From d4f703b0fc030b79dc6526b4bffe23d9fa885d3d Mon Sep 17 00:00:00 2001
From: Rafael Taranto <rafael.taranto@protonmail.com>
Date: Sun, 11 Aug 2024 08:05:28 +0100
Subject: [PATCH] chore: reintroduced ca on the repo

---
 .gitignore                        | 34 -------------------------------
 Lamassu_CA.pem                    | 33 ++++++++++++++++++++++++++++++
 bin/lamassu-server-entrypoint.sh  |  3 ++-
 docker-compose.yaml               |  2 --
 tools/build-docker-certs.sh       |  5 +++++
 tools/cert-gen.sh                 |  1 +
 tools/digitalocean/migratedata.sh |  9 ++++++++
 7 files changed, 50 insertions(+), 37 deletions(-)
 create mode 100644 Lamassu_CA.pem

diff --git a/.gitignore b/.gitignore
index e8979698..da50d714 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,44 +1,10 @@
-lib-cov
-*.seed
-*.log
-*.csv
-*.dat
-*.out
-*.pid
-*.gz
-
-pids
-logs
-results
 node_modules
-npm-debug.log
-mochahelper.js
 
 .idea/
 .settings/
 
-dist
-.tmp
-.sass-cache
-app/bower_components
-options.mine.js
-
-.migrate
-.vagrant
-
-raqia.json
-
-scratch/
-seeds/
-mnemonics/
 certs/
-blockchains/
 tests/stress/machines
 tests/stress/config.json
-lamassu.json
 
