X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=configs%2Fkeygen.sh;h=4ee69f68830728f9f39a20254f0b72150500274d;hb=HEAD;hp=5ae60db2cc7aa5a4fbe6d02575b3149430b50946;hpb=ab06e1cee557e2daa5cf15abbd50ae3c6f23f155;p=shibboleth%2Fcpp-sp.git diff --git a/configs/keygen.sh b/configs/keygen.sh index 5ae60db..4ee69f6 100755 --- a/configs/keygen.sh +++ b/configs/keygen.sh @@ -1,25 +1,31 @@ #! /bin/sh -while getopts h:e:y:bf c +while getopts h:u:g:o:e:y:bf c do case $c in + u) USER=$OPTARG;; + g) GROUP=$OPTARG;; + o) OUT=$OPTARG;; b) BATCH=1;; f) FORCE=1;; h) FQDN=$OPTARG;; e) ENTITYID=$OPTARG;; y) YEARS=$OPTARG;; - \?) echo keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert] + \?) echo "keygen [-o output directory (default .)] [-u username to own keypair] [-g owning groupname] [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]" exit 1;; esac done +if [ -z "$OUT" ] ; then + OUT=. +fi if [ -n "$FORCE" ] ; then - rm sp-key.pem sp-cert.pem + rm $OUT/sp-key.pem $OUT/sp-cert.pem fi -if [ -s sp-key.pem -o -s sp-cert.pem ] ; then +if [ -s $OUT/sp-key.pem -o -s $OUT/sp-cert.pem ] ; then if [ -z "$BATCH" ] ; then - echo The files sp-key.pem and/or sp-cert.pem already exist! + echo The files $OUT/sp-key.pem and/or $OUT/sp-cert.pem already exist! echo Use -f option to force recreation of keypair. exit 2 fi @@ -42,7 +48,8 @@ else ALTNAME=DNS:$FQDN,URI:$ENTITYID fi -cat >sp-cert.cnf <$SSLCNF < /dev/null + openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem 2> /dev/null fi +rm $SSLCNF -rm sp-cert.cnf +if [ -s $OUT/sp-key.pem -a -n "$USER" ] ; then + chown $USER $OUT/sp-key.pem $OUT/sp-cert.pem +fi -if [ -s sp-key.pem ] ; then - chmod 600 sp-key.pem +if [ -s $OUT/sp-key.pem -a -n "$GROUP" ] ; then + chgrp $GROUP $OUT/sp-key.pem $OUT/sp-cert.pem fi