Remove download of demo certificates

wazuh-dashboard/Dockerfile

@@ -11,30 +11,21 @@ RUN apt-get update && apt install curl libcap2-bin xz-utils -y
 RUN mkdir -p $INSTALL_DIR
 
 # Download and extract Wazuh dashboard base
-RUN curl -o wazuh-dashboard-base.tar.xz https://packages-dev.wazuh.com/stack/dashboard/base/wazuh-dashboard-base-$WAZUH_VERSION-linux-x64.tar.xz && \
+RUN curl -o wazuh-dashboard-base.tar.xz https://packages.wazuh.com/stack/dashboard/base/wazuh-dashboard-base-${WAZUH_VERSION}-linux-x64.tar.xz && \
     tar -xf wazuh-dashboard-base.tar.xz --directory  $INSTALL_DIR --strip-components=1
 
-# Download and extract demo certificates
-RUN curl -O https://packages-dev.wazuh.com/stack/demo-certs.tar.gz && \
-    tar -xf demo-certs.tar.gz && rm -f demo-certs.tar.gz
-
-# Create certs dir
-RUN mkdir -p $INSTALL_DIR/config/certs
-
-# Copy Wazuh dashboard demo certs to install config dir
-RUN cp certs/demo-dashboard.pem $INSTALL_DIR/config/certs/demo-dashboard.pem && \ 
-    cp certs/demo-dashboard-key.pem $INSTALL_DIR/config/certs/demo-dashboard-key.pem && \
-    cp certs/root-ca.pem $INSTALL_DIR/config/certs/root-ca.pem
-
-RUN chmod 640 $INSTALL_DIR/config/certs/*
+# Generate certificates
+COPY config/config.sh .
+COPY config/config.yml /
+RUN bash config.sh
 
 # Create and configure Wazuh dashboard keystore
 RUN $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
     echo kibanaserver | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
     echo kibanaserver | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
 
-# Install Wazuh App 
-RUN $INSTALL_DIR/bin/opensearch-dashboards-plugin install https://packages.wazuh.com/4.x/ui/dashboard/wazuh-$WAZUH_VERSION.zip --allow-root
+# Install Wazuh App
+RUN $INSTALL_DIR/bin/opensearch-dashboards-plugin install https://packages.wazuh.com/4.x/ui/dashboard/wazuh-${WAZUH_VERSION}.zip --allow-root
 
 # Copy and set permissions to config files
 COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/

wazuh-dashboard/config/config.sh

@@ -0,0 +1,41 @@
+# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+
+export NAME=wazuh-dashboard
+export TARGET_DIR=${CURDIR}/debian/${NAME}
+export INSTALLATION_DIR=/usr/share/${NAME}
+export CONFIG_DIR=${INSTALLATION_DIR}/config
+
+## Variables
+CERT_TOOL=wazuh-certs-tool.sh
+PACKAGES_URL=https://packages.wazuh.com/4.3/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.3/
+
+## Check if the cert tool exists in S3 buckets
+CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+
+## If cert tool exists in some bucket, download it, if not exit 1
+if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
+  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
+  echo "Cert tool exists in Packages bucket"
+elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
+  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
+  echo "Cert tool exists in Packages-dev bucket"
+else
+  echo "Cert tool does not exist in any bucket"
+  exit 1
+fi
+
+chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
+
+# Copy Wazuh dashboard's certificates
+mkdir -p ${CONFIG_DIR}/certs
+
+# Copy Wazuh dashboard certs to install config dir
+cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
+cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
+
+chmod 640 ${CONFIG_DIR}/certs/*

wazuh-dashboard/config/config.yml

@@ -0,0 +1,5 @@
+nodes:
+  # Wazuh dashboard server nodes
+  dashboard:
+    name: demo.dashboard
+    ip: demo.dashboard

wazuh-dashboard/config/opensearch_dashboards.yml

@@ -7,8 +7,8 @@ opensearch_security.multitenancy.enabled: true
 opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
-server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/demo-dashboard-key.pem"
-server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/demo-dashboard.pem"
+server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/dashboard.pem"
 opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"]
 uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global
 

wazuh-indexer/config/config.sh

@@ -97,7 +97,5 @@ cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-se
 cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/
 cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/
 cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
-# Copy Wazuh indexer's demo certificates
+# Copy Wazuh indexer's certificates
 cp -pr /wazuh-certificates/* ${TARGET_DIR}${CONFIG_DIR}
-
-