-terraform.*
-.terraform
-
-db.json
 .env
diff --git a/Lamassu_CA.pem b/Lamassu_CA.pem
new file mode 100644
index 00000000..186f101f
--- /dev/null
+++ b/Lamassu_CA.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFxzCCA6+gAwIBAgIJAJKY0HTYYIToMA0GCSqGSIb3DQEBCwUAMEsxCzAJBgNV
+BAYTAklTMRIwEAYDVQQHEwlSZXlramF2aWsxEzARBgNVBAoTCkxhbWFzc3UgQ0Ex
+EzARBgNVBAMTCmxhbWFzc3UuaXMwHhcNMTcxMjEwMjI0ODA4WhcNMjcwOTA5MjI0
+ODA4WjBLMQswCQYDVQQGEwJJUzESMBAGA1UEBxMJUmV5a2phdmlrMRMwEQYDVQQK
+EwpMYW1hc3N1IENBMRMwEQYDVQQDEwpsYW1hc3N1LmlzMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAqtyxqhOYAp/nXyeUPezX4ojB5/Yh/Ut/4sScwnOP
+nlGcW6IhBZfd6G4EgSvskgReNwiLqDrqfLit00gp0SnJsA88jNslZDvp/X/POcwO
+lORn2mkjsBuCZG0hLAYzpql+fn3xxKPGkaCTLITo6LoX90e0Z6ApXqeB9XSlvybl
+BW3P1OSOv6LPG9n7nkBANV1rWgmYPBq15y4ddD33NAMpqXCmkB2i444bZQ2TUaNq
+J/6rul0btH1obLg6vR53ioDJxNBs0NEhHSev4YA6Cq8NxGZSpRdvygLFW3IQb5Np
+4qmfYptmA+KyU2/4pMjO3VFLUcDujOyEcguaBVK6eecrucSg8S6pNHodPo7Z3hTn
+HRUPSnPToNLisLOc2336dGKrfGaQTvBqLRihnQdNnmS5CRD9u9+Vzjz9VBe7C9lC
+V02aDV113npzjl/VeNVQWeiT8XchGI1TXPZD+MUXgymCOho0CxqwGpiNL5w+2XUC
+Rb9aWcdpxBHxeSPLhqvDRf1cEuokEOrE1JkHepGFJtZXKszkuznw/pzNdmv9Gjw1
+/5cvnmG/QGQ2rjkYEd/7wuDbH/Ta5hiqlZLYMniptH6kAldxqE5+CqmhTyI75BwS
+VLv0fZkM+QB5QxDbD5cQ2FJJetg1Q3J/Rkn8kzaIxI9b6slESph//kw1aFdj1Lwx
+JbcCAwEAAaOBrTCBqjAdBgNVHQ4EFgQUQkz413M5wHy53wcgYh4W7uWzboEwewYD
+VR0jBHQwcoAUQkz413M5wHy53wcgYh4W7uWzboGhT6RNMEsxCzAJBgNVBAYTAklT
+MRIwEAYDVQQHEwlSZXlramF2aWsxEzARBgNVBAoTCkxhbWFzc3UgQ0ExEzARBgNV
+BAMTCmxhbWFzc3UuaXOCCQCSmNB02GCE6DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4ICAQAaRBasuUneGcSmCGZ/oCgdMTTBzMK79fMWr8yRt4VShuFpGAd1
+s8VoUNsZizgucUPTGwi3QK2KogZia2Rjq0jjk4OV12Cbsx8wTntnT0oYIBJL2Bvj
+r2uxEfJJQqs2AVZMTrje+NiFnSlbINpEhxSUuDZzTY0+nPMZ7kSYCW13SHdO86rR
+yHIwhd2iCiVLkjBcsUAyJHioPufbDvHUNiXyH2E5dbRLsvhrpluPM6JtlBmUBU/E
+kK3Bq4+P4ZQ/VIfy8xuL8+hXWgB9lTrN8LZ/B40wGoRsZT2pq10xDVdmvYDseuAD
+2GiAnY7eP+AftTV6My7oBWG2IZYpy73qKlUundNt3b9gIAPPMpjAC/Scpq4vslBl
+rR/dMw8C5qsVdk9Ek85SO95y/4jJn1SMLQ0udcKO8G97h5JifrGUxdWH+sIkZTkN
+zDAz+K+3HpVeGGYeue+QvF+fQ7Fxj+h6bnMbHe0wc4Q8ZlOb5THj1Fq5YFOx3BoD
+Qzn9vuWQ0wCGN4uDG6zqwhhaXY7pt+jTproBwQCULy0UR7MFGzJ+WjwDcJkx3oGB
+WU93wi+56O/DYU4u/3wSqFfGTYQQRVl55hS0heWbwWywxdiHe8SgHjSyDDPps4EP
+BW1l+RG2QLoqo2TD8jKiJnfh2LiUpLeH5RTeGXfDyEksNzAUnN/fm280dw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/bin/lamassu-server-entrypoint.sh b/bin/lamassu-server-entrypoint.sh
index ac641f85..a5af9481 100644
--- a/bin/lamassu-server-entrypoint.sh
+++ b/bin/lamassu-server-entrypoint.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 
+FILE_1=/etc/ssl/certs/Lamassu_CA.pem
 FILE_2=/etc/ssl/certs/Lamassu_OP.pem
 FILE_3=/etc/ssl/certs/Lamassu_OP_Root_CA.pem
 FILE_4=/etc/ssl/certs/Lamassu_OP_Root_CA.srl
@@ -7,7 +8,7 @@ FILE_5=/etc/ssl/private/Lamassu_OP.key
 FILE_6=/etc/ssl/private/Lamassu_OP_Root_CA.key
 
