#!/usr/bin/env bash set -e PROG="$(basename "$0")" printUsage() { echo "Usage: $PROG ENTITY-ID ENDPOINT-URL" echo "" echo "Example:" echo " $PROG urn:someservice https://sp.example.org/mellon" echo "" } if [ "$#" -lt 2 ]; then printUsage exit 1 fi ENTITYID="$1" if [ -z "$ENTITYID" ]; then echo "$PROG: An entity ID is required." >&2 exit 1 fi BASEURL="$2" if [ -z "$BASEURL" ]; then echo "$PROG: The URL to the MellonEndpointPath is required." >&2 exit 1 fi if ! echo "$BASEURL" | grep -q '^https\?://'; then echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2 exit 1 fi HOST="$(echo "$BASEURL" | sed 's#^[a-z]*://\([^/]*\).*#\1#')" BASEURL="$(echo "$BASEURL" | sed 's#/$##')" OUTFILE="$(echo "$ENTITYID" | sed 's/[^0-9A-Za-z.]/_/g' | sed 's/__*/_/g')" echo "Output files:" echo "Private key: $OUTFILE.key" echo "Certificate: $OUTFILE.cert" echo "Metadata: $OUTFILE.xml" echo "Host: $HOST" echo echo "Endpoints:" echo "SingleLogoutService (SOAP): $BASEURL/logout" echo "SingleLogoutService (HTTP-Redirect): $BASEURL/logout" echo "AssertionConsumerService (HTTP-POST): $BASEURL/postResponse" echo "AssertionConsumerService (HTTP-Artifact): $BASEURL/artifactResponse" echo "AssertionConsumerService (PAOS): $BASEURL/paosResponse" echo # No files should not be readable by the rest of the world. umask 0077 TEMPLATEFILE="$(mktemp -t mellon_create_sp.XXXXXXXXXX)" dd if=/dev/urandom of=$TEMPLATEFILE.RANDOM bs=256 count=1 2>/dev/null cat >"$TEMPLATEFILE" </dev/null rm -f "$TEMPLATEFILE" "${TEMPLATEFILE}.RANDOM" CERT="$(grep -v '^-----' "$OUTFILE.cert")" cat >"$OUTFILE.xml" < $CERT $CERT urn:oasis:names:tc:SAML:2.0:nameid-format:transient EOF umask 0777 chmod go+r "$OUTFILE.xml" chmod go+r "$OUTFILE.cert"