From 0d532221d14c9e8f0e4315b10a18f3d0dbf94e4e Mon Sep 17 00:00:00 2001
From: "James Z.M. Gao" <gaozhm@mvad.com>
Date: Wed, 4 May 2016 05:14:13 +0800
Subject: add support for secure ports

---
 Dockerfile                                      | 3 +++
 README.md                                       | 5 +++++
 content/etc/davmail/davmail.properties.template | 8 ++++----
 content/opt/davmail/entrypoint.sh               | 9 +++++++++
 4 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ce55fe4..02b496e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,6 +17,9 @@ RUN apk --update upgrade && \
 
 USER davmail
 
+# if $DAVMAIL_SSL_PASS is not empty, use this file as keystoreFile of type PKCS12
+VOLUME ["/etc/davmail/davmail.p12"]
+
 EXPOSE     1080
 EXPOSE     1143
 EXPOSE     1389
diff --git a/README.md b/README.md
index 5f5613c..b9dc008 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,7 @@ Accepted docker environment variables:
 * DAVMAIL_SERVER_CERTIFICATE_HASH: optional, cirtificate hash, like 11:22:...
 * DAVMAIL_NTLM_DOMAIN: optional, windows domain
 * DAVMAIL_CONFIG_URL: a url for downloading a specific configuration, this can override all other options
+* DAVMAIL_SSL_PASS: optional, set to the password of a PKCS12 SSL file
 
 Listened ports:
 
@@ -26,3 +27,7 @@ Listened ports:
 * ldap port:   1389
 * pop3 port:   1110
 * smtp port:   1025
+
+Volume:
+
+* "/etc/davmail/davmail.p12": if DAVMAIL_SSL_PASS is not empty, use this as the keystore file of type PKCS12
diff --git a/content/etc/davmail/davmail.properties.template b/content/etc/davmail/davmail.properties.template
index 74b9584..c37be5b 100644
--- a/content/etc/davmail/davmail.properties.template
+++ b/content/etc/davmail/davmail.properties.template
@@ -39,10 +39,10 @@ davmail.bindAddress=
 davmail.clientSoTimeout=
 
 # DavMail listeners SSL configuration
-davmail.ssl.keystoreType=
-davmail.ssl.keystoreFile=
-davmail.ssl.keystorePass=
-davmail.ssl.keyPass=
+davmail.ssl.keystoreType=${DAVMAIL_SSL_PASS:+PKCS12}
+davmail.ssl.keystoreFile=${DAVMAIL_SSL_PASS:+/etc/davmail/davmail.p12}
+davmail.ssl.keystorePass=${DAVMAIL_SSL_PASS}
+davmail.ssl.keyPass=${DAVMAIL_SSL_PASS}
 
 # Accept specified certificate even if invalid according to trust store
 davmail.server.certificate.hash=${DAVMAIL_SERVER_CERTIFICATE_HASH}
diff --git a/content/opt/davmail/entrypoint.sh b/content/opt/davmail/entrypoint.sh
index 7b3b518..6555503 100755
--- a/content/opt/davmail/entrypoint.sh
+++ b/content/opt/davmail/entrypoint.sh
@@ -13,6 +13,15 @@ elif [ -n "$DAVMAIL_URL" ]; then
   done < /etc/davmail/davmail.properties.template > $CONFIG
 fi
 
+if [ -n "$DAVMAIL_SSL_PASS" ]; then
+  if [ ! -r /etc/davmail/davmail.p12 ] || [ ! -s /etc/davmail/davmail.p12 ]; then
+    echo "ERROR: can't read ssl keystore [/etc/davmail/davmail.p12]!"
+    return 2
+  fi
+fi
+
+if [ -z "$DAVMAIL_SSL_PASS" ] || [ ! -s /etc/davmail/davmail.p12 ]
+
 if [ -r "$CONFIG" ]; then
   exec /opt/davmail/davmail.sh "$CONFIG"
 else
-- 
cgit v1.2.1