fix Bug 72626 - Add certificate format check and pfx (#164)

Co-authored-by: Evgeniy Antonyuk <antonyuk.evgenyiy@onlyoffice.com>
Reviewed-on: https://git.onlyoffice.com/ONLYOFFICE/DocSpace-buildtools/pulls/164
Co-authored-by: Valeria Bagisheva <valeriya.bagisheva@onlyoffice.com>
Co-committed-by: Valeria Bagisheva <valeriya.bagisheva@onlyoffice.com>

install/OneClickInstall/install-Docker.sh

@@ -1315,7 +1315,7 @@ install_product () {
 			docker run --rm --network="$(get_env_parameter "NETWORK_NAME")" mysql:${MYSQL_TAG:-latest} mysql -h "${MYSQL_HOST:-${MYSQL_CONTAINER_NAME}}" -P "${MYSQL_PORT:-3306}" -u "${MYSQL_USER}" -p"${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" -e "TRUNCATE webstudio_index;"
 		fi
 
-		if [ ! -z "${CERTIFICATE_PATH}" ] && [ ! -z "${CERTIFICATE_KEY_PATH}" ] && [[ ! -z "${APP_DOMAIN_PORTAL}" ]]; then
+		if [ ! -z "${CERTIFICATE_PATH}" ] && [[ ! -z "${APP_DOMAIN_PORTAL}" ]]; then
 			bash $BASE_DIR/config/${PRODUCT}-ssl-setup -f "${APP_DOMAIN_PORTAL}" "${CERTIFICATE_PATH}" "${CERTIFICATE_KEY_PATH}"
 		elif [ ! -z "${LETS_ENCRYPT_DOMAIN}" ] && [ ! -z "${LETS_ENCRYPT_MAIL}" ]; then
 			bash $BASE_DIR/config/${PRODUCT}-ssl-setup "${LETS_ENCRYPT_MAIL}" "${LETS_ENCRYPT_DOMAIN}"

install/docker/config/docspace-ssl-setup

@@ -32,10 +32,11 @@ help(){
   echo "                  example.com,s1.example.com,s2.example.com."
   echo ""
   echo "Using your own certificates via the -f or --file parameter:"
-  echo "  docspace-ssl-setup --file DOMAIN CERTIFICATE PRIVATEKEY"
+  echo "  docspace-ssl-setup --file DOMAIN CERTIFICATE [PRIVATEKEY]"
   echo "    DOMAIN        Main domain name to apply."
   echo "    CERTIFICATE   Path to the certificate file for the domain."
-  echo "    PRIVATEKEY    Path to the private key file for the certificate."
+  echo "    PRIVATEKEY    (Optional) Path to the private key file for the certificate."
+  echo "                  Required unless using a PFX certificate."
   echo ""
   echo "Return to the default proxy configuration using the -d or --default parameter:"
   echo "  docspace-ssl-setup --default"
@@ -61,18 +62,48 @@ create_renew_script() {
   fi
 }
 
-case $1 in
+check_file_format() {
+  FILE=$1
+
+  if openssl pkcs12 -in "$FILE" -info -noout --passin pass:"$PFX_PASSWORD" > /dev/null 2>&1; then
+    CERTIFICATE_FILE="${FILE%.pfx}.pem"
+    PRIVATEKEY_FILE="${FILE%.pfx}-private.pem"
+
+    echo "$FILE is a valid PFX certificate. Converting to PEM..."
+    openssl pkcs12 -in "$FILE" -out "$CERTIFICATE_FILE" -nokeys --passin pass:"$PFX_PASSWORD"
+    openssl pkcs12 -in "$FILE" -out "$PRIVATEKEY_FILE" -nocerts -nodes --passin pass:"$PFX_PASSWORD"
+
+  elif openssl x509 -in "$FILE" -text -noout > /dev/null 2>&1; then
+    echo "$FILE is a valid PEM certificate."
+  elif openssl pkey -in "$FILE" -check > /dev/null 2>&1; then
+    echo "$FILE is a valid private key."
+  else
+    echo "Unsupported or invalid file format: $FILE" && exit 1
+  fi
+}
+
+case $1 in 
   -f | --file )
-    if [ -n "$2" ] && [ -n "$3" ] && [ -n "$4" ]; then
-      echo "Using specified files to configure SSL..."
+    if [ -n "$2" ] && [ -n "$3" ]; then
       DOMAIN=$2
       CERTIFICATE_FILE=$3
-      PRIVATEKEY_FILE=$4
+
+      if [[ "$CERTIFICATE_FILE" =~ \.(p12|pfx)$ ]]; then
+        echo "Using PKCS#12 file for SSL configuration..."
+        openssl pkcs12 -in "$CERTIFICATE_FILE" -info -noout -passin pass: >/dev/null 2>&1 || read -s -p "Enter password: " PFX_PASSWORD
+        check_file_format "$CERTIFICATE_FILE"
+      elif [ -n "$4" ]; then
+        echo "Using specified certificate and private key for SSL configuration..."
+        PRIVATEKEY_FILE=$4
+        check_file_format "$CERTIFICATE_FILE"
+        check_file_format "$PRIVATEKEY_FILE"
+      else
+        echo "Error: PRIVATEKEY_FILE is required unless using a .p12/.pfx file." && exit 1
+      fi
     else
       help
     fi
   ;;
-
   -d | --default )
     echo "Return to the default proxy configuration..."
     if [ -z "$(awk -F '=' '/^\s*DOCUMENT_SERVER_URL_EXTERNAL/{gsub(/^[[:space:]]*"|"[[:space:]]*$/, "", $2); print $2}' ${DOCKERCOMPOSE}/.env)" ]; then