Skip to content

Commit a8da74a

Browse files
author
Giles Westwood
committed
adding some shib tools
1 parent ffa772a commit a8da74a

3 files changed

Lines changed: 112 additions & 0 deletions

File tree

bin/shib-keygen

Lines changed: 98 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,98 @@
1+
#! /bin/sh
2+
3+
# Defaults added for Debian. They can still be overridden by command-line
4+
# options.
5+
OUT=/etc/shibboleth
6+
USER=_shibd
7+
GROUP=_shibd
8+
9+
while getopts n:h:u:g:o:e:y:bf c
10+
do
11+
case $c in
12+
u) USER=$OPTARG;;
13+
g) GROUP=$OPTARG;;
14+
o) OUT=$OPTARG;;
15+
b) BATCH=1;;
16+
f) FORCE=1;;
17+
h) FQDN=$OPTARG;;
18+
e) ENTITYID=$OPTARG;;
19+
y) YEARS=$OPTARG;;
20+
n) PREFIX=$OPTARG;;
21+
\?) echo "keygen [-o output directory (default .)] [-u username to own keypair] [-g owning groupname] [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert] [-n filename prefix (default 'sp')]"
22+
exit 1;;
23+
esac
24+
done
25+
26+
if [ -z "$OUT" ] ; then
27+
OUT=.
28+
fi
29+
30+
if [ -z "$PREFIX" ]; then
31+
PREFIX="sp"
32+
fi
33+
34+
if [ -n "$FORCE" ] ; then
35+
rm $OUT/${PREFIX}-key.pem $OUT/${PREFIX}-cert.pem
36+
fi
37+
38+
if [ -s $OUT/${PREFIX}-key.pem -o -s $OUT/${PREFIX}-cert.pem ] ; then
39+
if [ -z "$BATCH" ] ; then
40+
echo The files $OUT/${PREFIX}-key.pem and/or $OUT/${PREFIX}-cert.pem already exist!
41+
echo Use -f option to force recreation of keypair.
42+
exit 2
43+
fi
44+
exit 0
45+
fi
46+
47+
# --fqdn flag added for Debian to generate better names for certificates.
48+
if [ -z "$FQDN" ] ; then
49+
FQDN=`hostname --fqdn || hostname -f`
50+
fi
51+
52+
if [ -z "$YEARS" ] ; then
53+
YEARS=10
54+
fi
55+
56+
DAYS=`expr $YEARS \* 365`
57+
58+
if [ -z "$ENTITYID" ] ; then
59+
ALTNAME=DNS:$FQDN
60+
else
61+
ALTNAME=DNS:$FQDN,URI:$ENTITYID
62+
fi
63+
64+
SSLCNF=$OUT/${PREFIX}-cert.cnf
65+
cat >$SSLCNF <<EOF
66+
# OpenSSL configuration file for creating keypair
67+
[req]
68+
prompt=no
69+
default_bits=3072
70+
encrypt_key=no
71+
default_md=sha256
72+
distinguished_name=dn
73+
# PrintableStrings only
74+
string_mask=MASK:0002
75+
x509_extensions=ext
76+
[dn]
77+
CN=$FQDN
78+
[ext]
79+
subjectAltName=$ALTNAME
80+
subjectKeyIdentifier=hash
81+
EOF
82+
83+
touch $OUT/${PREFIX}-key.pem
84+
chmod 600 $OUT/${PREFIX}-key.pem
85+
if [ -z "$BATCH" ] ; then
86+
openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/${PREFIX}-key.pem -out $OUT/${PREFIX}-cert.pem
87+
else
88+
openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/${PREFIX}-key.pem -out $OUT/${PREFIX}-cert.pem 2> /dev/null
89+
fi
90+
rm $SSLCNF
91+
92+
#if [ -s $OUT/${PREFIX}-key.pem -a -n "$USER" ] ; then
93+
# chown $USER $OUT/${PREFIX}-key.pem $OUT/${PREFIX}-cert.pem
94+
#fi
95+
96+
#if [ -s $OUT/${PREFIX}-key.pem -a -n "$GROUP" ] ; then
97+
# chgrp $GROUP $OUT/${PREFIX}-key.pem $OUT/${PREFIX}-cert.pem
98+
#fi

lib/ssl.sh

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,9 @@
1+
sk-ssl-cert-gen(){
2+
sk_help_noarg "Usage: $FUNCNAME <subject> <days> <format>. Gen self signed certificate" "$@" && return
3+
local subject=${1:-"/CN=`hostname`"} days=${2:-3650} key_format=${3:-"rsa:3072"}
4+
openssl req -x509 -nodes -newkey "${key_format}" -keyout "/tmp/cert.key" -out "/tmp/cert.pem" -days $days -subj "${subject}"
5+
}
6+
17
sk-ssl-pem-to-raw(){
28
sk_help_noarg "Usage: $FUNCNAME <pem cert file>. Strip raw cert from a pem file and output it" "$@" && return
39
local certfile=${1:-wibble.pem}

shellkit_sync.sh

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@
22

33
version=${1:-main}
44

5+
if [ -d /tmp/shellkit_bump ];then
6+
rm -Rf /tmp/shellkit_bump
7+
fi
58
mkdir /tmp/shellkit_bump
69

710
shellkit_clone_dir=/tmp/shellkit_bump/shellkit-$version
@@ -12,3 +15,8 @@ for file in lib/*;do
1215
cp $shellkit_clone_dir/$file $file
1316
done
1417

18+
for file in bin/*;do
19+
echo "$file"
20+
cp $shellkit_clone_dir/$file $file
21+
done
22+

0 commit comments

Comments
 (0)