Fix bug with prefix when params are used.

Generate a cnf file with patch from SWITCH to control cert content.
Add -e option to supply entityID and -f force option.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2767 cb58f699-b61c-0410-a6fe-9272a202ed29

diff --git a/configs/keygen.bat b/configs/keygen.bat
index f974205..1af0518 100644 (file)
--- a/configs/keygen.bat
+++ b/configs/keygen.bat
@@ -1,42 +1,78 @@
 @echo off\r
 setlocal\r
 \r
-if exist %~dp0sp-key.pem goto protect\r
-if exist %~dp0sp-cert.pem goto protect\r
-\r
 set DAYS=\r
+set YEARS=\r
 set FQDN=\r
+set ENTITYID=\r
 set TEMP_DOMAIN_NAME=\r
 set PARAM=\r
 \r
+set PREFIX=%~dp0\r
+\r
 :opt_start\r
 set PARAM=%1\r
 if not defined PARAM goto opt_end\r
 if %1==-h goto opt_fqdn\r
+if %1==-e goto opt_entityid\r
 if %1==-y goto opt_years\r
+if %1==-f goto opt_force\r
 goto usage\r
 :opt_end\r
 \r
-if not defined DAYS set DAYS=10\r
-set /a DAYS=%DAYS%*365\r
+if exist "%PREFIX%sp-key.pem" goto protect\r
+if exist "%PREFIX%sp-cert.pem" goto protect\r
+\r
+if not defined YEARS set YEARS=10\r
+set /a DAYS=%YEARS%*365\r
 \r
 if not defined FQDN goto guess_fqdn\r
 \r
 :generate\r
-set PATH=%~dp0..\..\lib;%~dp0..\..\bin\r
-%~dp0..\..\bin\openssl.exe req -x509 -days %DAYS% -newkey rsa:2048 -nodes -keyout %~dp0sp-key.pem -out %~dp0sp-cert.pem -subj /CN=%FQDN% -config %~dp0openssl.cnf -extensions usr_cert -set_serial 0\r
+set PATH=%PREFIX%..\..\lib;%PREFIX%..\..\bin\r
+set CNF="%PREFIX%sp-cert.cnf"\r
+echo # OpenSSL configuration file for creating sp-cert.pem    >%CNF%\r
+echo [req]                                                   >>%CNF%\r
+echo prompt=no                                               >>%CNF%\r
+echo default_bits=2048                                       >>%CNF%\r
+echo encrypt_key=no                                          >>%CNF%\r
+echo default_md=sha1                                         >>%CNF%\r
+echo distinguished_name=dn                                   >>%CNF%\r
+echo # PrintableStrings only                                 >>%CNF%\r
+echo string_mask=MASK:0002                                   >>%CNF%\r
+echo x509_extensions=ext                                     >>%CNF%\r
+echo [dn]                                                    >>%CNF%\r
+echo CN=%FQDN%                                               >>%CNF%\r
+echo [ext]                                                   >>%CNF%\r
+if defined ENTITYID (echo subjectAltName=DNS:%FQDN%,URI:%ENTITYID% >>%CNF%) else (echo subjectAltName=DNS:%FQDN% >>%CNF%)\r
+echo subjectKeyIdentifier=hash                               >>%CNF%\r
+%PREFIX%..\..\bin\openssl.exe req -config %PREFIX%sp-cert.cnf -new -x509 -days %DAYS% -keyout %PREFIX%sp-key.pem -out %PREFIX%sp-cert.pem\r
+del %CNF%\r
 exit /b\r
 \r
 :protect\r
 echo The files sp-key.pem and/or sp-cert.pem already exist!\r
+echo Use -f option to force recreation of keypair.\r
 exit /b\r
 \r
+:opt_force\r
+if exist "%PREFIX%sp-key.pem" del "%PREFIX%sp-key.pem"\r
+if exist "%PREFIX%sp-cert.pem" del "%PREFIX%sp-cert.pem"\r
+shift\r
+goto opt_start\r
+\r
 :opt_fqdn\r
 set FQDN=%2\r
 shift\r
 shift\r
 goto opt_start\r
 \r
+:opt_entityid\r
+set ENTITYID=%2\r
+shift\r
+shift\r
+goto opt_start\r
+\r
 :opt_years\r
 set DAYS=%2\r
 shift\r
@@ -44,11 +80,11 @@ shift
 goto opt_start\r
 \r
 :usage\r
-echo usage: keygen [-h hostname/cn for cert] [-y years to issue cert]\r
+echo usage: keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]\r
 exit /b\r
 \r
 :guess_fqdn\r
-for /F "tokens=2 delims=:" %%i in ('"ipconfig /all | findstr /c:"Primary DNS Suffix""') do set TEMP_DOMAIN_NAME=%%i\r
+for /F "tokens=2 delims=:" %%i in ('"ipconfig /all | findstr /c:"Primary DNS Suffix" /c:"Primary Dns Suffix""') do set TEMP_DOMAIN_NAME=%%i\r
 if defined TEMP_DOMAIN_NAME set FQDN=%TEMP_DOMAIN_NAME: =%\r
 set TEMP_DOMAIN_NAME=\r
 if defined USERDNSDOMAIN set FQDN=%USERDNSDOMAIN%\r