rpms / mod_auth_mellon

Clone
Source Code
GIT

Blame mellon_create_metadata.sh

f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 main rawhide
  1.   f20
  2.   mellon_create_metadata.sh
Blob History Raw
Simo Sorce ee7099e 
#!/usr/bin/env bash
Simo Sorce ee7099e 
set -e
Simo Sorce ee7099e
Simo Sorce ee7099e 
PROG="$(basename "$0")"
Simo Sorce ee7099e
Simo Sorce ee7099e 
printUsage() {
Simo Sorce ee7099e 
    echo "Usage: $PROG ENTITY-ID ENDPOINT-URL"
Simo Sorce ee7099e 
    echo ""
Simo Sorce ee7099e 
    echo "Example:"
Simo Sorce ee7099e 
    echo "  $PROG urn:someservice https://sp.example.org/mellon"
Simo Sorce ee7099e 
    echo ""
Simo Sorce ee7099e 
}
Simo Sorce ee7099e
Simo Sorce ee7099e 
if [ "$#" -lt 2 ]; then
Simo Sorce ee7099e 
    printUsage
Simo Sorce ee7099e 
    exit 1
Simo Sorce ee7099e 
fi
Simo Sorce ee7099e
Simo Sorce ee7099e 
ENTITYID="$1"
Simo Sorce ee7099e 
if [ -z "$ENTITYID" ]; then
Simo Sorce ee7099e 
    echo "$PROG: An entity ID is required." >&2
Simo Sorce ee7099e 
    exit 1
Simo Sorce ee7099e 
fi
Simo Sorce ee7099e
Simo Sorce ee7099e 
BASEURL="$2"
Simo Sorce ee7099e 
if [ -z "$BASEURL" ]; then
Simo Sorce ee7099e 
    echo "$PROG: The URL to the MellonEndpointPath is required." >&2
Simo Sorce ee7099e 
    exit 1
Simo Sorce ee7099e 
fi
Simo Sorce ee7099e
Simo Sorce ee7099e 
if ! echo "$BASEURL" | grep -q '^https\?://'; then
Simo Sorce ee7099e 
    echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2
Simo Sorce ee7099e 
    exit 1
Simo Sorce ee7099e 
fi
Simo Sorce ee7099e
Simo Sorce ee7099e 
HOST="$(echo "$BASEURL" | sed 's#^[a-z]*://\([^/]*\).*#\1#')"
Simo Sorce ee7099e 
BASEURL="$(echo "$BASEURL" | sed 's#/$##')"
Simo Sorce ee7099e
Simo Sorce ee7099e 
OUTFILE="$(echo "$ENTITYID" | sed 's/[^A-Za-z.]/_/g' | sed 's/__*/_/g')"
Simo Sorce ee7099e 
echo "Output files:"
Simo Sorce ee7099e 
echo "Private key:               $OUTFILE.key"
Simo Sorce ee7099e 
echo "Certificate:               $OUTFILE.cert"
Simo Sorce ee7099e 
echo "Metadata:                  $OUTFILE.xml"
Simo Sorce ee7099e 
echo "Host:                      $HOST"
Simo Sorce ee7099e 
echo
Simo Sorce ee7099e 
echo "Endpoints:"
Simo Sorce ee7099e 
echo "SingleLogoutService:       $BASEURL/logout"
Simo Sorce ee7099e 
echo "AssertionConsumerService:  $BASEURL/postResponse"
Simo Sorce ee7099e 
echo
Simo Sorce ee7099e
Simo Sorce ee7099e 
# No files should not be readable by the rest of the world.
Simo Sorce ee7099e 
umask 0077
Simo Sorce ee7099e
Simo Sorce ee7099e 
TEMPLATEFILE="$(mktemp -t mellon_create_sp.XXXXXXXXXX)"
Simo Sorce ee7099e
Simo Sorce ee7099e 
cat >"$TEMPLATEFILE" <
Simo Sorce ee7099e 
RANDFILE           = /dev/urandom
Simo Sorce ee7099e 
[req]
Simo Sorce ee7099e 
default_bits       = 2048
Simo Sorce ee7099e 
default_keyfile    = privkey.pem
Simo Sorce ee7099e 
distinguished_name = req_distinguished_name
Simo Sorce ee7099e 
prompt             = no
Simo Sorce ee7099e 
policy             = policy_anything
Simo Sorce ee7099e 
[req_distinguished_name]
Simo Sorce ee7099e 
commonName         = $HOST
Simo Sorce ee7099e 
EOF
Simo Sorce ee7099e
Simo Sorce ee7099e 
openssl req -utf8 -batch -config "$TEMPLATEFILE" -new -x509 -days 3652 -nodes -out "$OUTFILE.cert" -keyout "$OUTFILE.key" 2>/dev/null
Simo Sorce ee7099e
Simo Sorce ee7099e 
rm -f "$TEMPLATEFILE"
Simo Sorce ee7099e
Simo Sorce ee7099e 
CERT="$(grep -v '^-----' "$OUTFILE.cert")"
Simo Sorce ee7099e
Simo Sorce ee7099e 
cat >"$OUTFILE.xml" <
Simo Sorce ee7099e 
<EntityDescriptor entityID="$ENTITYID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
Simo Sorce ee7099e 
  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
Simo Sorce ee7099e 
    <KeyDescriptor use="signing">
Simo Sorce ee7099e 
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
Simo Sorce ee7099e 
        <ds:X509Data>
Simo Sorce ee7099e 
          <ds:X509Certificate>$CERT</ds:X509Certificate>
Simo Sorce ee7099e 
        </ds:X509Data>
Simo Sorce ee7099e 
      </ds:KeyInfo>
Simo Sorce ee7099e 
    </KeyDescriptor>
Simo Sorce ee7099e 
    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="$BASEURL/logout"/>
Simo Sorce ee7099e 
    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$BASEURL/postResponse" index="0"/>
Simo Sorce ee7099e 
  </SPSSODescriptor>
Simo Sorce ee7099e 
</EntityDescriptor>
Simo Sorce ee7099e 
EOF
Simo Sorce ee7099e
Simo Sorce ee7099e 
umask 0777
Simo Sorce ee7099e 
chmod go+r "$OUTFILE.xml"
Simo Sorce ee7099e 
chmod go+r "$OUTFILE.cert"
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.