From 9d88f82d9b41974012c9dc5159ea07f25bdf4c65 Mon Sep 17 00:00:00 2001
From: c-bordon <carlos.e.bordon@gmail.com>
Date: Mon, 30 Sep 2024 11:40:54 -0300
Subject: [PATCH 1/2] Change cert-tool to use only one wazuh-certificates
 folder.

---
 cert_tool/certFunctions.sh | 30 ++++++++++++++++++++++--------
 cert_tool/certMain.sh      | 24 ++++++------------------
 2 files changed, 28 insertions(+), 26 deletions(-)

diff --git a/cert_tool/certFunctions.sh b/cert_tool/certFunctions.sh
index fc2bf51..cc5f6af 100644
--- a/cert_tool/certFunctions.sh
+++ b/cert_tool/certFunctions.sh
@@ -8,7 +8,7 @@
 
 
 function cert_cleanFiles() {
-    
+
     common_logger -d "Cleaning certificate files."
     eval "rm -f ${cert_tmp_path}/*.csr ${debug}"
     eval "rm -f ${cert_tmp_path}/*.srl ${debug}"
@@ -227,7 +227,7 @@ function cert_parseYaml() {
 
     local s='[[:space:]]*' sm='[ \t]*' w='[a-zA-Z0-9_]*' fs=${fs:-$(echo @|tr @ '\034')} i=${i:-  }
     cat $1 2>/dev/null | \
-    awk -F$fs "{multi=0; 
+    awk -F$fs "{multi=0;
         if(match(\$0,/$sm\|$sm$/)){multi=1; sub(/$sm\|$sm$/,\"\");}
         if(match(\$0,/$sm>$sm$/)){multi=2; sub(/$sm>$sm$/,\"\");}
         while(multi>0){
@@ -327,7 +327,7 @@ function cert_parseYaml() {
 }
 
 function cert_checkPrivateIp() {
-    
+
     local ip=$1
     common_logger -d "Checking if ${ip} is private."
 
@@ -382,25 +382,25 @@ function cert_readConfig() {
         done
 
         unique_names=($(echo "${indexer_node_names[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '))
-        if [ "${#unique_names[@]}" -ne "${#indexer_node_names[@]}" ]; then 
+        if [ "${#unique_names[@]}" -ne "${#indexer_node_names[@]}" ]; then
             common_logger -e "Duplicated indexer node names."
             exit 1
         fi
 
         unique_ips=($(echo "${indexer_node_ips[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '))
-        if [ "${#unique_ips[@]}" -ne "${#indexer_node_ips[@]}" ]; then 
+        if [ "${#unique_ips[@]}" -ne "${#indexer_node_ips[@]}" ]; then
             common_logger -e "Duplicated indexer node ips."
             exit 1
         fi
 
         unique_names=($(echo "${server_node_names[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '))
-        if [ "${#unique_names[@]}" -ne "${#server_node_names[@]}" ]; then 
+        if [ "${#unique_names[@]}" -ne "${#server_node_names[@]}" ]; then
             common_logger -e "Duplicated Wazuh server node names."
             exit 1
         fi
 
         unique_ips=($(echo "${server_node_ips[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '))
-        if [ "${#unique_ips[@]}" -ne "${#server_node_ips[@]}" ]; then 
+        if [ "${#unique_ips[@]}" -ne "${#server_node_ips[@]}" ]; then
             common_logger -e "Duplicated Wazuh server node ips."
             exit 1
         fi
@@ -456,7 +456,21 @@ function cert_readConfig() {
 }
 
 function cert_setpermisions() {
-    eval "chmod -R 744 ${cert_tmp_path} ${debug}"
+    eval "chmod -R 744 ${1} ${debug}"
+}
+
+function cert_setDirectory() {
+
+    if [ -d "${base_path}/wazuh-certificates" ]; then
+        eval "cp -f ${cert_tmp_path}/* ${base_path}/wazuh-certificates ${debug}"
+        eval "rm -R ${cert_tmp_path}"
+        cert_setpermisions "${base_path}/wazuh-certificates"
+        common_logger -d "Wazuh-certificates directory exists. Copied files from '${cert_tmp_path}' to '${base_path}/wazuh-certificates' and removed '${cert_tmp_path}'."
+    else
+        cert_setpermisions "${cert_tmp_path}"
+        eval "mv ${cert_tmp_path} ${base_path}/wazuh-certificates ${debug}"
+        common_logger -d "Moved '${cert_tmp_path}' to '${base_path}/wazuh-certificates'."
+    fi
 }
 
