[SIDP-272] Regenerate self-signed certificate with installer task
authorrdw <rdw@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 7 Feb 2011 17:42:42 +0000 (17:42 +0000)
committerrdw <rdw@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 7 Feb 2011 17:42:42 +0000 (17:42 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2987 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

doc/RELEASE-NOTES.txt
src/installer/resources/build.xml

index e0d751d..739aaa4 100644 (file)
@@ -1,6 +1,7 @@
 Changes in Release 2.3.0
 =============================================
 [SIDP-429] - Limit metadata SP credential resolution for encryption to RSA keys only
+[SIDP-272] - Regenerate self-signed certificate with installer task
 
 Changes in Release 2.2.1
 =============================================
@@ -156,4 +157,4 @@ Changes in Release 2.1.0
 [SIDP-230] - sanity check provided credentials
 [SIDP-233] - Typo on operation name - public void setAuthenticationDurection(long duration)
 [SIDP-237] - Re-run of install.sh does not create war again
-[SIDP-242] - Cleanup StorageService entry classes
\ No newline at end of file
+[SIDP-242] - Cleanup StorageService entry classes
index e126145..43856a9 100755 (executable)
        
     </target>
 
-</project>
\ No newline at end of file
+    <target name="renew-cert" description="Create a new certificate/key pair."> 
+        <input message="This will create a new set of credentials for your IdP, overwriting existing credentials.  Do you really wish to proceed?" addproperty="renew.cert.do" validargs="yes,no" defaultvalue="no" /> 
+        <if> <equals arg1="${renew.cert.do}" arg2="yes" /> 
+            <then> 
+
+                <input message="Where is the Shibboleth Identity Provider installed?"
+                       addproperty="idp.home.input"
+                       defaultvalue="${idp.home}" />
+                <var name="idp.home" value="${idp.home.input}" />
+              
+                <pathToAbsolutePath path="${idp.home}" addproperty="idp.home.path" /> 
+            
+                <input message="What is the fully qualified hostname of the Shibboleth Identity Provider server?" 
+                       addproperty="idp.hostname.input" 
+                       defaultvalue="${idp.hostname}" /> 
+                <var name="idp.hostname" value="${idp.hostname.input}" /> 
+                <var name="idp.entity.id" value="https://${idp.hostname}/idp/shibboleth" /> 
+
+                <echo message="Backing up old credentials" /> 
+                <buildnumber file="${resources.dir}/credentials.buildno"/>
+                <copy todir="${idp.home.path}/credentials" overwrite="true">
+                    <fileset dir="${idp.home.path}/credentials" excludes="*bak*,buildno"/>
+                    <globmapper from="idp.*" to="idp.*.bak.${build.number}"/>
+                </copy>
+
+                <input message="A keystore is about to be generated for you. Please enter a password that will be used to protect it." 
+                       addproperty="idp.keystore.pass" /> 
+
+                <if>
+                    <isset property="env.IdPCertLifetime" />
+                    <then>
+                        <var name="idp.cert.lifetime" value="${env.IdPCertLifetime}" />
+                    </then>
+                    <else>
+                        <var name="idp.cert.lifetime" value="20" />
+                    </else>
+                </if>
+        
+                <echo message="Generating signing and encryption key, certificate, and keystore. " /> 
+                <selfSignedCert hostname="${idp.hostname}" 
+                                privateKeyFile="${idp.home.path}/credentials/idp.key" 
+                                certificateFile="${idp.home.path}/credentials/idp.crt" 
+                                keystoreFile="${idp.home.path}/credentials/idp.jks" 
+                                keystorePassword="${idp.keystore.pass}" 
+                                uriSubjectAltNames="${idp.entity.id}" 
+                                certificateLifetime="${idp.cert.lifetime}"/> 
+            </then>
+        </if> 
+    </target> 
+</project>