 echo "Checking for the existence of certificates..."
-if [[ ! -f "$FILE_2" || ! -f "$FILE_3" || ! -f "$FILE_4" || ! -f "$FILE_5" || ! -f "$FILE_6" ]]; then
+if [[ ! -f "$FILE_1" || ! -f "$FILE_2" || ! -f "$FILE_3" || ! -f "$FILE_4" || ! -f "$FILE_5" || ! -f "$FILE_6" ]]; then
   echo "No Lamassu certificates found. Building them..."
   bash /lamassu-server/tools/build-docker-certs.sh
 fi
diff --git a/docker-compose.yaml b/docker-compose.yaml
index fb94b5f9..2aa0beb1 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -47,7 +47,6 @@ services:
       - ~/lamassu-data/files:/opt/lamassu-server
       - ~/lamassu-data/mnemonics:/etc/lamassu/mnemonics
       - ~/lamassu-data/ofac:/var/lamassu/ofac
-      - ~/lamassu-data/.migrate:/etc/lamassu/.migrate
       - ~/lamassu-data/blockchains:/mnt/blockchains
     networks:
       lamassu-network:
@@ -92,7 +91,6 @@ services:
       - ~/lamassu-data/files:/opt/lamassu-server
       - ~/lamassu-data/mnemonics:/etc/lamassu/mnemonics
       - ~/lamassu-data/ofac:/var/lamassu/ofac
-      - ~/lamassu-data/.migrate:/etc/lamassu/.migrate
       - ~/lamassu-data/blockchains:/mnt/blockchains
     networks:
       - lamassu-network
diff --git a/tools/build-docker-certs.sh b/tools/build-docker-certs.sh
index df2104df..eebd4599 100644
--- a/tools/build-docker-certs.sh
+++ b/tools/build-docker-certs.sh
@@ -6,6 +6,7 @@ export LOG_FILE=/tmp/install.log
 CERT_DIR=/etc/ssl/certs
 KEY_DIR=/etc/ssl/private
 CONFIG_DIR=/etc/lamassu
+LAMASSU_CA_PATH=$CERT_DIR/Lamassu_CA.pem
 CA_KEY_PATH=$KEY_DIR/Lamassu_OP_Root_CA.key
 CA_PATH=$CERT_DIR/Lamassu_OP_Root_CA.pem
 SERVER_KEY_PATH=$KEY_DIR/Lamassu_OP.key
@@ -81,3 +82,7 @@ openssl x509 \
 rm /tmp/Lamassu_OP.csr.pem
 
 mkdir -p $OFAC_DATA_DIR
+
+decho "Copying Lamassu certificate authority..."
+LAMASSU_CA_FILE=/lamassu-server/Lamassu_CA.pem
+cp $LAMASSU_CA_FILE $LAMASSU_CA_PATH
diff --git a/tools/cert-gen.sh b/tools/cert-gen.sh
index 9f18e0a9..9d3dcd4d 100755
--- a/tools/cert-gen.sh
+++ b/tools/cert-gen.sh
@@ -9,6 +9,7 @@ CONFIG_DIR=$HOME/.lamassu
 LOG_FILE=/tmp/cert-gen.log
 CERT_DIR=$PWD/certs
 KEY_DIR=$PWD/certs
+LAMASSU_CA_PATH=$PWD/Lamassu_CA.pem
 POSTGRES_PASS=postgres123
 OFAC_DATA_DIR=$CONFIG_DIR/ofac
 IDPHOTOCARD_DIR=$CONFIG_DIR/idphotocard
diff --git a/tools/digitalocean/migratedata.sh b/tools/digitalocean/migratedata.sh
index 20ff08df..b941b6a3 100644
--- a/tools/digitalocean/migratedata.sh
+++ b/tools/digitalocean/migratedata.sh
@@ -11,6 +11,7 @@ CERT_DIR=/etc/ssl/certs
 KEY_DIR=/etc/ssl/private
 CONFIG_DIR=/etc/lamassu
 
+LAMASSU_CA_PATH=$CERT_DIR/Lamassu_CA.pem
 CA_KEY_PATH=$KEY_DIR/Lamassu_OP_Root_CA.key
 CA_PATH=$CERT_DIR/Lamassu_OP_Root_CA.pem
 SERVER_KEY_PATH=$KEY_DIR/Lamassu_OP.key
@@ -31,6 +32,14 @@ mkdir -p $NEW_VOLUME_MOUNTING_POINT/blockchains
 mkdir -p $NEW_VOLUME_MOUNTING_POINT/lamassu
 mkdir -p $NEW_VOLUME_MOUNTING_POINT/lamassu-server
 
+if [ -f $LAMASSU_CA_PATH ];
+then
+   cp $LAMASSU_CA_PATH $NEW_VOLUME_MOUNTING_POINT/ssl/certs
+   echo "Successfully migrated $LAMASSU_CA_PATH"
+else
+   echo "Failed to migrate $LAMASSU_CA_PATH, file doesn't exist!"
+fi
+
 if [ -f $CA_KEY_PATH ];
 then
    cp $CA_KEY_PATH $NEW_VOLUME_MOUNTING_POINT/ssl/private