From 9109c3e3e019da5f89ce957ba2d6a2c5c75d6fd6 Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Wed, 11 Dec 2013 18:11:32 +0100
Subject: [PATCH] Add gencrl into CA.sh

---
 misc/CA.sh                         | 34 ++++++++++++++++++++++++------
 onyx/include/admin/certificate.php |  4 +++-
 2 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/misc/CA.sh b/misc/CA.sh
index 1f23c18e..aa0f6212 100755
--- a/misc/CA.sh
+++ b/misc/CA.sh
@@ -25,7 +25,7 @@ END_BOLD="</b>"
 
 usage()
 {
-    echo "Usage: $0 (-newca|-newserver|-newclient NAME|-revoke NAME)"
+    echo "Usage: $0 (-newca|-newserver|-newclient NAME|-revoke NAME|-gencrl)"
     exit 1
 }
 
@@ -38,8 +38,9 @@ clean()
         mkdir -p ${TOP_DIR}/newcerts
         mkdir -p ${TOP_DIR}/private
         mkdir -p ${TOP_DIR}/pkcs
+    	echo "01" > ${TOP_DIR}/crlnumber
     elif [ "$1" = "client" ]; then
-        rm -rf ${2}.key ${2}.csr
+        rm -rf ${TOP_DIR}/${2}.key ${TOP_DIR}/${2}.csr
     fi
     rm -rf $OUTPUT
 }
@@ -151,7 +152,7 @@ case $1 in
 
         pass=`pwgen -n -B -y 12 1`
 
-        openssl req -batch -new -keyout ${2}.key -out ${2}.csr              \
+        openssl req -batch -new -keyout ${TOP_DIR}/${2}.key -out ${TOP_DIR}/${2}.csr              \
                     -config ${OPENSSL_CONF} -passout pass:$pass -days ${DAYS} > $OUTPUT 2>&1
         if [ $? -ne 0 ]; then
             cat $OUTPUT
@@ -160,8 +161,8 @@ case $1 in
         fi
 
         echo -e "${GREEN}Signing the Client crt${COLOR_RST}"
-        openssl ca -batch -policy policy_match -out ${2}.crt                \
-                   -config ${OPENSSL_CONF} -infiles ${2}.csr > $OUTPUT 2>&1
+        openssl ca -batch -policy policy_match -out ${TOP_DIR}/${2}.crt                \
+                   -config ${OPENSSL_CONF} -infiles ${TOP_DIR}/${2}.csr > $OUTPUT 2>&1
         if [ $? -ne 0 ]; then
             echo -e "${RED}Signing failed for $2 ${COLOR_RST}"
             cat $OUTPUT
@@ -169,7 +170,7 @@ case $1 in
             exit 3
         fi
         echo -e "${GREEN}Export the Client files to pkcs12${COLOR_RST}"
-        openssl pkcs12 -export -inkey ${2}.key -in ${2}.crt -name ${2}      \
+        openssl pkcs12 -export -inkey ${TOP_DIR}/${2}.key -in ${TOP_DIR}/${2}.crt -name ${2}      \
                        -passin pass:$pass -out ${TOP_DIR}/pkcs/${2}.p12     \
                        -passout pass:$pass > $OUTPUT 2>&1
         if [ $? -ne 0 ]; then
@@ -180,8 +181,9 @@ case $1 in
         else
             echo -e "Exported pkcs12 file is ${2}.p12"
         fi
-        mv ${2}.crt ${TOP_DIR}/certs
+        mv ${TOP_DIR}/${2}.crt ${TOP_DIR}/certs
         echo "$2:$pass" >> ${TOP_DIR}/../teams.pass
+	echo "$pass"
         clean "client" $2
         ;;
     "-revoke" )
@@ -200,7 +202,25 @@ case $1 in
         fi
         rm ${TOP_DIR}/certs/${2}.crt
         rm ${TOP_DIR}/pkcs/${2}.p12
+
+    	echo -e "${GREEN}Generate crl.pem${COLOR_RST}"
+	openssl ca -config ${OPENSSL_CONF} -gencrl -out ${TOP_DIR}/crl.pem > $OUTPUT 2>&1
+	if [ $? -ne 0 ]; then
+		echo -e "${RED}Generate crl.pem failed"
+		cat $OUTPUT
+		exit 5
+	fi
+
         ;;
+    "-gencrl" )
+    	echo -e "${GREEN}Generate crl.pem${COLOR_RST}"
+	openssl ca -config ${OPENSSL_CONF} -gencrl -out ${TOP_DIR}/crl.pem > $OUTPUT 2>&1
+	if [ $? -ne 0 ]; then
+		echo -e "${RED}Generate crl.pem failed"
+		cat $OUTPUT
+		exit 5
+	fi
+    	;;
     * )
         usage
         ;;
diff --git a/onyx/include/admin/certificate.php b/onyx/include/admin/certificate.php
index 580d6b62..5698f903 100644
--- a/onyx/include/admin/certificate.php
+++ b/onyx/include/admin/certificate.php
@@ -80,8 +80,10 @@ if (!empty($p[2]))
     //TODO check revoked attribute
     if (isset($name))
     {
-        new_client($name, $misc_dir);
+        $output = new_client($name, $misc_dir);
         Team::set_revoked(FALSE, $name);
+	erreur($output, "sucess");
+	return "admin/import_users";
     }
   }
   elseif ($p[2] == "get")