[shibboleth-sp2] 23/89: SSPCPP-667 - keygen update to allow specifying output filenames
Ferenc Wágner
wferi at moszumanska.debian.org
Thu Sep 1 09:24:05 UTC 2016
This is an automated email from the git hooks/post-receive script.
wferi pushed a commit to branch master
in repository shibboleth-sp2.
commit d94c761e17981f0fd3fe5c6720da6e9bdce552a5
Author: Scott Cantor <cantor.2 at osu.edu>
Date: Wed May 11 11:41:37 2016 -0400
SSPCPP-667 - keygen update to allow specifying output filenames
https://issues.shibboleth.net/jira/browse/SSPCPP-667
---
configs/keygen.bat | 36 ++++++++++++++++++++++++++----------
configs/keygen.sh | 34 ++++++++++++++++++++--------------
2 files changed, 46 insertions(+), 24 deletions(-)
diff --git a/configs/keygen.bat b/configs/keygen.bat
index 14a5fdb..88485f2 100644
--- a/configs/keygen.bat
+++ b/configs/keygen.bat
@@ -7,12 +7,13 @@ set FQDN=
set ENTITYID=
set TEMP_DOMAIN_NAME=
set PARAM=
-
-set PREFIX=%~dp0
+set PREFIX=
:opt_start
set PARAM=%1
if not defined PARAM goto opt_end
+if %1==-o goto opt_out
+if %1==-n goto opt_prefix
if %1==-h goto opt_fqdn
if %1==-e goto opt_entityid
if %1==-y goto opt_years
@@ -20,8 +21,11 @@ if %1==-f goto opt_force
goto usage
:opt_end
-if exist "%PREFIX%sp-key.pem" goto protect
-if exist "%PREFIX%sp-cert.pem" goto protect
+if not defined OUT set OUT=%~dp0
+if not defined PREFIX set PREFIX=sp
+
+if exist "%OUT%\%PREFIX%-key.pem" goto protect
+if exist "%OUT%\%PREFIX%-cert.pem" goto protect
if not defined YEARS set YEARS=10
set /a DAYS=%YEARS%*365
@@ -30,7 +34,7 @@ if not defined FQDN goto guess_fqdn
:generate
set PATH=%PATH%;%ProgramFiles%\Shibboleth\SP\lib\
-set CNF="%PREFIX%sp-cert.cnf"
+set CNF="%OUT%\%PREFIX%-cert.cnf"
echo # OpenSSL configuration file for creating keypair >%CNF%
echo [req] >>%CNF%
echo prompt=no >>%CNF%
@@ -46,18 +50,30 @@ echo CN=%FQDN% >>%CNF%
echo [ext] >>%CNF%
if defined ENTITYID (echo subjectAltName=DNS:%FQDN%,URI:%ENTITYID% >>%CNF%) else (echo subjectAltName=DNS:%FQDN% >>%CNF%)
echo subjectKeyIdentifier=hash >>%CNF%
-openssl.exe req -config %CNF% -new -x509 -days %DAYS% -keyout "%PREFIX%sp-key.pem" -out "%PREFIX%sp-cert.pem"
+openssl.exe req -config %CNF% -new -x509 -days %DAYS% -keyout "%OUT%\%PREFIX%-key.pem" -out "%OUT%\%PREFIX%-cert.pem"
del %CNF%
exit /b
:protect
-echo The files sp-key.pem and/or sp-cert.pem already exist!
+echo The files %OUT%\%PREFIX%-key.pem and/or %OUT%\%PREFIX%-cert.pem already exist!
echo Use -f option to force recreation of keypair.
