configs/keygen.bat

   1 @echo off
   2 setlocal
   3
   4 set DAYS=
   5 set YEARS=
   6 set FQDN=
   7 set ENTITYID=
   8 set TEMP_DOMAIN_NAME=
   9 set PARAM=
  10
  11 set PREFIX=%~dp0
  12
  13 :opt_start
  14 set PARAM=%1
  15 if not defined PARAM goto opt_end
  16 if %1==-h goto opt_fqdn
  17 if %1==-e goto opt_entityid
  18 if %1==-y goto opt_years
  19 if %1==-f goto opt_force
  20 goto usage
  21 :opt_end
  22
  23 if exist "%PREFIX%sp-key.pem" goto protect
  24 if exist "%PREFIX%sp-cert.pem" goto protect
  25
  26 if not defined YEARS set YEARS=10
  27 set /a DAYS=%YEARS%*365
  28
  29 if not defined FQDN goto guess_fqdn
  30
  31 :generate
  32 set PATH=%PATH%;%ProgramFiles%\Shibboleth\SP\lib\
  33 set CNF="%PREFIX%sp-cert.cnf"
  34 echo # OpenSSL configuration file for creating sp-cert.pem    >%CNF%
  35 echo [req]                                                   >>%CNF%
  36 echo prompt=no                                               >>%CNF%
  37 echo default_bits=2048                                       >>%CNF%
  38 echo encrypt_key=no                                          >>%CNF%
  39 echo default_md=sha1                                         >>%CNF%
  40 echo distinguished_name=dn                                   >>%CNF%
  41 echo # PrintableStrings only                                 >>%CNF%
  42 echo string_mask=MASK:0002                                   >>%CNF%
  43 echo x509_extensions=ext                                     >>%CNF%
  44 echo [dn]                                                    >>%CNF%
  45 echo CN=%FQDN%                                               >>%CNF%
  46 echo [ext]                                                   >>%CNF%
  47 if defined ENTITYID (echo subjectAltName=DNS:%FQDN%,URI:%ENTITYID% >>%CNF%) else (echo subjectAltName=DNS:%FQDN% >>%CNF%)
  48 echo subjectKeyIdentifier=hash                               >>%CNF%
  49 openssl.exe req -config %CNF% -new -x509 -days %DAYS% -keyout "%PREFIX%sp-key.pem" -out "%PREFIX%sp-cert.pem"
  50 del %CNF%
  51 exit /b
  52
  53 :protect
  54 echo The files sp-key.pem and/or sp-cert.pem already exist!
  55 echo Use -f option to force recreation of keypair.
  56 exit /b
  57
  58 :opt_force
  59 if exist "%PREFIX%sp-key.pem" del "%PREFIX%sp-key.pem"
  60 if exist "%PREFIX%sp-cert.pem" del "%PREFIX%sp-cert.pem"
  61 shift
  62 goto opt_start
  63
  64 :opt_fqdn
  65 set FQDN=%2
  66 shift
  67 shift
  68 goto opt_start
  69
  70 :opt_entityid
  71 set ENTITYID=%2
  72 shift
  73 shift
  74 goto opt_start
  75
  76 :opt_years
  77 set YEARS=%2
  78 shift
  79 shift
  80 goto opt_start
  81
  82 :usage
  83 echo usage: keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]
  84 exit /b
  85
  86 :guess_fqdn
  87 for /F "tokens=2 delims=:" %%i in ('"ipconfig /all | findstr /c:"Primary DNS Suffix" /c:"Primary Dns Suffix""') do set TEMP_DOMAIN_NAME=%%i
  88 if defined TEMP_DOMAIN_NAME set FQDN=%TEMP_DOMAIN_NAME: =%
  89 set TEMP_DOMAIN_NAME=
  90 if defined USERDNSDOMAIN set FQDN=%USERDNSDOMAIN%
  91
  92 for /F %%i in ('hostname') do set HOST=%%i
  93 if defined FQDN (set FQDN=%HOST%.%FQDN%) else (set FQDN=%HOST%)
  94
  95 echo >"%FQDN%"
  96 for /F %%i in ('dir /b/l %FQDN%') do set FQDN=%%i
  97 del %FQDN%
  98 goto generate