From: cantor Date: Fri, 20 Aug 2010 20:10:21 +0000 (+0000) Subject: https://bugs.internet2.edu/jira/browse/SSPCPP-281 X-Git-Tag: 2.4~36 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fsp.git;a=commitdiff_plain;h=eb6f4253ca842f68e7c129c924f0965c343349cb https://bugs.internet2.edu/jira/browse/SSPCPP-281 git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/branches/REL_2@3303 cb58f699-b61c-0410-a6fe-9272a202ed29 --- diff --git a/configs/keygen.sh b/configs/keygen.sh index 16234a1..4ee69f6 100755 --- a/configs/keygen.sh +++ b/configs/keygen.sh @@ -1,25 +1,31 @@ #! /bin/sh -while getopts h:e:y:bf c +while getopts h:u:g:o:e:y:bf c do case $c in + u) USER=$OPTARG;; + g) GROUP=$OPTARG;; + o) OUT=$OPTARG;; b) BATCH=1;; f) FORCE=1;; h) FQDN=$OPTARG;; e) ENTITYID=$OPTARG;; y) YEARS=$OPTARG;; - \?) echo keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert] + \?) echo "keygen [-o output directory (default .)] [-u username to own keypair] [-g owning groupname] [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]" exit 1;; esac done +if [ -z "$OUT" ] ; then + OUT=. +fi if [ -n "$FORCE" ] ; then - rm sp-key.pem sp-cert.pem + rm $OUT/sp-key.pem $OUT/sp-cert.pem fi -if [ -s sp-key.pem -o -s sp-cert.pem ] ; then +if [ -s $OUT/sp-key.pem -o -s $OUT/sp-cert.pem ] ; then if [ -z "$BATCH" ] ; then - echo The files sp-key.pem and/or sp-cert.pem already exist! + echo The files $OUT/sp-key.pem and/or $OUT/sp-cert.pem already exist! echo Use -f option to force recreation of keypair. exit 2 fi @@ -42,7 +48,8 @@ else ALTNAME=DNS:$FQDN,URI:$ENTITYID fi -cat >sp-cert.cnf <$SSLCNF < /dev/null + openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem 2> /dev/null +fi +rm $SSLCNF + +if [ -s $OUT/sp-key.pem -a -n "$USER" ] ; then + chown $USER $OUT/sp-key.pem $OUT/sp-cert.pem +fi + +if [ -s $OUT/sp-key.pem -a -n "$GROUP" ] ; then + chgrp $GROUP $OUT/sp-key.pem $OUT/sp-cert.pem fi -rm sp-cert.cnf