CA.sh: add revocation

2013-11-30 16:32:17 +01:00 · 2013-11-30 16:32:17 +01:00 · 1d94fee682
commit 1d94fee682
parent 2023685c1a
1 changed files with 21 additions and 3 deletions
--- a/misc/CA.sh
+++ b/misc/CA.sh
@ -25,7 +25,7 @@ END_BOLD="</b>"

 usage()
 {
-    echo "Usage: $0 (-newca|-newserver|-newclient NAME)"
+    echo "Usage: $0 (-newca|-newserver|-newclient NAME|-revoke NAME)"
    exit 1
 }

@ -39,7 +39,7 @@ clean()
        mkdir -p ${TOP_DIR}/private
        mkdir -p ${TOP_DIR}/pkcs
    elif [ "$1" = "client" ]; then
-        rm -rf ${2}.key ${2}.csr ${2}.crt
+        rm -rf ${2}.key ${2}.csr
    fi
    rm -rf $OUTPUT
 }
@ -173,17 +173,35 @@ case $1 in
                       -passin pass:$pass -out ${TOP_DIR}/pkcs/${2}.p12     \
                       -passout pass:$pass > $OUTPUT 2>&1
        if [ $? -ne 0 ]; then
-            echo -e "${RED}pkcs12 export failed${COLOR_RST} for ${BOLD}$2${END_BOLD}"
+            echo -e "${RED}pkcs12 export failed for ${BOLD}$2${END_BOLD}${COLOR_RST}"
            cat $OUTPUT
            clean "client" $2
            exit 4
        else
            echo -e "Exported pkcs12 file is ${2}.p12"
        fi
+        mv ${2}.crt ${TOP_DIR}/certs
 #       TODO handle this file
        echo "$2:$pass" >> teams.pass
        clean "client" $2
        ;;
+    "-revoke" )
+        if [ $# -ne 2 ]; then
+            echo "Usage: $0 -revoke NAME"
+            exit 1
+        fi
+        echo -e "${GREEN}Revocate ${BOLD}${2}${END_BOLD}${COLOR_RST}"
+        openssl ca -revoke ${TOP_DIR}/certs/${2}.crt -config ${OPENSSL_CONF}\
+                   -keyfile ${TOP_DIR}/private/${CAKEY}                     \
+                   -cert ${TOP_DIR}/${CACERT} > $OUTPUT 2>&1
+        if [ $? -ne 0 ]; then
+            echo -e "${RED}Revocation failed for ${BOLD}${2}${END_BOLD}${COLOR_RST}"
+            cat $OUTPUT
+            exit 4
+        fi
+        rm ${TOP_DIR}/certs/${2}.crt
+        rm ${TOP_DIR}/pkcs/${2}.p12
+        ;;
    * )
        usage
        ;;