#103 During bootstrap, use an existing ssl-certificate-template to se…

…t up SSL

deploy/lib/xquery/setup.xqy

@@ -17,6 +17,7 @@ xquery version "1.0-ml";
 
 import module namespace admin = "http://marklogic.com/xdmp/admin" at "/MarkLogic/admin.xqy";
 import module namespace sec="http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy";
+import module namespace pki = "http://marklogic.com/xdmp/pki" at "/MarkLogic/pki.xqy";
 
 declare namespace setup = "http://marklogic.com/roxy/setup";
 declare namespace xdmp="http://marklogic.com/xdmp";
@@ -28,7 +29,6 @@ declare namespace ho="http://marklogic.com/xdmp/hosts";
 declare namespace as="http://marklogic.com/xdmp/assignments";
 declare namespace fs="http://marklogic.com/xdmp/status/forest";
 declare namespace mt="http://marklogic.com/xdmp/mimetypes";
-declare namespace pki="http://marklogic.com/xdmp/pki";
 
 declare option xdmp:mapping "false";
 
@@ -163,7 +163,7 @@ declare variable $http-server-settings :=
     <setting>error-handler</setting>
     <setting>url-rewriter</setting>
     <setting>rewrite-resolves-globally</setting>
-    <setting>ssl-certificate-template</setting>
+    <setting value="setup:get-ssl-certificate-template($server-config)">ssl-certificate-template</setting>
     <setting>ssl-allow-sslv3</setting>
     <setting>ssl-allow-tls</setting>
     <setting>ssl-hostname</setting>
@@ -3659,6 +3659,17 @@ declare function setup:get-appserver-default-user($server-config as element()) a
     else $default-user
 };
 
+declare function setup:get-ssl-certificate-template(
+  $server-config as element())
+as xs:unsignedLong
+{
+  let $v as xs:string? := $server-config/gr:ssl-certificate-template/(@name|text())
+  return (
+    if (not($v)) then 0
+    else pki:template-get-id(pki:get-template-by-name($v))
+  )
+};
+
 declare function setup:get-role-name($id as xs:unsignedLong) as xs:string? {
   xdmp:eval(
     'import module namespace sec="http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy";

deploy/sample/build.sample.properties

@@ -34,6 +34,8 @@ modules-root=/
 # application-level, basic, digest, digestbasic
 #
 # test-authentication-method=digest
+#
+# end of Unit Testing section
 
 #
 # Leave commented out for default
@@ -62,22 +64,27 @@ app-port=8040
 xcc-port=8041
 # odbc-port=8043
 
+## Security
 #
 # The authentication method used for your appserver
 # application-level, basic, digest, digestbasic
 #
 authentication-method=digest
-
 #
 # The user used as the default user in application level authentication.
 # Using the admin user as the default user is equivalent to turning security off.
 #
 # default-user=${app-name}-user
-
 #
 # The password assigned to the default user for your application
 #
 appuser-password=random
+#
+# To make your http appserver use TLS/SSL, specify a certificate template here
+# and uncomment the ssl-certificate-template element in ml-config.xml.
+# cert-template=
+#
+# end of Security section
 
 #
 # The type of application. Choices are:

deploy/sample/ml-config.sample.xml

@@ -29,6 +29,7 @@
       <url-rewriter>@ml.url-rewriter</url-rewriter>
       <error-handler>@ml.error-handler</error-handler>
       <rewrite-resolves-globally>@ml.rewrite-resolves-globally</rewrite-resolves-globally>
+      <!-- <ssl-certificate-template>@ml.cert-template</ssl-certificate-template> -->
     </http-server>
     @ml.test-appserver
   </http-servers>