'[Shib-Dev] Patch 2 of 2: Support for -o and -u on keygen.sh script.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-dev
Subject:    [Shib-Dev] Patch 2 of 2: Support for -o and -u on keygen.sh script.
From:       Steve Traylen <steve.traylen () cern ! ch>
Date:       2010-02-21 19:14:24
Message-ID: df7df9951002211114n3eb25584m208c906466b72037 () mail ! gmail ! com
[Download RAW message or body]

Again to shibboleth-sp-2.3.1.tar.gz

this adds a -u and -o option to the keygen script to set  the
ownership of the generated keys or
set a different to default '.' for the output of the keys.

It also uses a mktemp for the CA file location rather than a hardcoded one.

Steve

-- 
Steve Traylen

["shibboleth-keygen-alt-location.patch" (application/octet-stream)]

diff -uNr shibboleth-2.3.1.ORIG/configs/keygen.sh shibboleth-2.3.1/configs/keygen.sh
--- shibboleth-2.3.1.ORIG/configs/keygen.sh	2010-02-21 19:58:15.442181706 +0100
+++ shibboleth-2.3.1/configs/keygen.sh	2010-02-21 19:58:39.379159272 +0100
@@ -1,23 +1,28 @@
 #! /bin/sh
 
-while getopts h:e:y:bf c
+while getopts h:u:o:e:y:bf c
      do
          case $c in
+           u)         USER=$OPTARG;;
+           o)         OUT=$OPTARG;;
            b)         BATCH=1;;
            f)         FORCE=1;;
            h)         FQDN=$OPTARG;;
            e)         ENTITYID=$OPTARG;;
            y)         YEARS=$OPTARG;;
-           \?)        echo keygen [-h hostname for cert] [-y years to issue cert] \
[-e entityID to embed in cert] +           \?)        echo "keygen [-o output \
directory (default .)] [-u username to own certificates ] [-h hostname for cert] [-y \
years to issue cert] [-e entityID to embed in cert]"  exit 1;;
          esac
      done
+if [ -z "$OUT" ] ; then
+    OUT=.
+fi
 
 if [ -n "$FORCE" ] ; then
-    rm sp-key.pem sp-cert.pem
+    rm $OUT/sp-key.pem $OUT/sp-cert.pem
 fi
 
-if  [ -s sp-key.pem -o -s sp-cert.pem ] ; then
+if  [ -s $OUT/sp-key.pem -o -s $OUT/sp-cert.pem ] ; then
     if [ -z "$BATCH" ] ; then  
         echo The files sp-key.pem and/or sp-cert.pem already exist!
         echo Use -f option to force recreation of keypair.
@@ -42,7 +47,8 @@
     ALTNAME=DNS:$FQDN,URI:$ENTITYID
 fi
 
-cat >sp-cert.cnf <<EOF
+SSLCNF=`mktemp`
+cat >$SSLCNF <<EOF
 # OpenSSL configuration file for creating sp-cert.pem
 [req]
 prompt=no
@@ -61,13 +67,18 @@
 EOF
 
 if [ -z "$BATCH" ] ; then
-    openssl req -config sp-cert.cnf -new -x509 -days $DAYS -keyout sp-key.pem -out \
sp-cert.pem +    openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout \
$OUT/sp-key.pem -out $OUT/sp-cert.pem  else
-    openssl req -config sp-cert.cnf -new -x509 -days $DAYS -keyout sp-key.pem -out \
sp-cert.pem 2> /dev/null +    openssl req -config $SSLCNF -new -x509 -days $DAYS \
-keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem 2> /dev/null  fi
 
-rm sp-cert.cnf
 
-if  [ -s sp-key.pem ] ; then
-    chmod 600 sp-key.pem
+
+if  [ -s $OUT/sp-key.pem ] ; then
+    chmod 600 $OUT/sp-key.pem
+    if [ -n "$USER" ] ; then
+      chown $USER:$USER $OUT/sp-key.pem $OUT/sp-cert.pem
+    fi
 fi
+
+rm $SSLCNF



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic