh [IP] [HOSTNAME]"
     echo
-    echo "IP      the local IP of the issuer, empty for autodetection"
+    echo "IP         the local IP of the issuer, empty for autodetection"
+    echo "HOSTNAME   the hostname of the issuer (optional)"
     exit
 fi
 
 ./scripts/setup-venv.sh
-./scripts/setup-cert.sh $1
+./scripts/setup-cert.sh $1 $2
 cp app/app_config/__config_secrets.py app/app_config/config_secrets.py
 
-./scripts/setup-issuer-metadata.sh $1
+if [ "$2" != "" ]; then
+    ISSUER_LOCATION=$2
+else
+    ISSUER_LOCATION=$1
+fi
+./scripts/setup-issuer-metadata.sh ${ISSUER_LOCATION}