From d5a6405e6bfc9c9b3285a4d28c7b1b42c2b1d20b Mon Sep 17 00:00:00 2001 From: cantor Date: Wed, 12 Mar 2008 16:17:55 +0000 Subject: [PATCH] Fix bug with prefix when params are used. Generate a cnf file with patch from SWITCH to control cert content. Add -e option to supply entityID and -f force option. git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2767 cb58f699-b61c-0410-a6fe-9272a202ed29 --- configs/keygen.bat | 54 +++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 45 insertions(+), 9 deletions(-) diff --git a/configs/keygen.bat b/configs/keygen.bat index f974205..1af0518 100644 --- a/configs/keygen.bat +++ b/configs/keygen.bat @@ -1,42 +1,78 @@ @echo off setlocal -if exist %~dp0sp-key.pem goto protect -if exist %~dp0sp-cert.pem goto protect - set DAYS= +set YEARS= set FQDN= +set ENTITYID= set TEMP_DOMAIN_NAME= set PARAM= +set PREFIX=%~dp0 + :opt_start set PARAM=%1 if not defined PARAM goto opt_end if %1==-h goto opt_fqdn +if %1==-e goto opt_entityid if %1==-y goto opt_years +if %1==-f goto opt_force goto usage :opt_end -if not defined DAYS set DAYS=10 -set /a DAYS=%DAYS%*365 +if exist "%PREFIX%sp-key.pem" goto protect +if exist "%PREFIX%sp-cert.pem" goto protect + +if not defined YEARS set YEARS=10 +set /a DAYS=%YEARS%*365 if not defined FQDN goto guess_fqdn :generate -set PATH=%~dp0..\..\lib;%~dp0..\..\bin -%~dp0..\..\bin\openssl.exe req -x509 -days %DAYS% -newkey rsa:2048 -nodes -keyout %~dp0sp-key.pem -out %~dp0sp-cert.pem -subj /CN=%FQDN% -config %~dp0openssl.cnf -extensions usr_cert -set_serial 0 +set PATH=%PREFIX%..\..\lib;%PREFIX%..\..\bin +set CNF="%PREFIX%sp-cert.cnf" +echo # OpenSSL configuration file for creating sp-cert.pem >%CNF% +echo [req] >>%CNF% +echo prompt=no >>%CNF% +echo default_bits=2048 >>%CNF% +echo encrypt_key=no >>%CNF% +echo default_md=sha1 >>%CNF% +echo distinguished_name=dn >>%CNF% +echo # PrintableStrings only >>%CNF% +echo string_mask=MASK:0002 >>%CNF% +echo x509_extensions=ext >>%CNF% +echo [dn] >>%CNF% +echo CN=%FQDN% >>%CNF% +echo [ext] >>%CNF% +if defined ENTITYID (echo subjectAltName=DNS:%FQDN%,URI:%ENTITYID% >>%CNF%) else (echo subjectAltName=DNS:%FQDN% >>%CNF%) +echo subjectKeyIdentifier=hash >>%CNF% +%PREFIX%..\..\bin\openssl.exe req -config %PREFIX%sp-cert.cnf -new -x509 -days %DAYS% -keyout %PREFIX%sp-key.pem -out %PREFIX%sp-cert.pem +del %CNF% exit /b :protect echo The files sp-key.pem and/or sp-cert.pem already exist! +echo Use -f option to force recreation of keypair. exit /b +:opt_force +if exist "%PREFIX%sp-key.pem" del "%PREFIX%sp-key.pem" +if exist "%PREFIX%sp-cert.pem" del "%PREFIX%sp-cert.pem" +shift +goto opt_start + :opt_fqdn set FQDN=%2 shift shift goto opt_start +:opt_entityid +set ENTITYID=%2 +shift +shift +goto opt_start + :opt_years set DAYS=%2 shift @@ -44,11 +80,11 @@ shift goto opt_start :usage -echo usage: keygen [-h hostname/cn for cert] [-y years to issue cert] +echo usage: keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert] exit /b :guess_fqdn -for /F "tokens=2 delims=:" %%i in ('"ipconfig /all | findstr /c:"Primary DNS Suffix""') do set TEMP_DOMAIN_NAME=%%i +for /F "tokens=2 delims=:" %%i in ('"ipconfig /all | findstr /c:"Primary DNS Suffix" /c:"Primary Dns Suffix""') do set TEMP_DOMAIN_NAME=%%i if defined TEMP_DOMAIN_NAME set FQDN=%TEMP_DOMAIN_NAME: =% set TEMP_DOMAIN_NAME= if defined USERDNSDOMAIN set FQDN=%USERDNSDOMAIN% -- 2.1.4