-@echo off\r
-setlocal\r
-\r
-if exist %~dp0sp-key.pem goto protect\r
-if exist %~dp0sp-cert.pem goto protect\r
-\r
-set DAYS=\r
-set FQDN=\r
-set TEMP_DOMAIN_NAME=\r
-set PARAM=\r
-\r
-:opt_start\r
-set PARAM=%1\r
-if not defined PARAM goto opt_end\r
-if %1==-h goto opt_fqdn\r
-if %1==-y goto opt_years\r
-goto usage\r
-:opt_end\r
-\r
-if not defined DAYS set DAYS=10\r
-set /a DAYS=%DAYS%*365\r
-\r
-if not defined FQDN goto guess_fqdn\r
-\r
-:generate\r
-set PATH=%~dp0..\..\lib;%~dp0..\..\bin\r
-%~dp0..\..\bin\openssl.exe req -x509 -days %DAYS% -newkey rsa:2048 -nodes -keyout %~dp0sp-key.pem -out %~dp0sp-cert.pem -subj /CN=%FQDN% -config %~dp0openssl.cnf -extensions usr_cert -set_serial 0\r
-exit /b\r
-\r
-:protect\r
-echo The files sp-key.pem and/or sp-cert.pem already exist!\r
-exit /b\r
-\r
-:opt_fqdn\r
-set FQDN=%2\r
-shift\r
-shift\r
-goto opt_start\r
-\r
-:opt_years\r
-set DAYS=%2\r
-shift\r
-shift\r
-goto opt_start\r
-\r
-:usage\r
-echo usage: keygen [-h hostname/cn for cert] [-y years to issue cert]\r
-exit /b\r
-\r
-:guess_fqdn\r
-for /F "tokens=2 delims=:" %%i in ('"ipconfig /all | findstr /c:"Primary DNS Suffix""') do set TEMP_DOMAIN_NAME=%%i\r
-if defined TEMP_DOMAIN_NAME set FQDN=%TEMP_DOMAIN_NAME: =%\r
-set TEMP_DOMAIN_NAME=\r
-if defined USERDNSDOMAIN set FQDN=%USERDNSDOMAIN%\r
-\r
-for /F %%i in ('hostname') do set HOST=%%i\r
-if defined FQDN (set FQDN=%HOST%.%FQDN%) else (set FQDN=%HOST%)\r
-\r
-echo >%FQDN%\r
-for /F %%i in ('dir /b/l %FQDN%') do set FQDN=%%i\r
-del %FQDN%\r
-goto generate\r
+@echo off
+setlocal
+
+set DAYS=
+set YEARS=
+set FQDN=
+set ENTITYID=
+set TEMP_DOMAIN_NAME=
+set PARAM=
+
+set PREFIX=%~dp0
+
+:opt_start
+set PARAM=%1
+if not defined PARAM goto opt_end
+if %1==-h goto opt_fqdn
+if %1==-e goto opt_entityid
+if %1==-y goto opt_years
+if %1==-f goto opt_force
+goto usage
+:opt_end
+
+if exist "%PREFIX%sp-key.pem" goto protect
+if exist "%PREFIX%sp-cert.pem" goto protect
+
+if not defined YEARS set YEARS=10
+set /a DAYS=%YEARS%*365
+
+if not defined FQDN goto guess_fqdn
+
+:generate
+set PATH=%PATH%;%ProgramFiles%\Shibboleth\SP\lib\
+set CNF="%PREFIX%sp-cert.cnf"
+echo # OpenSSL configuration file for creating sp-cert.pem >%CNF%
+echo [req] >>%CNF%
+echo prompt=no >>%CNF%
+echo default_bits=2048 >>%CNF%
+echo encrypt_key=no >>%CNF%
+echo default_md=sha1 >>%CNF%
+echo distinguished_name=dn >>%CNF%
+echo # PrintableStrings only >>%CNF%
+echo string_mask=MASK:0002 >>%CNF%
+echo x509_extensions=ext >>%CNF%
+echo [dn] >>%CNF%
+echo CN=%FQDN% >>%CNF%
+echo [ext] >>%CNF%
+if defined ENTITYID (echo subjectAltName=DNS:%FQDN%,URI:%ENTITYID% >>%CNF%) else (echo subjectAltName=DNS:%FQDN% >>%CNF%)
+echo subjectKeyIdentifier=hash >>%CNF%
+openssl.exe req -config %CNF% -new -x509 -days %DAYS% -keyout "%PREFIX%sp-key.pem" -out "%PREFIX%sp-cert.pem"
+del %CNF%
+exit /b
+
+:protect
+echo The files sp-key.pem and/or sp-cert.pem already exist!
+echo Use -f option to force recreation of keypair.
+exit /b
+
+:opt_force
+if exist "%PREFIX%sp-key.pem" del "%PREFIX%sp-key.pem"
+if exist "%PREFIX%sp-cert.pem" del "%PREFIX%sp-cert.pem"
+shift
+goto opt_start
+
+:opt_fqdn
+set FQDN=%2
+shift
+shift
+goto opt_start
+
+:opt_entityid
+set ENTITYID=%2
+shift
+shift
+goto opt_start
+
+:opt_years
+set YEARS=%2
+shift
+shift
+goto opt_start
+
+:usage
+echo usage: keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]
+exit /b
+
+:guess_fqdn
+for /F "tokens=2 delims=:" %%i in ('"ipconfig /all | findstr /c:"Primary DNS Suffix" /c:"Primary Dns Suffix""') do set TEMP_DOMAIN_NAME=%%i
+if defined TEMP_DOMAIN_NAME set FQDN=%TEMP_DOMAIN_NAME: =%
+set TEMP_DOMAIN_NAME=
+if defined USERDNSDOMAIN set FQDN=%USERDNSDOMAIN%
+
+for /F %%i in ('hostname') do set HOST=%%i
+if defined FQDN (set FQDN=%HOST%.%FQDN%) else (set FQDN=%HOST%)
+
+echo >"%FQDN%"
+for /F %%i in ('dir /b/l %FQDN%') do set FQDN=%%i
+del %FQDN%
+goto generate
projects / shibboleth / cpp-sp.git / blobdiff