Permalink
This commit does not belong to any branch on this respository, and may belong to a fork outside of the repository.
Showing
with
115 additions
and 0 deletions.
| @@ -0,0 +1,115 @@ | ||
| @echo off | ||
| setlocal | ||
|
|
||
| set DAYS= | ||
| set YEARS= | ||
| set FQDN= | ||
| set ENTITYID= | ||
| set TEMP_DOMAIN_NAME= | ||
| set PARAM= | ||
| set PREFIX= | ||
| set OUT=%~dp0 | ||
|
|
||
| :opt_start | ||
| set PARAM=%1 | ||
|
|
||
| if not defined PARAM goto opt_end | ||
| if %1==-o goto opt_out | ||
| if %1==-n goto opt_prefix | ||
| if %1==-h goto opt_fqdn | ||
| if %1==-e goto opt_entityid | ||
| if %1==-y goto opt_years | ||
| if %1==-f goto opt_force | ||
| goto usage | ||
| :opt_end | ||
|
|
||
| if not defined PREFIX set PREFIX=sp | ||
|
|
||
| if exist "%OUT%\%PREFIX%-key.pem" goto protect | ||
| if exist "%OUT%\%PREFIX%-cert.pem" goto protect | ||
|
|
||
| if not defined YEARS set YEARS=10 | ||
| set /a DAYS=%YEARS%*365 | ||
|
|
||
| if not defined FQDN goto guess_fqdn | ||
|
|
||
| :generate | ||
| set PATH=%PATH%;%ProgramFiles%\Shibboleth\SP\lib\ | ||
| set CNF="%OUT%\%PREFIX%-cert.cnf" | ||
| echo # OpenSSL configuration file for creating keypair >%CNF% | ||
| echo [req] >>%CNF% | ||
| echo prompt=no >>%CNF% | ||
| echo default_bits=3072 >>%CNF% | ||
| echo encrypt_key=no >>%CNF% | ||
| echo default_md=sha256 >>%CNF% | ||
| echo distinguished_name=dn >>%CNF% | ||
| echo # PrintableStrings only >>%CNF% | ||
| echo string_mask=MASK:0002 >>%CNF% | ||
| echo x509_extensions=ext >>%CNF% | ||
| echo [dn] >>%CNF% | ||
| echo CN=%FQDN% >>%CNF% | ||
| echo [ext] >>%CNF% | ||
| if defined ENTITYID (echo subjectAltName=DNS:%FQDN%,URI:%ENTITYID% >>%CNF%) else (echo subjectAltName=DNS:%FQDN% >>%CNF%) | ||
| echo subjectKeyIdentifier=hash >>%CNF% | ||
| openssl.exe req -config %CNF% -new -x509 -days %DAYS% -keyout "%OUT%\%PREFIX%-key.pem" -out "%OUT%\%PREFIX%-cert.pem" | ||
| del %CNF% | ||
| exit /b | ||
|
|
||
| :protect | ||
| echo The files %OUT%\%PREFIX%-key.pem and/or %OUT%\%PREFIX%-cert.pem already exist! | ||
| echo Use -f option to force recreation of keypair. | ||
| exit /b | ||
|
|
||
| :opt_out | ||
| set OUT=%2 | ||
| shift | ||
| shift | ||
| goto opt_start | ||
|
|
||
| :opt_prefix | ||
| set PREFIX=%2 | ||
| shift | ||
| shift | ||
| goto opt_start | ||
|
|
||
| :opt_force | ||
| if exist "%OUT%\%PREFIX%-key.pem" del "%OUT%\%PREFIX%-key.pem" | ||
| if exist "%OUT%\%PREFIX%-cert.pem" del "%OUT%\%PREFIX%-cert.pem" | ||
| shift | ||
| goto opt_start | ||
|
|
||
| :opt_fqdn | ||
| set FQDN=%2 | ||
| shift | ||
| shift | ||
| goto opt_start | ||
|
|
||
| :opt_entityid | ||
| set ENTITYID=%2 | ||
| shift | ||
| shift | ||
| goto opt_start | ||
|
|
||
| :opt_years | ||
| set YEARS=%2 | ||
| shift | ||
| shift | ||
| goto opt_start | ||
|
|
||
| :usage | ||
| echo usage: keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert] [-n filename prefix] [-o output dir] | ||
| exit /b | ||
|
|
||
| :guess_fqdn | ||
| for /F "tokens=2 delims=:" %%i in ('"ipconfig /all | findstr /c:"Primary DNS Suffix" /c:"Primary Dns Suffix""') do set TEMP_DOMAIN_NAME=%%i | ||
| if defined TEMP_DOMAIN_NAME set FQDN=%TEMP_DOMAIN_NAME: =% | ||
| set TEMP_DOMAIN_NAME= | ||
| if defined USERDNSDOMAIN set FQDN=%USERDNSDOMAIN% | ||
|
|
||
| for /F %%i in ('hostname') do set HOST=%%i | ||
| if defined FQDN (set FQDN=%HOST%.%FQDN%) else (set FQDN=%HOST%) | ||
|
|
||
| echo >"%FQDN%" | ||
| for /F %%i in ('dir /b/l %FQDN%') do set FQDN=%%i | ||
| del %FQDN% | ||
| goto generate |