 function cert_convertCRLFtoLF() {
diff --git a/cert_tool/certMain.sh b/cert_tool/certMain.sh
index 64ba285..c851eaf 100644
--- a/cert_tool/certMain.sh
+++ b/cert_tool/certMain.sh
@@ -76,7 +76,7 @@ function main() {
                             common_logger -e "You have not entered a root-ca.pem"
                             exit 1
                         else
-                            common_logger -e "You have not entered a root-ca.key" 
+                            common_logger -e "You have not entered a root-ca.key"
                             exit 1
                         fi
                     fi
@@ -160,13 +160,6 @@ function main() {
 
         common_logger "Verbose logging redirected to ${logfile}"
 
-        if [[ -d "${base_path}"/wazuh-certificates ]]; then
-            if [ -n "$(ls -A "${base_path}"/wazuh-certificates)" ]; then
-                common_logger -e "Directory wazuh-certificates already exists in the same path as the script. Please, remove the certs directory to create new certificates."
-                exit 1
-            fi
-        fi
-        
         if [[ ! -d "${cert_tmp_path}" ]]; then
             mkdir -p "${cert_tmp_path}"
             chmod 744 "${cert_tmp_path}"
@@ -183,8 +176,7 @@ function main() {
             cert_generateAdmincertificate
             common_logger "Admin certificates created."
             cert_cleanFiles
-            cert_setpermisions
-            eval "mv ${cert_tmp_path} ${base_path}/wazuh-certificates ${debug}"
+            cert_setDirectory
         fi
 
         if [[ -n "${all}" ]]; then
@@ -208,8 +200,7 @@ function main() {
         if [[ -n "${ca}" ]]; then
             cert_generateRootCAcertificate
             common_logger "Authority certificates created."
-            cert_cleanFiles
-            eval "mv ${cert_tmp_path} ${base_path}/wazuh-certificates ${debug}"
+            cert_setDirectory
         fi
 
         if [[ -n "${cindexer}" ]]; then
@@ -218,8 +209,7 @@ function main() {
                 cert_generateIndexercertificates
                 common_logger "Wazuh indexer certificates created."
                 cert_cleanFiles
-                cert_setpermisions
-                eval "mv ${cert_tmp_path} ${base_path}/wazuh-certificates ${debug}"
+                cert_setDirectory
             else
                 common_logger -e "Indexer node not present in config.yml."
                 exit 1
@@ -232,8 +222,7 @@ function main() {
                 cert_generateFilebeatcertificates
                 common_logger "Wazuh Filebeat certificates created."
                 cert_cleanFiles
-                cert_setpermisions
-                eval "mv ${cert_tmp_path} ${base_path}/wazuh-certificates ${debug}"
+                cert_setDirectory
             else
                 common_logger -e "Server node not present in config.yml."
                 exit 1
@@ -246,8 +235,7 @@ function main() {
                 cert_generateDashboardcertificates
                 common_logger "Wazuh dashboard certificates created."
                 cert_cleanFiles
-                cert_setpermisions
-                eval "mv ${cert_tmp_path} ${base_path}/wazuh-certificates ${debug}"
+                cert_setDirectory
             else
                 common_logger -e "Dashboard node not present in config.yml."
                 exit 1

From ad9494e7ff31cd5e91fbee586a3a726d1137432e Mon Sep 17 00:00:00 2001
From: c-bordon <carlos.e.bordon@gmail.com>
Date: Mon, 30 Sep 2024 11:43:18 -0300
Subject: [PATCH 2/2] Updated changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e0152c3..422c985 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
+- Change cert-tool to use only one wazuh-certificates folder. ([#87](https://github.com/wazuh/wazuh-installation-assistant/pull/87))
 - Solve bugs when changing passwords in the manager, indexer and dashboard services. ([#86](https://github.com/wazuh/wazuh-installation-assistant/pull/86))
 - Fixed typo in Wazuh Installation Assistant. ([#85](https://github.com/wazuh/wazuh-installation-assistant/pull/85))
 - Print on console the wazuh user's password when installing Wazuh server. ([#84](https://github.com/wazuh/wazuh-installation-assistant/pull/84))