Fix eol props on Windows files, add bz2/zip dist targets

[shibboleth/cpp-sp.git] / configs / keygen.sh

diff --git a/configs/keygen.sh b/configs/keygen.sh
index 0096d42..4ee69f6 100755 (executable)
--- a/configs/keygen.sh
+++ b/configs/keygen.sh
@@ -1,32 +1,85 @@
-#! /bin/sh\r
-\r
-while getopts h:y:b c\r
-     do\r
-         case $c in\r
-           b)         BATCH=1;;\r
-           h)         FQDN=$OPTARG;;\r
-           y)         DAYS=$OPTARG;;\r
-           \?)        echo keygen [-h hostname/cn for cert] [-y years to issue cert]\r
-                      exit 1;;\r
-         esac\r
-     done\r
-\r
-if  [ -e sp-key.pem ] || [ -e sp-cert.pem ] ; then\r
-    if [ -z $BATCH ] ; then  \r
-        echo The files sp-key.pem and/or sp-cert.pem already exist!\r
-        exit 2\r
-    fi\r
-    exit 0\r
-fi\r
-\r
-if [ -z $FQDN ] ; then\r
-    FQDN=`hostname`\r
-fi\r
-\r
-if [ -z $DAYS ] ; then\r
-    DAYS=10\r
-fi\r
-\r
-DAYS=$(($DAYS*365))\r
-\r
-openssl req -x509 -days $DAYS -newkey rsa:2048 -nodes -keyout sp-key.pem -out sp-cert.pem -subj /CN=$FQDN -extensions usr_cert -set_serial 0\r
+#! /bin/sh
+
+while getopts h:u:g:o:e:y:bf c
+     do
+         case $c in
+           u)         USER=$OPTARG;;
+           g)         GROUP=$OPTARG;;
+           o)         OUT=$OPTARG;;
+           b)         BATCH=1;;
+           f)         FORCE=1;;
+           h)         FQDN=$OPTARG;;
+           e)         ENTITYID=$OPTARG;;
+           y)         YEARS=$OPTARG;;
+           \?)        echo "keygen [-o output directory (default .)] [-u username to own keypair] [-g owning groupname] [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]"
+                      exit 1;;
+         esac
+     done
+if [ -z "$OUT" ] ; then
+    OUT=.
+fi
+
+if [ -n "$FORCE" ] ; then
+    rm $OUT/sp-key.pem $OUT/sp-cert.pem
+fi
+
+if  [ -s $OUT/sp-key.pem -o -s $OUT/sp-cert.pem ] ; then
+    if [ -z "$BATCH" ] ; then  
+        echo The files $OUT/sp-key.pem and/or $OUT/sp-cert.pem already exist!
+        echo Use -f option to force recreation of keypair.
+        exit 2
+    fi
+    exit 0
+fi
+
+if [ -z "$FQDN" ] ; then
+    FQDN=`hostname`
+fi
+
+if [ -z "$YEARS" ] ; then
+    YEARS=10
+fi
+
+DAYS=`expr $YEARS \* 365`
+
+if [ -z "$ENTITYID" ] ; then
+    ALTNAME=DNS:$FQDN
+else
+    ALTNAME=DNS:$FQDN,URI:$ENTITYID
+fi
+
+SSLCNF=$OUT/sp-cert.cnf
+cat >$SSLCNF <<EOF
+# OpenSSL configuration file for creating sp-cert.pem
+[req]
+prompt=no
+default_bits=2048
+encrypt_key=no
+default_md=sha1
+distinguished_name=dn
+# PrintableStrings only
+string_mask=MASK:0002
+x509_extensions=ext
+[dn]
+CN=$FQDN
+[ext]
+subjectAltName=$ALTNAME
+subjectKeyIdentifier=hash
+EOF
+
+touch $OUT/sp-key.pem
+chmod 600 $OUT/sp-key.pem
+if [ -z "$BATCH" ] ; then
+    openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem
+else
+    openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem 2> /dev/null
+fi
+rm $SSLCNF
+
+if  [ -s $OUT/sp-key.pem -a -n "$USER" ] ; then
+    chown $USER $OUT/sp-key.pem $OUT/sp-cert.pem
+fi
+
+if  [ -s $OUT/sp-key.pem -a -n "$GROUP" ] ; then
+    chgrp $GROUP $OUT/sp-key.pem $OUT/sp-cert.pem
+fi