exit /b
+:opt_out
+set OUT=%2
+shift
+shift
+goto opt_start
+
+:opt_prefix
+set PREFIX=%2
+shift
+shift
+goto opt_start
+
:opt_force
-if exist "%PREFIX%sp-key.pem" del "%PREFIX%sp-key.pem"
-if exist "%PREFIX%sp-cert.pem" del "%PREFIX%sp-cert.pem"
+if exist "%OUT%\%PREFIX%-key.pem" del "%OUT%\%PREFIX%-key.pem"
+if exist "%OUT%\%PREFIX%-cert.pem" del "%OUT%\%PREFIX%-cert.pem"
shift
goto opt_start
@@ -80,7 +96,7 @@ shift
goto opt_start
:usage
-echo usage: keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]
+echo usage: keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert] [-n filename prefix] [-o output dir]
exit /b
:guess_fqdn
diff --git a/configs/keygen.sh b/configs/keygen.sh
index 002acd9..33b6037 100755
--- a/configs/keygen.sh
+++ b/configs/keygen.sh
@@ -1,6 +1,6 @@
#! /bin/sh
-while getopts h:u:g:o:e:y:bf c
+while getopts n:h:u:g:o:e:y:bf c
do
case $c in
u) USER=$OPTARG;;
@@ -11,21 +11,27 @@ while getopts h:u:g:o:e:y:bf c
h) FQDN=$OPTARG;;
e) ENTITYID=$OPTARG;;
y) YEARS=$OPTARG;;
- \?) echo "keygen [-o output directory (default .)] [-u username to own keypair] [-g owning groupname] [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]"
+ n) PREFIX=$OPTARG;;
+ \?) echo "keygen [-o output directory (default .)] [-u username to own keypair] [-g owning groupname] [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert] [-n filename prefix (default 'sp')]"
exit 1;;
esac
done
+
if [ -z "$OUT" ] ; then
OUT=.
fi
+if [ -z "$PREFIX" ]; then
+ PREFIX="sp"
+fi
+
if [ -n "$FORCE" ] ; then
- rm $OUT/sp-key.pem $OUT/sp-cert.pem
+ rm $OUT/${PREFIX}-key.pem $OUT/${PREFIX}-cert.pem
fi
-if [ -s $OUT/sp-key.pem -o -s $OUT/sp-cert.pem ] ; then
+if [ -s $OUT/${PREFIX}-key.pem -o -s $OUT/${PREFIX}-cert.pem ] ; then
if [ -z "$BATCH" ] ; then
- echo The files $OUT/sp-key.pem and/or $OUT/sp-cert.pem already exist!
+ echo The files $OUT/${PREFIX}-key.pem and/or $OUT/${PREFIX}-cert.pem already exist!
echo Use -f option to force recreation of keypair.
exit 2
fi
@@ -48,7 +54,7 @@ else
ALTNAME=DNS:$FQDN,URI:$ENTITYID
fi
-SSLCNF=$OUT/sp-cert.cnf
+SSLCNF=$OUT/${PREFIX}-cert.cnf
cat >$SSLCNF <<EOF
# OpenSSL configuration file for creating keypair
[req]
@@ -67,19 +73,19 @@ subjectAltName=$ALTNAME
subjectKeyIdentifier=hash
EOF
-touch $OUT/sp-key.pem
-chmod 600 $OUT/sp-key.pem
+touch $OUT/${PREFIX}-key.pem
+chmod 600 $OUT/${PREFIX}-key.pem
if [ -z "$BATCH" ] ; then
- openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem
+ openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/${PREFIX}-key.pem -out $OUT/${PREFIX}-cert.pem
else
- openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem 2> /dev/null
+ openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/${PREFIX}-key.pem -out $OUT/${PREFIX}-cert.pem 2> /dev/null
fi
rm $SSLCNF
-if [ -s $OUT/sp-key.pem -a -n "$USER" ] ; then
- chown $USER $OUT/sp-key.pem $OUT/sp-cert.pem
+if [ -s $OUT/${PREFIX}-key.pem -a -n "$USER" ] ; then
+ chown $USER $OUT/${PREFIX}-key.pem $OUT/${PREFIX}-cert.pem
fi
-if [ -s $OUT/sp-key.pem -a -n "$GROUP" ] ; then
- chgrp $GROUP $OUT/sp-key.pem $OUT/sp-cert.pem
+if [ -s $OUT/${PREFIX}key.pem -a -n "$GROUP" ] ; then
+ chgrp $GROUP $OUT/${PREFIX}-key.pem $OUT/${PREFIX}-cert.pem
fi
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list