CA.sh: add revocation

misc/CA.sh

@@ -25,7 +25,7 @@ END_BOLD="</b>"
 
 usage()
 {
-    echo "Usage: $0 (-newca|-newserver|-newclient NAME)"
+    echo "Usage: $0 (-newca|-newserver|-newclient NAME|-revoke NAME)"
     exit 1
 }
 
@@ -39,7 +39,7 @@ clean()
         mkdir -p ${TOP_DIR}/private
         mkdir -p ${TOP_DIR}/pkcs
     elif [ "$1" = "client" ]; then
-        rm -rf ${2}.key ${2}.csr ${2}.crt
+        rm -rf ${2}.key ${2}.csr
     fi
     rm -rf $OUTPUT
 }
@@ -173,17 +173,35 @@ case $1 in
                        -passin pass:$pass -out ${TOP_DIR}/pkcs/${2}.p12     \
                        -passout pass:$pass > $OUTPUT 2>&1
         if [ $? -ne 0 ]; then
-            echo -e "${RED}pkcs12 export failed${COLOR_RST} for ${BOLD}$2${END_BOLD}"
+            echo -e "${RED}pkcs12 export failed for ${BOLD}$2${END_BOLD}${COLOR_RST}"
             cat $OUTPUT
             clean "client" $2
             exit 4
         else
             echo -e "Exported pkcs12 file is ${2}.p12"
         fi
+        mv ${2}.crt ${TOP_DIR}/certs
 #       TODO handle this file
         echo "$2:$pass" >> teams.pass
         clean "client" $2
         ;;
+    "-revoke" )
+        if [ $# -ne 2 ]; then
+            echo "Usage: $0 -revoke NAME"
+            exit 1
+        fi
+        echo -e "${GREEN}Revocate ${BOLD}${2}${END_BOLD}${COLOR_RST}"
+        openssl ca -revoke ${TOP_DIR}/certs/${2}.crt -config ${OPENSSL_CONF}\
+                   -keyfile ${TOP_DIR}/private/${CAKEY}                     \
+                   -cert ${TOP_DIR}/${CACERT} > $OUTPUT 2>&1
+        if [ $? -ne 0 ]; then
+            echo -e "${RED}Revocation failed for ${BOLD}${2}${END_BOLD}${COLOR_RST}"
+            cat $OUTPUT
+            exit 4
+        fi
+        rm ${TOP_DIR}/certs/${2}.crt
+        rm ${TOP_DIR}/pkcs/${2}.p12
+        ;;
     * )
         usage
         ;;